hacknot.info
Home Archive About RSS 2.0

Counter-Attack of the Blogs

18 Dec 2005
What information consumes is rather obvious: it consumes the attention of its recipients. Hence a wealth of information creates a poverty of attention, and a need to allocate that attention efficiently among the overabundance of information sources that might consume it.
Herbert Simon, Nobel Prize winning economist

Online communication seems to be inherently difficult. There appears to be an ever-present entropy, dragging discussion down to the level of playground snipes and juvenile barbs. Any sort of controversy tends to degrade almost immediately into a flame war, and thoughtful consideration of complex issues seems to be forever elusive, replaced by emotional barbs and facile word-play. From the intellectual level displayed in most news groups, discussion forums and blog comments, one could be forgiven for thinking the online world to be populated predominantly by petulant children and intemperate minors.

Occasionally, into this crass and often hostile environment strides a professional author or journalist whose formality, rigor and carefully structured prose seems at once quaint and naïve - entirely at odds with the armchair epithets and "me too" electronic dittos of the two-minute-attention-span crowd. Their very presence invites inarticulate predictions of redundancy and anachronistic labels.

On October 28th of this year, Forbes Magazine published an article entitled "Attack of the Blogs" by senior editor Daniel Lyons (registration required, or use bugmenot login and password of "forbesdontbug"). It describes the phenomena of "attack blogs" - blogs used for the purposes of waging online wars with companies and individuals, using "lies, libel and invective" to besmirch the reputations and damage the business of their victims. It is a notable piece for two main reasons:

I found it fascinating to read both the original article and the many responses to it, partly because of the media-related issues it exposed, and partly for what it illustrated of the psychology of the participants. This article will look at Lyon's article with respect to both its accuracy and manner, together with a sample of blogger's responses to the article, and explore the analogs between these events and the manias and popular delusions of the pre-internet era.

The Forbes Article

The article illustrates the damage attack blogs can do by citing three case studies:

At least, this is how Lyons has characterized these cases.

The article has an unusually emotive tone for a Forbes piece, suggesting that Lyons may have some personal involvement in the issue. It addresses a valid concern, but does so in such inflammatory language that the reader's lasting impression is of the antagonistic rhetoric of the author rather than the underlying facts of the cases presented.

With such emotion in evidence, it is reasonable to wonder if the facts have been presented accurately or in a biased manner. To answer this question, I have chosen to focus on the second of these case studies - that of Kryptonite locks - partly because of my own interest in locks and lock-picking, and partly because the incident is small and well documented enough to be analyzed thoroughly.

Lyons' description of the Kryptonite saga is as follows:

No wonder companies now live in fear of blogs. "A blogger can go out and make any statement about anybody, and you can't control it. That's a difficult thing," says Steven Down, general manager of bike lock maker Kryptonite, owned by Ingersoll-Rand and based in Canton, Mass.

Last year bloggers posted videos showing how to break open a Kryptonite lock using a ballpoint pen. That much was true. But they also spread bogus information - that all Kryptonite models could be cracked with a pen; that it is the only brand with this vulnerability, and that Kryptonite knew about the problem and covered it up. None of these claims is true, but a year later Kryptonite still struggles to set the record straight, while spending millions to replace locks.

Is this a fair accounting of what happened? To answer that, we need to examine in detail what actually happened to Kryptonite.

The Kryptonite Saga - What Actually Happened

On September 12, 2004 a poster using the handle "unaesthetic" posted a message to a discussion forum on a web site for bicycle enthusiasts - www.bikeforums.net. The poster described how they had just discovered that they could open their Kryptonite Evolution 2000 Mini bicycle lock with nothing more than the casing of a Bic pen.

Forcefully jamming the tubular pen casing over the cylindrical plug at the centre of the Kryptonite lock, a crude imitation of the lock's tubular key was formed. Jiggling the pen casing back and forth would, in many cases, result in the lock popping open. Respondents were initially skeptical, but videos of the lock-picking process were quickly made available which satisfied most that the claim was not a hoax. Subsequently, other owners of Kryptonite locks successfully reproduced the original poster's feat, and documented their success on video, making those videos available over the web.

It wasn't long before word spread to blogs such as engadget and finally to mainstream media sites such as Wired, CBC and CNN. The individuals who had first encountered the lock's vulnerability quickly reported it to the manufacturer. After receiving many such reports, Kryptonite was forced to publicly acknowledge there was a problem. A week after the forum post, they issued the following statement:

We understand there are concerns regarding tubular cylinders used in some Kryptonite locks. The tubular cylinder, a standard industry-wide design, has been successfully used for more than 30 years in our products and other security applications without significant issues.

The current Kryptonite locks based on a tubular cylinder design continue to present an effective deterrent to theft. As part of our continuing commitment to produce performance and improved security, Kryptonite has been developing a disc-style cylinder for some years. In 2000, Kryptonite introduced the disc-style cylinder in its premier line of products, the New York series. In 2002, Kryptonite began development of a new disc cylinder system for both its Evolution and KryptoLok product lines, which currently use the tubular cylinder design. These products are scheduled to be introduced in the next few weeks.

We are accelerating the delivery of the new disc cylinder locks and we will communicate directly with our distributors, dealers and consumers within the coming days. The world just got tougher and so did our locks.

Marketing-speak such as the final sentence above was of little comfort to those who were looking for some analysis of the problem and promise of a remedy. A simple apology wouldn't have hurt, either. So great was the public backlash that a class action lawsuit was initiated by one Lawrence Rosen, and ultimately joined by eighteen law firms and their clients. Kryptonite eventually established a generous replacement scheme for those affected. They guaranteed to provide a new, free replacement disc-cylinder lock in return for any faulty Kryptonite lock, regardless of how old and worn it was. The settlement also provided for the receipt of a cash amount, a $10 voucher towards any Kryptonite product, and relief for members of the suit whose bicycle was stolen due to a violation of the lock mechanism.

The cost to Kryptonite, a small company of only 25 or so people has been estimated at some ten million dollars. To date they have replaced over 380,000 locks worldwide.[5]

Lock Construction

To appreciate the situation fully, you need to have a basic understanding of the workings of tubular key locks. Understanding tubular key locks is easier if you first understand how ordinary "pin tumbler" locks works. These are the standard locks used in most domestic situations; you likely have this type of lock on the external doors of your house.

The diagram below shows the basic anatomy of a pin tumbler lock:

The housing of the lock is attached to the thing being locked, and has a metallic cylinder called the plug rotating within it. The slot in the plug where the key is inserted is called the keyway. There are typically five to seven cylindrical pin chambers centered about the common axis of the plug and housing. Each chamber contains two pins and a driver spring. The pin nearest the driver spring is called the driver pin and the other pin, which actually makes contact with the key, is called the key pin. When locked, the driver pin in each chamber is partially in the plug and partially in the housing, which prevents the plug turning inside the housing, and thereby the lock from opening. When the correct key is inserted, each key pin is pushed up just enough that the meeting point of the driver pin and key pin aligns exactly with the shear line. The plug can then turn within the housing, releasing the lock.

A cross-section of a tubular key lock appears in the diagram below:

The principle is exactly the same as for the ordinary pin tumbler lock, but the geometry is slightly different. Imagine you took the pin tumbler lock described previously and wrapped it around a tube positioned with its axis perpendicular to the keyway. The pin chambers are still parallel, but are now equally spaced around the perimeter of a circle. With a few minor modifications to prevent the key pins from falling out of the lock, this is the essential form of a tubular key lock. The key that opens a tubular key lock is a hollow cylinder with recesses of different depths in one edge. When inserted into the tubular key lock, those recesses push the key pins down by varying amounts, resulting in the breaks between driver and key pins aligning with the shear line, and permitting the plug to turn, just as in the ordinary pin tumbler lock.

Lock Picking

Picking an ordinary pin tumbler lock is done using two tools - a torsioning tool and a pick. The torsioning tool is inserted into the bottom of the keyway, and a rotational force applied so that it tends to turn the plug within the housing. The pick is a long, straight piece of steel with an upward-facing point at the tip. It is inserted into the top of the keyway, above the torsioning tool, and the tip used to push individual key pins up into their chambers.

While torsion is applied with the torsioning tool, the pick is used to probe each key pin to identify the one that offers the greatest resistance to pushing. This pin column is said to be binding, which means that it is the one that is bearing most of the force that is stopping the plug rotating within the housing. It is also front most with respect to the direction of the plug's rotation. The pick pushes the key pin up until a sudden drop in resistance is felt, which corresponds to the point at which the junction of the key and driver pins aligns with the shear line. This pin column is now set (picked), and then the search begins for which of the remaining pin columns should be picked next, using the same technique which identified the pin column which has just been set. When all the pin columns have been set, the plug can rotate freely within the housing, and the lock opened.

It may sound difficult, but lock-picking is readily learnt and with only a little practice, a disturbingly large percentage of domestic locks can be defeated. Therefore, lock manufacturers do what they can to make picking their locks a bit more difficult. There are two main techniques used to enhance a pin tumbler lock's security:

The basic construction of the pin tumbler lock also has a profound impact on how easily it can be defeated. There are two main facets to consider:

With this as background, what can we now say about a tubular key lock that can be picked by an amateur using the casing of a Bic pen? Well, there are some obvious conclusions you can make about its construction - it is probably poorly keyed and has large tolerances. In other words, it is cheap. Such a lock will probably also lack variable tension driver springs and pick-resistant driver pin shapes.

This immediately gives us some insight into where blame for this vulnerability should be laid. Being a small company, it is likely Kryptonite does not manufacture its raw lock parts itself, but buys them in from third party suppliers. My guess is that they purchased a batch of poor quality tubular key lock mechanisms, and did not have sufficient quality control measures in place to detect the problems.

So the Kryptonite lock's vulnerability likely stems from manufacturing and quality assurance problems - not design problems inherent to tubular key locks, as mistakenly indicated. Of the hundreds of comments I've read relating to this incident, I've seen only two that were from locksmiths, and both voiced this same opinion. Here are extracts from each:

It is possible, the affected Kryptonite locks had been wrongly pinned with all same length pins... Another reason, and the most likely one, would be extremely large tolerance in combination with small or no pin length differs [sic]. I am guessing they just used the cheapest possible cylinders and had no control system in place. ... Extremely close tolerances, variable spring tensions and changes in internal dimensions, just to name a few, make it very hard to pick such a lock. Italian made MERONI cylinders are one example. - lockitt.com

And this:

Yes, the Kryptonite 2000 lock is poorly make [sic] & it can be defeated [if] there [is] to[o] much play [or] tolerance in the lock. That['s] why it can be bypassed. The reason why I know is that I'm a locksmith for past 35 years. With my pick the Kryptone [sic] 2000 ... maybe 10-30 second. The better one can take 10-15 minute..."- bikeforums.net

How Forbes Misrepresented the Kryptonite Saga

Comparing the actual events with Lyons' characterization of those same events, you'll see there is quite a difference.

It is unfair to claim or imply that blogs were the primary distribution channel for news of the lock's vulnerabilities. The first mention of it was on a PHPBB discussion forum, not a blog. Donna Tocci, PR representative for Kryptonite, has indicated that the majority of those who participated in the lock exchange program heard about it from traditional media sources [5]. Moreover, the ability to defeat some kinds of tubular key locks had been previously reported in 1992 in both Cycle Touring & Campaigning, and New Cyclist magazines. It also appeared in a Usenet discussion group over ten years prior to its appearance on the discussion forum at bikeforum.net. If the figures from Fortune's graph of the "Kryptonite Blogstorm" are to be believed (one can only guess how they arrived at these figures) then the media coverage did not really take off until it was picked up by the New York Times and AP - both of them conventional media outlets, not blogs.

Lyons doesn't refer to any specific blogs regarding the Kryptonite incident, but he does refer to gizmodo and engadget as blogs later in the piece, and engadget did carry several articles relating to the Kryptonite saga. It's not immediately clear that either of these are in fact blogs. They have a comment facility and RSS feeds, but don't appear to be authored by an individual.

The boundary between "group blog" and a news-style website is rather blurred. The New York Times website has RSS Feeds; if it had a commenting facility would it be a blog? Lyons premise is that there are bloggers out there using blogs to discredit and attack corporate entities in a vindictive manner. It could hardly be said that engadget or gizmodo qualify as "attack blogs". They cover a large variety of technologies from a diverse set of manufacturers. What editorial they provide is mixed in tone, but is certainly not the bile-spewing vitriol that Lyons attributes to "attack blogs". So where are the "attack blogs" in the Kryptonite incident? Wherever they are, I can't find them. Wherever you find the issue mentioned on a blog - and it has been referenced many times - most of the verbiage tends to belong to the commenters, not the blog authors themselves.

These comments are the usual mix of uninformed nonsense, wild speculation and snide insult that long ago turned Usenet into an intellectual cesspool. Lyons claims that blogs spread misinformation "... that all Kryptonite models could be cracked with a pen; that it is the only brand with this vulnerability, and that Kryptonite knew about the problem and covered it up".

After reviewing hundreds of comments on dozens of web sites and blogs regarding this issue, I have not found any that claimed all Kryptonite models could be cracked with a pen. Indeed, such a claim would be nonsensical, as many of Kryptonite's locks operate with flat keys, not the tubular keys that a pen case might substitute for. There has certainly been much speculation as to which particular models of lock suffer the same vulnerability, but no outright claims that the failure is common to all models - at least, none that I can find. There were many comments where people reported that they had successfully opened one model or another of lock, or that they had failed to do so.

Neither have I seen any suggestion that Kryptonite is the only brand with this vulnerability. To the contrary, I have seen several comments where people reported having opened Schwinn and other tubular key locks using the same technique.

There was also a certain amount of skepticism, even after video evidence had been posted. Some commenters claimed that the whole thing was a hoax, after unsuccessfully trying to duplicate the feat. Some proposed that the lock that was apparently defeated in the video hadn't been properly closed to begin with; others opined that the videographer had surreptitiously milled the end of the pen casing to imitate the profile of the known key.

Naturally, conspiracy theories abound. The one correct claim that Lyons makes is that some commenters voiced the conspiracy theory that Kryptonite had actually known about the fault but tried to keep it quiet. As mentioned above, the ability to defeat some tubular key locks with common implements had been previously identified in both print and on Usenet. To some it seemed reasonable to assume that Kryptonite would be on top of known vulnerabilities and would be particularly alert to their presence in their own products.

Overall, Lyons has grossly mischaracterized the way blogs and blog commenters responded to the incident. He paints a picture of a vindictive mob out to spread misinformation and damage corporate reputation. In fact, there was simply the usual muddle of speculation, questions, and poorly informed opinion that characterizes online discussion everywhere. These were not people with a vendetta or an agenda. They were simply customers who were justifiably cheesed off with the breach of trust they had been subject to.

Leaving aside the two other case studies Lyons examines, there are several inconsistencies and errors of reasoning in the piece that further indicate its poor standard.

Lyons claims that "The online haters have formidable allies ... Google, Yahoo, Microsoft and a raft of other blog hosts" but earlier on claims "Microsoft has been bashed by bloggers". In other words, Microsoft is posited as both the ally of attack bloggers and their victim. Either Microsoft is schizophrenic, or Lyons is over-reaching in his descriptions. In fact, Microsoft et. al. are not the allies of attack bloggers; they are simply service providers, and some people choose to abuse that service for the purpose of running attack blogs. Yet Lyons chooses to mischaracterize the service providers as allies of those who abuse their services, in order to sensationalize the topic. By his reasoning, every manufacturer of equipment that a criminal uses to commit criminal acts immediately becomes the criminal's "ally". This is nothing more than deliberately misleading word-play. Lyons employs it again in describing the EFF as "a non-profit that defends their [victims of attack blogs] attackers", suggesting that the EFF's support of anonymous blogger's right to remain anonymous is limited to the attack bloggers, or somehow related to the fact they are making these attacks.

Lyons further claims "Google and other services operate with government-sanctioned impunity, protected from any liability for anything posted on the blogs they host". "Operating with government-sanctioned impunity" is also known as "obeying the law", but it's not nearly as sensational to describe it that way. He seems to believe that service providers should be serving as content editors: "Google and other carriers shut down purveyors of child porn, spam and viruses, and they help police track down offenders. So why don't they delete material that defames individuals? Why don't they help victims identify their attackers?" The answer is obvious to anyone who gives the issue a moment's consideration. It is possible to determine with certainty whether a user is serving up child porn, spam or viruses. But deciding what constitutes defamation is often not as clear, and may require judicial consideration. It is not the role of the service providers to make decisions in such legal matters. Similarly, when "victims" want to "identify their attackers", it is not clear whether the rights of the victim outweigh the right to privacy possessed by their "attackers". Again, judicial consideration may be required.

Google has done its best to try and fill Lyons in. He reports "Google and the like argue they bear no more responsibility for content than a phone company does for slander over its wires. But Google's blog business looks less like a phone company and more like a mix of reality TV and an online magazine." The reasoning employed here is flawed. He suggests that Google's legal obligations are not those of a service provider because of the nature of the content that they serve up. However, the nature of the content does not effect Google's role as a service provider. Emotive characterizations do not substitute for legal assessments.

The issue of anonymity and the right to anonymous free expression seem to be very sour points for Lyons. He claims that "In squabbles between anonymous bloggers and victims, Google sides with the attackers, refusing to turn over any info unless a judge orders it to open up". The issue is the same as above - why should Google be the ones to determine when the blogger's right to anonymity should be compromised? Suppose the blogger is a political dissident in a country such as Iran or China. Suppose the "victim" is the dominant regime in that country and that revealing the identity of the blogger to the "victim" will likely result in their imprisonment or death. Suddenly we see that Google "siding with the attackers" is not such a bad thing, because in context it means that they are preserving the anonymous expression of an oppressed minority. Perhaps Lyons has forgotten that anonymous political dissent has played an important part in the political history of his own country.

The article's sidebar "Fighting Back" particularly drew the ire of the blogging community. Lyons recommends means by which corporate victims of attack blogs can retaliate when they find themselves targeted by potentially anonymous, hostile bloggers. The irony is, having just decried the tactics that the attack bloggers employ, his recommendations specify techniques of equally dubious moral and ethical worth. He recommends "If you get attacked, dig up dirt on your assailant and feed it to sympathetic bloggers". In other words, launch a smear campaign - the same behavior he finds so reprehensible when displayed by bloggers.

Another of his recommended techniques for retaliation is to "Find some copyright text that a blogger has lifted from your Web site and threaten to sue his Internet service provider under the Digital Millennium Copyright Act.... Or threaten to drag the host into a defamation suit against the blogger." Firstly, the use of copyright text by a blogger does not necessarily mean they've done anything wrong. For the purposes of criticism, review, satire and parody, a certain amount of copyright material may be used under the "Fair Use" doctrine (for example, the extracts from Lyons' piece that appear throughout this article fall within the scope of Fair Use). Lyons is recommending that you "threaten" the ISP in various ways. Such techniques are broadly known as "IP bullying" - they are commonly used by well-financed parties to suppress criticism, regardless of the legality or validity of that criticism. But the purpose of IP legislation is to protect works of creative origin.

By recommending IP laws be used for suppression, Lyons is effectively recommending an abuse of process. He also fails to mention that the DMCA, as well as providing a mechanism for takedown, provides a mechanism for counter-notification by the allegedly infringing party, which results in the material being reinstated. There is already a significant issue with misuse of the DMCA. Following Lyons strategy will only exacerbate the problem, not to wage online campaigns.

How the Blogs Misrepresented the Forbes Article

As you can see, Lyons has misrepresented the nature of the blogging response to the Kryptonite incident. Bloggers were justified in criticizing the article on this basis. The beautiful irony is that in the course of voicing these criticisms, bloggers in turn misrepresented Lyons article, and employed many of the same rhetorical techniques that they found objectionable when used by Lyons.

By far the most common criticism was the claim that Lyons was criticizing the entire blogging community, accusing all bloggers of being vindictive and unscrupulous. Readers apparently missed the following caveat that Lyons provides:

Attack blogs are but a sliver of the rapidly expanding blogosphere.

Many bloggers were apparently blinded by the emotive language in the article and failed to spot this important statement. For instance, Dan Gillmor described the piece as an "attack against bloggers" and an "absurd broadside". The Big Picture described Lyons as being one of the "anti-bloggers" (an anti-blogger is something like the anti-Christ, only more deserving of your contempt). Kurt Opsahl, an EFF attorney wrote a self-righteous parody of Lyons' piece, suggesting that Lyons criticizing blogs and bloggers was analogous to criticizing the printing press and political pamphleteers; an analogy which would only be valid if Lyons were criticizing the entire blogging community... which he isn't. Shel Holtz, raises the same straw man in his comment on Dave Taylor's blog: "There is another side to blogging that wasn't addressed or even acknowledged, despite the article's positioning as a comprehensive analysis of blogging". And the Exclusive Concept's Internet Marketing Blog did not let the text of the Forbes article dissuade them from countering a perceived challenge to their preferred money making medium: "Some people use blogs to do bad things, but that does not justify an all-out attack on blogging in general." Having uniformly misinterpreted the article, the bloggers then link to each other's common misinterpretations and conclude, argumentum ad populum, that they all got it right and Lyons got it wrong.

As per the online tradition, there is a generous quantity of ad hominem attacks and impotent threats. Here are a few of my favorite epithets:

Such juvenile stone-throwing hardly leaves the offenders in a position of strength from which to take issue with Lyons' language and objectivity.

The folks I like best are the utopian neo-Marxists who are convinced that blogging is the wave front of the oncoming Cultural Revolution, and that the blogosphere possesses some marvelous self-healing abilities:

Best of all, a few bloggers expressed their disgust at Lyons critique of attack blogs by ... starting an attack blog dedicated to Lyons himself. Lyons portrays the authors of attack blogs as vindictive and malicious. One could argue that the emotional and insulting response of many bloggers to his article serves only to illustrate the very mentality that he is describing.

Thankfully, there were one or two bloggers who did not immediately succumb to the urge to exact terrible vengeance, and actually bothered to read the piece thoroughly before commenting upon it. They noted that, hyperbolae aside, Lyons does make some valid points about the use of online defamation as an extension of personal and corporate agendas.

Rumors, conspiracy theories and tales of corporate bullying find a ready audience online; and the ease with which they are propagated is tied closely to the psychological traits to which they appeal.

Sociological Hysteria

Although blogs are a new media, their authors and readers possess a very old psychology. Manias, hysteria and popular delusions are well-known phenomenon and have been so for centuries. From the witch hunts of the 15th - 18th centuries to the epidemic of satanic child abuse allegations of the 1970's and 1980's, there are common elements which many cases of sociological hysteria share. Reading through them, you will recognize their relevance to the blogging world:

The blogging community is fertile ground for sociological hysteria. Many people start blogs full of enthusiasm and energy, but quickly find themselves running out of steam and lost for something to write about - hence the large number of inactive blogs (one source suggests about one third of all blogs are inactive). The blogging set is therefore like one great expectant pause, waiting for something of interest, preferably something easily appreciated and not requiring too much thought, to come along so that it might be subject to a few off-the-cuff remarks and used as blog fodder. Consequently, commentary tends to consist mainly of immediate impressions and knee-jerk reactions, where complex phenomena are over-simplified so that they may be rapidly assessed and digested.

Contrary to some of the idealistic claims about the "self-correcting" nature of the blogosphere, there is very little evidence that bloggers are interested in revising their opinions or correcting misstatements they have made. As soon as the blog entry is finished, they lose interest and move onto the next topic. Why correct something that was quickly generated and will only be given a moment's attention by most readers anyway?

There is also an ego factor at work. Once a commitment to a particular stance is publicly voiced, the author will be highly reticent to concede error. This is because people have a strong psychological desire to portray themselves as being consistent in their reasoning and arguments. Consistency is traditionally seen as indicative of intellectual prowess and/or personal commitment [3]. Unlike a journalist or commercial writer, a blogger has no editors or researchers to catch their slip-ups, and so when errors are made there is a tendency to let them quietly slip by rather than admit to them, damaging the public and self-image of the author.

Although online media of all forms are particularly susceptible to becoming vehicles for social hysteria, it could be argued that the new-found popularity of blogs, their ready accessibility by those less technically literate, the self-investment in stated views that singular authorship engenders, and the accelerated rate of information exchange [6] that track back mechanisms and RSS provide, make for a medium that is unusually powerful in spreading both information and misinformation. With that power comes the danger of abuse.

Conclusion

The Forbes article's identification of the danger of "attack blogs" is valid, although the examples it cites and the language it employs tend to cloud the issue. The nature and severity of the blogosphere's reaction to the Forbes article serves only to demonstrate the very psychological mechanisms which make "attack blogs" effective.

The message to would-be attack-bloggers is clear: "Go for it". You need only invent a blogging persona, portray yourself as the helpless victim of corporate indifference, and you will have little difficulty in inciting the blogging throng into action on your behalf. Most will assume that you are genuine, and the few that do any fact checking will likely limit themselves to online sources when doing so - meaning that you need only provide "independent" confirmation of the claims you make by referencing other blogs. Accuse anyone who expresses skepticism as being an enemy agent engaged in astro-turfing, and then stand back and watch the fireworks.

Both Lyons and the majority of the bloggers who responded to his article, together with the attack bloggers themselves, are all demonstrating the same mentality that drives most incidents of social hysteria. Perhaps the only moral to be drawn here is that Sturgeon's Law - "99% of everything is crud" - continues to be true, and the rise of the online media has done nothing to change that.

References:

  1. The Complete Book Of Locks And Locksmithing, 6th Edition - Bill Phillips, McGraw Hill, 2005
  2. Visual Guide To Lock Picking, 2nd Edition - Mark McCloud, Standard Publications, Inc., 2002
  3. The Psychology of Persuasion - Robert Cialdini
  4. Forbes' Daniel Lyons Speaks Out on his Blogging Cover Story - http://www.mediasurvey.com/mp3/lyonsblogs.mp3 (MP3)
  5. Debunking the Myth of Kryptonite Locks and the Blogosphere
  6. Why People Believe Weird Things - Michael Shermer