Hacker News new | past | comments | ask | show | jobs | submit login

But this is not a problem with the tool, this is a problem with those platforms. Even if this tool is not published, bad actors can still make their own tools.

I think we should rather demand the platforms to enforce better measures against this kind of usage, rather than blaming this tool.




Maybe we should do both.

I take an issue with the argument that bad actors can make their own tools. Bad actors can also build their own nuclear weapons, genetically engineer their own deadly diseases but there's certainly value in not making this any easier. If you take the time, money and effort away from bad actors by forcing them to reinvent the wheel, that's a good thing.

Granted, this logic can't be viably applied to most things, but there are projects where you can assume that most of the use-cases will be shady.


Bad actors can't make nuclear or biological weapons unless they have incredible amounts of resources

Bad actors with a $150 laptop out of a dumpster and a free wifi connection CAN make cyberstalking tools in their spare time


Exactly! There’s a totally different bar to entry. Look at North Korea. I don’t think they rank highly as a concern with traditional kinetic warfare, but they have made themselves a major security concern even with scant resources because the bar to entry with cyber warfare is just that much lower.


> Granted, this logic can't be viably applied to most things,…

This specific thing, for example.

> ... but there are projects where you can assume that most of the use-cases will be shady.

An assumption is a poor basis for an argument. Even in the case where the assumption turns out to be correct, I don't buy this line of reasoning, because it would apply generally to security tools. Such reasoning also makes it far easier to attack things even where the assumption is known to be wrong (e.g. bittorrent).


That's silly. Cops are allowed to use their eyes. These platforms are the billboards they look at.


Tools like this are trivial to make and it's trivial to do it manually using Google. I don't see any point in getting angry about the existence of tools like that, as it's beyond anyone's power to stop people from doxxing each other.


I did something similar to this for a hackathon in university. Obviously not as sophisticated as this, but the concept is trivial. If you know enough about the command line to install it, you can build it.


While I don't disagree with the latter statement, perhaps we shouldn't be giving tools to bad actors in a silver plate or perhaps a git repo.


this is not a problem with the tool, this is a problem with those platforms.

It's not the missile that's the problem, it's the guy who launches the missile.

Why not both?


Perfect example was the youtube-dl. Making an app to download videos from YouTube is relatively trivial for most semi-experienced developers but that doesn't mean I want to invest the time doing it, plus the effort of keeping it up to date every time YouTube changes something. So youtube-dl is enabling me and less technical people to download content from YouTube, and it's "going away" for a short time caused an outcry.

So there's a difference between "this is possible" and "this is a tool that makes it really easy"


Depends on what you mean by missile. One worth dozens of millions of USD and produced largely to prop-up a state economy tends to have different ethical considerations versus an adhoc assemblage of propane tanks and plumbing pipes produced to fight over the neighbourhood in which it was made.


You know what would be a great addition to this tool: A transparency panel/dashboard that shows any state organizations or LEO systems that are using it.

List out all the IPs and countries that are state IPs using it.


The tool is running locally, how are you going to collect the IPs?


I was thinking a modification such that the system will report where its run from and if the reported IP is recognized as a government agency, display it - else drop it.


But the system can simply be modified to not report the IP.


Understandable - but that doesnt mean it shouldnt include such a feature


Yup. Not sure how this is different from any of the security tools / exploits used to break into networks.


> But this is not a problem with the tool, this is a problem with those platforms.

Well said. If a saw blade is sharp and you can cut yourself with it, you build safety systems around that. You don't blunt the saw–render it useless.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: