UPDATES FROM $realitysquared : Account Security Issues.

Judging by the number of emails and helpdesk issues we’ve been handling lately it appears that many of our users have poor concepts of account security.

One of the things we on the CEA staff fins ourselves doing nearly every week is assisting someone in recovering their account after some carelessness has allowed someone else to gain access it.

The systems we have here at deviantART will keep your account as secure as you allow it to be. I say this because the weakest link in account security is often the user with the poor security habits or a willingness to trust someone else with their private account information.

The biggest security error which most people commit is leaving themselves logged into their deviantART account all the time, often with their home page set to the deviantART website. This is a huge security problem because anyone who sits down at your computer and who visits our site will automatically have access to your account.

A large number of account invasions or account vandalisms are preformed by roommates, family members, classmates, houseguests and even complete strangers who were able to sit down at a computer and find that the last person remained logged into their account before walking off. A large number of times these “lucky” people decide that it would be a great “joke” to use your account to insult people and generally act like a jerk.

Always logout from the computer if more than one person has access to it because ultimately you will be held responsible for anything which the account is used for in your absence. The last thing you want to discover is that you’re being held responsible for your so-called best friend using your account to spam profanity all over several userpages.

Another common security error is allowing your computer to remember your password and account details for you. While this is a common ‘lazy person’ shortcut built into every browser it is just as bad as remaining logged into your account all the time. Exercise your brain a little and actually try to remember your own password information; you’ll be much more secure without using the browser as a crutch.

Another related ‘lazy’ approach to password security is using the same password for everything. Bear in mind that when you do this the person who finds out your password can then get into everything with a few keystrokes.

Another major problem with account security is often a weak password. A “weak” password is one easily guessed by someone who knows you, or knows your habits. For example, if you are an obvious fan of the Harry Potter series of books and movies then using the names of the characters or terms from the books would be considered a weak password which someone could easily guess in a few minutes time. For the best possible security use a random selection of numbers and letters such as “huap290cvhn6” instead of “ilovesonic”.

Also remember to protect access to your registered email address. If you are sloppy with access to your email then access to your deviantART account is just one Password Recovery away. Guard your email as closely as your account.

Also be aware of attempts at “ phishing ” your account information. " Phishing " is a term applied when someone contacts you in an attempt to get you to reveal certain information by pretending to be who they are not.

The majority of these scams will attempt to use fear or panic in an attempt to get you to reveal the information they want from you; you receive an official looking email which says your deviantART account is going to be ‘hacked’ and the only way for the staff to protect you is for you to turn over your password. Another popular scam is to claim that deviantART is moving to new severs and you have to provide your account name and password if you want to keep your account. The list is endless.

REAL deviantART staff will never contact you through an Instant Messenger, IRC, or other outside means to request personal information, make demands or issue warnings of any type. REAL deviantART staff will never need to ask for your password or email information. ALL official deviantART email carries a @deviantART.com email address. You will never receive an official notification of anything from a @gmail, @yahoo, @hotmail or other third party email account.

The last major issue concerns password sharing. Sharing your password with anyone is, to put it bluntly, stupid. The number of account invasions and vandalism which results from a relationship breakup or a falling out between friends is high. Never share your password or let anyone ‘borrow’ your account for any reason.

There is a special mention reserved for accounts which are used as improvised “clubs” or “groups”. Now accounts used for this purpose are not officially supported in any fashion as an account is intended to be used by a single person. Regardless many deviants press them into service as “clubs” and many share the password among the “members”. There are also numerous instances of the password being passed from “ person in charge ” to a new “ person in charge ” as people come and go.

Be aware that such deliberate sharing of the password is officially considered to ‘dilute’ ownership of the account. This means that the staff will not attempt to moderate “ownership” or access issues. This means that if you lose access to an improvised “club” account we will not assist in anyway in the recovery of your access because the assignment of ‘ownership’ has been deliberately obscured by passing the password through too many people and we will make no attempt at unraveling the often twisted tangle of who had access when and for what purpose. “Clubs” are left entirely on their own in this matter.


UPDATES FROM $damphyr : Art Theft

This week I'd like to talk a rather nasty subject: Art theft and how to deal with it.

Art theft is surprisingly common on the Internet, due largely to a culture which invents excuses to make art theft 'okay.' It is often tossed around that if you 'credit' the place you took the art from, it is all right to upload, edit and redistribute it to your heart's content. I have even heard people argue that if you change so little as one single pixel in an image, it is official your image now and you can do whatever you wish with it. As any artist knows, this is far from the truth and often a great insult to those who have poured hours of work into their art.

So, what does deviantART consider to be theft? It is addressed in several FAQ entries which help clarify our stance, however these are just a few. There is far more information to be found simply by searching our FAQ!

FAQ #8: What does deviantART consider to be Art Theft?
FAQ #304: Do you remove copies and trace-over art?
FAQ #306: Does "Crediting" let me use whatever I want?
FAQ #157: Can I use things created by other people in my submissions?
FAQ #614: What are the rules for the use of music and sound effects in a Flash animation?

So, now that we know art theft exists and the stance deviantART has taken toward it, how do you report theft?

First off, try and stay calm. Be it your art, your favorite artist's art, or the art of someone you've never met but admire, theft is theft and can anger everyone. We understand this, and the staff handles reports of art theft as quickly as possible. A calm, concise report providing facts and evidence is far more helpful and will have the stolen art removed much more quickly than an incoherent rant with no proof.

FAQ #155: How do I report a submission which I think breaks the rules? outlines how to report art theft and the category to file it under, and FAQ #192: What evidence is required when we report stolen material? gives further information as to important evidence we need in order to remove stolen work. We ask that you please use the Report Violation Tool to report on-site theft rather than the Help Desk as the Report Desk contains many important tools geared specifically toward submission violations to help us identify and remove violations quickly. There may be a delay between the time that your report is filed and your case is reviewed, but please be patient. Every report is reviewed by a human being, and humans can only do so much at once!

Finally, what can you do if you see an image stolen on another website?
Unfortunately, if the violation is not on dA's servers, we have no authority to take any action. This, however, does not mean that no action can be taken! You still own your artwork (FAQ #226: Does deviantART own my art?) and have every right to protect it!

If you have not yet read Lessons Learned: How I Dealt With An Art Thief by `DragonWinter you are missing out on not only a wonderful story of an artist defending her rights, but also some valuable information and resources about what to do if you are ever unfortunate enough to find yourself in this situation.

So in summary: When reporting theft, stay calm and provide all the evidence you can in a clear, concise method. There are many resources available to artists, take the time to research your rights and know what to do should the situation arise.