- Could they explore if the IRC gateway is turned on? If it is, they should be able to connect using their user credentials and suck out the history using an IRC client.

- Yes, they would, but it's another option since the API key is not.

- Registered April 2016.

- Registered through Google with privacy on.
.....17.10.2017 15:06:03, Merl (Nashville, TN): >>unsupported service message type: messageActionChatJoinedByLink<<

- Do we have an idea what is motivating her?

- Agree - unless she's a developer on the bot or in a high enough posiiton she wouldn't have need to know on that.

- I must admit to being very interested in the user list to identify if any of our local or regional troublemakers are on it.

- The whistle blower's goals are important here too and will impact the timing. If Charlie doesn't move on it they could assume he won't and release it through other means.

I don't mean to say that there's a deadline here, but there are lots of moving parts to be considered.

- IMO even if you remove guardian as a badge there is a certain set of player who will continue to treat it as a goal to eliminate their opponents guardians (even if they are not called that or tracked any more)

- It will be important to determine with near certainty the veracity of the information before inviting such a person into a chat with some/many from our side.
.....17.10.2017 15:44:49, Mantispidae - west tn: >>unsupported service message type: messageActionChatJoinedByLink<<

- I agree, just thikn it's important to note it won't be total elimination.

- Quite this. When our opponents will shell out hundreds of dollars to prevent someone getting a badge that's dedication to a cause.

- As long as the whistle blower is not compromised and is patient, imo.

- 56. :)

But intent understood.

- If it were my decision to make I think I'd target October 30/31 - the week before the next anomaly date to grenade RES orga leading up to it.

- I'd want to see user list before finalizing that - if a lot of RES leadership is on it the end result could be unpredictable. (Circling the wagons or mass defection)

- I understand that point of view... and would respond that it is a point in time with maximum strategic value but also a point in time when there will be maximum communications regionally as people finalize anomaly prep. It will be unavoidable for them to discuss it internally.

- The other part of that being that if they weren't being naughty it they woulnd't have a problem.

- I think this is an important point - the information released without editorial content will be impactful on its own. We can certainly boost signal around it.

- I think you have a reasonable point. That being said, I still believe maximum impact is desirable if the user list heavily implicates RES leadership.

- Even if we released it today it would impact 11/3 anomalies.

- If we didn't want to impact an anomaly it would have to be 11/6 or shortly thereafter.

- But could still have impact on the 12/2

- We clearly have some if-thens going here.

- Should we register thebrokersguild.party?

- As mentioned the domain was registered in 4/16 so it's 18 months old at best.

- True, I've should have said at least 18 months odl, sorry

- God help your tongue.

- The most recent the better if we can match that up to a scanner screen shot of the hit contemporaneous with the request.

- It’s important to tie the request for information to the action on it.

- I’ll set up my phone to screen shot every minute!

- I think it has to be recent enough so that it’s still in the scanner backlog.

- Yes for sure if they’re turned on. Might find them in Outgress if you’re not opposed to that.

- I turned it off hours after starting then turned it back on to fool around with Outgress.

- I hope they enjoy knowing my account started at the Corner Room. Then went to Sweden the next day. :)

- Caught me!

- [[Photo]]

- I was thinking about putting the dump on S3 or something and having a burner reddit account link it to start. Then everyone source from that so it’s somewhat anonymous.

- Concur. Should be a new room IMO

- Would have to be short timespan too - only a few hours in case someone leaks it early.

- I’d advocate a single anon post to reddit that can then be amplified.
.....17.10.2017 19:03:44, Charlie Arnold: >>changed group name to "Whistle Orga"<<

- Would be much harder to trace to a person or group and can be boosted through everyone’s local instead of a group curated for such.

- That way the public release occurs and since news travels fast we don’t appear to be astroturfing it.

- Yes that’s what I mean - not to dump the data on Reddit.

- Where can we host it that won’t be subject to abuse like S3?

- My concern with S3 is that they’d download it continuously to try to cost whoever hosts it money.

- The brokers guild.party is available. :)

- What about those crazy bgan rechargers!?!?

- Do we know anyone at IUENG?

- It’s over 7000 members.

- Yes and I’d love to track how many leave the slack or channels once it is released.

- 1 and 2 are near certainty. 3 is low likelihood amongst those serious about it.

- Yes and she should continue capturing the more secure stuff until release.

- Well it certainly reduces the amount of dirty laundry if someone does go rogue.

- In the case of certain people I can think of this would be a good thing overall.

- WB might already expect that. Charlie will have to figure that out when the time comes.

- I didn’t see any of our locals but the floor humpers are all over it.

- High PiT res

- I suggest this only means they are not admin for that slack.

- Someone mentioned a known Niantic dev on the list.

- Depending on their value to Niantic it would not surprise me for them to claim they’re a mole.

- Which if of European members might imply European law.

- How?

- I thought it was fire walled.

- Well the only saving grace is there’s enough there that it is real and if they’re peacing out they might not care.

- On the upside, if WB did look they know a lot of influential ENL are involved already.

- So that implies we are taking them seriously.

- Watch for the train wreck... coming soon. :)

- Check the pin. Other than that come have a drink. :)

- My voyeurism is unsatisfied - I expected to see our locals in the list but alas only the regional ones were.

- Well we know our local king shit of turd mountain lost a lot of face with global with how the Shonin shards were almost lost. Wonder if his not being in this is a follow on effect of that.

- Not to me. They’re regional.

- I expected Jillian’s doppelgänger or his sidekick.

- Ha. I finally got my first keep ingress fun email - maybe for calling him an idiot. Never got one for calling him an asshole so maybe I should just use that! :)

- I don’t think they trust him to get the job done so it’s unlikely it would even come up TBH

- Yeah - if distribution is generally through local chats then they surely had access through them.

- I’m floored by the top to bottom access to these tools and institutional acceptance.

- Root of that S3 bucket

- [[Photo]]

- Looks like it’s an exported report from the system IMO. Instead of running in real time it must export and then send you a link.

- Set your user agent to baidu :)

- I think Niantic is in a very tough spot with this. They don’t have enough spine to ban everyone on the list and it would decimate the RES. They have their own employee and “chosen ones” on the list too.

If I had to bet I’d say Niantic does nothing official. Embarrassment and derision might be the only repercussions.

- It appears our local did show up on the list. We knew he was a scraper but having public proof is very different.

- I think a certain segment will be embarrassed to be exposed. Others will play the “you do it too” card.

- I think I’d take the position that it can only logically be described as a scraper - paint any dispute to that as illogical on its face.

- I absolutely would not give anyone early warning especially Niantic. It provides far too much opportunity for them or the res to try to get ahead of this.

- Participating in a group that explicitly violates the terms of services of your employer’s application creates a foreseeable event that your employer could find out and be unhappy about it.

- IMO there’s too much risk in letting someone else get ahead on the story.

- TBH I don’t trust Niantic. It will embarrassing and they’ll want to control it.

- That’s pretty vague. If you’re hellbent on telling Niantic first then perhaps sending it to them at 8a Pacific with a release of noon is reasonable. They’ll have four hours but won’t be able to get far enough in front to control the narrative.

- A public release from Brokers Guild that some bad actors co-opted their chats for cheating. They are very upset and will root it out.

- One of their devs is in it. Do you think he wouldn’t tell them the instant he knows?

- I think there’s too much risk to lose the initial impact of the message. There’s a certain benefit to catching them flat footed and watching the response.

- It’s not bloodlust. I occasionally wear the tinfoil hat that has Niantic in the bag for the res. Finding a Niantic employee on the user list is troubling and leads to questions about how much information was flowing there. Giving advance notice gives them a chance to come up with something to try to mitigate it.

- What about a vague location in order to let us show the scale of the operation? Like state or country for EU people? Would be nice to have a map with places colored in to graphically demonstrate the scale of it.

- I don’t want to place them on the map, just color in the areas represented.

- The location information could be excluded from the release just use the map to visualize.

- Yes that’s the idea!

- No use for them in how we field.

- I’d shy away from AWS on the basis that I could imagine the res scripting downloads to run up the hosting costs.

- Ah, I suspect that could be done by getting the IP of the instance whether it be RDS or EC2.

- We should probably advise WB and see if it gets back to that slack.

- Be advised in the AMA he said he was backlogged almost 500 messages. Unless you send something that gets his attention he might miss it. Even though I think it’s a bad idea, if you’re going to do it at least make it fair. :)

- I know you’re not. Decision is made, I’m not aruguing it - just be fair if you’re giving him notice.

- I would not give him names. He can ask the vanguards to self identify imo - but that blows it open.

- If that’s the case then perhaps be less specific about The Who - state that it is several different types of people who are close to Niantic.

- Perhaps something along the lines of “we will be releasing information about a large RES scraper network tomorrow after 1pm. While reviewing the information we found some people in trusted roles. Please be prepared to respond tomorrow afternoon. No further information is available at this time”

- They’d probably want all the evidence quietly so they can digest it and determine how hard to smack hands.

- Free up time. Remember I think it’s a bad idea to tell them ahead of time anyway.

- We should be careful publishing that screenshot as if they have any sense they’ll be able to track who looked that up and know the leaker.

- Of course if WB is going scorched earth and doesn’t care that is different.

- Ah ok.

- In some areas where ENL win in spite of it there will be positive feelings too.

- Wow, just sat down and started looking at the riot docs - it couldn't be more obvious they come right out and say it.

- Also appears to be an SQL interface, I wonder if we could get the SQL server to identify itself so we'd know more about where it's hosted.

- While reviewing the information we found some people in trusted roles.

- A RES scraper network imp[lies they are RES. :)

- And drink the scotch and bourbon we will anonymously send. :)

- For all this automation she's described the RES certainly haven't taken advantage at anomalies.

- Well that will go well if he's on vacay and there's no Niantic response until Monday at the earlies.t

- This leads me to wonder if there's not a feed from the backend Niantic is unaware of that contains some of this information.

- The guid part I know about, but getting mod install info as a feed? I don't think the scanner even gets it that way, you have to bring up the portal info in the scanner or in intel - so are they scanning portals constantly?

- This is what I'm wondering - maybe not direct access in but a feed sent out?

- How? It's not like that is sent as a feed to the scanner or intel.

- I really didn't think mod changes were reported to the scanner that way.

- I know reso/cap/status is sent as a feed, I just didn't think mod was.

- Is it possible for the dev to flag accounts so they won't get banned? Trying not to be too tinfoil hat here but the dev being involved makes me wonder what resources are available to them.

- And they're doing it for fun. Imagine what's going on in the real world with people who have a financial motivation. :)

- They just posted a db pull and commit to take it down shortly.

- That sequence will be very difficult for Niantic to look at and not ban, imo. But they'll find a way to do the wrong thing anyway.

- Yes, direct evidence of query, request, and action.

- Not much else at this point. :)

- It really is perfect - there's the request for data on a player, then the request for the nearest res, one committs to hitting it in slack but before he can the first player returned goes and hits it.

- The new screen shots show the requests in slack, then I looked in intel and the hit happened at 15:18 EDT

- Perhaps we will get lucky and get another couple of examples before tomorrow.

- I would suggest remaining anonymous. There's going to be a lot of pissed off RES and potentially someone without a job over this.

- Mod placement yes, hacking only no.

- Europe is +5 minimum from us so a lot of them will be headed to bed soon. Maybe we could ask them to be prepared to signal boost a major announcement in the early evening their time tomorrow - but explain details are not available until shortly before release?

- Our contact says they are pinged.

- I think they’re central.

- We should watch that portal.

- In the chat with WB - she’s posting another hit happening.

- No we chose to expose ourselves to WB.

- Then just give us an API. :)

- Brilliant!

- Maybe not edt but it is 1 pm somewhere.

- Heh. I’m not trying to rush it. I must admit to wanting to see some squirming.

- You have to seed it to start at whatever number the count is for users. :)

- Isn’t ours built on liver stretching and cats?

- That’s a serious call out.

- Any interest changing thousands at the end to “five figures”

- Good point.

- I don’t know if it is helpful but perhaps reminding people just because someone is not PRESENTLY in a channel doesn’t mean they were not in it at some time - all the channels we have information for are open. It’s clear the expectation is that if you have access to this slack then “you’re in on it”

- If the release is handled as discussed and WB/Krug keeps quiet about The Who’s there shouldn’t be anything to directly connect any of us to it.

I know there’s IFs in there but imo that’s why we designed the release the way we did.

- Is he making edits?

- Perhaps just leave it as "simulating a legitimate scanner" ?

- Yes, I think the more we say "Hey, look what I saw today" the more anonymous this group remains.

- IIRC it will be an anon reddit post to get it out to the world then the rest of us can boost it from there.

- I'd really like to get this to our core high OPSEC locals so they can be prepared to signal boost as well... maybe 15-30 minutes prior to release but waiting for guidance on that.

- On wordpress.com, right? But someone would have to come across it or find it in a google search after indexing.

- True - so embargo until the reddit post is made, imo.

- heh I still think thebrokersguild.party or thebrokersguild.wtf would be funny.

- heh oh yeah, sorry. :)

- Back to a previous message, do you think it's a good idea to note at the top of the roster page that all channels are open and jsut because someone isn't listed in a channel doesn't mean they have not been in it nor that they don't have access to it - simply being in the slack means "you are in on it"

- I'm afriad a number of people will say "but I was only..."

- That's their web page domain.

- WB says RIOT is offline. If we trust everyone in our group then Krug/Niantic spilled the beans.

- If RIOT is offline due to the pending release then we might as well push it through and relase as soon as its ready, imo.

- That's an interesting twist that directly connects Niantic to it.

- Too late to argue it but I wouldn't have done it. Water under the bridge.

- Is there an objection to my discussing it with our high OPSEC locals? No one in our group knows about it except our TGR locals.

- I asked WB if there was chatter in the slack about it yet.

- Depends if they think only RIOT has been compromised.

- [[Photo]]

- Well is it real that Niantic has control of it or are they playing us now that they know we know.

- Depending on who owned it they could have repointed it today.

- BUT if they control who owned it it implicates Niantic as complicit.

- Anyone have a DNS tracker to see if it has changed?

- TTL on the record for riot.one is 5 minutes. Doesn't mean anything itself as I use 5 minutes too but they could change the IP it points to quickly and put up a splash then move the interface to a new URL.

- And it appears to have leaked to the RES...

- I don't know, I think it shows a direct link from Niantic to the RES - something my tinfoil hat has long suspected. Unless it is a legitimate Niantic takedown they'd have to explain how the news got to the RES.

- Speculating entirely, was their employee an admin? If so, they could have demanded it in exchange for keeping him employed?

- I don't mind a 1p release but we have to be very careful Niantic doesn't get the lead on this. That was my fear in going to Krug.

- Heh, tried to make it yesterday. :)

They have to somehow distance themselves from it and DAMN fast because they're essentially connected.

- So let us assume for a second that NIA really is involved in the RIOT shutdown... What's the next step for them? Timeouts for the agents leading to bans? A release discussing the matter? How do they get away from having insiders involved?

- It's on reddit!

- [[Photo]]It's on the internet, it has to be true! :)

- So NIA doesn't control it but they were tipped off.

- So NIA is connected to the RES but lacks control of those who control riot.one.

- Yup.

- It will be linked so many ways from sideways they won't be able to trace it back.

- How many RES looking for themselves? :)

- Counter is over 23k now.

- WB says the slack is locked down now.

- WT is digesting it as well.

- Ok, so should we lay odds on Niantics response? I think the worst that comes of it is trusted people lose their position of trust and some people catch short term bans.

- Your circle is complete. :)

- Correct but I believe we know enough to know there's a leak from Niantic to the RES.

- Someone is definitely moderating reddit - went from 23 down to 14 comments.

- So I'm actually going to go eat lunch - it will be hard as I want to keep watching this develop. :)

- Counter at 63k - lots of hits.

- Someone should remind Krug that you don’t have an account on Slack just because you were invited.

- Surprised?

- That’s what I was going to ask.

- That’s good for us. The more he brags the more it confirms it and makes it harder for Niantic to poo poo.

- The res who embrace and wear it as a badge of honor will reduce the plausible deniability of the rest.

- Getting the bragging screenshots to Krug (and Niantic by extension) will be critical to show they can’t poopoo it when the player openly admits to it.

- No. Not a technical but policy limitation.

- Circling back to Krug, it should be made clear that all the channels for data pulls were open - if you were in this slack it's because you knew what it was.

- There won't be a change in game mechanics unless thers is a consequence from Niantic.

- We can only hope. :)

- I don't think they understand their name is on a list because they actively participated in the slack - at least in signing up for an account knowing what it was.

- Probably not, especially if you believe that 2.0 has changes which will disrupt it.

- But looking at how endemic cheating is to PhGo I'm not excited about it.

- So is or is not slackfarmer an employee? On Reddit they say he is not but Krug is interested in him specifically.

- Yo dawg we heard you like banning spoofers so we put banned spoofers in your banning spoofers tool!

- Did anyone ask Krug how the RES got a heads up this was coming out?

- I haven't had this one yet but, "We're not talking about that right now. We can talk about that after we talk about this."

- Whataboutism.

We can absolutely discuss it, but not as a diversion from finishing discussing this one.

- Heh, my recruit in San Diego just texted it to me - says its all SD locals have been talking about today.

- But WB doesn't disclaim. Also, WB's English is very American if native Polish.

- If only to get a multi-day cycle going about it that will be hard for Niantic to continue ignoring.

- Get a VPN and click the link from China.

- Or Russia.

- lynx FTW

- Almost 250k hits now.

- How did that happen?

- Wow.

- Someone wants it shutdown.

- I suspect that riot going down came from Niantic.

- I’d have a stroke if anyone was banned from this already. Maybe only the guardian hit people.

- Google Authenticator is great to have especially on iOS. Ingress used to shit the bed in low signal situations and make you authenticate again

- Did you set the password to riotdotone?

- Correct horse battery staple

- You're not supposed to but if you send it to me I won't tell!

- Wasn't his repsonse "you don't want me to answer that"

- One of our local res baiscally said he didn't care, "iitc is cheating so everyone is cheating."

- I'm gonna register guildgate.com and point it to the WP site!

- heh

- He had to know he'd catch abuse with this group.

- Hrm telegram won’t load from 1a to 8a. :/

Nadia sorry to hear you are catching grief.

Necro - what do we expect? I’d like to see bans for the agents involved in the anatomy of a hit and substantial timeouts for everyone else but that’s highly unlikely.

Niantic - Id bet dollars to donuts the dump leaked to the res from Niantic and would enjoy seeing them squirm trying to explain it.

- I don’t see how that is a mitigating factor.

- The information was also shared to NIA Ops at their request before release. Subsequent to that but prior to the release they go into lockdown.

- If Niantic is asking for the information, presumably in confidence, how does it get to the RES?

- Positive posts or horse shit?

- Just a load of bullshit but basically confirms NIA shared the dump.

- I get a kick out of the spoofing allegations. In our region that’s all they did until stlcard caught a long term softban.

- But querying for an agents oldest portals and killing it an hour later totally solves spoofing.

- They must think people are morons.

- And I still want an explanation from Niantic as to how the dump got to the RES.

- It’s also an acknowledgement that it’s all real.

- I keep banging the drum but I think Niantic has a lot to answer for here.

- Yes that’s possible, even expected. Mostly the reason I thought it was a bad idea.

But it also establishes a clear link from Niantic into this - if the employee was there for research purposes why tip off the res. The tip off occurs only when they know they’re doing wrong.

- Yes, RIOT is not down and I suspect all the local bots are working fine. If there's been any disruption it is to front end access.

- Or trigger Niantic to actually disavow this nonsense. I'm still convinced Niantic (whether Krug or the employees) tipped off the RES. Implying Niantic supported it in that email might force stronger condemnation and distancing from Niantic.

- The RES convo shared earlier here makes it clear - you weren't in this slack by accident.

- Yes, but we need to make sure people realize that when they see that bullshit excuse.

- It probably is but since I dont trust Niantic to begin with it forces them to say somethign about it rather than ignore it.

- So they sent Krug screenshots right out of RIOT?

- TBH, Krug seeing a screenshot of scraping and not acting on it puts him in the bag for the RES too.

- Objective observers will know that's bullshit.

- But putting him on the spot isn't a bad thing.

- Who controls the narrative right now? Objectively, we do. Let's get info out there that drives the conversation. Once Krug is back and Niantic starts talking they'll take control.

- Content wise it is good. We should consider how to update people on this - another reddit post saying more info has been posted?

- Maybe for emphasis bold the line, "It remains unclear how a farm..."

- On the basis so many of them want to hang their hat on that.

- I think we should consider a post for the future that ties it to Niantic - the screenshot above, a timeline explaining disclosure to Krug and Niantic, the leak to the RES. Not for today but maybe for Monday first thing to stay ahead of Niantic's response (cause I don't think they'll do anything today or over the weekend)

- IMO if Krug was aware and did nothing he needs to squirm and explain it.

- Yes, the redditor claimed automod did it.

- Out of curiosity, what's the unique count up to? We're close to 24 hours here.

- Still 25k is a lot, perhaps as much as 10% of the active player base.

- EDT is UTC-4 so 8p last night.

- I put it in our local slack too. I'll drop it in some others.

- Well they're watching anyway. :)

- Frankly, he's already demonstrated that he tolerates the RES scraping.

- And, at best, let someone at NIA know this was coming which resulted in the RES finding out.

- I don't like to think people are dumb but this Ruth person's post really makes me wonder.

- allegedly.

- No I mean allegedly to catch spoofers.

- An MITM setup. Interesting.

- Does he mind if it is attributed to him? Might be better to place the text and attribute it to a NA RES player.

- Then when they moan and bitch that it's fake that could be provided as backup.

- Do we have any to begin with? They leaked it to the RES.

- Heh you could ask in passing if he knows anyone on that list. :)

- Takes away to innocent argument.

- So he was that open about it?

- I think we knew that the slack was only part of it.

- He had proof of use sent to him months ago.

- Good. What's on tap for tomorrow?

- IIRC IO was used to register for Persepolis DC.

- If I am remember correctly that's a lot of accounts that aren't used but will point to a lot of people.

- Oh sorry, you guys are tlaking Cactus... I need a nap.

- I've got 50 ADAs burning a hole in my pocket. I'll go get myself! :)

- Reply in comment with 3+ of the G+ posts from RES admitting it.

- I'll be there in two weeks if you want to leave them with someone I can collect them from.

- Doesn't sound like much. I'm flying business. Only problem is I'm flying to LA from Europe, not directly home.

- But I can send them to you from there or we can work out getting them mailed out from there.

- True - post the sampling and retort on the Wordpress and stay anon.

- Forgive me for speaking ill of the dead but Philley was a worthless cheater too.

- Go back to the comments from the res Charlie posted. If you were in that slack you were there for a reason.

- Can you download the location list we can dump into a spreadsheet and make Intel links out of it?