God mode VKontakte
On the night of March 20/21, due to an error in the code, all VKontakte users received service rights for four minutes. We’ve finished assessing losses and answering burning questions.
A fatally inattentive merge of a branch in which one of the internal interfaces was reworked happened. As a result, any user has become considered an employee. In some cases, an employee with all existing rights.
No one has a full set of rights, with a list of buttons on the whole screen. We share levels of responsibility (and it would be inconvenient to work with such an interface).
There are people who check applications for adding universities, there are translators, there are support agents and complaints moderators - each department has its own set of powers. Access to the rights of any level an employee receives after signing the NDA. All actions are logged without exception. For the use of magic outside of Hogwarts there is a huge penalty (and the prospect of a trial).
')
There are no such rights that would allow the administrator for personal use to view your private photo or read the message. In nature there are no people who are absolutely indifferent to such temptations. We prefer not to test our employees for strength, so there is no such possibility even in theory. In addition, actions with the rights are visible to all colleagues - to secretly ban a rowdy-neighbor won't work either.
There are automatic devices for removing any kind of spam from any sections of the site, including mailing in personal messages. This is a complex system, which our analysts adjust in 24/7 mode. It resembles the filter of obscene expressions, which is on any decent forum, only everything is much more powerful and in realtime adapts to the trends of spammers.
There are also individual complaints from users themselves about any content available to them. If you sent a phishing link to a friend, and a friend complained about it, the moderator will see a message with this link in the complaint. And only him. Moreover, it is impossible to predict which of the moderators it will get: complaints are distributed randomly among a dozen employees on a shift.
Approximately the same is true for private photos - the button with the scary name “Open private photos” works only with the exact link provided by the photo owner himself (for example, to restore access to an account, asking a link from a friend who sees a hidden album) or by complaints about the notorious child porn. An employee cannot open an arbitrary snapshot with at least some privacy in this way.
As you remember, all actions with rights are logged. Partly because of this, the orgy lasted only four minutes - the logs were surprised at so many new employees, and the site went down.
During these long 240 seconds, the new administrators managed a lot:
Did not study the personal data of other people. Additional checks for access to sensitive data worked, and no one could see another's IP address or phone number.
Rolled back and began to study the logs. It was necessary to understand the main thing - whether there was a leak of personal data. We could not check it instantly, so we launched the destruction of all the screenshots of the interface by automatics in order to contain the possible drain of sensitive data.
As soon as it became authentically known that there was no leakage, cutting out the screenshots was stopped.
Returned the lost content, analyzed the causes of the incident and planned measures to protect against such situations.
Missed something very important. And we want to do it now.
We apologize to all users: those affected by this error, and those whom it could theoretically affect. Anyone who trusts us and uses VK as a platform for communication, business or development.
These four minutes have shown that we need to improve the deployment process to minimize the risk of error. And we already started to do it.
We will move in the direction of openness. Little is known about technology and the internal kitchen of VKontakte. It has always been like that. So this time, when the veil accidentally opened, a lot of conjectures arose on the verge of conspiracy theories. We are ready to start talking about what is behind the facade of the product. And we really have something to tell.
After a long break, we welcome the Habr community again in the revived VKontakte blog and will be happy to receive feedback.
What happened?
A fatally inattentive merge of a branch in which one of the internal interfaces was reworked happened. As a result, any user has become considered an employee. In some cases, an employee with all existing rights.
Does any moderator have all these buttons?
No one has a full set of rights, with a list of buttons on the whole screen. We share levels of responsibility (and it would be inconvenient to work with such an interface).
There are people who check applications for adding universities, there are translators, there are support agents and complaints moderators - each department has its own set of powers. Access to the rights of any level an employee receives after signing the NDA. All actions are logged without exception. For the use of magic outside of Hogwarts there is a huge penalty (and the prospect of a trial).
')
Someone in the VC looks at my private photos and reads the correspondence?
There are no such rights that would allow the administrator for personal use to view your private photo or read the message. In nature there are no people who are absolutely indifferent to such temptations. We prefer not to test our employees for strength, so there is no such possibility even in theory. In addition, actions with the rights are visible to all colleagues - to secretly ban a rowdy-neighbor won't work either.
There are automatic devices for removing any kind of spam from any sections of the site, including mailing in personal messages. This is a complex system, which our analysts adjust in 24/7 mode. It resembles the filter of obscene expressions, which is on any decent forum, only everything is much more powerful and in realtime adapts to the trends of spammers.
There are also individual complaints from users themselves about any content available to them. If you sent a phishing link to a friend, and a friend complained about it, the moderator will see a message with this link in the complaint. And only him. Moreover, it is impossible to predict which of the moderators it will get: complaints are distributed randomly among a dozen employees on a shift.
Approximately the same is true for private photos - the button with the scary name “Open private photos” works only with the exact link provided by the photo owner himself (for example, to restore access to an account, asking a link from a friend who sees a hidden album) or by complaints about the notorious child porn. An employee cannot open an arbitrary snapshot with at least some privacy in this way.
What did users with rights do
As you remember, all actions with rights are logged. Partly because of this, the orgy lasted only four minutes - the logs were surprised at so many new employees, and the site went down.
During these long 240 seconds, the new administrators managed a lot:
- remove from a dozen communities and posts, one profile, several photos and videos;
- block one application;
- replenish the advertising budget of four offices;
- upload a picture with rabbits to the Support FAQ;
- read the manual of spam analysts (we received several requests to consider the candidacy for this position);
- to lay several new cities in the geographic base;
- create a bunch of reports in a public bug tracker and set statuses for them (this section is still closed to restore order, it got more than others).
What users have not done with the rights
Did not study the personal data of other people. Additional checks for access to sensitive data worked, and no one could see another's IP address or phone number.
What did we do
Rolled back and began to study the logs. It was necessary to understand the main thing - whether there was a leak of personal data. We could not check it instantly, so we launched the destruction of all the screenshots of the interface by automatics in order to contain the possible drain of sensitive data.
As soon as it became authentically known that there was no leakage, cutting out the screenshots was stopped.
Returned the lost content, analyzed the causes of the incident and planned measures to protect against such situations.
What we have not done
Missed something very important. And we want to do it now.
We apologize to all users: those affected by this error, and those whom it could theoretically affect. Anyone who trusts us and uses VK as a platform for communication, business or development.
These four minutes have shown that we need to improve the deployment process to minimize the risk of error. And we already started to do it.
We will move in the direction of openness. Little is known about technology and the internal kitchen of VKontakte. It has always been like that. So this time, when the veil accidentally opened, a lot of conjectures arose on the verge of conspiracy theories. We are ready to start talking about what is behind the facade of the product. And we really have something to tell.
After a long break, we welcome the Habr community again in the revived VKontakte blog and will be happy to receive feedback.
Source: https://habr.com/ru/post/324722/
All Articles