As most of you know, I came across hidden data for the infamous Skeptical Science paper claiming to find a 97% consensus on global warming. The Skeptical Science team claims I did this by hacking them, publicly accusing me of having committed crimes. Today we have a fun demonstration of how stupid that claim is.
If you haven’t seen it already, I’ve previously explained exactly how I came across the material I found. Collin Maessen of Skeptical Science accused me of lying about it, but he refused to say what it was I said that was untrue (or incomplete). Instead, criticisms of me have rested on the idea the way I got the data was I used a:
hack… that exploited a security hole to gain access to proprietary data used for the Cook et al. paper
The issue is the Skeptical Science team had a super secret domain named http://www.welloiledcatherd.org. If you tried to access it, you were presented a login screen. I obviously didn’t have an account or password there so I couldn’t login.
However, that login screen was only presented for certain parts of the website. Other parts of the site were openly accessible. For instance, if you went to the link:
You would be given a .pdf file without logging in. You wouldn’t be able to find a link to this file on the site since you couldn’t log in, but people could give you the link so you could look at the file. This sort of behavior is common. Many sites require logging in for most things but allow some material to be shared like this. Today, we have compelling evidence that’s exactly what they intended:
This screenshot was taken earlier today by a user trying to access a new post on the Skeptical Science website. He had been directed to the post by a link on Twitter promoting the post. It was clearly intended for public access. Despite that, he was given a login prompt, not for http://www.skepticalscience, but for http://www.welloiledcatherd.org. Why? Because the post’s code included this:
That’s the code used to display Figure 4 of the post. It’s link is to an image hosted at http://www.welloiledcatherd.org. Because it is hosted there, anyone loading the page would have to access http://www.welloiledcatherd.org to see it. We can’t now, of course. After my “hack” they added a new security process which requires logging in to access any material there (trying to load the image triggers this, hence the popup box).
However, if not for my “hack,” that new security wouldn’t have been added. Everyone reading this post would have been able to see the figure despite it being hosted on a password protected website. Everyone visiting this page would have “exploited a security hole” to view an image.
That is, by visiting a post prominently displayed on the Skeptical Science website, publicly advertised by Skeptical Science team members, you could have “hacked” them just like I did.
Of course, the user who alerted me to this isn’t the only one who noticed it. It didn’t take long for a commenter at Skeptical Science to point out the problem, after which it got fixed. However, you can see the original version in the WayBack Machine.