Thank you for your attention to this matter. I must confess that I found the response confusing as you seem to be responding to claims slightly (though importantly!) different from the ones I made in my Twitter post.
Specifically, my view is (1) you are mistaken about the definition of doxing and have instead provided a definition of deanonymization; (2) this person’s behavior meets the definitions of doxing; (3) norms that allow these posts would also allow more serious abuses.
I’d also like to clarify that I am not at the moment accusing you or the EA Forum moderators of failing to enforce EA Forum rules or norms in this case. I am not deeply familiar with the EA Forum rules or norms, so I am indifferent on this question.
This poster violated the norms that I think would be reasonable for a high-quality discussion forum. I also think this poster violated standards of reasonable behavior for a person with high-status membership in an intellectual community. I leave the question of EA Forum rules and norms to you and your team.
Additionally, while I alluded to but did not directly discuss this in the Twitter thread, the EA Forum moderation team took several actions that lessened the harm this poster intended to cause. While I think further actions are warranted, I would nevertheless like to express my gratitude to the team for what they have already done.
On the definition of doxing
The user in question said this information came from searching LinkedIn for people who had listed themselves as having worked at Leverage and related organizations. This is not “doxing” and it’s unclear to us why Kerry would use this term: for example, there was no attempt to connect anonymous and real names, which seems to be a key part of the definition of “doxing”.
This is not the definition of doxing.
A simple internet search reveals the following definitions:
Wikipedia: “Doxing or doxxing is the act of publicly providing personally identifiable information about an individual or organization, usually via the Internet. . . . Doxing may be carried out for reasons such as online shaming, extortion, and vigilante aid to law enforcement”
Urban Dictionary: “Using private information gleaned from the internet to attack someone with whom you disagree, often by publishing their personal info, opening them to abuse and possibly, danger.”
What you provide is the definition of the much narrower activity of deanonymization. I agree that the poster’s behavior is not deanonymization. I never indicated otherwise.
Deanonymization is neither a necessary nor sufficient condition for doxing. It is possible to dox someone even if they maintain no anonymous identities (e.g., by publishing non-public information that does not pertain to an anonymous identity for the purposes of harassment). It is also possible to reveal a person’s anonymous identity without doxing them if the reveal involves neither ill intent nor ill effects.
Why the poster’s behavior is doxing
Doxing has two important components: (1) revealing private information; (2) with ill-intent. Below I argue that the poster’s behavior meets both of these standards.
The information was private
In the EA Forum comment where the doxing occurred, the poster says the following (emphasis mine):
Paradigm Academy does not list its team on its website. However, a quick search on Linkedin yields 16 results (13 with public profiles) for people at Paradigm Academy. Of these 13 profiles, 7 include experience at Leverage Research or allied organizations, and a further 4 are well-known to have worked for Leverage Research.
The term “well-known” indicates that the information is not on their LinkedIn profiles, but is known to the poster. Thus, they relied on non-public information to associate the people with the organizations.
However, even if the poster had used only information from LinkedIn profiles and not their own knowledge, this would still constitute a reveal of private information because “private information” is context-dependent. Almost all canonical cases of doxing involve taking information that is findable on the public internet (albeit with difficulty) and then revealing that information in an adversarial context.
Consider, for example, the high-profile case of the doxing of Scott Alexander. Scott Alexander’s real name was not private in the sense of “not findable on the public internet.” Indeed, it could be revealed with a little bit of dedicated Googling. It was also widely known inside the EA and Rationality community. The Times’ threat to publish his real name was nevertheless a threat to dox him because it was not well-known to the readership of The Times.
Who was employed at Leverage and Paradigm was not well-known to the members of the EA community. Most of those who worked at Leverage and Paradigm had little interaction with the EA community. Thus, the information revealed was private in the relevant sense.
The poster acted with ill-intent
There are several ways to see that the poster acted with ill intent.
(1) The social context of this post is that there was a deterioration of the relationship between the Effective Altruism and Leverage Research communities. This is easy to see by reviewing the comments on the “Basic Facts” post, which are substantially negative. While one might dispute that the negativity is fair, accurate, or deserved, it was not considered so by members of Leverage or Paradigm staff. Thus, the EA Forum is an adversarial context from the perspective of Leverage and Paradigm employees.
(2) A review of the posting history of the anonymoose and throwaway accounts indicates that their primary goal was to spread negative information about Leverage and Paradigm.
(3) The context in which the people are doxed is in response to the following “question:” “To what extent is Paradigm Academy a front organization for, or a covert rebrand of Leverage Research?”
This is, of course, a quite blatant attempt to insulate nefariousness where none is warranted. There was never any attempt to conceal the relationship between Leverage and Paradigm by the staff of either organization. No information to indicate otherwise is ever presented by the poster.
(4) There is simply no reason to include the people’s names except for the purposes of doxing. The point of the comment is that there is a heavy association between people that worked at Paradigm and those that worked at Leverage. There is no reason that specific names need to be included to make this point.
(5) The post violated the letter and spirit of Cathleen’s request.
On this point, Ben indicates the following:
Kerry says that a former Leverage staff member “requests that people not include her last name or the names of other people at Leverage” and indicates the user broke this request. However, the post in question requests that the author’s last name not be used in reference to that post, rather than in general. The comment in question doesn’t refer to the former staff member’s post at all, and was originally written more than a year before the post. So we do not view this comment as disregarding someone’s request for privacy.
However, the full request by Cathleen is as follows (emphasis mine):
In discussions of this post (the content of which I can’t predict or control), I’d ask that you just refer to me as Cathleen, to minimize the googleable footprint. And I would also ask that, as I’ve done here, you refrain from naming others whose identities are not already tied up in all this.
As there is some confusion on this point, it is important to be clear. The central complaint in the Twitter thread is that *5 days* after Cathleen’s post, the poster edited their comment to add the names of Leverage and Paradigm employees back to the comment, including Cathleen’s last name. This violates Cathleen’s request.
Ben is correct that the comment originally occurred substantially before Cathleen’s post. But this is immaterial. The point is that the poster re-added the names after the request had been made.
Norms that allow these posts would also allow more serious abuses
A further issue with this understanding of EA norms is that it would allow more serious abuses on the EA Forum. If this is not clear, I can provide some examples.
However, even if the poster had used only information from LinkedIn profiles and not their own knowledge, this would still constitute a reveal of private information because “private information” is context-dependent.
If you list your organizational affiliation on LinkedIn (and if you are indeed correct that Paradigm Academy was not trying to be a cover for Leverage Research that shielded it from public scrutiny), then I don’t think you get to complain when someone quickly googles you and finds your LinkedIn profile.
Like, if Scott Alexander had listed his real name on his about page, or on LinkedIn, connected to his pseudonym, then yeah, I would have also had very little sympathy for the objections to the New York Times. There clearly are degrees of what kind of connections you can make here, and searching an organization on LinkedIn really does not cross any obvious line here.
Maybe you are objecting to drawing a connection between Leverage Research and Paradigm Academy, but you are also saying that nobody was saying that Paradigm Academy was intentionally trying to not appear to be part of what was broadly known as “Leverage”, so I don’t understand how you can make both of these arguments at the same time.
If you list your organizational affiliation on LinkedIn (and if you are indeed correct that Paradigm Academy was not trying to be a cover for Leverage Research that shielded it from public scrutiny), then I don’t think you get to complain when someone quickly googles you and finds your LinkedIn profile.
First, as I noted in my response to Ben, some of the information included in the doxing was from the poster’s personal knowledge and not from the people’s LinkedIn profiles. Thus, you can’t defend the doxing by saying that the information was publicly available. It simply wasn’t.
Second, I am not complaining about someone quickly googling anyone and finding their LinkedIn profile. I am complaining about making it easier to harass people by posting a central repository of information about those people on a forum frequented by people with a history of harassing them.
It is certainly the case that former Leveragers took the release of their names on the EA forum as an attempt to invite harassment by members of the EA community. We were contacted by former Leveragers to see if there was anything we could do to get the names removed for this very reason.
I suspect the actual crux of the discussion here is that most EAs are unaware of the history of poor and bizarre behavior towards Leverage/Paradigm by members of the EA community. To help with the knowledge gap, I’m considering writing a Twitter thread that will share some of the most egregious examples.
At this point, the moderators are trying to focus on any practical steps we should take. Given that the names in question are encoded, and no one currently listed in the comment has reached out to us, we do not plan to take further action. Anyone who feels that private or incorrect information about themselves is posted on the Forum is always free to contact us.
Could you explain what’s not practical about these simple steps that you could take:
1) Create an EA Forum policy against sockpuppeting, and apply it retroactively to this case. This might naturally result in deleting the offending posts or adding a notification indicating they are sockpuppets.
2) Remove the encoded names and replace them with numbers per the edit your team made originally.
3) Change the word “doxing” to “deanonymizing” in the following sentence from the Guide to Norms (since the behavior you intend to prohibit is not doxing):
Doxing — or revealing someone’s real name if they are anonymous on the Forum or elsewhere on the internet — is prohibited
[Disclaimer, I have very little context on this & might miss something obvious and important]
In discussions of this post (the content of which I can’t predict or control), I’d ask that you just refer to me as Cathleen, to minimize the googleable footprint. And I would also ask that, as I’ve done here, you refrain from naming others whose identities are not already tied up in all this.
As there is some confusion on this point, it is important to be clear. The central complaint in the Twitter thread is that *5 days* after Cathleen’s post, the poster edited their comment to add the names of Leverage and Paradigm employees back to the comment, including Cathleen’s last name. This violates Cathleen’s request.
AFAICT the disagreement between Kerry and Ben stems from interpreting the second part of Cathleen’s ask differently. There seem to be two ways of reading the second part: 1. Asking people to refrain from naming others who are not already tied into this in general. 2. Asking people to refrain from naming others who are not already tied into this in discussions of her post.
To me, it seems pretty clear that she means the latter, given the structure of the two sentences. If she was aiming for the first interpretation, I think she should have used a qualifier like “in general” in the second sentence. In the current formulation, the “And” at the beginning of the sentence connects the first ask/sentence very clearly to the second. I guess this can be up for debate, and one could interpret it differently, but I would certainly not fault anyone for going with interpretation 2.[1]
If we assume that 2 is the correct reading, Kerry’s claim (cited above) does not seem relevant anymore / Ben’s original remark (cited below) seems correct. The timeline of edits doesn’t change things. Ben’s original remark (emphasis mine):
The comment in question doesn’t refer to the former staff member’s post at all, and was originally written more than a year before the post. So we do not view this comment as disregarding someone’s request for privacy.
Even if she meant interpretation 1, it is unclear to me that this would be a request that I would endorse other people enforcing. Her request in interpretation 2 seems reasonable, in part because it seems like an attempt to avoid people using her post in a way she doesn’t endorse. A general “don’t associate others with this organisation” would be a much bigger ask. I would not endorse other organisations asking the public not to connect its employees to them (e.g. imagine a GiveWell employee making the generic ask not to name other employees/collaborators in posts about GiveWell), and the Forum team enforcing that.
I disagree with that interpretation especially given the context of Cathleen’s post. It includes lengthy discussions of poor and bizarre behavior by members of the EA community toward Leverage/Paradigm staff.
I think reading Cathleen’s post and then re-adding her name is either an intentional violation of her wishes or, at a minimum, shows a reckless disregard for her request for privacy.
In any case, I don’t think this issue is central. The original comment already was doxing given the context, which includes the “question” to which it was a reply, the poster’s overall pattern of behavior, and the history of very poor behavior towards Leverage/Paradigm staff by members of the EA community. The poster’s behavior after reading Cathleen’s request for privacy simply makes their intention clearer.
Cathleen has also now commented above which I think clarifies how her request was meant to be taken. Here’s a quote (as context, she’s formatted her comment to be an idea for how CEA might have responded instead):
(At a cursory glance, it’s difficult to determine the most natural interpretation of the scope of Cathleen’s request, in order to assess the likelihood that the user was knowingly violating her wishes. We initially had a quite narrow interpretation, reading the quote out of context, but I think the situation becomes clearer if you take the time to read her entire post or the section that the quote was pulled from, entitled “We want to move forward with our lives (and not be cancelled)”, which includes a direct reference to LinkedIn/her intent to keep her work history private.)
Another question I wanted to ask is whether the EA Forum has rules against creating sock puppet accounts. This is defined as follows:
Wikipedia: “Online, it came to be used to refer to a false identity assumed by a member of an internet community who spoke to, or about, themselves while pretending to be another person.”
Urban dictionary: “A false identity adopted by trolls and other malcontents to support their own postings.”
I ask because it appears to me that the poster acted deceptively in managing their multiple anonymous accounts by (1) using a second anonymous account to reply to their first anonymous account; (2) promoting the actions of their anonymous account from their public account without disclosing that they were behind the anonymous account.
Most forums I’ve been a part of have rules against sockpuppeting, but reviewing the EA Forum rules and guidelines, I did not see anything about that.
Hi Ben,
Thank you for your attention to this matter. I must confess that I found the response confusing as you seem to be responding to claims slightly (though importantly!) different from the ones I made in my Twitter post.
Specifically, my view is (1) you are mistaken about the definition of doxing and have instead provided a definition of deanonymization; (2) this person’s behavior meets the definitions of doxing; (3) norms that allow these posts would also allow more serious abuses.
I’d also like to clarify that I am not at the moment accusing you or the EA Forum moderators of failing to enforce EA Forum rules or norms in this case. I am not deeply familiar with the EA Forum rules or norms, so I am indifferent on this question.
This poster violated the norms that I think would be reasonable for a high-quality discussion forum. I also think this poster violated standards of reasonable behavior for a person with high-status membership in an intellectual community. I leave the question of EA Forum rules and norms to you and your team.
Additionally, while I alluded to but did not directly discuss this in the Twitter thread, the EA Forum moderation team took several actions that lessened the harm this poster intended to cause. While I think further actions are warranted, I would nevertheless like to express my gratitude to the team for what they have already done.
On the definition of doxing
This is not the definition of doxing.
A simple internet search reveals the following definitions:
Wikipedia: “Doxing or doxxing is the act of publicly providing personally identifiable information about an individual or organization, usually via the Internet. . . . Doxing may be carried out for reasons such as online shaming, extortion, and vigilante aid to law enforcement”
Urban Dictionary: “Using private information gleaned from the internet to attack someone with whom you disagree, often by publishing their personal info, opening them to abuse and possibly, danger.”
What you provide is the definition of the much narrower activity of deanonymization. I agree that the poster’s behavior is not deanonymization. I never indicated otherwise.
Deanonymization is neither a necessary nor sufficient condition for doxing. It is possible to dox someone even if they maintain no anonymous identities (e.g., by publishing non-public information that does not pertain to an anonymous identity for the purposes of harassment). It is also possible to reveal a person’s anonymous identity without doxing them if the reveal involves neither ill intent nor ill effects.
Why the poster’s behavior is doxing
Doxing has two important components: (1) revealing private information; (2) with ill-intent. Below I argue that the poster’s behavior meets both of these standards.
The information was private
In the EA Forum comment where the doxing occurred, the poster says the following (emphasis mine):
The term “well-known” indicates that the information is not on their LinkedIn profiles, but is known to the poster. Thus, they relied on non-public information to associate the people with the organizations.
However, even if the poster had used only information from LinkedIn profiles and not their own knowledge, this would still constitute a reveal of private information because “private information” is context-dependent. Almost all canonical cases of doxing involve taking information that is findable on the public internet (albeit with difficulty) and then revealing that information in an adversarial context.
Consider, for example, the high-profile case of the doxing of Scott Alexander. Scott Alexander’s real name was not private in the sense of “not findable on the public internet.” Indeed, it could be revealed with a little bit of dedicated Googling. It was also widely known inside the EA and Rationality community. The Times’ threat to publish his real name was nevertheless a threat to dox him because it was not well-known to the readership of The Times.
Who was employed at Leverage and Paradigm was not well-known to the members of the EA community. Most of those who worked at Leverage and Paradigm had little interaction with the EA community. Thus, the information revealed was private in the relevant sense.
The poster acted with ill-intent
There are several ways to see that the poster acted with ill intent.
(1) The social context of this post is that there was a deterioration of the relationship between the Effective Altruism and Leverage Research communities. This is easy to see by reviewing the comments on the “Basic Facts” post, which are substantially negative. While one might dispute that the negativity is fair, accurate, or deserved, it was not considered so by members of Leverage or Paradigm staff. Thus, the EA Forum is an adversarial context from the perspective of Leverage and Paradigm employees.
(2) A review of the posting history of the anonymoose and throwaway accounts indicates that their primary goal was to spread negative information about Leverage and Paradigm.
(3) The context in which the people are doxed is in response to the following “question:” “To what extent is Paradigm Academy a front organization for, or a covert rebrand of Leverage Research?”
This is, of course, a quite blatant attempt to insulate nefariousness where none is warranted. There was never any attempt to conceal the relationship between Leverage and Paradigm by the staff of either organization. No information to indicate otherwise is ever presented by the poster.
(4) There is simply no reason to include the people’s names except for the purposes of doxing. The point of the comment is that there is a heavy association between people that worked at Paradigm and those that worked at Leverage. There is no reason that specific names need to be included to make this point.
(5) The post violated the letter and spirit of Cathleen’s request.
On this point, Ben indicates the following:
However, the full request by Cathleen is as follows (emphasis mine):
As there is some confusion on this point, it is important to be clear. The central complaint in the Twitter thread is that *5 days* after Cathleen’s post, the poster edited their comment to add the names of Leverage and Paradigm employees back to the comment, including Cathleen’s last name. This violates Cathleen’s request.
Ben is correct that the comment originally occurred substantially before Cathleen’s post. But this is immaterial. The point is that the poster re-added the names after the request had been made.
Norms that allow these posts would also allow more serious abuses
A further issue with this understanding of EA norms is that it would allow more serious abuses on the EA Forum. If this is not clear, I can provide some examples.
If you list your organizational affiliation on LinkedIn (and if you are indeed correct that Paradigm Academy was not trying to be a cover for Leverage Research that shielded it from public scrutiny), then I don’t think you get to complain when someone quickly googles you and finds your LinkedIn profile.
Like, if Scott Alexander had listed his real name on his about page, or on LinkedIn, connected to his pseudonym, then yeah, I would have also had very little sympathy for the objections to the New York Times. There clearly are degrees of what kind of connections you can make here, and searching an organization on LinkedIn really does not cross any obvious line here.
Maybe you are objecting to drawing a connection between Leverage Research and Paradigm Academy, but you are also saying that nobody was saying that Paradigm Academy was intentionally trying to not appear to be part of what was broadly known as “Leverage”, so I don’t understand how you can make both of these arguments at the same time.
First, as I noted in my response to Ben, some of the information included in the doxing was from the poster’s personal knowledge and not from the people’s LinkedIn profiles. Thus, you can’t defend the doxing by saying that the information was publicly available. It simply wasn’t.
Second, I am not complaining about someone quickly googling anyone and finding their LinkedIn profile. I am complaining about making it easier to harass people by posting a central repository of information about those people on a forum frequented by people with a history of harassing them.
It is certainly the case that former Leveragers took the release of their names on the EA forum as an attempt to invite harassment by members of the EA community. We were contacted by former Leveragers to see if there was anything we could do to get the names removed for this very reason.
I suspect the actual crux of the discussion here is that most EAs are unaware of the history of poor and bizarre behavior towards Leverage/Paradigm by members of the EA community. To help with the knowledge gap, I’m considering writing a Twitter thread that will share some of the most egregious examples.
Kerry, what are you getting at? What do you think was the harm or the intended harm of Ryan’s posts?
At this point, the moderators are trying to focus on any practical steps we should take. Given that the names in question are encoded, and no one currently listed in the comment has reached out to us, we do not plan to take further action. Anyone who feels that private or incorrect information about themselves is posted on the Forum is always free to contact us.
Hi Ben,
Could you explain what’s not practical about these simple steps that you could take:
1) Create an EA Forum policy against sockpuppeting, and apply it retroactively to this case. This might naturally result in deleting the offending posts or adding a notification indicating they are sockpuppets.
2) Remove the encoded names and replace them with numbers per the edit your team made originally.
3) Change the word “doxing” to “deanonymizing” in the following sentence from the Guide to Norms (since the behavior you intend to prohibit is not doxing):
[Disclaimer, I have very little context on this & might miss something obvious and important]
AFAICT the disagreement between Kerry and Ben stems from interpreting the second part of Cathleen’s ask differently. There seem to be two ways of reading the second part:
1. Asking people to refrain from naming others who are not already tied into this in general.
2. Asking people to refrain from naming others who are not already tied into this in discussions of her post.
To me, it seems pretty clear that she means the latter, given the structure of the two sentences. If she was aiming for the first interpretation, I think she should have used a qualifier like “in general” in the second sentence. In the current formulation, the “And” at the beginning of the sentence connects the first ask/sentence very clearly to the second.
I guess this can be up for debate, and one could interpret it differently, but I would certainly not fault anyone for going with interpretation 2.[1]
If we assume that 2 is the correct reading, Kerry’s claim (cited above) does not seem relevant anymore / Ben’s original remark (cited below) seems correct. The timeline of edits doesn’t change things. Ben’s original remark (emphasis mine):
Even if she meant interpretation 1, it is unclear to me that this would be a request that I would endorse other people enforcing. Her request in interpretation 2 seems reasonable, in part because it seems like an attempt to avoid people using her post in a way she doesn’t endorse. A general “don’t associate others with this organisation” would be a much bigger ask. I would not endorse other organisations asking the public not to connect its employees to them (e.g. imagine a GiveWell employee making the generic ask not to name other employees/collaborators in posts about GiveWell), and the Forum team enforcing that.
I disagree with that interpretation especially given the context of Cathleen’s post. It includes lengthy discussions of poor and bizarre behavior by members of the EA community toward Leverage/Paradigm staff.
I think reading Cathleen’s post and then re-adding her name is either an intentional violation of her wishes or, at a minimum, shows a reckless disregard for her request for privacy.
In any case, I don’t think this issue is central. The original comment already was doxing given the context, which includes the “question” to which it was a reply, the poster’s overall pattern of behavior, and the history of very poor behavior towards Leverage/Paradigm staff by members of the EA community. The poster’s behavior after reading Cathleen’s request for privacy simply makes their intention clearer.
In case it’s helpful and you’ve not read them, I think that the two main pieces of context that would be helpful are Cathleen’s original post and the Twitter thread of Kerry Vaughan’s that Ben West is referring to.
Cathleen has also now commented above which I think clarifies how her request was meant to be taken. Here’s a quote (as context, she’s formatted her comment to be an idea for how CEA might have responded instead):
Hi Ben,
Another question I wanted to ask is whether the EA Forum has rules against creating sock puppet accounts. This is defined as follows:
Wikipedia: “Online, it came to be used to refer to a false identity assumed by a member of an internet community who spoke to, or about, themselves while pretending to be another person.”
Urban dictionary: “A false identity adopted by trolls and other malcontents to support their own postings.”
I ask because it appears to me that the poster acted deceptively in managing their multiple anonymous accounts by (1) using a second anonymous account to reply to their first anonymous account; (2) promoting the actions of their anonymous account from their public account without disclosing that they were behind the anonymous account.
Most forums I’ve been a part of have rules against sockpuppeting, but reviewing the EA Forum rules and guidelines, I did not see anything about that.
Note that the two anonymous accounts are spaced a year apart; seems likely that Ryan lost the password to the 1st.
The obvious thing to do in that case is to disclose this in a comment somewhere.
Also, this defense doesn’t work for his efforts to promote his own anonymous posts from his public account.