[shadowgovt]

But also, doxxing is totally acceptable to protect people from threats including harassment.

We are well past the era where we maintained the fantasy that the internet was separate from real life. People who are acting out online sometimes also act dangerous IRL and it is therefore prudent to figure out who they are IRL if they've proven to be bad actors online.

[notatoad]

yeah, this whole idea that "doxxing" is a universal harm needs to be corrected. not exposing people's real-world identities is a courtesy we obey to protect each other from harassment. if it becomes a way to protect the harassers, then we've lost the point.

nobody has a natural right to anonymity, and if your actions are causing real harm then you should expect some of the real-world consequences that come from having your identity exposed.

[catiopatio]

Your position is effectively “it’s not harassment when we harass someone, because we’re not the harassers”.

Doxxing is an escalation intended to cause real harm in the real world.

[shadowgovt]

> Doxxing is an escalation intended to cause real harm in the real world

Correct. And is the necessary escalation when online-only tools have failed and the attacker will not relent (such as this circumstance, where the actor in question is taking active steps to bypass methods to down-sample their signal).

I'm assuming most people holding a position in this conversation aren't absolutists (for example, they recognize why the FBI honeypots / tricks people / subpoenas information to de-anonymize those suspected of crime). Is the issue which hands hold the power / take the step of de-anonymizing someone? If that is the issue, what is the recommend course of action in this scenario (which exceeds people's tolerance to continue to operate freely in the OSS community without harassment but does not meet the threshold of an FBI criminal investigation)?

[2h]

> And is the necessary escalation when online-only tools have failed and the attacker will not relent

other tools are available (captcha, TLS fingerprinting, browser fingerprinting). if the moderator is not using these, its not a free permission for them to doxx someone.

[2h]

> nobody has a natural right to anonymity

is this a joke?

https://epic.org/issues/democracy-free-speech/anonymity

[shadowgovt]

No, it is not.

In fact, the opposite right (the right to face one's accuser) is enshrined Constitutionally in the United States when we bring the force of law to bear on a citizen.

Anonymity has value in specific contexts. It is not a universal right in all contexts.

[2h]

trolling online is not a crime, so no crime, so no right to face anyone.

[shadowgovt]

Harassment can be, in fact, a crime.

If your position is "Well they should involve the courts first," we are probably reaching agreement, but we're all aware of how weak the legal system is regarding online harassment, right? Most cyber-crime falls way outside the jurisdictions that are traditionally designed to handle harassment (as harassment was traditionally a very geographically-localized crime).

I'm personally willing to let the bar for "Disclosing enough information about someone's handle that they can be found IRL" lower than "a warrant is out for their arrest."

(This does raise an interesting question: perhaps we do need some kind of new cross-jurisdictional legal organ to decide when harassment raises to the bar of "doxxing acceptable" whether or not it raises to the bar of "prosecutable." That'd be nice to have; then we could have a generally-accepted standard for when it is and is not okay).

[2h]

> If your position is "Well they should involve the courts first,"

no because no crime has been committed, unless you count the doxxing.

[notatoad]

just because a lobby group exists to push the idea that everybody has a right to anonymity, doesn't make it true

[2h]

no, this is not acceptable. If you have an issue with someone online, ban their email, ban their IP and move on. It is not appropriate to go hunting this person in real life. you yourself have then become the creep, the person acting inappropriately. you've become the very person you have issue with.

to anyone reading this, DO NOT listen to the person I am replying to. Even if this extreme case seems "justified", its all too easy to fall down a slippery slope, where you start doxxing anyone that slights you. I have been the victim of this, its NOT OK.

[shadowgovt]

Slippery slope is absolutely a risk. Claims that a person transgressed should not be taken lightly.

... but in the presence of persistent harassment that will not cease online, tying the behavior to the person behind the behavior and bringing proper consequences to bear is the only regulatory system that actually works. There's a reason that you can be fined or imprisoned for trying to pull crap like that IRL.

But I am sorry that you were falsely accused. That is a possibility (both in doxxing attempts and in more "traditional" harassment).

False accusation is entirely possible, but it doesn't imply we just let harassers get on unchecked.

[2h]

> tying the behavior to the person behind the behavior and bringing proper consequences to bear is the only regulatory system that actually works

nope. trolling online is not a crime, so no regulations are needed. its the same as if someone walks up to you in real life and calls you a jerk. you dont get to do anything about that. you just move on.

[shadowgovt]

I think you're choosing an example that is lower-severity than the topic on the table.

If someone just walks up and calls me a jerk (and, well, we ignore the particulars of the words they used and https://en.wikipedia.org/wiki/Fighting_words), I agree.

If they do it every day, every hour, or call my house 24 times a day, I can legally compel them to stop.

[2h]

this is a user posting on an issue tracker, so your example doesn't hold either.

[Blackthorn]

> no, this is not acceptable. If you have an issue with someone online, ban their email, ban their IP and move on

Here's the thing: they did do that. But the banned person would not move on, and continued to evade the ban and be a pile of misery for everyone involved. "Ban them and move on" is the sort of advice that works great until it doesn't.

[2h]

this is just more rationalizing. to justify doxxing, which is itself essentially stalking (or worse) should be a quite high bar, which hasn't been crossed, even in this situation.

If the troll was threatening life or some other crime, then fine do what you need to do. but the person is just essentially being annoying, that is not grounds to doxx someone. if they do not have the skills to keep out harmful users, thats their own fault, they should implement a captcha or some other tactic.

[shadowgovt]

A captcha doesn't keep out harassing users; they're human, after all.

Changing the communications policy of the organization to only allow people a communications forum after they've been vetted might. That's a significant change that puts an OSS project at a severe disadvantage towards gathering support / interest. Also, it wouldn't even work in this situation; the actor in question proved willing to use every communications channel they could find to attack project volunteers.

[2h]

> A captcha doesn't keep out harassing users; they're human, after all.

its not my job to teach people how to police their own forums. nor is it the judicial systems job.

[shadowgovt]

In this case, they're policing their own forums by, having exhausted other options, disclosing the bad actor's name and warning others of the bad actions.