Im increasingly coming to the opinion that anonymity isnt guaranteed so you should assume everyone knows what you do.m and who you are. So you should probably just use your real name and do way less online.
Havent fully swallowed this pill but its feeling inevitable.
We're on a tech forum known to have some of the best and brightest and visited by tech giants. If anyone can solve this problem, it is us. If we are the ones giving up, then who is there to make things right?
As I see it, our only choice is to make privacy and anonymity trivial. Not for techies, but for our tech illiterate grandparents. Push hard for tools like Signal where people can get encryption without having to think about encryption. People want privacy and security but they just don't know how or don't understand what leaks data. But there's the clear irony that the sector __we__ are critical to is the one who is creating this problem.
I'm not ready to swallow that pill. I'm unconvinced we have to. Clearly __we__ can do something about this. Even if that is refusing to build such things, let alone build defenses. Apathy is no different than supporting these authoritarian takeover, because that's what it is. Authoritarian creep.
You're right that tech isn't the solution, but it also is. A hammer is part of the toolset to solving homelessness. It can also be used to create the homeless. We can build homes or tear them down. Hell, we can even smack someone on the side of the head with one.
Tech is too abstracted, and we must concentrate on the application. There is time for abstraction and time for specification. Tech is used to extract information as well as tech is used to protect information. These are actions, not objects or attributes.
And yes, it isn't the only tool in the toolbox. But it is a tool everyone here shares in common. It is a tool that many here are using to create this problem. One that many are probably not even aware that they are contributing to. But due to the commonality of our community and the commonality in its usage to create or exacerbate the problem, it is worth mentioning and considering.
Don't pass the buck. There are no singular causes nor solutions. So if we dismiss something because it is incomplete, we will never create any solution.
We've literally created this problem by making industrial-scale stalking profitable and socially-acceptable. We've created an entire self-sustaining industry that spies on everyone, is not accountable and that the government can just ask for data when needed.
Yes, but I don't think most people realized that they were doing it. Now we have a better idea. We can turn things around. You can just decide to not cut corners to do things fast and do things right. We talk left and right about enshitification, but let's be honest, it usually doesn't take significantly longer to do things the right way. In fact, I'd argue that generally you'll get things done quicker, but maybe not in the 2 week sprint timeframe.
Solving these issues won't make you much money, and anyone that gets close will invite more heat than the center of the sun. Better to divest. Keep an email and phone for essential services like banking but avoid all other activity.
Do you build tech for the money? It is not why I do it. Yes, I need to earn a living. But it is exactly that. What is necessary for living. What is the point of earning money if it is not to better our lives? Why is money the only way we can improve our lives?
> We're on a tech forum known to have some of the best and brightest and visited by tech giants. If anyone can solve this problem, it is us. If we are the ones giving up, then who is there to make things right?
You think the world’s geniuses are hanging out here? The world’s brightest are here and you’re going to inspire them to solve what you frame should be a very high priority? There are much bigger problems to solve.
I really think your vanity is warping your perspective.
The privacy of the world's populace sounds like a pretty big problem to me considering the damage that can be caused by that information getting into the wrong hands.
> You think the world’s geniuses are hanging out here?
Maybe. But they at least frequent here.
> I really think your vanity is warping your perspective.
I think you undervalue yourself. I don't see myself as a big cog, but neither am I disillusioned to believe that just because I'm a cog in a much larger and more complex machine means that I have little to no importance. Lesser, but non-zero. Were I to have the vanity you suspect I have, I would not be calling for your support as I would use my ego to solve it alone. But I am not. I can't do this alone. Nor am I drumming up people to collect wood and assign tasks, but I am trying to help those find a longing for the endless immensity of the sea. I am trying to help us realize we aren't inconsequential and that together, we have meaningful power. The big cog may be shiny and may have a lot more power, but it is still supported by a thousand smaller ones.
I have no illusion that people here work for Google, Meta, Apple, Amazon, Microsoft, and so on. Do you really think differently?
Any truly reliable privacy and anonymity tool that isn't created by the government will probably be made illegal by the government. Failing that, using it will make you a target of the government's security apparatus. If you create a cryptocurrency that can't be traced[0] or an anonymous marketplace where people can buy and sell anything they want[1], you're going to end up on the wrong end of US government trade sanctions or US drug laws. Running a Tor exit node gets your IP address blocked by much of the internet and can even get you a visit from the FBI[2]. Tor itself only exists because it was created by the US Navy as a tool for dissidents in dictatorships to be able to access the internet.
The only way to solve the problem would be to elect politicians who would either dismantle most of the surveillance system or address crime and terrorism so decisively that there was no longer any plausible threat to justify continuing to maintain a mass surveillance apparatus in which case it would (hopefully) eventually wither away as part of budget cuts once politicians forget why it was even "necessary" in the first place. There is no solution to political problems without obtaining and using political power to solve them.
The strategy of eliminating the system's justification isn't foolproof though because the bureaucracy that runs the military draft (Selective Service) somehow still exists even though the draft was ended around half a century ago and is almost certainly never coming back. Politicians only noticed it existed a few years ago long enough to debate whether to extend the wrong of registration for it to include women in addition to men. The eventual decision was to leave the status quo intact[3]. The sensible option of abolishing that relic of a past rights violation rather than continuing to waste money on maintaining the bureaucracy was not seriously considered. That means the direct route is almost certainly the better approach.
I think it's all about how many clues you leave behind. If you make a HN account that you only access via Tor through a browser with Javascript turned off and stick your writing through some AI editing service, it's probably pretty difficult to trace anything back to you. If you stream yourself 16 hours a day every day, your nickname probably isn't saving you from much, as it only takes one person to go "oh I know them" and then your secret's out. So like everything, it's about a striking a balance. Who is out to get you, and how much do you like doing things online? Just a question you can ask yourself before you move into a cabin in the woods and work on your novel 24/7 or whatever. (Publish it under a pen name, though, obviously.)
You would be surprised at how easily they can be thwarted by simple technical maneuvers.
YMMV, but ime a lot of people have this bogeyman caricature of who the feds really are. The reality is that these are government agencies that pay significantly below market rate for really intense, highly demanding work shrouded with multiple layers of government grade red tape.
I think it's not a bad idea to overestimate the power of the government to track you; the common wisdom on the internet to make this assumption is probably a good thing so people are motivated to be as safe as possible.
On the other hand, it seems like the Tor users who get caught make clear, glaring mistakes in their opsec. And I always remember how long it took to catch the Unabomber, and how they apparently only managed to catch him because of his brother.
I think the biggest trick is to move around, so it isn't as simple as getting a single address. Like with Bin Laden, a lot of the work was figuring out where he was. And Ross Ulbricht, maybe he wouldn't have been caught so easily if he changed hosters occasionally and the VPN had listed 100 internet cafes in different cities as connecting IP addresses instead of just 1. Certainly that's the way Tor works, always hopping around routers. It's maybe a bit pointless though, once they get your legal name it's pretty much a matter of time.
It entirely depends on how motivated and how much resources they're willing to dedicate to finding you. They're probably not going to go to great lengths to catch a single copyright violation, so simple precautions may be good enough.
If you're a legit threat to national security, then yeah, they're probably going to find you no matter what you do.
If you're looking for privacy from your current and possibly future employers, you can obtain that by using a pseudonym online and taking basic measures to make yourself hard to dox. If you want privacy from the US government, that's not going to work.
Also, getting doxxed isn't entirely bad because it can open doors as well as closing them. Depends on how you leverage it. You just don't want the US government and/or the government where you live as your adversary.
> If you make a HN account that you only access via Tor through a browser with Javascript turned off and stick your writing through some AI editing service, it's probably pretty difficult to trace anything back to you.
This is already too hard. But anything that can be done needs to be wrapped up into a trivial to use interface. It has to be for everyone, not just people who are technologically {capable,knowledgeable} and have the time and energy to do this all the time every time. It needs to be standard.
Of course, we should fight this from both ends. Many ends. We shouldn't collect the data. We shouldn't process it. And we should build defenses.
But by doing this (Tor etc), you've also potentially identified yourself as a person of interest who warrants further scrutiny. It begs the question: what are you trying to hide.
There's a crucial distinction here between the pragmatic and the normative, or else there's a feedback trap where accepting it as normal makes it even more common.
In other words you can plan around the worst case, but don't let go of the opinion/social-value that it's too-common and wrong and aberrant.
Talk to anyone in advanced privacy work or out of government -> full stop, yes, if you’re not doing Snowden-style measures (TailsOs) or really reconsidering where and how your phone travels around with you and browser controls, it’s done.
Tracking and the firms that do it is incredibly extensive and hard to beat (ie browser ad you just scroll by can fingerprint you well enough).
So one's privacy posture should be part of the complete security posture, and should ideally start at
"DEFAULT DENY ALL"
After which you can -of course- start opening up ports and start trusting people with information. Even if done imperfectly, one's attack surface is at least under some sort of control. I mean -at least- a semblance of control can be taken, however aspirational in practice. It allows conscious control of ones information flows.
As you may have experienced yourself a posture of "DEFAULT ALLOW ALL" is effectively impossible to manage, since tracking down and plugging new leaks faster than they show up is pretty much like bailing out a boat with -well- a squillion leaks (and more every minute).
Getting muggles to a safe default posture is going to be difficult. However, seeing the growing awareness in society it might not be impossible.
Think of nascent privacy initiatives by the EU (no matter how (in)effective as yet). Or you could think of starting school programs akin to "just say no" for instance, promoting more conscious and careful online behavior. It might never be perfect, but some level of herd resilience might be attainable?
What you say is indeed one possible way to deal with it.
Treat it as a public postcard signed with your name, and never for a minute assume that someone doesn't link what you say to your identity.
This mode of operating means you will be more polite when angered by some troll online, as you are not hiding behind some pseudonym.
And at least you won't be shocked when a Website does what Glasdoor recently did, i.e. convert from pseudonyms to people's real names WITHOUT CONSENT OR WARNING. Surely by using always your real name you will not bitch about your employer on a Website when you name is shown as the poster and you will still want to get promoted, or at least retained as an employee.
I'm also waiting for the day, which is pretty much here now, when you will have to use a real name for any sign up form on any website. Something verifiable and not John Smith at phone 123 456 7890.
I more or less do that. Not really related to privacy, but I find that if I post as myself, I am more honest, less likely to troll, more considerate of others when I post. For me it's healthier.
What are you talking about? Use VPN outside of US jurisdiction, register a random google account, and use YouTube all you want in almost full anonymity.
Just keep in mind that if you write comments, and you also write under your real name, it's relatively easy to identify you by the writing style.
100%. We probably shouldn’t protest or even discuss non-conforming ideas. Just agree with the current rulers on all things to be safe. Also make sure to vote for the right leaders because who knows how long that’ll remain private.
Because of the possibility that the leaders will change - or change their opinions - in the future, the only safe course of action is to express no opinion whatsoever.
Your reading habits, tv show preferences etc already reveal your politic beliefs and they have already been categorised by advertisers like Google/Facebook/Apple/Microsoft and sold to countless data brokers and government agencies already.
We also, apparently, shouldn't even try to discuss and figure out any other possible approaches or responses to any given problem that might exist.
We don't care if this wall might possibly be easy to simply walk around and obviate, we shouldn't even look, or even talk about looking. The only rational way to attack any problem is to just look exactly in the direction you were led to look, bang your head on that same spot forever.
Or go back to how things were: Keep it to yourself and discuss spicy topics among close friends. Friends assume good faith. People on the internet tend to assume the worst interpretation possible and don't give any benefit of the doubt.
Anyone thinking I was serious is a canary in the privacy coal mine.
That being said, I suspect it was just an unfortunate use of words (current / right leaders) that might lead some people to think I was being politically tribal. (nothing could be further from the truth)
A “literal crowd” sounds mildly pejorative. I think it’s more that HN prefers productive, rational discussions. Sarcasm is passive aggressive and a more circuitous route to the point than a literal one. Last, sarcasm isn’t usually even funny. When it is, it’s only funny to those who are with the point.
I downvoted because to me it tried to say what someone else should not talk about.
I don't disagree that wrong things should not be tolerated and that giving up and accepting is no answer.
Whenever someone tries to tell a complainer to shut up, I frequently point out that in the entire history of the Earth, not one thing ever got better by accepting things as they are. It's one of my favorite things to point out. So I'm very much in the reject giving up camp.
But I don't think it's necessarily giving up or cooperating to merely explore any and all other possible solutions to any given problem, and that comment struck me that way.
My impression might be unjust, and so by disclosing it I may take a few arrows myself, but for once, one is explained. :)
Havent fully swallowed this pill but its feeling inevitable.