Last week, in the wake of a domestic terrorist incident at a white supremacist rally in Charlottesville, Virginia, we witnessed a flashpoint in a long-overdue debate: How much control should a few powerful internet companies have over user content?
On August 12, Heather Heyer, a counter protester at the rally, was killed. Shortly after, neo-Nazi website the Daily Stormer celebrated her death in a blog post. After public outrage, domain provider GoDaddy, security firm Cloudflare, Google, and a number of other tech companies stopped lending their services to the website in quick succession.
At the time, prominent digital liberties nonprofit the Electronic Frontier Foundation (EFF) argued that the actions taken by these companies have the potential to threaten the broader ideal of free speech on the internet.
"We strongly believe that what GoDaddy, Google, and Cloudflare did here was dangerous…at EFF we see the consequences first hand: every time a company throws a vile neo-Nazi site off the Net, thousands of less visible decisions are made by companies with little oversight or transparency."
Now, the EFF's slippery slope argument has been met with another public test: A new batch of seemingly hacked nude photos stolen from dozens of celebrities have been circulating on sites that rely on the same companies that refused to serve the Daily Stormer.
While there isn't a direct comparison between white supremacy and stolen photos, in both scenarios, it's worth asking where the line is between fostering an open platform and shielding toxic, often criminal communities. Ideally, the line would be drawn with public input, and would perhaps be regulated by elected lawmakers. Instead, the task has largely fallen entirely to large internet corporations. In many cases, decisions about what is acceptable and what is not are arbitrary. For example, Cloudflare, which provides protection against DDoS attacks and other security services, may have stopped supporting neo-Nazi site the Daily Stormer, but it continues to lend its services to Stormfront, one of the oldest racial hate sites online.
"It's important that what we did today not set a precedent. The right answer is for us to be consistently content neutral. But we need to have a conversation about who and how the content online is controlled, " Cloudflare CEO Matthew Prince said in a leaked email to his staff after the company dropped the Daily Stormer.
There is one bright red line that the corporations we rely on to deliver us the internet have refused to cross: They will not enable those who distribute child porn. Some companies have recently decided that they will do their best to keep (some) white supremacists off the internet. Few have taken meaningful steps to prevent the distribution of hacked pornographic images, which in the majority of states may be illegal under "non-consensual pornography" or so-called "revenge porn" laws.
Web services don't seem to want to crack down on hacked nude photos, which in many cases are illegally obtained and distributed. Some of those who have had their photos stolen argue the practice is a form of sexual violence.
According to a WHOIS lookup, GoDaddy is the domain registrar for CelebJihad, a blog where newly released hacked celebrity nudes are being circulated. The company said in an email to Motherboard that it has no control over what kind of content CelebJihad and other customers' sites choose to feature. "Because we are just the domain registrar, we have no power or control over the content creator or publisher," a spokesperson said.
GoDaddy was also the domain registrar for the Daily Stormer, and it chose to drop the site for "inciting violence," claiming it violates its terms of service. For what it's worth, GoDaddy (and every other web service like it) has to comply with the law, but largely maintains the freedom to decide what its terms of service are. It does not specifically ban non-consensual pornography.
When we asked GoDaddy about this, a spokesperson acknowledged that the case of hacked photos was different. "Yes, this is a different situation from dailystormer.com," the spokesperson said. "Dailystormer.com violated the GoDaddy Terms of Service by inciting violence. However distasteful the content of this site [CelebJihad] may be, it is not inciting violence. If GoDaddy received a court order regarding the domain in question, we would act accordingly."
Cloudflare did not return a request for comment about why it continues to protect sites like CelebJihad.
By doing nothing, companies have inherently taken a stance. Through their inaction, they have decided that the distribution of hacked, stolen nudes is a form of speech that they will not unilaterally regulate.
This straightforward yes-or-no position is, at the very least, relatively easy to enforce and requires no judgment calls. When companies have addressed the problem in a more nuanced way, they have largely failed (which is not to say that they should stop trying).
Take, for instance, Reddit's response to the first "Fappening," in which which over 500 naked celebrity photos were leaked from hacked iCloud accounts in 2014. Three years later, Reddit remains a hotbed for discussion about where to find stolen nudes from both the first hack and this more recent one.
Since the first Fappening, Reddit has taken nominal steps to prevent itself from being the landing spot for people looking for leaked naked photos. On Tuesday, Reddit banned the "NSFWCeleb" subreddit, which was previously a popular place for people looking to view hacked photos. Moderators of many Fappening-themed subreddits note that direct linking to hacked images is banned, but these subreddits are still, of course, an easy way to find where photos might be.
In 2014, an administrator for the platform wrote that Reddit's main concern appeared to be its legal liability. Under the Digital Millennium Copyright Act, (DMCA) "platforms" are given wide legal cover from lawsuits resulting from copyrighted content its users post.
"Our general stance on this stuff is that reddit is a platform, and there are times when platforms get used for very deplorable things," Jason Harvey, a systems administrator for Reddit, wrote after announcing the site had banned content related to the Fappening. "We take down things we're legally required to take down, and do our best to keep the site getting from [sic] spammed or manipulated, and beyond that we try to keep our hands off."
Reddit is required to remove content when asked, but is not required to actively police its users or prevent them from discussing copyrighted content (generally, the person who took a photo owns the copyright). Because the original Fappening was spread so widely on Reddit, the company decided to ban direct links to stolen photos. The DMCA requests had become too much to deal with. (In this most recent hack, both professional skier Lindsey Vonn and her former boyfriend Tiger Woods have threatened legal action against sites hosting their stolen nudes.)
Reddit stopped allowing direct links to stolen celebrity nudes on its platform, but has largely ignored users who talk about where to find them and who solicit private messages that link users to stolen naked photos.
On a Reddit thread called "Well, Lindsey Vonn dropped… oh my," users discuss private messaging each other links to the stolen nude photos, and they speak in thinly veiled code: "Yes, she is phun!," one user wrote, referring to Phun, a German porn message board that has been around since the early 2000s and hosts many of the recently hacked images.
On another thread, redditors discussed in specific terms the sites where it would be easy to find them. Another Reddit thread discusses r/thefappbunker, a private subreddit made for sharing nudes; a comment thread there is filled with dozens of people asking to be added to the subreddit.
An admin for Phun did not respond to Motherboard's request for comment, nor did a contact for thefappeningblog.com. Moderators for several Fappening subreddits also did not respond to a request for comment.
Reddit also did not respond to a request for comment. However, its banning of the "NSFWCeleb" subreddit came Tuesday, a few hours after we reached out and shared several Reddit links to hacked nudes with the company. Imgur, an image-sharing site popular on Reddit that has been used to share the stolen naked photographs, told Motherboard it has "strict privacy guidelines and zero tolerance for non-consensual pornography." The site has deleted several hacked nudes seen by Motherboard.
These platforms' responses speak to the difficulty of controlling the spread of hacked content, especially when it's shared by users in increasingly clever and private ways.
But Cloudflare and GoDaddy's inaction, as well as Reddit's half-measures, indicate where the moral compasses of large internet companies are currently pointing: Their idea of a free and open internet is held in higher regard than the idea that hacking victims have a right to not have their stolen nude photos widely disseminated online.
There are no easy answers here, and which ideals are being prioritized should be the matter of public debate, not the decision of a select few companies.