Saturday, December 10, 2022

Adventures in Googling: “Think” Rubix & Client-Data Strategery

It’s Friday. It’s been a long week, even by the standards of this hellscape. Let’s take a step back from LITfest and the shenanigans surrounding it and, instead, look at Think Rubix.

More specifically, let’s look at the “top secret” information on Think Rubix’s website.

Heck, even more specifically than that, let’s look at the absolute lack of security around Think Rubix’s website when it comes to client information! That should be fun. Oooh! We could probably make a short movie about it! (Polls show that people love movies on Fridays.)

For those who can’t/won’t/don’t watch videos, allow me to provide a description: what you have there is a minute and a half of showing that easily locatable client pages on the Think Rubix website are not in fact password protected, despite Think Rubix’s claims.

This matters, of course, because these pages contain project-management details, including documents, deliverables, projects, progress, events, and target dates. They contain links to documents related to the project management as well. This is, to put it bluntly, not something that any candidate or client would want flapping around in the breeze and accessible with a simple Google search.

***

A quick aside: before writing and publishing this post, we reached out to Chris Jones’s campaign via a third party so that Jones could be notified that his entire campaign-management plan was visible to the world. We also waited to publish this until we had confirmation that Think Rubix had fixed the problem. But that must have been an interesting call from his campaign to Think Rubix. “You know, if some blog could find this, Sarah Sanders’ people probably found it long ago!”

***

So…yeah. There I was, mind my own business last night, when someone sent me a link to the Think Rubix client page for LITfest. Based on the URL, I assumed it would just be something on the website talking about how much they had done for the festival. Instead, I see this:

“That’s interesting,” I said to the basset hounds staring at me. “I wonder if it’s like that for more of their clients?”

It was.

There was Chris Jones’s entire campaign plan for each week. (Not posting the video of that one.) There was the page for something called the People Trust Community Fund:

There was the page for the Empower Initiative:

Now, based on a document provided to use by Think Rubix’s “FOIA guru”1 attorney, we can see how much the company has invoiced each of these folks between February and early August of this year:

We know that they have been paid $30,000 by the City of Little Rock, with $15,000 still to come after LITfest, plus whatever they plan to take from the improper arrangement with the charity and the sponsorship money. Based on the invoice list above, we can also see that that they have billed Chris Jones $144,732.90 over that timeframe, as well as $45,000 to Empower Initiative and $31,000 to People Trust Community fund. All told, including the forthcoming $15,000 but omitting the unknown amount of sponsorship money, that is roughly $266,000 from these four clients in just over six months.

For that kind of money, you’d think they could do better for their clients than a web portal that still has the lorem ipsum text and has zero security.

Then again, you would also have expected them to actually register to do business in Arkansas and to have their “charity” registered as a charity with the state as required by state law. (See for yourself!) You’d definitely expect them to meet the bare minimum qualifications of the RFQ before Little Rock awarded them the contract, and we know that didn’t happen.

So…maybe we should just temper our expectations across the board when it comes to Think Rubix?


  1. As City Director Antwan Phillips referred to Mac Norton when contacted by Think Rubix about the FOIA request.

Recent Articles

Related Stories