A Letter To Jennifer Lawrence

Dear Jennifer Lawrence,

You and I don’t know each other, but I work in tech news and, as such, have read a lot of technical speculation and analysis of what happened to you and a group of other women who work in Hollywood over the long weekend.

While it is not exactly clear how your privacy was violated and your property was stolen, there is apparently an underground ring of people who spend their precious lives perpetuating these kinds of actions — “collecting” stolen, private images of both famous and non-famous women to gawk at in online backchannels.

Though I was aware through my job that this subsection of the Internet existed, I had no idea it was this orchestrated, at this scale. Quite frankly, this fact is terrifying.

Everyone has things on their phones they don’t want other people to see. Everyone.

It sucks to be a woman on the Internet when there isn’t some sort of bounty program for your private information. All day you are sized up and objectified and abstracted. Just read the comments. We are quite literally made inhuman online.

And we are dehumanized even further by whatever the hell is going on in Anon-ib and beyond. At its essence, this is a crime against all women, which is a crime against humanity, and no number of charitable donations can ever make amends for it.

If someone gives you generalized “advice” on what you could have done to avoid this, give them the bird. I’m sure you know by now how to pick a more difficult password and random answers to your security questions. If the theories are accurate, what went down is a bit more complicated than that, involving many different individuals and points of failure.

When the news first broke, I was angry that Apple makes people wait three days to enable two-factor authentication on their iCloud accounts. It turns out two-factor authentication may have not entirely protected anyone in this case. The criminals apparently used ElcomSofta law enforcement tool(!), to expedite the extraction of information from iCloud backups, not protected by two-factor.

“My iCloud keeps telling me to back it up and I’m like, ‘I don’t know how to back you up. Do it yourself,” you joked once. I have had the exact same thought at that exact same notification, because iCloud can be quite complicated: If you have Photo Stream toggled on (the default), it automatically sends your photos to iCloud, where they exist even if you delete them from your phone.

There’s a reason that a (technically inaccurate) movie was made about this process. The concept of automatic photo and video uploads is more fraught with issues than it seems at first, and there’s no automatic way to see what’s up there when it’s up there.

If I and other industry reporters like Mat Honan don’t know how exactly to absolutely protect ourselves, because the targets and tools are always changing, how will people who don’t have our exposure to tech? The onus is on Apple and other tech platforms like Google, Facebook, Amazon and Microsoft to keep their customers — us — safe.

Though stolen photos are being shared that have been extracted from Android and Windows Phone backups, too, I’m singling out Apple here because Apple, beyond any other tech company, prides itself on a seamless consumer experience. It’s done a very good job of hiding the technical aspects of its products for the sake of user friendliness: “It just works.” Well, not in this case.

Finally, I’m so sorry — I only hope that the people behind this go to jail, and that the mass awareness of that fact prevents anyone else from attempting something this vile. They’re to blame foremost.


Alexia Tsotsis

Co-Editor, TechCrunch