Patreon Hack
Added 2015-10-02 17:39:03 +0000 UTCSo, given in the past month we've had: People signing up and stealing content without paying. And now we've got a total Patreon hack. This is why I don't really trust much on here these days, and why I don't intend to hide anything from non-subscribers on Patreon.
If you guys want an alternative subscription service to help support the comics, you can use paypal for this. I wouldn't be surprised if the Paypal fees are less than Patreon.
When the comic site is back up (And everything has calmed down around here), I'm going to start looking into putting up a donator only site. I realize that it too can and will be hacked, but I'm hoping the relative obscurity of the comics will stop that. (I know, security through obscurity is not real security). But payments for that will go through Paypal, Google Wallet and Patreon if I do it. The donator site will only have your email address and whatever password you sign up with.
While I realize that nothing is hacker proof, I feel like going this route will mitigate some of the problems that these big companies are having. If anyone takes down the donator site, there's not much to take. I just give people a general warning that anything you post online, even if you think it's in private, should be written as if it will go public one day.
I'm really sorry this happened to you guys, and I'm saddened by Patreon's inability to keep up with the hackers that stole their data. I did find an interesting site from this which I'd recommend you guys look at: https://haveibeenpwned.com/
If you haven't already, change your passwords. And be sure to monitor your bank's data. Patreon claims the hackers didn't get the passwords or your bank information - but frankly, I don't trust that too much these days.
Comments
The SECOND ending of Issue 14 wasn't an alternate ending. Since Paradigm Drift took place in TWO different universes, it had not one, but TWO Endings, the FIRST taking place in Raekarta, and the SECOND taking place on Earth (or the Earth-like dimension that Lorelei visited). The first was published with the rest of the comic, but the second, the ending that occurred on Earth, was hidden behind that old paywall I mentioned. I remember it being prominently advertised as being hidden behind that paywall, along with some transformation art and a few other miscellaneous goodies as incentive for people to donate to your comic. However, as I said before, by the time I found that paywall page, it had long since been abandoned, and I had no way to access it, even though I really wanted to read that SECOND ending to Black Tapestries Issue 14. (Sorry for the second post. I don't know how to reply to a reply.)
ChaosMageX
2015-10-04 23:34:44 +0000 UTCAh, there was no alternate ending for any of the comics.
Jakkal
2015-10-04 22:56:52 +0000 UTCIf you're going to be doing a paywall thing again on your current comic website, could you please post the extra ending of Black Tapestries Issue 14, Paradigm Drift? I remember that being behind a paywall on your previous comic hosting website, one which had been destroyed or something by the time I had discovered your wonderful comic, so I couldn't find a way to donate and get access to it. I still yearn to read those lost pages and I'd definitely be willing to pay extra to still do so.
ChaosMageX
2015-10-04 22:25:33 +0000 UTCI don't intend to do my own donation system. I'll still be using Patreon. But anything that I want to keep for donators only will be on a separate site - so that Patreon subscribers, Paypal subscribers/donators, and Google Wallet donators will get to see it. I won't be taking money at all. Once Patreon fixes their horrible exploit so nonpaying donators can steal paywall blocked stuff, I'll start posting here again. They've been promising it for months, and after several artists had their site posted on yiff.party, I'm not going to wait for them or use it to hide stuff for donators.
Jakkal
2015-10-04 06:37:34 +0000 UTCThe passwords were stolen -- but they were encrypted with bcrypt, which is a "high cost" encryption method that isn't currently broken. By broken, I mean "containing known exploits," which MD5 has. The passwords were also salted, meaning that a generic database search can't be done as easily. That is, using a database of passwords and their hashes so you can look up the hash and find the password it's made from. Since the source code was also stolen, it's possible the salt is exposed, which means it'll take longer, but can still be done. Also, smart companies these days completely segregate the financial data and even contract special companies to handle the storage and processing of their financial transactions. Strype and Paypal handle Patreon's money processing -- so Patreon doesn't even store any information and has no access to the credit card data. It's all handled externally. Lastly, make sure you know what you're doing. Patreon is an established platform. They have professionals with training and experience to build and maintain it. While they've suffered a breach, I'm sure now they are doubling down on security so this never happens again. You've had your campaign running here for a while and have a number of "fire and forget" donors. Switching to a new site is going to greatly reduce your current donors. Not to mention the time and effort it'll take to build and maintain your own donation and rewards system. My recommendation is to stick with Patreon. If you're not comfortable, contact Patreon and figure out what security measures they're taking to prevent this from ever happening again. Make sure you understand the security language and technology so you know whether or not they're doing a good job. Then choose to stay or go. But if you do go, understand that it is an expensive decision, and be sure that you're actually getting something worth it for doing so. And if you've done the research you'll know "security through obscurity" is not worth it.
Stickman
2015-10-04 05:20:30 +0000 UTCI'll be doing the best I can with my limited abilities and funds. Even hashed passwords can be cracked, the question is, is the work worth the effort? For a big site like Adobe or Patreon, yes. For a little site like mine? Probably not. Though again, Obscurity isn't security, but I'll do what I can.
Jakkal
2015-10-02 21:00:16 +0000 UTCWill you be hashing the passwords so even if it is hacked they still won't get the password?
Catprog
2015-10-02 20:57:17 +0000 UTCAlmost no creator I know of keeps anything behind a paywall. Maybe higher res versions, or sketches, or PSDs. But not the content itself. And I'm more than happy to throw a couple bucks at people who do stuff I like.
Draco18s
2015-10-02 17:48:00 +0000 UTC
