Recently, the news that Pinduoduo dismissed employees who posted anonymously attracted public attention. On June 7th this year, at 65438, Wang, a former technical development engineer in Pinduoduo, posted anonymously on a social platform in the workplace. The content is "The second Pinduoduo soldier fell down", and it is accompanied by a picture of an ambulance parked outside the office building. The location is shown as Pinduoduo's office. The incident escalated further. On June 65438+1October 10, Wang updated a video titled "I was fired by Pinduoduo because I saw my colleague being carried into an ambulance", saying that after posting anonymously, Pinduoduo found himself in a short time and fired himself.

Pinduoduo publicly responded to the reason for Wang's dismissal, saying that Wang was dismissed not because of anonymous posting, but because the company found out through pulse explicit ID(JgD+STsWV2E) that "Taixu's past speeches were full of" bad extreme remarks ",including" wanting xx to die "and" promoting xx's ashes ".

In this regard, Xie, member of the Standing Committee of Internet Society of China Cyber Security Working Committee and vice president of Shenzhen Network and Information Security Industry Association, told Red Star News reporter that under normal circumstances, the platform cannot obtain the real information of anonymous users through a clear ID. If employees post in the office environment of Pinduoduo Company, then Pinduoduo Company has the right to find some relevant information and point it to employees in the monitoring and auditing of the company's network assets, which is reasonable and legal.

Screenshot of information leaked from the online "Taixu" database. Lock anonymous users with crawler software?

Expert: There are many ways to find out the true identity behind the ID.

In the incident of "Pinduoduo dismissed the employee who posted anonymously", Pinduoduo responded that Wang was the poster through multi-person search and comparison. On June 65438+1October 10, the social platform issued an official response, saying that it would not provide users' information in the post area to third parties in any form. As for the online query map of Wang's database, there are rumors on the Internet that Pinduoduo locked the anonymous user himself with the help of a clear ID number.

Then, is it possible to realize the technical path behind the means of explicit ID locking the user himself?

In this regard, Xie, member of the Standing Committee of Internet Society of China Cyber Security Working Committee and vice president of Shenzhen Network and Information Security Industry Association, said in an interview with Red Star News reporter that under normal circumstances, the platform cannot obtain the real identity information of anonymous users through a clear id.

Xie said that there are many ways to find out who is behind Pinduoduo id. According to Pinduoduo's response, he didn't use illegal means to search for data, but according to the feedback from his internal colleagues, he "highly suspected" that he was Wang, and it was only after Wang himself admitted that he learned the real information behind his anonymity.

"Pinduoduo really doesn't need to get the real information of the poster through relationships or technical means." Zhang Ruidong, CEO of Chengdu Sugar-free Information Technology Co., Ltd. and a special network security expert of Sichuan University, said that since the poster is an internal employee of the company, the poster can be locked by combining the shooting angle of the photo with the company's surveillance camera.

In addition, it was explained that according to the network characteristics of the equipment used by Wang, if the poster was using the company's network at that time, even if there was encryption in the communication process, the poster could still be easily locked by technical means.

"In other words, as long as the network administrator in Pinduoduo counts the devices connected to the pulse server in the network, and then uses these device characteristics to match their own network services, it is easy to find the poster." Zhang Ruidong explained.

Information released by Pinduoduo

Can posting anonymously really make me invisible?

Expert: The platform can only provide limited anonymity

According to the public response of Pulse 65438+ 10/0, in terms of user information management, under the premise of strictly observing the relevant national laws and regulations, the user information published in the workplace will not be provided to any third party in any form, and the personal information will be provided with extremely strict and complete security.

In the notice, Pulse pointed out that in order to ensure the safety of posting, "professional words" strictly encrypted the user's publishing identity through asymmetric encryption technology, and even the internal staff of Pulse could not obtain any personal related information.

Regarding the content of the pulse notice, Zhang Ruidong believes: "Pulse is considered from the company image, and there is no need to deliberately hide it in this matter." Zhang Ruidong explained that anonymity is the foundation of this platform. If this link cannot be guaranteed, too many customers will be lost. Zhang Ruidong pointed out that Pulse will not open inquiry channels for other companies (non-law enforcement agencies) at will.

Xie said that in fact, the owner is not sure whether the information has been leaked. The only certainty of the platform is that it has not found any information leakage.

"Encryption of any strength and in any way, even if it cannot be cracked, can only protect the encrypted data from being read. Due to the requirements of supervision or audit, data eventually needs to be presented through an interface in a certain process. In the final analysis, this truth is that there is no absolute security. " Xie also believes that the content of the briefing is basically credible.

In fact, user privacy protection has always been a difficult problem in network security. Xie believes that no platform can really guarantee that the privacy of 100% users will not be leaked. At the same time, Xie also reminded that when users choose to publish information on the Internet, they choose a certain degree of transparency and openness. The so-called anonymity is only limited anonymity provided by the platform, and this sense of security is self-deception.

A statement issued by the official Weibo.

Is it legal for Pinduoduo to "find someone"?

Expert: It depends on whether there is illegal access to data.

There are voices on the Internet questioning whether Wang, an employee of Pinduoduo Company, locked anonymous posts, which is suspected of infringing personal information. In this regard, Ma Jun, a lawyer of Ningren Law Firm, who focuses on the research of network security and personal information protection litigation cases, said that reptile behavior is generally divided into two situations. One is to grab information and data disclosed on the network, which is normal and reasonable; However, it is a criminal offence to protect personal information and get information by bypassing the above protection measures.

According to the current response from Pinduoduo and the government, Pinduoduo found out Wang's true identity through internal measures. In this case, Ma Jun believes that if this is the case, then Pinduoduo's behavior is not illegal.

Xie told Red Star News reporter that Pinduoduo's behavior depends on whether there are computer network crimes such as illegally obtaining data and invading computers in the process of obtaining anonymous identity, and whether there is evidence to point to it. Xie said that it is not enough to identify Pinduoduo's behavior as illegal just by obtaining the real identity of anonymous users.

Xie cited an example. For example, if an employee posts in the office environment of Pinduoduo Company, then Pinduoduo has the right to find some relevant information in the monitoring and auditing of the company's network assets, which is reasonable and legal.