Hacker News new | ask | show | jobs
by tptacek 2529 days ago
I'm sorry, but you're confusing two different concepts. In one instance, Brian Krebs uses public, open sources to discover the true names behind pseudonymous Twitter users; in another, people post home addresses and phone numbers.

I'm not asking why it would violate a norm to post home addresses or phone numbers; it's clear to me why that's problematic.

I'm asking what obligation Krebs has to pretend he doesn't know who a Twitter user is, when that information is available to anyone who knows how to consult public sources to find it. Why is Krebs obligated to help someone remain pseudonymous? It seems clear to me that he is not.
1 comments
rndgermandude 2529 days ago
Most doxers use public, open sources to discover the true names behind pseudonymous users. And their addresses. People make mistakes, sometimes even about other people's data. Sometimes people have no choice because a lot of the information is public record.

That isn't an excuse for compiling this information and publishing it as wide a possible. You still have to consider the implications if you want to act morally and in good faith.

Think of the stupid pseudonymous twitter user who made a really abhorrent, ill-considered joke and the people used "public information from public sources" to first get to their real identity and then crawl further until they find their employer and get the person fired. The person who did the research and then started the witchburning by publishing the information so that every other bored twitter user could write easily write a mean email to the employer should have considered what compiling and publicizing that dox could do.

Also, I think Krebs does take this into consideration, and is generally acting in good faith and with consideration, it's just that I disagree with his conclusion sometimes.

link
tptacek 2529 days ago
I'm still lost. What obligation does Brian Krebs have to pretend that the real identity of a pseudonymous Twitter user isn't discoverable from open sources, or to help conceal that identity? I submit that he has no such obligation, but that message board people like to pretend that he does, and that contravening that norm constitutes the real-world offense of "doxxing". Baloney, I say. Am I wrong? Educate me.

If he's posting home phone numbers or addresses, I'm clear on what the problem is. But if you have a public LinkedIn profile and don't have the OPSEC to keep public sources from linking your secret Twitter handle to that profile, I don't see any problem at all.

link
rndgermandude 2529 days ago
What obligation? A moral one. Do no harm.
link
tptacek 2529 days ago
I do not have a general moral obligation to actively help shield you from the consequences of your own speech, however harmful they might be.
link
rndgermandude 2529 days ago
I am rather speechless... This is just... wow.
link
tptacek 2528 days ago
Go on? By the definitions being used on this thread, a good part of all of journalism constitutes "doxing".
link