I quit writing about this, thinking I’d have no need to further document the shenanigan. I thought I had ceased its operation. But I’ll be revisiting the LinkNYC loudspeaker broadcasts sometime soon, along with other exploits, or whatever you want to call them.
Last week the Times published a piece that seemed to reflect the recent layoffs in their research department. An op-ed about the Smart City leveled certifiably fact-free accusations against LinkNYC, spawning a new crowd of skeptics who don’t believe anything except what they want to believe.
I don’t need to get into the details. But I’ve been watching the sometimes uncomfortable Q&A with some chagrin. Someone asked about general network vulnerabilities the devices might contain. Someone else chimed in “Well there’s the mister softee hack“, with a link to the December Gothamist story.
It’s the third time in recent weeks I’ve seen reference to my little kiosk shenanigan from last year. For all the work I put into making that happen it is gratifying to see I’m still in the discussion, even if most people still don’t seem to know who did it.
Moments after that person posted his softee comment my website started getting pageviews from Intersection.com. Someone there had used a searchie to find my “Mr. Softee Post-Mortem”, or whatever I called it. I published an 8000 word masterpiece describing details of my exploit, then unpublished it a few days later. That was December. Someone at Intersection/LinkNYC has that post title branded into their head.
Evidence from the access_log follows. The first hit from 52.119.0.5, which WHOIS records identify as Intersection Design and Technology, at 10 Hudson Yards. This shows the 404 error they encountered after searching for a very specific document.
52.119.0.5 – – [02/Jul/2019:14:28:54 -0400] “GET /my-linknyc-mr-softee-postmortem-abridged.html HTTP/1.1” 404 82801 “https://www.google.com/” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (
KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36”
Next came this query. Someone at Intersection searched my site for “softee”:
52.119.0.5 – – [02/Jul/2019:14:30:18 -0400] “GET /search-the-payphone-project-2?q=softee HTTP/1.1” 200 25050 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36”
So when they found a 404 file not found page they proceeded search my site for “softee”, probably turning up a bunch of passing references but not finding the full account of how and why I did it. That 8000 word account also described a bunch of other vulnerabilities and openings in the kiosks, problems that the company fixed right away, pretending I did not exist.
Such a strange, fragmented world. There is a different kind of digital divide in play here. I see them. They see me. I run amok with their poorly planned kiosks. They scoop QA tips from me
