I dont usually post, but this is important..

[IRL.icecoolmadness]

It really is easy, that's why I've done that job for ~15 years, automatic updates don't usually cause any problems. Most Linux distributions come with fairly secure default settings now, so you'd have to mess something up rather than not fix something to make it insecure. Just doing basic maintenance like keeping up with updates will keep out 99% of hackers & the other 1% are probably busy with better targets. Anyway, they messed up somehow & got hacked.

I think it'd be a very desperate law enforcement sting operation to go after people posting reviews of mostly legal clearnet vendors. Not saying I trust the new site, I don't even trust them enough to look at it, it seems even more suspect than the old one, but I doubt it's LE running it.

You should work on the assumption that everything is compromised, but if you start really believing it then it's paranoia.

Of course I do not automatically believe that any such web application is ran by people with ulterior motives, be it LE or someone/thing else - I just assume so to keep myself secure - I think we agree on that one.
There is of course distinction to be made between keeping the insfrastructure, servers as well as making the code secure. For web applications of such nature - its all or nothing. As DS correctly pointed out - maintaining privacy of the users is a difficult task indeed , on all 3 aforementioned fronts.

As for police going after the users - look up operation Ismene.

 

[BlindHelperMonkey]

No, you really have to fuck up to get hacked like that.

Why would law enforcement care about a site that reviews legal vendors? Was probably some bored kid that hacked them, or a vendor with bad reviews.

perhaps you recently emerged from a 90's era coma, bad haircut and all - because the days are long gone of state involvement being the predictable, technically naïve, hardware-superannuated, top-down afterthought or occasional and tightly-leashed outsourced unit periodically nibbling at cybercrime.

lines are utterly blurred, law 'enforcement' takes the blank cheque approach of purviews, with loyal, conveniently removed, ideologically in-tune and morally ambivalent satellite-bodies under little specific instruction aside from general spoken/unspoken, legal/illegal objectives


you don't need to be shy, socially awkward and or grotesquely obese or resemble the average scotch bluelighter in any other way - in order to have your nubile, virginal laptop/smartphone/website thoroughly defiled, remotely controlled, even weaponised against you and others around you as a tool of harassment. in fact your average white van man can become as the most formidable nihilist black-hat genius given hes able to copy/paste code provided to him between mandatory bouts of rampant wolfwhistling, uncontrollable horn honking and occasional case of your standard road-based rage


it really is indicative of the - probably somewhat intended - security shitstorm coming down the line for our convenient, ubiquitous smartdrunk society and heralds the nightmarish, tyrannical wet-dream possibilities resulting from our sleepwalking into such a predicament. but for now, all that matters is i have experienced two brand new tablets, literally in one minute - go from cellophane to remotely administrated, largely greyed-out and unfixable, monitoring device with every recourse to be reversed catered for in one block of code equal-parts beautiful and terrifying - and far beyond even our most adept codewriters here -what id imagine to be state-level stuff. just without the stamp and pesky rules that come along with official, 20th century privacy intrusion (come back btw, all is forgiven)


hacking by numbers
fuck someones shit up six ways to sunday without the adolescence dedicated to furious wanking in frustrated solitude.. you can see the appeal

 

[Ms Mermaid]

This morning, my current jellybean tablet was showing in my google account as running linux, via a proxy based in birmingham. go figure. i dont use a proxy. the device type recorded changes from login to login too. gotta love unauthorised syncing.

edit
fucking lol @ state level stuff