Brokers Guild Scandal Day 730
October 19, 2017, shortly after 11:30 AM, Cleaningress published Inside The Brokers Guild. Inside The Brokers Guild was an investigation that exposed the existence of a Resistance-only Slack. The Slack had channels with bots that were connected to scraped data. Even more insidiously, their whistleblower had provided them with screenshots that showed members of The Brokers Guild using the bots to coordinate the kill of an Enlightened guardian.
The members of Cleaningress had previously leveraged sophisticated campaigns across social media networks to manipulate Niantic into restoring anomaly badges, #rechargeisfamily, for recharge room participants. Niantic had stopped awarding badges to recharge room participants following a minor scandal after POC’s were caught giving badges to agents who hadn’t participated in the recharge rooms. Their social media campaign forced Niantic to award recharge room badges again.
The Brokers Guild would receive a similar treatment.
Inside The Brokers Guild included a list of nearly 800 Resistance agents who had access to the Slack. The list didn’t show how recently the agents had visited the Slack and the Whistleblower had explained to Cleaningress that you didn’t have to be active in the Slack to still be listed as a member.
Publishing the list had the effect of turning those Resistance agents into targets. Many of them were threatened at home and at work. There appeared to be a campaign to turn many of their homes into portals titled “Local Brokers Guild Headquarters”. Many of them suspect that their property had been damaged because their name was on the list.
This was something that the members of Cleaningress should have expected. After all, they were warning each other that it might happen to them:
Everyone, I don’t want to sound like an alarmist, but just in case anyone hasn’t thought about this already - information gets out. It’s safest to assume that the RES who are about to be vilified will get a partial picture of who we are and the work that we did on this.
It’s time to change all of your passwords and perform a general personal infosec hygiene pass.
This is something that we should all do more often anyway. So do it.
Publishing Inside The Brokers Guild was just the beginning. Cleaningress had plans to signal boost their message with Google+ and Reddit posts. Within a few days they would have a scary sounding Youtube video, complete with stock footage and screenshots from scrapers run by Enlightened agents, and eventually they even got their article in Kotaku.
The worst part is, just like with #rechargeisfamily, it worked and Niantic succumbed to the lynch mob that Cleaningress had created. The nearly 800 agents whose names had been published by Cleaningress were no longer allowed to participate as POC’s at official Niantic events like anomalies or mission days. The owners of the Slack had their Ingress accounts permanently banned and they received cease and desist letters revoking their permission to play Ingress.
Niantic violated their own policy by privately communicating the actions taken against The Brokers Guild Slack owners directly to members of Cleaningress. Anybody who has filed a report with Niantic should be familiar with this verbiage:
For privacy reasons, we cannot discuss actions taken against other agents; therefore, you will not receive any additional updates on this report.
It’s widely believed that Niantic’s disproportionate response, and violation of their policies by communicating the details of the cease and desist letters directly to Cleaningress, justified acts of violence against members of The Brokers Guild.
Eventually Cleaningress would publish a similar expose about the Enlightened tool called Drunken Frog Bot. The new site was titled A sobering investigation of Ingress guardian scraping and included a list of nearly 300 Enlightened agents. Niantic responded to the latest investigation with 30 day bans for most of the Drunken Frog members. Other Resistance and Enlightened agents received 30 day temp bans without any explanation.
Following similar leaks of tools named Goldfish and CakeMod, Andrew Krug announced in an AMA that Niantic would no longer respond when information was released into the public domain:
Q31: Sascha Kruszka TinyDragon - with the leak of - CakeMod some further questions came up.
It is mentioned on the wordpress webside that NIA was informed about this “tool” but didn’t gave any feedback on it.
Is NIA aware of this issue?
Is it possible for NIA continue reading identify agents using this mod?
What is NIAs strategy regarding those third party ISTKit, Ganess, cakemod, etc tools?
What will happen next to that agents?
A31: I spoke to NIA OPS and the product team.
Public leaks have contained much more extensive information however once the info is public, it is harder for us to act on or investigate further to collect the data we need.
We are against making private information public.
Any additional release of private information in the public domain will not be responded to.
Any tool that violates TOS is not allowed check this out players found violating the TOS will be dealt with accordingly.
The timeline we follow for any incident varies according to multiple factors.
Had Niantic learned their lesson? Or had they just become weary of the steady drumbeat of leaks and investigations following publication of Inside The Brokers Guild? Was Niantic serious about trying to stop scraping? Or was it all just a reaction to having been embarrased by Cleaningress?Card
Members of Cleaningress are still talking about scrapers but the “investigations” have stopped and agents feel free to brazenly post data from scrapers in the official Ingress forums. A cynic might believe the members of Cleaningress were never really serious about their campaign against scrapers and without the bad press Niantic doesn’t care either.