Just because a data aggregation site does not show your data on the front-end, does not mean they deleted it from the back-end. So now you can charge 50$ for people to search in the "special" data pile, where people took the effort to remove it from the front-end.
These data brokers crawl publicly available information. Telling them to remove your data, only slows down the doxxer, it does not stop them at all, since the data was already shared. It is not plugging the leak, it is mopping up some of the water. A false sense of security and a clear sign to the doxxer that you care about your anonymity (so more "lulz" to be had).
A proper doxxing is also much more than entering a name in some search engines. Especially hackers do not like to be doxxed. For internet civilians who already put this data out there (on social media) a simple data broker doxxing is a mere reminder that such data is public to everyone, not just friends.
Doxxing defense is guarding your anonymity online. Everywhere. Doxxing defense is knowing when to change persona's, and when to log off. That is: If you care about it at all. If you care about keeping your identity a secret online, see: https://www.youtube.com/watch?v=9XaYdCdwiWU (The Grugq - OPSEC: Because Jail is for wuftpd).
> Just because a data aggregation site does not show your data on the front-end, does not mean they deleted it from the back-end. So now you can charge 50$ for people to search in the "special" data pile
Do you have evidence of aggregators doing this? It's plausible, but I haven't heard about it happening.
> Telling them to remove your data, only slows down the doxxer, it does not stop them at all
I think you have a good point overall but let's not dismiss the solution in the ComputerWorld article, which is valuable. All security solutions do the same thing: They increase the attacker's costs, which stops attackers unwilling to pay the price. There is no perfect security.
For example, we tell users to use strong passwords on their Windows logons, but that only raises the cost of an attack and does not completely secure the machine.
The simplest defense is to completely separate any online persona from your "real" offline persona. Obviously, how separate you make them has to be proportionate to many enemies you expect.
But you are an actual public person who is public with their real name, I do not envy you.
The US really needs something akin to the EU's Data Protection Directive[0].
I've seen tons of businesses hide some tiny clause in their T&Cs (page 30, subsection 15, paragraph 11, etc) which allows them to resell your data to whoever will pay. For example the National Geographic Store sold my personal data when I purchased something from them (even with no check-box opt out, etc during checkout), and I've been receiving girly catalogues and credit card applicaton snail mail ever since (with a glaring typo which points right to National Geo's store).
I don't really see that happening (the US getting better data protections) as the US constitution is being largely used to protect business's "freedom [to do whatever the hell they want]" rather than individuals/people as was intended.
I was really hopeful that when the blackmail criminal-record racket started that that might finally result in substantial changes within the US, but nope. Nothing has changed and the blackmailers still operate.
Note that a lot of the information being discussed is public information in the US though. Companies aggregate this information--often for a fee--but it's public by law. To take just one example that struck a lot of people as surprising when it became a topic during the last US election, in many states it's a matter of public record whether you vote or not (not who you vote for but whether you vote). And there are many, many other examples.
Historically, uncovering this information would have meant spending many hours going through files at county or town clerks--which put a very real limit on how widely it would be used. Now much of it is digitized (and aggregated). So at least part of today's issue isn't so much that private information is being made public but that ostensibly public information is now such much easier to access and cross-reference.
I know you can enter email addresses as x+y@example.com where x=your regular email and y=some word/phrase to indicate who might have sold your email.
For example, if you register bill+NG@example.com with national geographic, and you find yourself getting to: bill+NG@example.com from spam, you know who sold your info. My question is, do you think companies know this trick and just remove the portion following the "+"?
Please use the second level domain label example[1] when writing examples of email addresses. For all you know, you just posted someone's email address.
There's nothing special about + as far as email in general is concerned, that's just a convention some mail servers (such as gmail) use. Any server using qmail, for example, uses '-' for the same purpose, but + can be part of a full name there.
While cutting out the + might still get your mail to gmail users, there's no guarantee it would for anyone else. I don't really think the people doing the spamming care, and they'd rather it arrive in an account at all than burn their sources.
Most of the time when I try to use this it just doesn't accept the email address. I've wondered if they sincerely don't think that's a valid email address or if they're intentionally thwarting that strategy.
Personally I self host a domain that accepts anything@ and file it into a special inbox. This lets me give real addresses to specific sites and blacklist them as needed.
Luckily this hasn't happened yet. Last time someone spammed my "throw away" domain I just took it offline (killed DNS) for a few days, that seemed to work :P
Surprisingly, I haven't been getting catchall spam. If that happens I'll just write a quick interface to add permitted stuff through easily or just create a pattern that catchall won't use :)
We had a meeting about privacy at work and the presenter told a story about his ISP who messed up his name when he signed up something like Roge rJones instead of Roger Jones. The ISP stated they do not sell customer information to 3rd parties.
Within a week after signing up he was getting spam and junk mail addressed to Mr. Roge rJones just copied and pasted right from the ISP customer database.
Indirectly in a way what you say to try, a unique identifier.
Spam companies knows it but don't really care I suppose, it's not their problem.
Your problem is that if you forget the password you must remember if and how you personalized the e-mail address to reset it.
It works with many mailservers, on postfix it's called recipient_delimiter. It's enabled on dreamhost as + as far as I know.
The amount of spam/phishing I'm getting to me-macromedia@ and me-adobe@ is pretty amazing. Guess I was part of _that_ breach.
I'm not sure I'd go through that if I were doing it again. I've got hundreds of those emails out there, and being able to just drop some of them hasn't been the help that I would have hoped for.
The odd thing is that Canada's version of a data privacy act, PIPEDA, was enacted 14 years ago (2000) specifically so that people could trust private corporations with their data while e.g. shopping online [1].
In the end, the problem with these sorts of things is that once people are making millions doing something that should be illegal, they have the resources to ensure that it never becomes illegal.
Yes. We already have laws that protect a person's likeness by default. All that is necessary is to extend the concept to protecting personal information (of which a likeness is one example) by default. It probably won't happen until large numbers of Americans start valuing their personal information, however.
Abine's DeleteMe[1] service will take care of removing you from these sites, though it's not cheap. They will keep re-checking and re-removing. I've been using it for a few years, and it seems to work pretty well. IIRC there was still one site that I had to call and deal with myself.
I would also add Safe Shepherd [0]. We remove your information from the standard data brokers, and also give you guides on how to remove yourself from a large universe of sites yourself. Message me if you have any questions.
Edit: The service costs $13.95/mo, but you can get started with a 10-day free trial where we'll kick off all of the removals. You can (fully) delete your account at any time if you'd like.
Dude, there is absolutely no mention of price, cost , whether it's FREE or NOT anywhere on that site, before I give you my information, and that includes the terms of service copy. I looked and the only headline in the ToS that kind of address it is "You have to pay us in order to use some of our Products". If that is a base-case you start with for new customers, then thanks but no thanks.
Question - I can see the value of a service that automates all these removal requests. That said, the monthly subscription model seems a bit excessive, as I assume data would creep back in gradually. I would think quarterly, or even annually resubmitting them all would be adequate. No?
Many of our customers choose to turn the service on once every several months (upgrade and then downgrade at the end of the month). We totally support whatever works for you.
That said, our service is based around continually scanning the web for exposures of your personal information. There's plenty of new information that crops up all the time, and we're here to help you when it does.
The top data brokers are very US-focused, so our service is US-focused. Outside of data brokers, we can the web for your information and have guides on why the site might be exposing your information and what to do if so. This is useful for all people.
The Internet never forgets. No app is going to change that because Internet is de-centralized and de-centralization makes it impossible to know if the data was really completely removed or not.
Let's face it: the only way to not expose your personal info is to not share it in the first place (forget silly Facebook, G+, Instagrams and all that stuff). If you've already done that, make sure that whatever you are doing that might lead to doxxing is done with your other identity (although this is hardly fool proof since linking identities can happen in many unexpected places). Worst of all is that that kind of infomation, once it slips, is impossible to contain and you have to cut ties and start over.
Not relevant. I've never used social media a day in my life. Nevertheless, clicking a few links in this article turned up my full name, age, birthday, every address I've had since I was 14, email address, and convenient links to pages containing that same information for every member of my family. This is all obtained from public records over which you have literally no control if you lead any semblance of a normal life. There should be more legal protections in place to prevent using public data in this way.
The issue at hand isn't really related to "silly" Facebook, or other "cultural" sites.
Unless you straight-up do NOT: own a home, rent, buy anything, go to school, etc. you will have some kind of available public record.
Yes, it's true that many people go beyond this with what they make available on social media and that's a definite issue. When people start "combining" excess social media posts, with "outside" known data...that's when you've got an issue. This usually results in people being able to EASILY dox someone due to the social side of things giving out information that is normally "protected"(think maiden name, previous locations, relationships, dob/location, etc.), all of which can be leveraged with public information to nearly total dox someone.
At the end of the day, we're in a new "age", where people will have to learn to protect their internet identity, as well as their "personal".
this information gets populated without you sharing it. if you pay utility bills, rent, buy a house, appear in court, or other similar acts, those acts get stuck into online databases forever.
so to not "expose" your personal information is to not buy things and live in a tent. but be sure not to get arrested for trespassing or vagrancy...
The electricity provider here requires the use of 'smart meters' (that is, if you want to use their electricity). Via smart meters, they can identify what electrical appliances are used in your house and when (and possibly even how you are using them, such as what TV show you are watching), giving them a good picture of everything that goes on in the privacy of your home.[1]
There is no opt-out. They have this information on everyone in the state.
[1] This is not at all a fringe theory. It's been discussed on HN at least a few times.
>(and possibly even how you are using them, such as what TV show you are watching)
This seems hard to implement, realistically. I know the theory behind it - they can determine how much power a scene takes to show on a TV. But this is going to fluctuate depending on the brand of TV, the model, and so on. They would need to have data for each scene for each different unique type of TV set, and that just doesn't really seem all that feasible, if you ask me.
Except is that information public? That information actually has an extremely legitimate use, which is to better manage peak grid usage and how to optimize that.
I don't think it needs to be easily accessible to the public to be problematic. Many people, including businesses and government, can have access. The electricity vendor has little incentive to protect it, to scrutinize government requests, etc. Recent NY Times articles describe the US Postal Service accepting almost all law enforcement requests for information on their customers.
Also, data has a way of leaking ...
> That information actually has an extremely legitimate use, which is to better manage peak grid usage and how to optimize that.
I do see a benefit to it, but 1) It should be anonymized and minimized. For example, how about aggregating data about usage on my block and storing that? Cleaning it of anything that violates privacy, such as high-resolution individual signals? 2) My privacy is a higher priority than their technical benefits; there's an assumption (maybe not by you) that whenever there's a tradeoff, privacy doesn't amount to much -- this is money we're talking about, after all.
The best hack to get around this is to create a holding company, so then that holding company name appears. However, in most property records also include an address to where the yearly property tax bill is sent.
From what I've heard, most people when committing a crime don't evaluate the expected value of the harshness of punishment, merely whether there will be a substantial punishment at all. So long as you're attempting to use prison to deter crime, it argues for relatively light sentences. If you're trying to simply remove offenders from circulation, that's a different question. It won't really help them improve their character much though if the sentence is too harsh.
EDIT: A well publicised message of "if you do this we will catch you" and a well publicised conviction would help though mostly regardless of the length of sentence. Very few people find going to jail at all an acceptable outcome.
It's very unusual and ironic to find an argument _for_ punitive incarceration here on HN, which is more typically a bastion of anti-incarceration advocacy. I guess it depends on where societies' and governments' fears lie (the more representative the gov't is the more these fears overlap).
The ususal stance is against punitive incarceration for crimes like drug posession and maybe even sex trade activities. Crimes where someone is actually harmed? I don't think you see a lot of arguments againts punishment for those.
Your first point may be true, but the US/Norway example is not good evidence for it. There are significant other confounding factors -- relative homogeneity of the population, economic differences, population size, cultural history are just a handful that spring to mind.
Yes, indeed, that's what we need--5 year prison sentences for exercising 1st amendment rights. Preventing the creation of these databases? No, far too difficult to enforce...instead, let's go after the uppity little guys.
You've suggested a remarkably short-sighted solution to a very thorny problem.
As you well know the topic at hand is people using that data to "stalk/harass/intimidate" as the OP said verbatim. Which is not protected by the 1st amendment.
I read it differently; "this stunt" is ambiguous in context.
In any case, I think you're misunderstanding the nature of the problem. The danger of "doxxing" is that people get overwhelmed by a flood of negative attention from many different people. In most cases, none of the "harassing" individuals actually do enough individual harassment to make the action illegal. You can't go after the doxxer because releasing the information was completely legal, and you can't go after the mob because none of the individuals have done enough to constitute a crime.
You could certainly go after a guy who sends a knife; pretty sure just mailing a knife is illegal in most places.
I think you're misreading this. Doxxing is the online equivalent of incitement to riot; as in a real riot, the chances of any individual participant doing anything blatantly illegal are low, it's the cover that the crowd provides for lawless activity and the intimidatory factor that's problematic. So if you're unpopular with some group in your town, and someone says 'Let's go to Byerley's house at 123 Quiet Street and make some noise' that could count as incitement to riot even if your name and address are widely available.
The problem is not the mere repetition of publicly available information, but its strategic use to focus the anger of a crowd upon a relatively defenseless individual. That creates a dangerous power asymmetry with the explicit or implicit function of intimidation. It's not a big deal if people peacefully protest in front of the White House - the President and his family live there but there's a bunch of secret service people to keep him safe due to the nature of the office, same way there are police permanently stationed outside the official residence of the UK prime minister. If you're Joe or Jill Ordinary and a large crowd shows up on your physical doorstep, you have a serious problem.
Virtual harassment is not immediately threatening in the same way but it depends on how far it goes. If I write something controversial and make it public and get a storm of hate email in my inbox, that's annoying but not really worrying. But if I start also getting telephone calls or snail mail (or seeing such things quoted in emails) then it's quite a bit more worrying.
There's a limit to which people can control the amount of their personal data that becomes public. For example, I own a house which means I have to pay property taxes, and where I live property ownership is a matter of public record. So I was surprised after buying the home to suddenly receive a huge amount of junk mail from companies who obviously subscribe to lists of property tax payers. I can't take back that information. Should everyone be expected to set up a shell company in order to purchase real property and still maintain some privacy?
The best hack to get around this is to create a holding company, so then that holding company name appears instead. This might be a costly measure, but well worth it if you value your privacy. However, in most property records also include an address to where the yearly property tax bill is sent, so you might also want to set up a PO box.
As I said, 'Should everyone be expected to set up a shell company in order to purchase real property and still maintain some privacy?'
Personally, I prefer the European approach of the Data Protection Act that gives consumers a fair bit of legal leverage over how their personal information can be used commercially, as opposed to requiring people to engage in expensive obfuscatory security measures.
What does constitute enough harassment in your opinion?
You make it sound as though there's nothing to be done against this. But that is not the case, things change. Perhaps releasing personal information about another relating to doxing should be made illegal. It's not as if it's hard to distinguish between someone who's trying to dox another and legitimate sharing of information.
The protection prevents the government from denying you the ability to make the threat. It does nothing to prevent them from pursuing a criminal prosecution after you have made it, or to prevent your victim from litigating a tort claim against you for intentional infliction of emotional distress.
I suppose the 2nd amendment prevents the government from denying me the ability to use a gun to shoot someone too... but saying that isn't constructive to the discussion of how to do we stop people shooting each other with guns.
Yes, I have the right to threaten someone because it's free speech, but I should still be punished for doing it.
(i.e. I have the right to have a gun and use it to shoot someone, but I should still be punished for doing it)
Basically, if an action could be considered a check upon government power, the government is not allowed to prevent people from doing it in the name of fighting crime.
You are allowed to have the gun that you might use for murder, because you might also use it to rebel against a corrupt government or in self-defense. You are allowed to use common channels of communication to make unlawful threats, because you could also use them to spread ideas unpopular to the ruling class. Only in the case where there is no possible constructive use or government-limiting use would the government be justified in engaging prior restraint.
As you might imagine, such a situation is exceedingly rare. A device designed to spread anthrax spores in an aerosol, for instance, has no peaceful purpose, and I would not consider it a legitimate check upon government power, as it would indiscriminately kill civilians as well as government agents. So you could be prosecuted just for having it, because it is presumed that it could not be used for any purpose that is not inherently criminal.
If there is any possibility that you might do something with innocent intent, the state has to wait until you do that thing with ill intent before punishing you for it. Now, there are a lot of laws and precedents that defy that principle, on a continuous spectrum from things I consider barely reasonable to things I consider to be completely unjust BS, so don't mistake any of this for real legal advice. What should be and what actually happens are often very different things.
Because it interferes with what the government deems legitimate business practice -- collecting and selling your info. Maybe some day, the NSA will also open some data taps for those with deep enough pockets. For now though, they're not competing, so let them live.
> A 5 year jail stint for the next 10 idiots to pull this stunt will reduce the incident rate of this happening a lot faster.
Copyright infringement comes with the potential for multi-million dollar fines, but that hasn't put much of a dent in it. Why would it be different here?
There are a LOT more data brokers than listed here, though it's a decent list to start with. These are small fry in the scheme of things though. You can start working your way through this one if you're really concerned:
The threats of violence are usually empty posturing but there are other serious risks associated with speaking out online under your real name. In the US you can get "swatted"[1], which is an evil twist on usual pizza pranks. It's not far from that to getting shot (or having your dog shot).
Then there are basic SEO threats to your good name. And the old "taking information out of the Internet is like taking piss out of a pool." Whether the information is true or not.
I don't think this is an appropriate defence though. Sticking to usual good practices of not conflating anonymous personas with your real identity, using a PO box and proxy services (whether for domain registrations or actual network proxies) will be more productive. Not good enough when evading FBI but probably more than fine otherwise.
First of all, doxing works the same way private investigators do, so they do not require one-stop-shopping data banks. Social engineering and public records searches usually give you everything you need and are free. Second, if you're coming from the standpoint of a feminist decrying the ails of an oppressive society, you are pissing people off that will be motivated in attacking you; they aren't going to back off just because your information didn't show up on PeopleFinder.
IMO, the only defense against doxing is to dox yourself. Doxing is just a form of intimidation, after all, usually done by people who think publicizing some "secret information" will be taken as a vague threat. Make the information public and you remove their ammunition.
To me, the best defense against a troll is being completely nonchalant and not giving a shit what they do. Hacked my accounts? Oh well, it's just an account, i'll make another. Sent me death threats? Hey, life is short and we all die some time. The more you show your attackers that you will not be bothered, the more they realize they are powerless to harass you. That combined with reducing one's online footprint in general will break down their motivation and move them to other avenues for venting hate and frustration.
> IMO, the only defense against doxing is to dox yourself. Doxing is just a form of intimidation, after all, usually done by people who think publicizing some "secret information" will be taken as a vague threat. Make the information public and you remove their ammunition.
> To me, the best defense against a troll is being completely nonchalant and not giving a shit what they do. Hacked my accounts? Oh well, it's just an account, i'll make another. Sent me death threats? Hey, life is short and we all die some time.
I am clearly a little less nonchalant than you. But I don't feel all that inclined to publicly post my home address or my kid's school address or scout camp location.
This is useless. The only way to defeat mass collection is to poison the well. I always put some fake data wherever it's not legally required. The only issue is where it is required and that is the root of the problem - why is it required in so many places?
The fact most of these sites even have opt-out mechanisms, and that they're apparently effective,
My last name is one that fewer than 20 people in the world have. So doxxing protection and name management in general is very important to me. A few years ago I took about a day and had myself removed from everywhere I could find. Far more comprehensive than this article.
In the three years since, I've slowly been added back to all of them. I haven't moved, I haven't added or subtracted phone numbers, I've made no life changes. It just seems like these data brokers remove your information when you ask and then for whatever reason just add it back again. One example: whitepages.com. I was removed from there about two years and then suddenly my name and address are back again. That's just one example that leads me to believe the opt-out at these data brokers is "temporarily effective" at best.
How trustworthy are those mechanisms though? I'm rather skeptical of the "guarantee" of a business whose model is to aggregate huge amounts of "dirt" and let people pay to suppress it.
I only looked at Spokeo, the first site on the list in the article. To opt out, you have to give Spokeo your email address, they send you a link, and you click the link to be delisted.
Why does Spokeo make it so easy?
The only answer I can think of is that they now have your email address and value that. Draw your own conclusions...
If any of your personal info is on the internet, it has already been saved where you cannot remove it. This is a personal conundrum I have been trying to wrap my head around, especially as it relates to pictures of my kids I'd like to keep offline (but other people take pictures of them and upload them, and it's too late at that point...)
A company I'm familiar with was attacked by a blackhat. He sent the company owner all his personal information including SSN, address, etc. It scared the owner enough to pay off the blackhat, but he also asked the blackhat how he got his information. The blackhat sent the owner a website that you can go to, pay around $4 in bitcoin, and search for anyone's information.
People who can afford to are going to begin hiding behind shell corporations. Houses, other assets, etc. will be corporate-owned, with suitable non-descriptive names and corporate addresses.
In fact, this is already occurring, although a prime driver has been a form of trust that reduces taxes particularly inheritance taxes.
I'm not familiar with what e.g. Hollywood celebrities do, but at a guess many of them are likely also doing something similar.
Need to restrict access? Introduce a layer of indirection.
I think just using a nickname (instead of your own name) and not sharing addresses etc is the best way to go.
Lirik (a big Twitch streamer) chooses to only use his online alias, and although it's a common question what his real name (or other details) are, no one really has an answer. You just have to put some effort to not leaking information from registrations to sites (and such).
Wow. This is an app just waiting to be built. I would definitely subscribe to a service like this. And I would happily give money to a nonprofit who provides this as a free service for women in tech. Developers, start your IDEs!
You should really consider making a non-js version of your website. The noscript googletagmanager iframe is not really screaming "we care about your privacy" either.
But assuming that you are sincere and just unaware of the context: The reason that I personally would offer to fund this service for women in tech is that diversity in tech is an issue I have been working on for a while. Even though women are a relatively small proportion of the field, those women are a disproportionately large share of those getting abused with things like doxxing. I don't like that and want it to stop.
It would be my hope that by offering it widely, it would enable more women to speak up both about tech and about their experience in tech. Which I in turn hope will promote a more diverse and inclusive field. Which I think is a good end in itself, but I also think that means better empathy for all sorts of users of tech, and therefore better products and less systemic waste.
Such service doesn't have a natural gender discrimination so it's actually additional work to create one. Sure, it might be worth to focus on marketing it to women, if indeed they get "disproportionately large share" of abuse (it sounds plausible to me, but I don't have data) - but there's no need for artificially limiting the service itself. Male privacy nerds would happily use it too.
Nobody asked that the service to be limited to women. That's something you're adding to the conversation. So it seems to me that you're politicizing it even more.
I am speaking of two separate things: a commercial product and a nonprofit that gives away free subscriptions to the commercial product. Although now that you mention it, if some sort of existing nonprofit focusing on diversity in tech built a service, that would also be something I'm glad to support.
One easy way to tell that I didn't want guys excluded from the service: I said I wanted to subscribe, and I am a guy.
The whole point of democracy is arguing politics. There is plenty of use in it. That's why we have freedom of speech and freedom of the press, for example. Plus deliberative bodies as a key element of every level of government.
Also, that you construct it as politicized suggests you have a political opinion in opposition to women being treated as equals. If you oppose that, well, then you oppose that. But it would also explain why a) you insist on labeling views you don't like as "very politicized" and b) why you preemptively declare that there's no point in arguing. To me it reads as a slightly more grown up version of the hands-over-the-ears style of argumentation.
Still, it would make zero sense to me that someone would provide a service against doxxing and limit said service to women. Why discriminating against men? Men can also be victimized by doxxing.
How about providing it to people instead of just the female subset of people?
Sorry if I was unclear. I am talking about two separate things: a commercial service and a nonprofit who would provide subscriptions to the service. As I said, I want to subscribe.
However, nonprofits pretty regularly provide services to limited groups of people. Veteran's groups focus on veterans. Women's shelters focus on women. The Alliance of Transylvanian Saxons focuses on Transylvanian Saxons. So if some existing nonprofit were to build this as part of their work, I'd have no problem with them limiting it to whatever group they were focusing on.
A commercial service is paradoxically (or not) exonerated of their own market-limiting decisions. It's when we're talking about a non-profit that moral issues arise for things like discrimination for gender (in this case would be discrimination towards males).
The problems doxxing creates don't distinguish between males and females. Veterans suffer a number of problems that these orgs care about, same for women's shelters (generally speaking) - they provide a service that is functionally different for their target group. Doxxed people are both genders and distinguishing between them is completely artificial and discriminatory in the pejorative sense of the word. The facilities you'd set up against doxxing would work just as well for males but for no reason whatsoever you'd leave them out.
If the nonprofit is, as I imagined, targeted at diversity in tech or women in tech, then I am not seeing any moral issues.
If some other non-profit would like to provide these hypothetical services to other groups or to everybody in general, that is also awesome. I would encourage that.
But as somebody who already donates to various groups like the Ada Initiative and Black Girls Code, I am saying I would give further money to an organization like that for providing an anti-doxxing service to their target audience.
The point of my (very short) comment was "take my money!" So that if some maker here was inspired, they'd know to contact me. That's all.
What creeps me out is that there are now salary databases that people can use to see someone's prior salary history, job titles, and (in some cases) details of separation. It shouldn't be legal for those to exist, nor for companies to use them.
I actually checked myself in one ("The Work Number") in 2012 and it had an accurate title and salary history, which I hadn't made public. Scary, creepy stuff going on. How the fuck are they able to know that?
If you have information in The Work Number, it means your employer gave it to them. Employers do this because it allows them to outsource income verification.
I know of no way to opt out of it other than quitting. Also, while income information can only be accessed if you consent, collection agencies can get accounts that allow them to see the home address you have on file with them.
According to Equifax, you need to give someone a code you generate at their website in order to release their income information. They're careful not to mention their sale of data other than income information to debt collectors, though.
I'm just guessing, but they could be using info that was obtained when a user was trying to get a loan. Typically, your info is sent to multiple lenders so you can get the best rate. Somebody could be collecting the info somewhere along the line.
It looks like it's part of Equifax, which also does credit reports -- they already have name, address, social, etc. Not sure how they would get the salary info, though, unless the company or the IRS disclosed it.
"Many women gamers and developers, as well as those who support them, have lately come under attack from online trolls"
Please don't whitewash the GamerGaters who have also experienced such attacks. (For example, one was "doxed" and mailed a knife with a suggestion to kill himself - which I'd argue a far worse "attack" than any online threats. The anti-GamerGate media of course doesn't report on this.)
"KingOfPol" is known for lying and generally being not too mentally stable, so it's certainly not a stretch. Sarkeesian on the other hand is unlikely to lie about such things, but there was clearly some exaggeration involved.
Because she's (sort of) a public figure and if it was revealed she was lying, it would look very bad for her? She also hasn't had a history of lying about such things in the past, so there's no reason to suspect she is now. She is known to have lied about certain other issues, but not in a way that's relevant to threats or harassment. She also doesn't come across as mentally unhinged or malicious. I dislike her, but I don't think she lied about any of the threats.
The other person being discussed, KingOfPol, is known for his narcissism and fabrication of stories, so it's a bit different.
That's not an exhaustive analysis. I recommend to look at risk vs reward.
The risk of getting caught is essentially zero: just use Tor and VPN
via an 'unfriendly' third country to send fake threats to yourself, or
get a friend to do that for you. Clearly the police is not going to
investigate, because all these cyberthreats are obviously not
serious. The upside on the other hand ... Sarkeesian made how much
last time by playing the damsel-in-distress? Wasn't it over $100k?
That's quite an incentive. And then there is the political effect: the
mainstream media, for various reasons, will
automatically sides with the damsels.
I spent quite a lot of time in activists' milieu and I smell attack
techniques in a Leninian mould, see e.g. Alinsky's "Rules for
Radicals".
If nothing else, the pattern of harassment and threats made towards not just her, but other women in gaming, are readily verifiable and hard to miss. It's not just one person complaining about this stuff.
They are excluded by omission. The words "come under attack from online trolls" link to a further article that paints all GGs as the very devils themselves.
I don't know what "whitewashed" means in this context, but you are definitely off topic and your comment reads like you are trying to justify some pretty terrible actions. The fact that other bad things happen to other people in no way excuses the bad things that happened to female game developers.
It's the bias in the media. GamerGate supporters are painted uniformly as misogynists. There is a legitimate argument about press ethics, freedom of speech, and whether appreciating an attractive body is the same as objectification.
>justify some pretty terrible actions
I'm asking that the terrible actions of BOTH sides are reported. There is an awful, hateful minority on both sides, but in the mainstream media, only the terrible actions of the GamerGate side is reported.
(And there is surely legitimate argument on both sides, too.)
Any non-misogynist Gamergaters (are there any?) don't get "it" or the media. Maybe in some weird deconstruction of "equality," so long as you can provoke a response, you can plead "they were mean too!"
But, most people know who threw a punch first and who keeps throwing punches below the belt from their painful, awkward youth. The framing of the situation is not within the control of those who started the mess. Fewer and fewer 3rd parties give a shit about any morsel of authenticity in the game media ruse. More and more people are seeing people they know and/or care about get impacted and think, "Fuck GG's and anyone who stands anywhere near them." There's not enough time to separate the wheat and chaff - time to just burn the rotting pile.
Yes, there are. The majority, in fact. And there are a fair few women in the movement too, but I suppose you think they are poor deluded fools who are oppressing themselves and need the guiding arm of the authoritarian left (including its legions of male feminists) to help them think proper thoughts.
I actually don't really think so. The people sending death threats and harassment to "anti-GamerGate" and the people sending death threats and harassment to "GamerGate" are not members of the opposing side or the same side. They're all the same people: Internet trolls who see a grand opportunity.
No, it is not. If I thought the owner of said body had no value other than their body, you would be correct.
You can appreciate a persons body, you can appreciate a persons personality. Doing the former doesn't magically invalidate the latter. That I appreciated just the body with a glance, at a point in time, doesn't mean the women has no worth other than this.
If I went around saying women had no value other than for pleasuring a man - now that would be objectification. I do not think that.
> You can appreciate a persons body, you can appreciate a persons personality. Doing the former doesn't magically invalidate the latter.
Making a statement about a body excludes the personality from the statement. There's nothing to invalidate because there is no content on that subject. I'm not making a value judgment here about you--this is how language works, logically. The word "body" exists to distinguish from the mind; talking about one excludes the other.
Generally speaking, you can save yourself a lot of trouble by restricting references to the "body" to a medical context. In every other situation, refer to the person. There's no downside to it, and it avoids misunderstandings.
> If I thought the owner of said body had no value other than their body, you would be correct.
No one but you knows what you think, they only know what you say.
Just to be clear: I'm not judging you as a person and I'm not trying to start a fight. I'm trying to give you advice about how your use of language will be interpretted.
Edit: Just to be super clear, if you had written "whether appreciating an attractive person is the same as objectification", I would agree with you. But by referencing the body, you're using the word for the object.
Upvoted, you're right here. It's the media bias. I personally found asking for covering both sides equally futile, because only one fits the ongoing popular narrative. I personally am waiting for the whole thing to blow over; there ain't much room for a rational discussion or figuring out proper courses of actions right now.
Not only that, the entire reason harassment against women in gaming is in the news right now is to attack GamerGate. Nearly every article is focused on using it as proof that GamerGate are misogynistic scumbags. It's been a huge boon for every asshole who actually wants to drive women out of gaming - they're guaranteed widespread media coverage about how awful gaming is to women and how their actions represent gamers as a whole, and as a bonus their actions get blamed on people who hate them. Win-win!
People have even called for gamers to be forced to use their real names as a solution to the harassment, which would of course make the harassers' lives even easier - but hey, it'd let the people making the proposal bring down social consequences on supporters of GamerGate, so why not?
I vaguely hinted at supporting GamerGate, and this was enough for you to slander me as "trying to justify some pretty terrible actions". At no point did I attempt to justify any violent threats; quite the opposite, I simply pointed out more violent threats and suggested they should be given equal reporting.
The article in question could have addressed the real issue of doxing and online threats without taking a side in this political GamerGate fiasco.
As I've written three times now, violent threats against ANY person are unacceptable and cannot be justified. I am against violent threats and I make no exceptions for people I don't like or don't agree with.
I'm beginning to think you are willfully misunderstanding me. I think I'm done here.
These data brokers crawl publicly available information. Telling them to remove your data, only slows down the doxxer, it does not stop them at all, since the data was already shared. It is not plugging the leak, it is mopping up some of the water. A false sense of security and a clear sign to the doxxer that you care about your anonymity (so more "lulz" to be had).
A proper doxxing is also much more than entering a name in some search engines. Especially hackers do not like to be doxxed. For internet civilians who already put this data out there (on social media) a simple data broker doxxing is a mere reminder that such data is public to everyone, not just friends.
Doxxing defense is guarding your anonymity online. Everywhere. Doxxing defense is knowing when to change persona's, and when to log off. That is: If you care about it at all. If you care about keeping your identity a secret online, see: https://www.youtube.com/watch?v=9XaYdCdwiWU (The Grugq - OPSEC: Because Jail is for wuftpd).