> I usually delete comments, threads, or other content I put up on the internet after it has served its purpose. That means for example deleting my Reddit comments after a month or two, keeping my email inbox near empty (in case it gets hacked), deleting old accounts, and similar things.
Why keep things around that serve no purpose? Companies have retention policies for this reason - anything that is retained is a potential liability, so unless it’s legally required it’s better to delete and destroy as soon as it is not needed.
They serve a purpose. You may never have as many eyes on it besides the few days after it was posted but it breaks a lot of historical conversation, especially on sites with useful information/solutions.
The sooner the public loses faith in Reddit and Twitter, the better. Making their archives seem deserted or abandoned helps. I was not going to leave over a decade's worth of my content on those sites to benefit them.
Deleting comments, ugh, please don't do this :( If you must, make a throwaway account instead. It sucks to find a thread that promises to solve a problem you have, but when you go there critical context is missing due to deleted comments.
It is not great, but it is better (if you wish to not be identified) to keep it in fewer perhaps non-public or poorly indexed archives. The internet does forget, sometimes.
That the internet never forgets is a myth. It forgets surprisingly quickly and I think will only accelerate. Sure, someone may have a copy of something somewhere, but discovering it via any search engine is impossible.
Personally I put a lot of PHP and VB code out ~20 years ago that I could find easily until I couldn't. There's Myspace profiles I've tried to pull up, images posted by friends 15 years ago in random places. Early video. All gone.
I generally agree. It depends how Internet famous you were, how hard a person looks, how common your name is, whether there's something specific you're looking for about a person. But, yeah, I'm willing to bet that a lot of random casual searches wouldn't turn up some Internet scandal/controversy around a non-famous person unless you really knew what to look for.
I agree, although trends for whether this is becoming more or less the default is not quite as clear in my mind. On one hand, the sheer mass of content being generated every day has become exponentially larger (I wonder if this has begun leveling off at all?), so there’s more to index and presumably more noise with which to conceal a signal. On the other hand, data science has progressed, storage media is cheaper, and everything is much more accessible; As a result creepy services like LexisNexis, Palantir, and TLOxp have all become vastly more sophisticated in their ability to retain and analyze data that they can pretty effectively associate with specific people/organizations.
I’m not sure which factor is more influential—the ability for data to persist, or the ability for it to then be found and interpreted. Would it matter if the content was still available in some forgotten corner of the internet if there weren’t effective tools available for finding it and connecting it back to its author?
It’s actually sort of entertaining to test the limits of this on yourself. I tried to find original media and references from a band I played with circa 2002. We were being ambitious with our publicity efforts, and consistently pumping audio, video, and images onto whatever nascent services were available at the time (from memory I can recall CD Baby, LastFM, Craigslist, miscellaneous forums, and towards the end, MySpace). I had already been designing websites for several years by that point, so we had a website, one that wasn’t just a Geocities/Anglefire template. That said, I am pretty sure that was at the height of my career with Macromedia’s Flash and ActionScript, so no real surprise that it didn’t get Archived in any functional form.
One strategy that my own experience has found quite effective is to avoid using unique or unusual identifiers. If you’re named something like Arthur Dent it is going to be considerably more difficult to find and associate information than if you’re name is Zaphod Beeblebrox. That’s obvious, but it extends to everything else, from usernames to product brand preferences—if you stick to the middle of every given bell curve then your needle will necessarily reside in a much larger haystack. The few things that tend to be unique, at least when correlated with things like timelines or location—things like telephone numbers, email addresses, usernames, account numbers, etc.—can usually be effectively obscured one way or a another. The things that can’t (government ID numbers) then become crucial to keep private. Except, at least one of those creepy services (TLOxp) was built by one of the three main credit rating agencies and so almost definitely has your social security number already, and has been attaching it to all manner of data for several years, all while also selling it off to anyone with a budget (not to mention losing it outright to hackers), so any concerted efforts to conceal oneself seems almost certainly doomed. It’d be an ideal problem for national governments to address using consumer protection laws and privacy regulations if it wasn’t also in our best interests to protect ourselves from said governments.
Sorry for the essay, this line of thought evidently yanked a pretty intertwined thread for me.
I agree with your critique that stylometry overrides throwaway accounts.
The issue is "deleting."
AFAIK, nobody's disagreeing that the internet can forget and deleting is "better" for privacy.
The question is "how much" better.
Here we're talking about the false sense of privacy through erasure when archivers should be assumed to be running everywhere and at all times. The latter weighs in favor of the parent's critique that deleting is not constructive.
Using a local LLM could work just as well if all you are doing is asking it slightly change existing text. The concept itself paired with a throwaway account(s) seems to be better than other alternatives like just deleting everything.
> I wonder if one could hook up a browser extension to do this
It seems totally feasible. Though I think it would be far more interesting to make a purpose built anti-stylometry tool, that explicitly tries to analyze for and mute the signals stylometry uses.
Edit: what I'm talking about is apparently called "adversarial stylometry":
> All adversarial stylometry shares the core idea of faithfully paraphrasing the source text so that the meaning is unchanged but the stylistic signals are obscured
Having an LLM rewrite a comment would do this entirely, no?
Are you just interested from an academic perspective how one might build something more surgical, that only changes some words in a comment?
> Having an LLM rewrite a comment would do this entirely, no?
> Are you just interested from an academic perspective how one might build something more surgical, that only changes some words in a comment?
Yes and no. ChatGPT seems like a blunt instrument, and given it's not purpose built, it could miss certain characteristics that could enable identification.
Also LLMs kind of have their own style, and adopting that particular style is likely self-defeating to getting a message out (e.g. I would tend to ignore something that sounded like it was written by ChatGPT). Manual correction then be needed, but it would be hard with such a system, because I think that would tend to re-introduce the author's style.
Stylometry can link long-lived identities, but can't do much if every throwaway only posts a couple of comments. There needs to be enough content to analyze. Especially if the overall community is large, like Reddit.
Is there no automated way to defeat stylometry? Software that rewords and restructures writing so that it becomes unattributable? AI should be able to do it.
Users should own their comments and should be able to delete them as they see fit. Sites like Reddit should not be used as a permanent or reliable source of information.
I'm making a tangential statement only somewhat related to the comment above it. Personally I don't like that sites like Reddit claim ownership of and make profit from user generated content. I think people should delete their comments and move to a more open and free platform.
Should be mentioned the rights are retained by the user. Reddit only gets license to reproduce that content and allow others to do the same. Although also being perpetual, irrevocable, it's similar to ownership cannot say they're the same thing.
Useful to others because they search reddit is fine (even though I disagree with Reddit's app policy). Useful to OpenAI to train ChatGPT and dispense as wisdom people pay for?
I can totally respect someone trimming all their online footprint to avoid that.
Despite the hubris and stupidity of Reddit's management, it's still a longer lived repository of information than most people's blogs or web forums. It's also more accessible than mailing lists, Discord, or other social media sites. It's far from perfect but at least it exists.
A lofty ideal, but unpragmatic if you actually care about privacy. You have no control over how information disseminates once you publish it. You must assume it'll remain on the Internet forever. Even if you assume the existence of first-party deletion tools, third parties like Internet Archive or (in Reddit's case) PushShift can choose to preserve it.
If you want to retain your online anonymity, you have to be thoughtful about what you share online.
There's one kind of privacy where someone has an archive of all reddit comments ever and looks you up.
There's another kind of privacy where your cousin sees your reddit user id and looks up your comment history and finds out you are [_____insert secret here___].
Deletion of your history is a protection against the second kind.
I can't imagine Voltaire claiming any right to be able to delete a pamflet. I think we need to have forgiveness baked into our social layer more, so that forgetting isn't the default.
I delete my comments on reddit because it's such a toxic place. Trolls will read through past comments and twist them to harass even more. I purge all my comments that have low upvotes and leave the ones other people find useful. But a lot of the time downvotes don't mean you are wrong or said something mean, it's the just stupidity of the masses or other people being mean. It's a love/hate relationship with that site.
Somehow, I can't imagine how HN is any better. Reasonable comments are mass-downvoted when people disagree with you on seemingly hot button topics - blm, vaccines, musk, trump, immigration, lgbtq etc. I know many people who had to create new accounts because of this.
Merely being downvoted isn't a form of harassment. The worst people on Reddit will DM you vile shit/threats and stalk you across various subreddits if they think you're a person worth targeting (particularly if you belong to one of those so-called "hot button" marginalized groups). Meanwhile HN doesn't even have a DM feature.
If you express a reasonable opinion that is even mildly positive, or even ambivalent about musk or trump you get mass downvoted, and people assume you completely lack integrity. I have seen this exact behaviour on HN for years, and the mods do nothing, and the bad-actors are often the long-term users with tons of karma. I'm not into conspiracies so I won't speculate as to the reasons.
Anyway, that in and of itself doesn't bother me - The parent was trying to present a "holier than thou" attitude towards Reddit. I merely pointed out that HN is not all that great when it comes to that.
I assume people downvote you about Musk and Trump because they disagree with your takes and think you're not contributing anything interesting to the discussion. People are allowed to downvote. What would you propose mods do in that situation?
Honestly, "everyone" knows there are acceptable boundaries of opinion in a lot of circles generally--including this one--that even nuanced takes cannot cross without bring out the knives. By and large, it makes sense to accept that and move on. You likely won't change anyone's mind and you'll just get upset.
Sure, someone could have a bad take, could be simply wrong, or simply have a different opinion. Why do you assume that I cannot differentiate between them?
>mildly positive, or even ambivalent about musk or trump you get mass downvoted, and people assume you completely lack integrity
With the amount of time musk and trump have had in the spotlight and the awful shit they've objectively actually done, it should make people question your integrity if you are writing positively about them. Like it or not, downvotes are an expression of disapproval.
Most elections are about electing the least-bad person. Bush started wars, Biden/Obama dropped bombs on civilians (even US citizens), tortured detainees, trump.. well we all know what trump did. Most voters either voted for biden or trump, both have done "awful shit". Every politician has done "awful shit".
If you can't find a single positive impact of trump's (or any politician) policies or a single positive thing musk has done, consider that you maybe be in an echo chamber yourself, or you're just deluding yourself into thinking you have some kind of moral high-ground.
Love how you oversell "Biden/Obama" as having dropped bombs on civilians while just handwaving away "we all know what trump did". Be more specific, maybe? Trump created an insurrection and tried to dismantle democracy itself, which seems far worse than accidentally dropping bombs on US citizens - let's be clear, Biden was VP at the time, not president, but you put Biden first? lol, you're so clearly trying to skew everything you wrote in all kinds of ways.
You're practicing whataboutism here.
>If you can't find a single positive impact of trump's (or any politician) policies or a single positive thing musk has done
A broken clock is right twice a day. So let's let broken clocks rule and profit as much as they want regardless of the consequences, I guess? That's what you're advocating for. trump and musk have very dubious ideologies, they are both awful businessmen that treat their employees like shit. They've proven this over and over. And yes, there is moral high ground and these two are not in the same category morally as many other politicians and business people. Your whataboutism doesn't make them seem any better than they actually are to anyone but yourself.
lol I also like when people trot out the "Obama did bad stuff too!" talking point as if the non-establishment left isn't in full agreement there.
Like, yeah dude. You think me being pissed that Obama didn't close Guantanamo is a sign that I'm going to be more sympathetic about Trump's policies? Come on now.
exactly this, well said. If Obama actually committed crimes while in office I'll listen to the evidence with an open mind, sure go after him. The right want to give trump a free pass for insurrection. There's a huge difference between the two mindsets, and I can't not call out anyone for still supporting him that happens to cross my social-media path. I'll use downvotes, too. I'm not going to do nothing while actual US fascism creeps upward, not sure what the parent commenter expects.
You mean the pre-election period in the United Kingdom between the announcement of an election and the formation of the new elected government? Or a religious and social practice of female seclusion prevalent among some Muslim and Hindu communities?
That's sort of security by obscurity though. As soon as someone gets a few IRL data points, anonymity can break down pretty quickly.
Personally I mostly don't bother and will use a throwaway if I really feel compelled to post some comment I wouldn't want to be linked to me. (I know even that isn't foolproof but the threat model is mostly not wanting a statement attributed to me professionally--not hiding a crime.)
Are you saying that privacy.com also creates fake names and addresses for the purpose of charging? I always assumed it was just another number in your name. (never used this service, but it does seem useful)
Well, yes. How else will they mail the <useless junk> you ordered to you?
It does annoy me that paypay doesn't let me enter custom email addresses to give the merchant. I've had to change my paypal email address several times now due to stores selling it to spammers.
> Temporary credit cards
With privacy.com, Revolut, Klarna, and similar services one can generate virtual credit cards. This is mostly for when you don't trust the website owner or the payment provider.
There are other reasons, unless you construe "trust" very broadly. Services that make it unreasonably difficult to cancel your account: you just cancel their credit card (and of course stop using the service).
You can also force an annual renewal, to prevent them from automatically renewing you.
And lastly, you can set a dollar limit on it, to avoid mistakes and "automatic" increases.
> you just cancel their credit card (and of course stop using the service).
IANAL, but I have always heard that when you do this you have not broken the legal contract obligating your payment. In practice, especially for modestly priced services, the strategy will usually work. But in theory they could come after you legally for the money if you do this. It might be a real concern for very expensive services.
I would like to have this confirmed by a lawyer, though.
This always comes up when I mention privacy.com. It's always a theoretical possibility. No one's ever shown a case where that actually happened (and it's never happened to me). People also say, "oh, but they'll ruin your credit rating."
You couple the card cancellation with a message to them demanding they cancel your account. Just imagine a credit card collection company agreeing to come after you, when you made a good faith attempt to close the account.
Merchants can apparently do a "force post". Privacy.com's help page [1] says:
> Broadly speaking, merchants only resort to force posts when they are faced with the potential for serious loss as a result of fraud. For instance, if you rent a car and don't return it, having a limit on a card or closing the card does not absolve you of the responsibility to return or pay for the car, and the merchant can force post the charge.
Unless they can levy your income or put a lien on your assets, they can "come after you legally" all they want, but can't force you to pay. I think this is the general problem with small claims court as well -- you may win your case, still doesn't magically collect your money.
AFAICT, here's what actually happens if your credit card is declined. I'd love to have someone who works on that type of software correct me:
They send you an email saying, "please update your payment information." Because this happens every day. Hey, sometimes the restaurant tells you your credit card was declined, when it's perfectly good.
That email is followed by another, saying your account is suspended. At that point, they might give you an option to cancel, OR they might forward you to the same impenetrable UI that led you to do this in the first place.
In any case, you'll most likely be cancelled with no further repercussions. Yes, bad things could happen, but they don't. YMMV.
I do most of the same things. My "randomized emails" all use my personal domain, so it's trivial for people who have access to the email to know it's me, but probably not trivial for dumb ad networks to link my accounts back to me.
The one bit of leaked identity that really bugs me is my phone number. So many services require a phone number for text notifications and 2-factor auth and there's not good way (that I know of) to generate a random phone number that still works.
I've had my number with GV for years and get plenty of SMS delivered and sent, even with services where I never explicitly asked to use SMS as a 2FA or a method of contact. I guess my service providers don't care enough to block it.
Did you get the number from GV, or port into GV from a standard carrier?
If the former, then you're the first one I've come across who's able to do so. Facebook/Google/Twitter/Microsoft etc. all block VOIP numbers. The providers you use probably aren't hit with enough malicious activity for them to care about it.
I was under the impression that relay's phone number masking is voip (similarly to google voice). In my experience, many signups do not allow voip numbers.
> My "randomized emails" all use my personal domain, so it's trivial for people who have access to the email to know it's me, but probably not trivial for dumb ad networks to link my accounts back to me.
This bothered me as well, so I bought a completely unrelated domain to create a new trust ring. I'm sure you could link that domain back to me if you are buying information from a data aggregator, but at least that way I have the satisfaction of knowing people had to pay for the privilege ;)
> The one bit of leaked identity that really bugs me is my phone number. So many services require a phone number for text notifications and 2-factor auth and there's not good way (that I know of) to generate a random phone number that still works.
Ugh, yes. I had an old phone number that I moved to Twilio & set up SMS forwarding that used to work, but everyone seems to use phone verification APIs to block VOIP numbers.
Mandatory phone number has become the latest plague. Not only the phone number is mandatory but many sites now pretend to 2FA without user enabling the setting - or even worse, don’t use password and only send codes via SMS.
Most services that require a phone number don't use it for anything. Unless I know they're going to be texting me about something, I just type random digits.
That hasn't been my experience. Most services that demand a phone number lock you out if you don't cough one up, and reject VoIP and temporary service numbers. Some of them even reject prepaid numbers now.
Microsoft recently extorted my cell number out of me so I could keep using my paid for minecraft account.
It's amazing how quickly 4chan often doxes someone who believes they are operating online anonymously. I think most of us remain anonymous online, only because nobody cares enough to figure out who we are.
They way 4chan normally doxes are pretty much thwarted by the basic methods mentioned here. 99% of the time it’s to trace the same username/email address across sites and link that to a person aggregator or Facebook/LinkedIn.
I think this can lull people into a false sense of security, and I don't think the author realizes how easy and powerful stylometrics is. E.g. the author says this:
> Spelling/grammar/phrasing
> If there are words you often misspell, people can Google it to find other sources where you make the same error (if it's uncommon enough) and potentially identify your other accounts. Use spell checking and maybe Grammarly or similar to minimize this risk, but I tend not to worry about this too much.
It's not just about misspellings, it's that we all basically leave fingerprints in the way we write.
You're not wrong and I assume it will become even more powerful--but it's almost certainly way more effective if you have reason to believe that throwawayxyz is so and so IRL.
I wonder if privacy conscious people will eventually start feeding their posts into locally-run LLMs or something, and posting the output.
Or better yet, replace social media with LLM’s, instead of reading individual posts you discuss topics with a sort of artificial gestalt average user. Maybe let people “join” a gestalt by tagging their discussions.
Then we can let the gestalts argue amongst themselves!
I assume any anonymous surveys at work that roll up through my management chain aren’t anonymous at all. My manager will get responses from only ~10 people and my writing style will be unique within that small sample size.
Password managers help a lot. Site asks for a birthdate? Whatever I choose to enter goes in the password manager. My mother's maiden name? I guess I can reveal publicly: it's fgjlh%ngf9, so into the password manager it goes.
My password manager offers to generate a password for me; I wish it would offer to generate those other fields as well.
Turns out you can fuzz your address too when validating a credit card. Autofill should handle that.
There are levels. To authorize usually only billing zip is required. For a full ACH or a “full authorization”, you need the full billing address and name to match name on card. PCI-DSS.
It depends entirely on the merchant and what checks they have enabled. Some people like authorize.net may even lower your fees/bills if you require stricter address verification for example.
KeepassDX allows you to create and copy/paste custom fields which could be used for security questions (on Android).... It doesnt generate random strings for them thought
The one thing I don't see mentioned in this article is using encrypted DNS. Right now I use firefox on my PC and Opera on my phone because both browsers have a setting to use encrypted DNS. I just turn it on and forget about it. I tend to use a lot of networks other people own and I like making sure my DNS queries are encrypted.
Getting a commercial mailbox (e.g. UPS Store) in the same zip code as your primary residence can be helpful. I've had one long enough that on my credit report it is listed as an alternate residence address. Whenever I'm asked for an address online, that is usually the one I provide.
Semantically speaking, I guess so. It's just a proxy address. Maybe it's you, maybe it's someone else with your name. Who can tell?
The point is to not be found. People showing up at any address that isn't your actual home address aligns with that goal. Registering it in the same ZIP code is self-doxxing though.
It's an innocuous form of synthetic identity fraud. If you really want to be anonymous, do pre-applications for credit cards and utilities in your name at other people's addresses then abandon them. One case I worked had a guy doing this using AirBNB hosts' addresses. His profile had him supposedly living everywhere all at once. This had the benefit of mapping to actual homes instead of The UPS Store when Googled.
1. do not use any extension, believe me they acquire all your browsing history from all tabs, no extension no worry, only use those that have higher users but review their permission
2. use enhances protection this will save you from most of the time.
makes sure do not store password on google , write them on paper
no social media login from same computer.
do not click on any ad and website, especially in email
do not use your email to sign up on different sites, use disposable
I don't know to what extent this person goes to hide their legal name, but with public records, its fairly easy to find your residence if you own a home or some other property.
Tor, Tails, surfing from an open WiFi, VPN, encrypted emails, etc
These things are usually outside my threat model.
Can anyone break this down? If a person were concerned enough to follow all of the steps listed in the article to stay anonymous, why not also use a VPN or Tor as an additional layer that can thwart many types of tracking and provide additional risk mitigation?
tor/vpn/proxy by itself does not provide adequate anonymity. creepjs proves that ALL browsers are unique (even TBB) if someone just probes the right bits.
I don't disagree with you, except browsing creepjs from Tor Browser it says there have been hundreds of visits with my fingerprint since June (when the 12.5 series was released).
creepjs proves it is absolutely impossible to be anonymous when visiting more than one site from the same browser, regardless of your IP/network/VPN/proxy/etc.
Even the Tor Browser doesn't fully mask your OS (javascript functions still return the real thing), making anything but Windows (what the majority uses) impossible to use for any real privacy if you're trying to blend in.
134 comments
[ 4.3 ms ] story [ 368 ms ] threadThis seems a bit extreme to me.
Ha! Wishful thinking with all of the auto-archivers. If you post on reddit, it's likely already crawled and archived somewhere.
Personally I put a lot of PHP and VB code out ~20 years ago that I could find easily until I couldn't. There's Myspace profiles I've tried to pull up, images posted by friends 15 years ago in random places. Early video. All gone.
I’m not sure which factor is more influential—the ability for data to persist, or the ability for it to then be found and interpreted. Would it matter if the content was still available in some forgotten corner of the internet if there weren’t effective tools available for finding it and connecting it back to its author?
It’s actually sort of entertaining to test the limits of this on yourself. I tried to find original media and references from a band I played with circa 2002. We were being ambitious with our publicity efforts, and consistently pumping audio, video, and images onto whatever nascent services were available at the time (from memory I can recall CD Baby, LastFM, Craigslist, miscellaneous forums, and towards the end, MySpace). I had already been designing websites for several years by that point, so we had a website, one that wasn’t just a Geocities/Anglefire template. That said, I am pretty sure that was at the height of my career with Macromedia’s Flash and ActionScript, so no real surprise that it didn’t get Archived in any functional form.
One strategy that my own experience has found quite effective is to avoid using unique or unusual identifiers. If you’re named something like Arthur Dent it is going to be considerably more difficult to find and associate information than if you’re name is Zaphod Beeblebrox. That’s obvious, but it extends to everything else, from usernames to product brand preferences—if you stick to the middle of every given bell curve then your needle will necessarily reside in a much larger haystack. The few things that tend to be unique, at least when correlated with things like timelines or location—things like telephone numbers, email addresses, usernames, account numbers, etc.—can usually be effectively obscured one way or a another. The things that can’t (government ID numbers) then become crucial to keep private. Except, at least one of those creepy services (TLOxp) was built by one of the three main credit rating agencies and so almost definitely has your social security number already, and has been attaching it to all manner of data for several years, all while also selling it off to anyone with a budget (not to mention losing it outright to hackers), so any concerted efforts to conceal oneself seems almost certainly doomed. It’d be an ideal problem for national governments to address using consumer protection laws and privacy regulations if it wasn’t also in our best interests to protect ourselves from said governments.
Sorry for the essay, this line of thought evidently yanked a pretty intertwined thread for me.
The issue is "deleting."
AFAIK, nobody's disagreeing that the internet can forget and deleting is "better" for privacy.
The question is "how much" better.
Here we're talking about the false sense of privacy through erasure when archivers should be assumed to be running everywhere and at all times. The latter weighs in favor of the parent's critique that deleting is not constructive.
I wonder if one could hook up a browser extension to do this
> launder your style through ChatGPT
> I wonder if one could hook up a browser extension to do this
It seems totally feasible. Though I think it would be far more interesting to make a purpose built anti-stylometry tool, that explicitly tries to analyze for and mute the signals stylometry uses.
Edit: what I'm talking about is apparently called "adversarial stylometry":
https://en.wikipedia.org/wiki/Stylometry#Adversarial_stylome...
https://en.wikipedia.org/wiki/Adversarial_stylometry
Having an LLM rewrite a comment would do this entirely, no?
Are you just interested from an academic perspective how one might build something more surgical, that only changes some words in a comment?
> Are you just interested from an academic perspective how one might build something more surgical, that only changes some words in a comment?
Yes and no. ChatGPT seems like a blunt instrument, and given it's not purpose built, it could miss certain characteristics that could enable identification.
Also LLMs kind of have their own style, and adopting that particular style is likely self-defeating to getting a message out (e.g. I would tend to ignore something that sounded like it was written by ChatGPT). Manual correction then be needed, but it would be hard with such a system, because I think that would tend to re-introduce the author's style.
Just mention a "devil strip" in every post and call it a day.
The problem is while the user is moving the comments are not, only deleted
Which will probably damage another user more than hurt reddit
Besides the user might delete things that would be interest read years later
Should be mentioned the rights are retained by the user. Reddit only gets license to reproduce that content and allow others to do the same. Although also being perpetual, irrevocable, it's similar to ownership cannot say they're the same thing.
I can totally respect someone trimming all their online footprint to avoid that.
If you want to retain your online anonymity, you have to be thoughtful about what you share online.
There's another kind of privacy where your cousin sees your reddit user id and looks up your comment history and finds out you are [_____insert secret here___].
Deletion of your history is a protection against the second kind.
Anyway, that in and of itself doesn't bother me - The parent was trying to present a "holier than thou" attitude towards Reddit. I merely pointed out that HN is not all that great when it comes to that.
With the amount of time musk and trump have had in the spotlight and the awful shit they've objectively actually done, it should make people question your integrity if you are writing positively about them. Like it or not, downvotes are an expression of disapproval.
If you can't find a single positive impact of trump's (or any politician) policies or a single positive thing musk has done, consider that you maybe be in an echo chamber yourself, or you're just deluding yourself into thinking you have some kind of moral high-ground.
You're practicing whataboutism here.
>If you can't find a single positive impact of trump's (or any politician) policies or a single positive thing musk has done
A broken clock is right twice a day. So let's let broken clocks rule and profit as much as they want regardless of the consequences, I guess? That's what you're advocating for. trump and musk have very dubious ideologies, they are both awful businessmen that treat their employees like shit. They've proven this over and over. And yes, there is moral high ground and these two are not in the same category morally as many other politicians and business people. Your whataboutism doesn't make them seem any better than they actually are to anyone but yourself.
Like, yeah dude. You think me being pissed that Obama didn't close Guantanamo is a sign that I'm going to be more sympathetic about Trump's policies? Come on now.
But sure, he did nice things for the most wealthy and practically nobody else but himself. There, I said he did a good thing. lol
So that if someone tries to search about you, they are buried in all the noise and data of the other person.
https://www.reddit.com/r/nealstephenson/comments/czw5og/fall...
Personally I mostly don't bother and will use a throwaway if I really feel compelled to post some comment I wouldn't want to be linked to me. (I know even that isn't foolproof but the threat model is mostly not wanting a statement attributed to me professionally--not hiding a crime.)
(Did you know when you use PayPal, sites can see your email, name and address?)
Of course, for digital purchases, your point is completely valid.
Security rests more on pausing/resuming cards, locking them to vendors, or setting price limits.
It does annoy me that paypay doesn't let me enter custom email addresses to give the merchant. I've had to change my paypal email address several times now due to stores selling it to spammers.
Is your phone trackable with something like Pegasus? Although, an average Steve does not have to worry about that.
There are other reasons, unless you construe "trust" very broadly. Services that make it unreasonably difficult to cancel your account: you just cancel their credit card (and of course stop using the service).
You can also force an annual renewal, to prevent them from automatically renewing you.
And lastly, you can set a dollar limit on it, to avoid mistakes and "automatic" increases.
IANAL, but I have always heard that when you do this you have not broken the legal contract obligating your payment. In practice, especially for modestly priced services, the strategy will usually work. But in theory they could come after you legally for the money if you do this. It might be a real concern for very expensive services.
I would like to have this confirmed by a lawyer, though.
You couple the card cancellation with a message to them demanding they cancel your account. Just imagine a credit card collection company agreeing to come after you, when you made a good faith attempt to close the account.
Given the practices detailed here, I could very easily imagine it. https://news.ycombinator.com/item?id=37490241
> Broadly speaking, merchants only resort to force posts when they are faced with the potential for serious loss as a result of fraud. For instance, if you rent a car and don't return it, having a limit on a card or closing the card does not absolve you of the responsibility to return or pay for the car, and the merchant can force post the charge.
[1] https://support.privacy.com/hc/en-us/articles/360012288214-F...
They send you an email saying, "please update your payment information." Because this happens every day. Hey, sometimes the restaurant tells you your credit card was declined, when it's perfectly good.
That email is followed by another, saying your account is suspended. At that point, they might give you an option to cancel, OR they might forward you to the same impenetrable UI that led you to do this in the first place.
In any case, you'll most likely be cancelled with no further repercussions. Yes, bad things could happen, but they don't. YMMV.
The one bit of leaked identity that really bugs me is my phone number. So many services require a phone number for text notifications and 2-factor auth and there's not good way (that I know of) to generate a random phone number that still works.
If the former, then you're the first one I've come across who's able to do so. Facebook/Google/Twitter/Microsoft etc. all block VOIP numbers. The providers you use probably aren't hit with enough malicious activity for them to care about it.
This bothered me as well, so I bought a completely unrelated domain to create a new trust ring. I'm sure you could link that domain back to me if you are buying information from a data aggregator, but at least that way I have the satisfaction of knowing people had to pay for the privilege ;)
> The one bit of leaked identity that really bugs me is my phone number. So many services require a phone number for text notifications and 2-factor auth and there's not good way (that I know of) to generate a random phone number that still works.
Ugh, yes. I had an old phone number that I moved to Twilio & set up SMS forwarding that used to work, but everyone seems to use phone verification APIs to block VOIP numbers.
Microsoft recently extorted my cell number out of me so I could keep using my paid for minecraft account.
> Spelling/grammar/phrasing > If there are words you often misspell, people can Google it to find other sources where you make the same error (if it's uncommon enough) and potentially identify your other accounts. Use spell checking and maybe Grammarly or similar to minimize this risk, but I tend not to worry about this too much.
It's not just about misspellings, it's that we all basically leave fingerprints in the way we write.
Show HN: Using stylometry to find HN users with alternate accounts
https://news.ycombinator.com/item?id=33755016 (676 points by costco 9 months ago | 519 comments)
Or better yet, replace social media with LLM’s, instead of reading individual posts you discuss topics with a sort of artificial gestalt average user. Maybe let people “join” a gestalt by tagging their discussions.
Then we can let the gestalts argue amongst themselves!
My password manager offers to generate a password for me; I wish it would offer to generate those other fields as well.
Turns out you can fuzz your address too when validating a credit card. Autofill should handle that.
My experience is that only your ZIP code is used, not your street address or city.
Echoing: never actually answer security questions. Always treat them as additional (super annoying) passwords.
I've bypassed my own bank's security questions by telling them "the answer to 'my favorite ___' is a bunch of gibberish letters and numbers."
The point is to not be found. People showing up at any address that isn't your actual home address aligns with that goal. Registering it in the same ZIP code is self-doxxing though.
It's an innocuous form of synthetic identity fraud. If you really want to be anonymous, do pre-applications for credit cards and utilities in your name at other people's addresses then abandon them. One case I worked had a guy doing this using AirBNB hosts' addresses. His profile had him supposedly living everywhere all at once. This had the benefit of mapping to actual homes instead of The UPS Store when Googled.
Not using the same accounts between services, and distorting real details like city.
Seems to work pretty well. I'm pretty invisible based on my own research.
Can anyone break this down? If a person were concerned enough to follow all of the steps listed in the article to stay anonymous, why not also use a VPN or Tor as an additional layer that can thwart many types of tracking and provide additional risk mitigation?
Even the Tor Browser doesn't fully mask your OS (javascript functions still return the real thing), making anything but Windows (what the majority uses) impossible to use for any real privacy if you're trying to blend in.
I believe I saw an experiment of somebody doing this for HN content with a pretty high accuracy? Project that idea into the future.