Hacker News new | past | comments | ask | show | jobs | submit login

> This project is "currently used by some law enforcement agencies in countries where resources are limited".

Pretty troubling statement.

Does this tool help repressive governments track people across accounts? That’s sure what it looks like.




But this is not a problem with the tool, this is a problem with those platforms. Even if this tool is not published, bad actors can still make their own tools.

I think we should rather demand the platforms to enforce better measures against this kind of usage, rather than blaming this tool.


Maybe we should do both.

I take an issue with the argument that bad actors can make their own tools. Bad actors can also build their own nuclear weapons, genetically engineer their own deadly diseases but there's certainly value in not making this any easier. If you take the time, money and effort away from bad actors by forcing them to reinvent the wheel, that's a good thing.

Granted, this logic can't be viably applied to most things, but there are projects where you can assume that most of the use-cases will be shady.


Bad actors can't make nuclear or biological weapons unless they have incredible amounts of resources

Bad actors with a $150 laptop out of a dumpster and a free wifi connection CAN make cyberstalking tools in their spare time


Exactly! There’s a totally different bar to entry. Look at North Korea. I don’t think they rank highly as a concern with traditional kinetic warfare, but they have made themselves a major security concern even with scant resources because the bar to entry with cyber warfare is just that much lower.


> Granted, this logic can't be viably applied to most things,…

This specific thing, for example.

> ... but there are projects where you can assume that most of the use-cases will be shady.

An assumption is a poor basis for an argument. Even in the case where the assumption turns out to be correct, I don't buy this line of reasoning, because it would apply generally to security tools. Such reasoning also makes it far easier to attack things even where the assumption is known to be wrong (e.g. bittorrent).


That's silly. Cops are allowed to use their eyes. These platforms are the billboards they look at.


Tools like this are trivial to make and it's trivial to do it manually using Google. I don't see any point in getting angry about the existence of tools like that, as it's beyond anyone's power to stop people from doxxing each other.


I did something similar to this for a hackathon in university. Obviously not as sophisticated as this, but the concept is trivial. If you know enough about the command line to install it, you can build it.


While I don't disagree with the latter statement, perhaps we shouldn't be giving tools to bad actors in a silver plate or perhaps a git repo.


this is not a problem with the tool, this is a problem with those platforms.

It's not the missile that's the problem, it's the guy who launches the missile.

Why not both?


Perfect example was the youtube-dl. Making an app to download videos from YouTube is relatively trivial for most semi-experienced developers but that doesn't mean I want to invest the time doing it, plus the effort of keeping it up to date every time YouTube changes something. So youtube-dl is enabling me and less technical people to download content from YouTube, and it's "going away" for a short time caused an outcry.

So there's a difference between "this is possible" and "this is a tool that makes it really easy"


Depends on what you mean by missile. One worth dozens of millions of USD and produced largely to prop-up a state economy tends to have different ethical considerations versus an adhoc assemblage of propane tanks and plumbing pipes produced to fight over the neighbourhood in which it was made.


You know what would be a great addition to this tool: A transparency panel/dashboard that shows any state organizations or LEO systems that are using it.

List out all the IPs and countries that are state IPs using it.


The tool is running locally, how are you going to collect the IPs?


I was thinking a modification such that the system will report where its run from and if the reported IP is recognized as a government agency, display it - else drop it.


But the system can simply be modified to not report the IP.


Understandable - but that doesnt mean it shouldnt include such a feature


Yup. Not sure how this is different from any of the security tools / exploits used to break into networks.


> But this is not a problem with the tool, this is a problem with those platforms.

Well said. If a saw blade is sharp and you can cut yourself with it, you build safety systems around that. You don't blunt the saw–render it useless.


Any openly available tool can be used by anyone for any purpose. The idea that we can pick and choose is ridiculous, and with the exception of rare cases, avoidance of building generally useful tools for the chance that bad actors will also use them is a losing proposition.


Any openly available tool can be used by anyone for any purpose. The idea that we can pick and choose is ridiculous

And yet there are hundreds of laws, conventions, and treaties regulating all kinds of weapons. The idea that humans can pick and choose what exists in their society is ridiculous.


Building a tool is an ethical choice. Technology has no inherent right to exist. This is a bad project.


Technology has no rights; it is a logical abstraction describing the works of humans.

I like to think that humans have an inherint right to engage in creative work that pleases them.


Police sure seem pleased thumping skulls.

Anything we can do to make it easier for them.


Maybe your country should worry less about the technology and more about the people using it. You clearly have a personelle problem.


Maybe we should police each other more, and technology less?

But who is making the technology?

Circles. Circles everywhere.

Perhaps you should not anthropomorphize technology.


I am explicitly _not_ anthropromorphizing technology; I argued it is a logical abstraction with no rights.


Anyone who has capacity to harm you, luke governments, alreafy has tools and a fat budget.


This is invalid thinking.

Bad actors can make such tool themselves (if they can't, they are not really that good) and have incentive to do that, so non existence will only slow them down. I don't care about analyzing other people for any purpose so I don't. Having this tool readily available lets me analyze myself and people I care about to protect them from bad actors and educate them in the process.


This is invalid thinking.

I'm not familiar with the phrase "invalid thinking." Can you elaborate on how a person's thoughts can be invalid?


It’s a hamfisted attempt to assert the correctness of one’s argument by fiat. It’s the grown-up “are not / am too!”


Please keep in mind that some HNers are modeling their behavior after buggy machines and bad code and that this influences their thinking and language.


logical coherence and fallacies far pre-date computers and code


You are being overly literal I guess, there is nothing to explain.

Invalid line of thought sounds good ?

Try DDG next time.


The sentence was unnecessary to both your point and any argument in general. Why did you include it? Why are you defending it's inclusion? Why are you now saying "google it"?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: