X "Yes, but when we do it, it's not doxxing"
Q "Why not?"
X "Because we would never do it for any nefarious reason"
Q "What about that time we scraped the data of those groups that were linked to that reporter, so that one company could do oppo research and prepare a PR counterattack, targeting specific journalists"
X "That wasn't nefarious. We made a lot of money doing that"
Was this just you making up someone's response? Because neither of those companies listed in the title sell people's info.
Your comment is just a terrible strawman.
The phonebook is full of ‘doxxing’. Who cares.
After a public backlash, ICE recently suspended its Extreme Vetting Initiative, which would scan social media history and automatically flag people for deportation based on the exact criteria from the original Muslim ban. The Brennan Center discusses why this is bad: https://www.brennancenter.org/analysis/ice-extreme-vetting-i...
ICE will still require five years of social media history: https://www.cnn.com/2018/03/29/politics/immigrants-social-me...
That does not mean you have to make it easier
He’s calling attention to the appalling policy choice made by his government. In this case I think he would have to make it easier.
I mean, surely you can't expect a site like GitHub with thousands of projects happening every day to be able to keep track of each one and make sure that something bad isnt being done with the project.
Hey, people are still going to kill each other, so I'm going to leave this gun in here
Ah, yes. The White Knight of Severely Violating People's Privacy because You're Right and They Aren't. Truly the most moral person in the world.
In the current political situation in the US, afai can judge it, will enable harassers to seriously harm or even endanger the lives of these people for the crime of having the wrong employer (they might not even be involved in any of the bad crap you see on TV but who cares, wrong employer!)
In other countries or, for example, the EU, such behavior would be a crime, end of story. And you'd be responsible for the damage that comes from doxing people.
Saying "the information is already out there" is no excuse. It's like a swatter saying "it was just a prank".
Either you:
1. Don't care
2. Use this information in a bad way, like harassing or stalking the individuals that are doing their job (I'm assuming).
I don't understand people who do this kind of things and also expect support and sympathy. You have none from me at least. It is great that Medium and Github removes such databases to protect individuals that probably are innocent.
Edit: Because really otherwise they should remove the information from LinkedIn (or make it non-searchable) which also makes it very easy to get and they don't do that.
That said, we must protect people that are having their information leaked with a nefarious intent. In Sweden for example, you can take this information find out their addresses and social security numbers since all of this is basically public information.
Github and Medium simply don't want their platforms to be used to harass and stalk people, which is a real problem that anyone with experience can attest to.
Mega.co has an okay track record at this point, though it's centralized obviously.
Tor hidden service offering a link to the files + bittorrent magnet link may be the best option.
(No not Blockchain)
Both sites use PII to target people and companies: how many annoying emails have you received from LinkedIn this week? And I mean the creepy ones, suggesting contacts based on minute details from your profile, or encouraging you to import all your contacts so they can be spammed?
But I guess if a user does it, it’s doxxing. I wonder if this is political, or maybe Medium and GitHub are just trying to avoid a potential fight with a federal agency.
None at all. The only emails I get from linkedin are friend requests and message notifications. That's how I set the thing up.
I'm not sure that's super creepy?
The real casualty here is going to be Linkedin. They don't publicize much how easily their data can be acquired in bulk.
I didn't look at what format the "database" is in, or if the size would make it (im)practical to simply zip it up and email it around, but if the format isn't readily consumable by non-technical people, there wouldn't be any reason to not utilize a tool like git anyway.
`git clone --bare` is enough.
b) it certainly is not illegal in germany, france
ah, my other comment got flagged immediately. what a shame, @dang
And still, this gives you or anyone no right to violate the privacy and endanger their rights. That just puts you on the same level as them, willingly destroying the lives of others because it brings you pleasure, because you believe it to be justice.
Regarding a), I recommend to examine the syntax "Other countries or, for example, the EU", which specifically does not refer to the EU as a country due to the occurence of the word "or".
Such behaviour is also certainly a crime in germany (§238 StGB and related Articles); if your actions cause someone to die or injury or the threat thereof, you can be prosecuted for it (though you need to actively sue either a specific person or against anonymous).
- hosting on AWS is not free for super high traffic (assuming the free tier can't keep up) - serving files from S3 is not free (though it's cheap enough at low read levels, it adds up)
At a typical level of traffic, the author's current host may be sufficiently inexpensive. Assuming the author was assuming many, many times the usual traffic (even if everyone is kind enough to bare clone), it would be a pointless expense.
Of course, third party hosting can take the content down... and this is where git became relevant. Assuming the author was more interested in distributing the content than the prestige of being the distributor, even though Github etc. took down the repo, every person who has since cloned is now capable of re-publishing to any new upstream repository of their choosing, on any server.
Assuming, again, that all of this was the goal, it probably made sense to utilize the free, fast, scalable third party hosting as long as possible rather than risk self-hosting slowing down or collapsing under traffic, or creating a massive spike in cost.
That's a whole boat load of assumptions, any of which could be wrong. In the realm of possible motivations, though, I think it's a fairly logical conclusion.
https://www.washingtonpost.com/archive/opinions/1979/10/21/t...
Yep, that's pretty easy to do. But I'm pretty sure this was even easier since I don't think they wrote a screen-scraper. They just accessed a JSON endpoint.
> You cannot protect from this sort of behavior outside of completely disabling this functionality altogether. Anything a human has access to, so does software.
You say that like it changes anything. People don't care if it can be protected against easily, people just care if it can happen at all.
But what do I expect from a community where there’s at least one thread daily speaking favourably of breitbart.com? Lastly, ICE employees should think hard about the direction their upper ranks are going. They absolutely have a choice to not become 21st century Gestapo. It’s not too late.
I simply do not care if you believe they are the next Gestapo. If you want to be better than Gestapo, don't expose them other people, who are potentially innocent, to harm. End of story.
Mob rule always leads to bad outcomes and this is encouraging mob rule.
GitHub has a slightly different dynamic, being work focused, and there being no reason for most people to delve into random repositories and flag inappropriate ones.
Heck, even the underlying tech assumes problems fixed with patches rather than repository deletion, so if anthing it’s half way between Wikipedia and Geocities.
I guess you don't realize this, but GitHub is a social site too.
>where moderation is done by the general public seeing and responding to content.
And this is the same at GitHub, too. Have you never noticed the "Report Abuse" buttons for PRs, users, comments, etc?
> GitHub has a slightly different dynamic, being work focused, and there being no reason for most people to delve into random repositories and flag inappropriate ones.
Except you're looking at a reason right here. GitHub is also used for sharing your work with others, as was the case here. There are instances where such work is against community policies/guidelines, and in those instances, GitHub takes them down. I'm not sure where you're seeing the disconnect here. It's not any different at all than making a post on Reddit and a moderator removing it or someone reporting said post and then it being removed.
Which is why I say “explicitly”. Github has social as what feels like a bolt-on afterthought because everyone else was doing it and it’s a buzzword.
> And this is the same at GitHub, too. Have you never noticed the "Report Abuse" buttons for PRs, users, comments, etc?
Nope. Never needed to look for one. However, rather more importantly, I have just made a deliberate look for a “report repository” link…
…and found nothing.
> Except you're looking at a reason right here.
Key word being “random”. Twitter has trends, Reddit has its front page, public Facebook posts can and do go viral. GitHub has such a list, but you need to go looking for it — you don’t have random stuff thrown in you face whenever you use it like the other platforms, so there is _much_ less opportunity to train a learning algorithm to automatically filter anything. I’m not sure you could even train such a model now, with perfect data, because that would involve understanding the purpose of a repo rather than sentiment analysis of natural language.
The appropriate people only found out about this repo because the person who made it did so with the internation to be noticed.
And I’m not saying there shouldn’t be or even that there isn’t the capacity to take things down. I’m saying comparing repos to tweets is like comparing apples to grenades — they both “keep the doctor away”, but for the most part, treat them differently.
If that's the logic we're going by, then Facebook isn't "explicitly" social either, as it originally started out as a photo site and just had comments "bolted on" as an afterthought. And yet it still has moderation. So again, I don't even know what your point is.
>Nope. Never needed to look for one. However, rather more importantly, I have just made a deliberate look for a “report repository” link…
So because you personally have never reported anything, means that the community doesn't report things? I don't think you know how things work...
>…and found nothing.
You must have not looked very hard. Repositories are linked to users, and thus to report a repo, you report a user. And in case you have trouble finding it, the link to report a user is one of the first things you see when you open their profile, just underneath the profile picture and name.
>Key word being “random”. Twitter has trends, Reddit has its front page, public Facebook posts can and do go viral. GitHub has such a list, but you need to go looking for it — you don’t have random stuff thrown in you face whenever you use it like the other platforms
What are you even talking about? GitHub's discover repo feature is one of the very first things you see on the GitHub front page. There is literally a giant banner dedicated to discovering new projects right there in front of you when you first open up GitHub. If you do a Google search for "GitHub", the "Explore" link is the first link that is shown to you under GitHub.com. You don't have to go looking for it at all.
>so there is _much_ less opportunity to train a learning algorithm to automatically filter anything.
Who said anything about training any kind of algorithm to do anything? We're talking about reporting and moderating content. Nobody even mentioned a learning algorithm.
But hell, if we're going to bring it up: GitHub does have this. Again, on the front page of GitHub, if you click on the link in the giant banner that suggests you explore more repositories, one of the places it takes you is a list of suggested repositories that it suggests to you based on other repos that you have starred.
>The appropriate people only found out about this repo because the person who made it did so with the internation to be noticed.
The appropriate people found out about this repo because the person who made it shared the repo, because GitHub is a social site meant for sharing code, just like thousands of other people use it all the time. Just go view Show HN and see how many link to GitHub: https://news.ycombinator.com/show
I really have no idea what your point even is, other than for some reason you seem to be trying to draw some distinction in GitHub's social features against other social site's features. There is no need for such distinction, because at the end of the day the same type of moderation is still happening.