JUSTPIKACHOO.COM

WHO IS JAMES?

I am an individual that keeps an anonymous profile in the digital world. My professional background involved a lot of numbers, a lot of meetings and a lot of negotiating. Since 2020, I have been independently investigating and reporting suspicious data in regards to fundraising of all sorts in the third sector.

I also like tea. A lot…

MINOR-ATTRACTED PERSON

The Ideology Seeking to Normalise Sexual Activity with Children

JAMES – 31 December 2022 – www.JustPikachoo.com

I was originally going to be writing about a CIC for my next blog post, however upon waking up from my slumber (as my sleep pattern is a bit out of whack currently) I noticed a trend on twitter – Minor-Attracted People. I’m familiar with what this term refers to, because it is a subject that I have read about before; and it disturbs me as much today than it did the first time I processed what I saw (words, not imagery, to be clear). If you read my previous blog on Data Harvesting, then you may have noticed I did make reference to this term within that report, and it centres around an ideology that has been pushed for decades with the aim of legalising sexual activity between an adult and a minor by eradicating the age of consent altogether.

Recently, there are chilling examples of this concept occasionally emerging from the shadows in the world of academia, but to see it being used within and between Police Scotland is of particular concern, especially so that this is an agency which is charged with the duty to protect children from such perpetrators. By in any way aligning with such an ideology, it immediately pulls into question the efficacy and reliability of Police Scotland to reasonably handle such cases; the thought of a child — who undoubtedly would be unaware of why what is happening to them is wrong — having to endure such acts is nothing short of distressing. I normally do not like to lend any type of voice to this subject, because the more it is kept out of the mainstream, the better – but if it is already in the mainstream, then I feel it a moral duty to, at least, write about it. It would be correct on my part to help equip you, the reader, with as much background information in order that you come to your own conclusion, of which I am certain we will commonly share…

JAMES – 28 December 2022 – JustPikachoo

You were probably expecting the first entry to this blog to relate to the theme of the abuse and misuse of funds in the third sector; quite frankly, so did I. But as I was doing more work on the website and open investigations, my attention was captured by a recent trend on twitter, #BlockedByHFromSteps. It would be fair to say that curiosity got the better of me, and I had a little peep into what was an unusual tagline for a trend. It unexpectedly turned into almost an entire day of being pulled away from what I had planned, and instead – in the same typical fashion – I end up jumping down yet another rabbit hole. The results were quite something.

The trend centred around the online bemusement where a plethora of individuals discovered they were blocked on Twitter by Ian Watkins, otherwise referred to as H. If you’re feeling rather lost as to knowing who H is, then some may say that’s a tragedy, but he was one-fifth of the pop music group, Steps, managed by Fascination Management. For anybody born in the 90s, it would be nigh-impossible to have made it through your early years without hearing at least one of their songs being played at some birthday party. But for the last couple of decades, Steps hasn’t particularly been in the musical spotlight, and their comeback wasn’t as impactful as they perhaps hoped it be.

In the absence of music, there must be another reason for the attention. H did in fact tweet that he utilised a bot to remove – ironically – ‘bots and phobes‘ from his profile, the latter presumably being a reference predominantly to transphobe or homophobe. But when enough people start posting that they have found themselves to be included within that pool, despite having had no prior interaction with H, this in itself triggers a trend. More so, when an event incorporates a number so large that it can dominate the social media headlines, it leaves one curious to know just how far this trail extends. With unanswered questions floating in the air, and a gut instinct indicating data harvesting practices, I felt that this was something which warranted a little elbow grease and some reverse engineering.

By looking through the twitter history of H, we can see where he has retweeted the service he used. This leads us to one of the bots which is managed by an individual named James D Billingham; we’ll talk more about him later, though. But as with any problem, the best way to treat it is by addressing the root of it, so we need to keep going farther back to the original source code and its contributors. The website linked earlier contains a hyperlink to the GitHub page, which is an open source code platform, and we can establish that the bot managed by James Billingham, is a fork from a script created by Jacob Hoffman-Andrews, with the assistance from various other individuals.

If you are wondering what a fork is, well it is essentially a copy of the code and it becomes a dependent. You may apply a different analogy, for instance: leaves are reliant on a branch; branches are reliant on a trunk; and a trunk is reliant on roots. That’s the make-up of a tree, and the original code by Jacob Hoffman-Andrews and company is the roots in this scenario which has allowed all these different branches of code. The purpose of this bot in particular, is to grant it permissions through twitter apps, enabling the read and write permissions specifically, so that the bot could automatically block accounts. This as a standalone is largely not an issue, the problem herein is with the data that is being fed to this bot to make it operational.

In order for a bot to know who to block, it will require an instruction to do so. This was generally accomplished initially through the method of twitter lists, whereby an individual would import or export their block list, and upload that data into the repository to enable the bot to function as intended. This function was actually stopped at twitter, perhaps because the legal eggheads maybe suggested it would be difficult to argue twitter took reasonable precautions to protect personal data, and was subsequently replaced with the access request function; where an individual downloads a copy of the data held about them. Generally speaking, through such a process, identifiable data of other persons is supposed to be redacted, but it would seem that if an individual is blocked by an account, and the blocked account has their first and last name as their display name, then this data is part of the downloaded copy.

Alternatively, when a user of the bot grants read and write permissions to an app, the app can then retrieve information from the accounts of third parties (those who are blocked by the account using the app). That information is then pooled and uploaded into a repository, and thereafter it is downloaded between all subscribers to the bot, and this is how the automated mass blocking works. Every account on twitter has a numerical ID, for instance, my own is 1286249886841806848. When using the twitter API (developer tools), information can be drawn from a profile as such:

{
    
    "twitter_id" : "1286249886841806848",
    "username" : "justpikachoo",
    "name" : "James",
    "member_since" : "Thu Jul 23 10:40:54 +0000 2020 UTC"
}

This information records the numerical twitter ID, username and when the account was created. This information is perfectly fine to process, because it cannot be used to identify you. However, it also records the name. In my case, I only use my first name on twitter, but for those who use both their first and last name as their display name, then it would record and extract that information. This, on the other hand, is identifiable data, and it falls under the rules of data processing, including but not limited to obtaining consent or establishing a legal basis for processing. More so, those that actively used the app granted permissions to the bot, and in doing so may have provided voluntary consent to their own information; however an individual cannot provide consent vicariously for a third party except in very limited circumstances, none of which apply here. The situation is rather reminiscent of the data scandal that plagued Facebook and Cambridge Analytica, where they too harvested data through similar back channels, whilst those whose data was being harvested were blissfully unaware.

Twitter has various Terms and Conditions subject to which and how you use its services, but the key ones that are relevant here will be the Developer Agreement and the Data Processing Addendum. In each of these policies, it makes it very clear that applicable laws apply on a local level, as such for those who reside in a country where the processing (handling, use, distribution, etc) of data is strictly regulated, such as the EU, the UK, California, Canada, and so on, there is a criteria that any processor and controller must satisfy.

So looking to what this script does; it gathers information to automate mass blocking that is equivalent to a list supplied by another person. This can be achieved by using the numerical ID alone, and should the script had only been retrieving that level of data, then this would be above board. But, instead the script is pooling more information than is necessary for its function, such as by recording and processing the names of individuals. It is possible to read the description of this script on its website, and there are three (3) hyperlinks attributed to this description, but we are going to look at two. First, the website shows us where the source code originated; and second, it shows us how this individual, James Billingham, created this particular bot (of which in total there are several originating from this code), we are going to look at how he describes the process of creating it…