This research note introduces hatewatch-core, a syntax-first regex-based analyzer for coordinated online harassment, and reports findings from a five-persona worked case study of a multi-year harassment campaign against a Hakuouki fan-fiction author on Tumblr, AO3, and adjacent platforms (September 2024 – March 2026). The analyzer operates on six judgment rules derived from autoethnographic forensic practice, classifies posts by structural syntactic pattern rather than word frequency, and produces three corpus-level outputs the author is not aware of in existing open tooling: (a) a voice-signature fingerprint (hedging rate, softener rate, imperative-to-self ratio, all-caps rate); (b) a per-post cross-linguistic attack flag for Latin-script-dominant posts containing Han or kana curse content; and (c) a transparent audit trail (dropped-empty counts, distinct-match densities per category, explicit quote-structure filtering). Applied to the case corpora, the analyzer distinguishes two rhetorical postures within the attacking cluster: "bureaucratic-polite DARVO" (LadyYomi: 15.4% softeners, 34.2% self-referential statements, documentation-as-attack form) versus "direct-insult shouting" (AYWS: 4.4% softeners, 20.3% all-caps, imperative-to-self ratio 1.53, six documented cross-linguistic identity attacks). The cross-linguistic flag surfaces a tactic specifically deployable against non-native-English fan writers with asymmetric platform access: the deliberate use of the target's first language for family- and ancestor-targeted curses as an identity-weaponization move. The note argues that for small-scale, targeted corpora where the researcher has privileged access to adversary intent, regex-based syntactic analysis is both methodologically lighter and evidentially sharper than lexicon-based or ML-based classification pipelines. The analyzer is released as open software under CC-BY-4.0 (Kham 2026b). 本研究札记发布 hatewatch-core——一款以句法为核心的正则化协调式网络骚扰分析器,并以一起持续多年(2024 年 9 月至 2026 年 3 月)、针对一位薄樱鬼同人文作者、横跨 Tumblr、AO3 及相邻平台的骚扰案件为五人格(persona)工作样本。分析器基于六条源自亲历式取证实践的判别规则,以句法结构(而非词频)对帖文分类,并新增三项据作者所知现有开源工具中少见的语料级输出:(a) 语音指纹(hedges / softeners / imperative-to-self ratio / all-caps 比率),(b) 对拉丁文字主导帖中出现汉字或假名诅咒片段的逐帖跨语言攻击标记,(c) 包括 dropped-empty 计数、每类独特匹配密度与显式引用结构过滤的透明审计轨迹。应用于本案语料,分析器清晰区分出攻击群内部两种典型修辞姿态:官僚式文明型 DARVO(LadyYomi:softeners 15.4%,自指句 34.2%,"记录即攻击"的文件形式)与直接辱骂型(AYWS:softeners 4.4%,全大写 20.3%,外向/自述比 1.53,6 条跨语言身份攻击)。跨语言攻击标记捕捉到一种针对非英语母语、且具差异化平台访问权限同人作者的特殊可部署战术:有意使用攻击目标母语中针对家族、祖先的诅咒片段以完成身份武器化。本文主张:对研究者拥有特权级对手意图理解的小规模定向语料而言,基于正则的句法分析比词汇库法或机器学习流水线更轻量、亦更具证据尖锐度。分析器以 CC-BY-4.0 授权开源发布(Kham 2026b)。
Julia Chika Kham (Fri,) studied this question.