[RyanZAG]

"Missed opportunity" ?

People can be stabbed in the back if they go into dark alleys without watching behind them. Let's stab a few people who go into these alleys so that everyone will be afraid to do so and we have an opportunity to prevent people being stabbed in future by making them aware.

Why would you possibly think this is a good idea? The idea is to prevent pain, not cause more pain in some bizarre attempt at making people afraid. There's enough privacy violations - we don't need to be making more of them ourselves.

[throwawaymath]

I actually agree with the parent's perspective. As I see it, there are three potential states for sensitive data:

1. Secured and private. This is data not exposed in any breach.

2. Unsecured and private. This is data which has been exposed in a breach, and which must be sought out by the reasonably tech savvy.

3. Unsecured and public. This is data which has been exposed and can be easily used by anyone.

We want all sensitive personal data to be in state 1. But because of the taboo of state 3, we end up in a situation where we're hostage to state 2, because everyone wants to treat published sensitive data as if it were still private. That takes power away from the non-tech savvy victims of breaches but doesn't diminish the power of tech-savvy criminals who want to use the data.

In my opinion, forcing all sensitive data to be considered either secure and insecure (instead of the weird, quasi-private state 2) would take power away from people who want to use it. Every time a new breach happens there is a race to use it before it's not useful anymore. I believe we could meaningfully defang these breaches by completely leaning in and demonstrating how public the data is. If there were a party truly committed to that and they couldn't be stopped, my hypothesis is that things would actually change.

[deathhand]

I think this should be called the 'haveibeenpwned' philosophy or the 'Troy Hunt paradigm'

[throwawaymath]

No, because Troy Hunt and HIBP will not allow you to search the contents of the breaches. He is explicitly against this philosophy.

[jonahx]

Your analogy misrepresents the grandfather's point. A closer analogy for his argument might be:

- Some high number X of dark alley stabbings occur each year.

- But alleys still "feel" safe to people, because the stabbings aren't well-publicized. So people don't know to avoid them and the rate X remains the same.

- Let's publicize alley stabbings in an emotionally impactful way, so people know to avoid alleys and we can bring X down.

In the actual case at hand, the argument is that you break a few eggs so people understand the issue viscerally, and hope to achieve massive regulatory change because people now actually care. I don't know if it would work, but it's a more reasonable idea than you're making it out to be.

Solving the root problem here is orders of magnitude more important than any single data breach today is.

[RyanZAG]

I don't think this is correct. For all the people who would have their data exposed in a public torrent, their data is likely safe at present and just needs to be removed from that website. If you put it in a torrent, you're hurting all of those people in a very direct way - you're the one stabbing them in the back.

What the authors here did is correct - they've publicized the issue. Releasing this data as a torrent is not 'publicizing' anything - it is stabbing millions of people in the back, and then waiting for the crowds to come and gape at the dead bodies.

[smsm42]

> Let's publicize alley stabbings in an emotionally impactful way

The top post doesn't promote publicizing data breaches that already happened. It is promoting obtaining and publishing the data which weren't published before. It is completely different things. Like making a TV series about alley stabbings - and stabbing actual people in the alley to get better scenes for this video. The former is great, the latter is a heinous crime which can ruin the whole cause.

[botverse]

It says that the tech savvy bad actors may already have it

[smsm42]

Doesn't matter. It's like justifying mugging by saying "well, criminals might have mugged you anyway, if not me then somebody else". If somebody might have committed the crime, does not justify committing it again.

[DisruptiveDave]

There is logic at play here, even if you disagree with the approach behind executing it. It's pretty simple psychology that when your neighbor gets robbed it "hits home" with you more than hearing about nameless people on the news suffering the same fate.

[RyanZAG]

Doesn't mean you go rob people's houses.

[coldtea]

>People can be stabbed in the back if they go into dark alleys without watching behind them.

Only in certain countries...