回到Silas S. Brown（赛乐思）的网站首页
I am not Sina Weibo's silascambridge: theft of a virtual identity
In 2003 I befriended a visiting scholar from Tsinghua University who researches Internet media and social culture, digital preservation and dissemination, and interactive media design. I was writing up my thesis on Conversion of Notations and had only recently started developing language-practice software so we had much to discuss about "E-Learning"; I also helped codify Nu Shu music her team was working to preserve and she introduced me to pen-sized digital voice recorders.
In 2007 I befriended another Beijing visiting scholar researching English literature including Thomas Hardy. It was thanks to her encouragement that I went public with my translation of Xu Zhimo's poem. (Both scholars visited my parents and thereby saw Hardy country.)
In 2010 the Internet media and social culture professor started what could be called a quirky experiment: give me a Chinese social media account. The literature professor was highly supportive, persuaded hundreds of people to "follow" me and mentored my attempts to interact with them in Chinese. I'm not a born "blogger" and wasn't sure what I was doing with a Weibo account, but as it was my two friends/mentors, I didn't mind writing a little to see what happens.
The professor had associated my Weibo account with an email address hosted at Chinese provider 163.com. My Chinese level wasn't good enough to tackle Sina Weibo's "Terms and Conditions" pages, so I guessed they probably required a Chinese-provider email address for signups. Furthermore, the (19-byte) email address she specified started with the letters "liren", a Chinese homonym of "beautiful woman" or "altruist", so I imagined it was one of her own email accounts---silly me didn't think to check if she meant to give me the email account as well as the Weibo account.
So I had the Weibo password (which I promptly changed to an unguessable string of random characters worthy of a computer scientist), but I didn't have the password for the "liren" email account, which was effectively a "back door" into the Weibo account because anyone with access to "my" email could ask Weibo for a password reset. That was OK while the "liren" email was controlled by the professor, but in 2015 she couldn't get in anymore.
I don't know exactly how control of that 163.com email was lost. Perhaps it had a weak password, or perhaps it expired through lack of use and somebody else chose the same address. When my Weibo password stopped working and the professor couldn't reset it, she told me not to worry because Sina Weibo is now losing relevance (Weixin/WeChat seemed to replace it for many).
But somebody got in to my Weibo account and proceeded to write advertising copy in my name. Not only that, but Weibo posts are now visible in Google search results (unlike in 2010), so the whole world could find the picture that another Chinese friend took in the British Museum in 2003---me with the Cyrus Cylinder and other artefacts---and my Chinese self-introduction---all apparently lending an air of credibility to products I know nothing about and which might be unsafe.
Facebook has reportedly used people's names and pictures in advertising, which is one reason why I refused to sign up to Facebook. Sina Weibo didn't do it officially, but it's easy to lose your virtual identity to rogue advertisers if it's backed by a flimsy 163.com email.
My last genuine post to Sina Weibo was 1st November 2015. The fake posts started on 8th November and continued (often at the rate of several per day) until mid-December, when for some reason new posts were (temporarily?) stopped.
I discovered the problem a year later, and put up this Web page to try to let people know "silascambridge" isn't me and I do not endorse anything it says. Shortly thereafter, I discovered that my UK mobile number, which I thought had failed to bind to the Weibo account (I never received the original confirmation SMS, and assumed they couldn't send them to the UK), had in fact bound and could be used to get back into the account. However, I still haven't found any option to change the 163.com email address used as a login name, so the intruder can get back in at any time. As I can't delete the Weibo account, I deleted all posts, pictures, etc, and tried to make it obvious that the account is not "mine" anymore. (I can't control what they add.) I'm still afraid there might be archives of the old version floating around somewhere.
I also noticed that the amount of third-party advertising on Sina Weibo's website was much greater in 2016 than it was in 2010 (especially for those viewing it without logging in, which was not an option in 2010), leading me to doubt the wisdom of using such a platform for anything resembling serious thought, since it's not a particularly "peaceful" virtual environment now even if it might have been before.
Before deleting, I copied out 210 kilobytes of posts and comments (but didn't save the pictures); perhaps I should look through this to find what (if anything) could be put on the Web for a wider interest, but don't hold your breath.
Further investigation showed the original Tsinghua scholar's microblog had also been blanked. The other scholar was still going, as were many of the 'followers' she'd introduced to me---some had not posted for over a year, but others were still active---or at least their accounts were. (In light of what happened to mine, I'm not sure I should imply any account is still connected to its nominal owner, unless this is positively clear from the published content. 'Re-tweets' of online gossip could be done by a robot.)
The system told me the intruder(s) had connected from IP addresses in ChinaNet's Zhejiang Taizhou network, but that information doesn't help much. It also said their last 37 posts had somehow accumulated 79,000 impressions (called "reads" in Weibo, but I find it hard to believe everyone whose screen it appeared on actually read it, so I'm using the advertising-industry term "impressions"). The median was 566 but two were above 10,000---one of these had been forwarded but I'm not sure how the other got so much attention from my 269 followers. Perhaps it happened to show up more in searches, or perhaps it was ephemerally placed on the site's front page when new and an unusually high number of people happened to be logging in at the time (I don't have Sina's traffic graphs but I wouldn't be surprised if there are noticeable increases at television-programme changes like there are on the UK power grid). I didn't try to 'decode' all the posts---presumably they were complex references to Chinese popular culture in an attempt to gain clicks.
UpdatesIn June 2017 it was no longer possible to check what the account is saying without logging in to Weibo (although some public accounts could still be checked without login), and my login had stopped working again. I reset the password via SMS but didn't see it had made any new posts.
In January 2018, after Cambridge University Library pointed me to an electronic resource that required a Weibo login, I once again needed a password reset and this time didn't receive the SMS. There was now a backup option that involved scanning my UK passport and specifying the month the account was created and a couple of passwords that worked in the past (information that should also be known to the intruder(s), so it depends how closely they check passport images). It was now possible to change an "email address" setting, but the email address used as the login name is still unchangeable and isn't mine. (The "Edit" button sometimes shown beside "login name" simply takes you to a "change password" screen, not to a screen that actually lets you change the login name---that's a user-interface design mistake. A routine check in May 2020 showed this situation had not changed, although my account had not been disturbed in the meantime.)
Meanwhile I started using the 2003 British Museum image as an "avatar" on other websites (GitHub etc), seeing as it was now widely visible anyway. It could probably do with an update though.
Post about London Chamber OrchestraOn 3rd May 2011 I posted a screenshot of a BBC broadcast (assumed fair-use as a review quote) which featured a close-up of a member of the London Chamber Orchestra playing at the 2011 royal wedding. I did not name that musician, but somebody did in the comments. I didn't think this would matter much, as Sina Weibo was not at that time searchable via Google etc. But it became so later, and thus made things look in retrospect like I'd contributed to a press leak when I hadn't.
The London Chamber Orchestra agreed among themselves to have no individual publicity for their performances in the royal wedding---all credit was to go to the LCO as a group. It was OK to tell friends and family, but not the press.
A leak did occur to some local papers, which then ran stories about that trumpeter. These reports were apparently tipped off by an extended family member who had not been properly briefed about the LCO publicity agreement. Since our immediate family respected that agreement and replied "no comment" to all press enquiries, I'm not sure how the Somerset Live journalist ("Dorset trumpeter is a brass act at royal wedding", 5th May 2011, online until 2016) ended up with a supposed quote from my father, especially this sentence:
"Silas plays the flute and we had no idea they'd both be professional musicians."The journalist was clearly under time pressure and muddled up some sources. Even if my late father had commented, he wouldn't have implied we were both professional musicians, since our family's definition of "professional" involves exceeding Diploma standard and getting paid for concerts. But it's plausible that someone else said this and a hurried editor misattributed it.
(Similarly, they had me "currently studying for a PhD at the University of Cambridge" 7 years after I'd obtained it, but never mind. In the 1990s a similar local paper reporting on the same trumpeter had made Liverpool-bred conductor Simon Rattle an alumnus of the local school in Bridport, to the amusement of the retired teacher in our family who didn't remember teaching him.)
At any rate, even if the local English press had been able to understand my Chinese (unlikely if they were in a rush), they shouldn't have had my Weibo post of 3rd May 2011 and the resulting dialogue as one of their sources, since it was not generally available at the time. I didn't know Sina developers would open it up to the search engines later.
QQ number stolen as well
In 2020 I was attempting to create an account on a Chinese code-hosting site called Gitee (so that people in China can still access my code in the event of Western sites becoming inaccessible there), but it asked for a mainland-China phone number and said this was for "legal requirements"---but nevertheless allowed me to create code repositories without one. I wanted to contact their support team about this, and the only advertised way to do so was a QQ discussion group. I had not logged in to QQ for many years, and when I tried to do so again, I found my QQ number had been bound to a mobile in China which wasn't mine. That QQ number had a strong password on it, which presumably somebody managed to brute-force without locking out the account and then bound it to their own phone number (apparently without changing the password itself, which I assume would be necessary if they took advantage of some insecure "forgot password" arrangement with guessable answers like 'which of these are your contacts', or if QQ reassigns old numbers). If their purpose was to trick my old contacts into sending money or something then I hope it failed. QQ number 573087366 is a stolen number and you should not trust anything it says.
All material © Silas S. Brown unless otherwise stated.
Facebook is a trademark of Facebook, Inc.
GitHub is a trademark of GitHub Inc.
Google is a trademark of Google LLC.
WeChat is a trademark of Tencent Holdings Limited.
Weibo is a trademark of Sina.Com Technology (China) Co. Ltd.
Any other trademarks I mentioned without realising are trademarks of their respective holders.