194 comments

[ 2.7 ms ] story [ 238 ms ] thread
I'm sure the military still has a SSN field on EVERY. SINGLE. FORM. they have you fill out while you're in the service. There was talk of replacing that with a "service number" but somehow I doubt they've got around to it yet.

Between VA employees leaving laptops full of PII laying around and that big OPM leak several years ago, I apparently have no private life.

The problem is treating the SSN as a username and a password.

It should not be the only information required to authenticate people.

It should be used for your social security account and nothing else.
Huh. As a member of a generation that has grown up tacitly understanding that social security will very likely be insolvent/cancelled by the time that we're old enough to qualify for it, and thus we shouldn't rely on it whatsoever—it's surreal to consciously connect these two concepts. For me, "social security number" is just the name for the ID number that so many of us have and are used to writing everywhere. The name is just a string of symbols. It sounds silly, but I've never thought about it in relation to social security. Thanks for the mind-bender. :-)
> As a member of a generation that has grown up tacitly understanding that social security will very likely be insolvent/cancelled by the time that we're old enough to qualify for it

Is it “tacitly understanding” when you've been bathed your whole life in active propaganda promoting an idea? Because, on this, if you are in any cohort from Gen X, or maybe the trailing edge of thr Boomers, on, you have been.

Nah, we'll get our SS checks - the Fed will turn the money printer up to 11 if they have to cover the program.

Inflation will make them worthless, but we'll get our checks :)

SS benefits are indexed to a wage index (which has been greater than inflation consistently since thr mid-1980s) over working life and to inflation from retirement on.

Cranking the money printer just drives up nominal social security benefits to compensate (for current retires) or more (because easy money drives higher wages).

> social security will very likely be insolvent/cancelled by the time that we're old enough to qualify for it

This is not true, it's propaganda promoted by rich people who want to get rid of social security. It could be eliminated for political reasons, but spreading this idea that it's going to "run out of money" only makes that more likely. The government cannot run out of its own money. It can cause inflation, but continuing to pay social security benefits is not going to suddenly cause massive inflation. The only way social security could end is if politicians and voters decide they don't want it anymore.

>The government cannot run out of its own money. It can cause inflation, but continuing to pay social security benefits is not going to suddenly cause massive inflation.

Social security is a massive portion of federal spending, indefinitely printing money to fund it is not sustainable and will cause significant inflation

Why hasn't that happened yet? Also, the government is going to continue indefinitely printing money whether or not we have social security.
It has, inflation is rising rapidly in no small part due to the gov printing money to cover its obligations, of which social security is one of the largest and will only become larger as the cost of living increases due to said inflation- a vicious cycle. If contributions don't cover the payouts (which they don't, and never will unless you tax the younger generations to death) then the difference has to be made up with printing, which will of course cause inflation

You are right that they will continue printing money regardless, and at this point it's too late for a 20% reduction to fix anything. Might as well just take the checks while you can and make the most of it, not much else you can do. But that doesn't mean its sustainable or will last forever.

But social security has been a constant ~20% of spending for 50 years. Inflation has not been constant at all during that time, and has even dipped below 0. How is that possible if social security is a major contributor to inflation?
> inflation is rising rapidly in no small part due to the gov printing money to cover its obligations

“US Inflation Rate is at 3.70%, compared to 3.67% last month and 8.20% last year. This is higher than the long term average of 3.28%.”

I would hardly call something that’s only slightly above average (and less than half of what it was a year ago) as “rising rapidly“.

https://ycharts.com/indicators/us_inflation_rate

They've been throwing money left and right for years, they can throw some when we are unable to work.
> This is not true, it's propaganda promoted by rich people who want to get rid of social security.

Exactly: “social security is going to be gone by the time you would get it” is a line peddled almost entirely by political activists looking to build support for eliminating social security, and it has been such a line for the entire life span of people who are now old enough to receive SS old age retirement benefits.

Fascinating. Thank you (and siblings) for the correction.
What should we use for all the other government services that need to uniquely identify you?

(This a trick question, not a rabbit hole you actually want to go down, because no matter what you suggest, I'll happily poke a thousand holes in it.)

It's used for everything here in Norway: banks, insurance companies, tax, social security, health, etc. It's just a Globally Unique Identifier not a password, it doesn't grant you access.
The US military does not use the SSN as a username or a password. They've had smartcards, even on Linux, as far back as 20 years ago or more. Users without smartcards have to go through 2FA with a username/password combination and codes over SMS or proper TOTP (depending on agency).

The problem is that the entire Department of Defense is still very much a paper-oriented organization, and they got rid of service numbers in the 1970s, leaving the SSN as the only meaningful unique identifier. As a result it gets put on every piece of paperwork associated with a service member. Their own recordkeeping practices have the consequence that if you get almost any paperwork regarding a soldier, it has enough information to gain access to other personal information.

You've hit the nail mostly on the head. Paper is a problem, for obvious reasons, especially the amount of triplicate hand filled forms that require all of your PII every time. The second issue is access control vs. expediency. Millions of people, all over the world, can digitally access huge amounts of your personal information at a whim, by only having your name, or your military email address.

This is an important requirement for quickly checking on a person or their orders or their training status, but at the sacrifice of personal information security for you. It gets even worse going to the VA, which I can say from personal experience, will happily allow just about anyone to have whatever information they want about you. I got a happy surprise letter from them stating that my DD-214, a super identity document, containing information found on a birth certificate, a social security card, a driver's license, plus so much more, had been put on a thumb drive by a third party contractor, along with thousands of other service members info, and sold to a dark web information broker. So, the problem is just that it's to the military's benefit to not protect you.

I wasn't talking about the military per se. I was talking about how you can open a bank account just by knowing someone else's ssn
You should sit in on a call to dfas.mil sometime. Where they ask an 80 year old over a dozen obscure questions on their service record and hang up when you get one of them wrong, resetting the clock 24 hours.
The government doesn't do this though, it's mostly banks that are guilty.
The government should regulate the banks.
I am sure the executive branch would require banks to use a better identifier, if the legislative branch allowed the executive branch to create one.
Dipi keys are a thing and have been put to good use
I've never heard of "dipi keys." Can you tell me about them?
Chinese hackers stole over 70 million records of current/past military members from the Office of Management and Budget back in April of 2014.
I think you're thinking of the Office of Personnel Management (OPM), not OMB (although I did just learn that the Trump administration proposed to merge parts of OPM into OMB).

https://en.wikipedia.org/wiki/United_States_Office_of_Person...

But yeah, compared to that, sadly, this acquisition of much less detailed information about 30,000 service members seems moot.

There are DOD ID numbers, but they've updated the forms to just ask for both.
... sounds like DoD.
In my experience, though, people now freak out if you fill in the SSN field on the form, because that makes it PII with a bunch of requirements for proper storage and transmission. This is despite the fact that most of the other information on the form already makes it PII, regardless of the presence of a SSN.

It did take a few years in the mid-2010s for the forms to catch up and replace the SSN field with the DOD ID number. In 2021, I think I was supposed to get new ID tags (dog tags) that would have my DOD ID number instead of my SSN.

I wish my experience was people freaking out but instead it's continued carelessness and near indifference. Oftentimes with HR NCOs even. I would like to see loss of PII given the same treatment as classified spillage.
I heard this on NPR and I appreciate the avenue by which the red flag is being raised, but it bothers the shit out of me, because EVERYONE'S personal data is being sold by online brokers.

The implication that their data is more important or something just seems like a ploy to get more eyeballs on the research.

Sometimes that is all that is needed to move the needle. Tik tok almost moved it but that just made certain swaths of the political spectrum ask for a direct ban (with other downsides eg. 1st amendment concerns) instead of overarching policy reform.

"Policymakers should consider the following steps:

Congress should pass a comprehensive U.S. privacy law, with strong controls on the data brokerage ecosystem. The most effective step to prevent harms from data brokerage for all Americans would be a strong, comprehensive privacy law."

if you don't just ban it, you get the whole GDPR consent banner issue. what is the downside of banning it? it's not like businesses couldn't manage advertising before the internet was around
More specific statements can be more impactful to the listener.

"Everyone's car is getting stolen these days" ... "Yeah, isn't that crazy? What are ya gonna do?"

"Your car is getting stolen right now" ... "Wait, what!?!?"

I think people really just write off the scale and scope of data privacy in this country as "yeah, sounds bad, but since it's happening to everyone there's nothing I can do about it"

Yeah, I thought this was about the sale of data that had been collected by the military on a compulsory basis; this article is not news.

I clicked through because I wanted to see whether the data was health info or OPM breach data.

Service members are uniquely vulnerable. They are employed by the government which makes them a target of hostile foreign powers, and they're often ordered to give away their personal information while in service often out of habit and not out any genuine need to have the service members SSN.
All very correct, and to add to this as someone who's had direct consequences due to my information being sold: we have more sensitive personal information, and that information is more sensitive than that of an average civilian.

The holy Grail of documents is the DD-214, which has every single piece of sensitive personal information a civilian has, all in one place, and we are REQUIRED to keep it indefinitely, to present it under a large number of circumstances. It's a complete identity package; full name, signature, photo, work history, residence history, dates, personal description, mother's maiden name, date of birth, location of birth, name of birth hospital and doctor. Then there's security clearance paperwork, which may be even worse, extensive un-redacted medical records, etc.

All of these documents are viewed hundreds of times by hundreds of people during a military career, scanned, photocopied, emailed, printed, all without any sort of authorization or even knowledge by the service member. It's legitimately scary. And then after you're out, all of this information is managed by the VA by people who have nearly unrestricted access to it, and in my case along with thousands of others, put on a thumb drive and taken home and sold to a broker. It's a life ruiner.

You mean SF-86, not DD-214
Nothing you listed is unique to the military. The private sector is also the target of hostile foreign powers. The private sector is also made to feel obligated to give away more personal information that is likely necessary.
Unfortunately, thanks to surveillance capitalism, everyone is "uniquely vulnerable". You can never know which of the billions of data points that make up your dossier could make someone target you. Your political views, your religion, your employer, your sexual preferences, your genetics, any of it, however inaccurate or outdated, can make you a target to someone and all that data never goes away.

Hostile foreign powers are a problem, but so are hostile domestic extremists along with a large population of the mentally ill who over the last century have gone from being abused to being ignored, which means that while most of the mentally ill are harmless, nobody is keeping an eye on the ones who aren't. Not even after they get repeatedly reported to authorities by concerned family members (Robert Card, Ethan Crumbley, Orlando Harris, etc).

> The implication that their data is more important or something just seems like a ploy to get more eyeballs on the research.

If I had to guess at a motivation, it's jockeying for reasons for congress to care about data privacy issues.

I am sure some enterprising person is going to purchase all the data on members of congress and release it at some point.

> The implication that their data is more important or something just seems like a ploy to get more eyeballs on the research.

So? Their data IS more important from a national security perspective, as the study suggests. If you handle nukes, your personal information would probably be more valuable than the data of someone flipping burgers at McD.

If this framing - 'the data brokerage industry is in itself a threat to national security' - forces congress to better regulate the industry, I think it is a win even if the regulations will only target military folks. It's a foot-in-the-door and objectively a good thing for the US national security.

Yes, the most troubling "red team" ideas are about attacking service members in their personal lives at home. Rather than attacking our nuclear bombers, submarines, and ICBMs, an adversary could target the people who operate and maintain those things, or their families, in their personal financial lives and neighborhoods where they are soft targets and reliant on law enforcement for protection.
I'm not sure they are implying their data is more important. FWIW, the research claims:

Most of the previous research on data brokers and national security focuses on data about all U.S. persons, rather than focusing on servicemembers as we do in this report. Research in both categories is described here.

Also, I think of note is that Military personnel are unique in that they are banned from using tiktok, at least right now, as of recently. This research, combined with earlier and future research might be able to determine what kind of effect this ban has on data collection/data brokers.

I also think it is unique in that the US government is the employer of military personnel, so if they take any action related to protecting their employee data from brokers or from selling, maybe this can be a model for all US citizens, or at least for other employers.

To my knowledge, I'm not banned from using TikTok as a US military service member. The ban is about using it on government furnished equipment / devices / networks.
(comment deleted)
Seeing drone dropped grenades everywhere in Ukraine has made me worried about normalized "drone drop murders" spreading to the rest of the world. With widely available addresses gang violence, political killings, and even online flamewar escalations will become much much uglier.

Who needs to do a driveby shooting if you could drop a homemade bomb from a McDonalds bathroom 20 miles away using some jailbroken drone? Violence isn't the only issue either -- Imagine what will happen when courts catch up to the internet age. Get ready for the normalization of digging through decades of comment history to character assassinate people on a whim. This is getting really bad. I don't think society at large is ready for the coming nightmare.

--

We need immediate privacy reforms to:

1. Fine companies for requiring unneeded personal data. Fine companies for collecting addresses and numbers when they don't need them. Address + number specifically should be dumped when no longer needed.

2. Fully regulate+audit data-based industries to confirm that anonymized user profiles are truly anonymous.

3. Raise the legal bar allowing usage of personal data to harm an individual. Lawyers and employers shouldn't be able to find+splice your Youtube comment history to try and character assassinate you outside of some felony-tier criminal case.

are explosives as easy to get as bullets & guns where you live?
explosives are a 10 minute youtube video away
Wait until someone puts a gun on a drone and shoots up a concert from states away, or another country...
we're not talking about UAVs here though, someone needs to configure the drone very locally
You realize they are using drones that you or I can buy on amazon, to blow up tanks and people in an ongoing war?

> The logic was simple, Pharmacist says: Exploding drones cost roughly $400 to make, while a conventional projectile can cost nearly 10 times as much. Even if it requires multiple drones to take out a tank — and sometimes it does — it is still worth it.

> But first they had to modify commercial drones with hardware and software to suit the battlefield, enabling them to penetrate deeper behind enemy lines without being detected or jammed. A breakthrough came through the clever use of several drones in unison.

https://www.pbs.org/newshour/world/how-ukraine-soldiers-use-...

Cell phone w/ 5G and a time investment from a software engineer could make the range limitless. The point is, it's entirely possible to remotely drone strike using shit from amazon if one were so inclined.

> could make the range limitless

do you have an infinite battery technology? no one's crossing international borders with diy assassin drones unless it's like a mile across the canadian or mexican border — much easier to just shoot someone

I meant wireless range to control it, not fuel/battery range.

You're assuming they intend to fly the drone across an ocean or something to hit a target. We don't fly predator drones across the ocean either, they are transported somewhere via other means, and then deployed to the area needed in a way they have the range to actually hit their target.

Leaving something on a building rooftop and flying back home to later operate it is not an impossible idea. Use your imagination, there are many ways. Fedex is a thing too.

yes, but there's always some trail this way... travel logs, mailing logs, someone there to set it up, etc

again, just easier to shoot someone... we don't need to make up imaginary drone violence, there's not much reason for it outside of a warzone

> yes, but there's always some trail this way... travel logs, mailing logs, someone there to set it up, etc

All meaningless if you don't fly and use only cash, and a fake ID

> again, just easier to shoot someone... we don't need to make up imaginary drone violence, there's not much reason for it outside of a warzone

I didn't think it was easier than shooting someone. All of this stems from me saying it's only a matter of time until a psycho mounts a gun onto a drone and flies it over a crowd. We have a mass shooting once a week. Tech is easier and more accessible and only continues to be easier and more available. If soldiers are taking off the shelf drones and using them to easily kill people on the cheap, it's only a matter of time until instead of a box of ammo and trench coat, someone throws on a dji vr headset and flies a drone with either a gun on it or a bomb.

It's not imaginary

> Just a few months ago, a head of state was attacked with off-the-shelf consumer drones — an apparent first. It happened in broad daylight on August 4 in Venezuela. According to police, the drones exploded and missed their target

https://www.defenseone.com/feature/against-the-drones/

> Armed men allegedly identified as members of the Jalisco New Generation Cartel (CJNG) attacked the community of Pinolapa, in the municipality of Tepalcatepec, in the state of Michoacán, with drones loaded with explosives.

> residents of the area indicated that the drones were loaded with C4 explosives and fragmentation grenades

https://smallwarsjournal.com/jrnl/art/mexican-cartel-tactica...

https://www.politico.eu/article/future-warfare-400-army-stri...

It's illogical to think it won't happen at some point

You can buy Tannerite without an explosive license from the ATF. It's been used in past bombings. Plus, unless they outlaw anything from crude oil, alchohol and the plants used to produce it, gun powder, fireworks, and most chemicals under your kitchen sink, there are thousands of combinations that produce a material that can be used to make explosives. Access or lack of isn't the limiting factor, people's willingness to do it is and always will be the case. Air can make an explosive.

https://en.wikipedia.org/wiki/Tannerite

I'd sure be upset about a remote Molotov cocktail payload busting through my window and burning my house down. Things don't have to be explosive to be dangerous.
Seems like being able to look up people's home address is a pretty minor part of that threat?
At the risk of sounding hyperbolic:

Imagine Iranian agents using these address books to track down naval officers in San Diego from across the border in Tijuana. Having a global address book lowers the barrier for hunting people down and hurting them. This is already happening to off-duty Russian officers mowing the lawn at home.

Being able to look up someone's address normally isn't a problem. Extremists and nut jobs being able to compile a list of people whose religion, political views, sexual preferences, medical conditions, and purchase habits makes them a target for violence is the problem. At that point being able to find them (using their street address or even real time geolocation data) becomes a pretty big part of that threat.
Sometimes the US perspective of things is completely surreal for me as a European. In a country where you can buy assault rifles with minimal background checks, people worry about addresses being available because someone might be able to look up the address to kill them with a drone and a home made bomb.
> In a country where you can buy assault rifles with minimal background checks, people worry about addresses being available because someone might be able to look up the address to kill them with a drone and a home made bomb.

Drones and IUDs may be less traceable than guns and offer even less risk to the user. Currently if you're going to use a gun, you basically have to be suicidal or care zero about the consequences.

But that also brings up a good point -- people worry about addresses being available because someone might be able to use a gun and kill them as well. Or hell, just their fists.

Doxxing is dangerous, is this not the case in Europe as well?

Doxing remains dangerous in Europe, the posters just trying to score cheap points.
Remember that time a bunch of Scandinavian bikers got hold of some Carl Gustovs and used them to explode a rivals building among other things?
> Drones and IUDs may be less traceable than guns and offer even less risk to the user.

Gotta watch out for those intra-uterine devices - they can take out a city block. ;)

Depends. If you’re really looking to avoid detection then 3d printing a gun is a lot easier than a drone.
Curious what you define as "minimal background checks" and "assault rifles" as
They already said they're European. The terms you mentioned are very Americanized/America-centric phrases.

The rest of the world doesn't really have the same concern or context, because the rest of the world doesn't have the same issues or political/media environment.

Not American, and curious about the checks required for different weapons. I get lot of contradictory information online.

Also read in many places buying illegally is easy. How true is that?

To purchase a firearm from a store or any "licensed" individual (someone who has an FFL: https://en.wikipedia.org/wiki/Federal_Firearms_License) you must pass a background check done by the FBI. You can read more here: https://www.fbi.gov/how-we-can-help-you/more-fbi-services-an...

If you buy a gun from someone on a classifieds site or friend/family, in most states you don't have to get a background check to transfer ownership of the firearm. This is typically the "loophole" that people refer to when they want Universal Background Checks.

I'm not sure what you mean by buying illegally - whether you mean to someone prohibited from owning firearms (like a felon or something), or buying "illegal" guns... Either way there are usually stiff penalties for owning restricted devices. For example if I were to 3D print an auto-sear for an AR-15 (making it full-auto), that's a ticket to a 10 year sentence in federal prison. Assuming I don't have the permission slip from the ATF. As for prohibited persons buying a firearm, I'm not sure what the penalties are, but at the least it'd be a violation of their release?

Buying legally in the US isn't that hard to make it worth it to buy illegally unless you are a broke teenager buying one to try and "look cool and tough" to your friends.
> unless you are a broke teenager buying one to try and "look cool and tough

Or unless, of course, you're a criminal who is forbidden from legally buying a gun.

> Buying legally in the US isn't that hard to make it worth it to buy illegally unless you are a broke teenager

Or unless you have a felony, which would make up a much larger share of illegall firearm purchases than teenagers.

in most states someone who has multiple assault violations and a history of mental health problems can walk into a gun show with $700 and 15 minutes later walk out with a semi-automatic AR-15
[flagged]
not necessarily gun shows of course, that's just where it's easy to find private sellers - private sales don't require background checks
Depending on the state yeah
I hear the US has more than one state and open inter state borders though ...

Kind of undercuts the whole some states have really good gun laws argument.

Why do the states with "good" gun laws have worse gun violence?
You'd want to direct that to whoever was claiming some laws better than others.

It's moot when the inter state borders are leaky - the genius of Australia wasn't that guns were banned (they weren't) but that national gun laws were unified across all states so that all sales are registered and all buyers are vetted for criminal | domestic violence backgrounds.

That's not an assault rifle, first and foremost. Second, selling to someone with multiple assault convictions is itself a Federal felony, and not every gun owner is so careless as to want to take that risk and get pilloried in the press. You're generalizing a worst-case scenario based on a stereotype.
it's not a worst-case scenario, it's a very obvious loophole that should be closed — private gun purchases should require waiting times and background checks

"not technically an assault rifle" doesn't matter in the slightest, no one's impressed by this constant pedantry... yes, yes, it's an ArmaLite 15 and isn't technically an assault rifle because it's only semi-automatic. This changes absolutely nothing, mass shooters are essentially cosplaying during mass shootings with this thing because it looks like an assault rifle and it's easily accessible.

the proliferation of modern small arms is one of the worst things to happen in human history

You can't misrepresent important facts and then claim someone correcting you is engaging in pedantry. That's flat-out gaslighting.
the facts being "looks like an assault rifle but isn't technically an assault rifle"? that's immaterial to the point, and it's clear you have no desire to engage in a good faith conversation, see ya
Continue believing propaganda lies. You do you, boo.
As a European who has been living in the US for a decade, yeah, you're pretty spot on. Americans are a scared people, probably the most scared I've ever seen. Afraid of the gov't, the neighbors, and random people they don't even know. I've gotten a ton of hate as a foreigner and I am not surprised a hateful, greedy and selfish population like here is afraid somebody will take them out with an improvised device.
And yet, you live here.

Annals of revealed preferences.

Oh no, don't get me wrong, I've been dying to leave, nothing I would like more. But I am sure you've heard of the term economic slavery, and that's what I have become. Don't make enough to make the ends meet, and don't make enough to leave. Have to pay the debts before I can give up the passport.
I'm sure we could pull some money together to get you out of economic slavery. Don't want that on our conscience
You poor soul. Moved to such a terrible nation full of those awful people you described and now you seem to be completely powerless to leave. And I'm 100% sure this is everyone elses fault.

At what point do you look inward for someone to blame for your circumstances?

I was forced to move here when my parent got married. Never wanted to come here, didn't have a choice, tried to like it and I don't think that's humanly possible. Don't be a dick.
Debt does not stop you from leaving, if you have a second passport.
US is one of the only countries in the world where you still have to pay US taxes no matter where you live or work and what passports you have, as long as you are a US citizen, and you can't give up US citizenship, which is also a paid process, unless you've paid all taxes.
1. Only on income over $120,000 (it's inflation indexed), so it doesn't matter for the OP.

2. The US does not collect, if you don't want to come back to the US it doesn't matter.

The US extends its power over financial institutions whenever it wants, so anyone who leaves the US without renouncing and then can't renounce due to incompliance is likely to end up unbanked eventually.
"likely" and "eventually" are doing a lot of work for you here.
Likely and eventually are doing a lot of work for the US over decades, the hypothetical person is already unable to open a brokerage account since mid last decade in many countries.

First world children accidentally having US citizenship from their parents youthful indiscretions aren't so happy this decade with their inability to use normal financial services in their own country.

There's the possibility that the US gets sidelined in global finance but otherwise there's no reason to assume it won't continue with its current momentum instead of recently developed progressions somehow being steady state.

Going to the US as some kind of fun few year adventure is really no longer something someone should contemplate without first consulting non existent neutral international financial/immigration/legal council. If you aren't sure of a very specific goal/desire consider if somewhere else might work well enough instead.

But you said you're European. Are you a US citizen?

You can renounce a citizenship. They added an exit-fee recently. Plus if you've been living in the US working for a US company you've been paying taxes, no?

Or else you're under the table and not paying taxes, in which case this is all moot.

I'm sorry but that's just nonsense.

Worst case you can always go back to whatever country you're a citizen on, go on welfare and start over from scratch.

Generally making disparaging bigoted comments about a nationality is to be avoided here. It's certainly not productive to this discussion to label anyone as hateful, greedy, and selfish, and it runs afoul of the HN comment guidelines.

There are plenty of ways to contribute to discussion without making remarks that are emotionally charged and inflammatory.

Non-American also been living here for a decade, and can only say your experiences are not representative, and you seemed to have picked a poor place to live.
Or they're just prejudiced, and taking the worst possible view of their neighbors, who are in all likelihood perfectly normal people.
[flagged]
(comment deleted)
As an European living in Europe I worry about addresses being available because someone suitably unhinged and upset can come to my house and stab me, set it on fire, etc.
As other commenters have mentioned, US American's ease of access to firearms does not extend to their usage. If you buy a weapon and wrongly shoot someone, there is a system in place to make sure you are found and punished. There is no such system in place for catching people flying drones.
Sure there is (if you use that drone as a weapon). It would be the same investigation as someone putting a bomb at your front door. They’d analyze the components and narrow down the people with the motive and figure out which one bought them.
Have you not heard of remote-id?

It's a legal requirement for drones above 250g to broadcast not only their position but also the position of the operator and their identification number.

There are custom firmwares out to bypass these types of things, unfortunately.
Yeah, I am pretty sure the people of Hamas are following the guidelines and have satisfied all of the regulatory requirements before flying their small grenade carry-on drones.
I'm pretty sure the people of Hamas aren't flying drones in Cleveland.

And the FCC is pretty damn ruthless about finding and triangulating signals that don't comply with their rules.

> there is a system in place to make sure you are found and punished

Famously, this system works well after it would be useful.

It’s hilarious and excruciating for many Americans too.

Source: get me out of here

Since guns are easily available, it's harder to kill someone.. since they might have a gun.

In Europe, all you need to kill your enemy and his family is two guys and a baseball bat or a knife. In America, you atleast need a gun since odds are they have a gun at home.

yeah the random killings and random violence are quite low in comparison to domestic violence. while disgruntled people you may know are a bigger vulnerability surface but the social connection makes it easier for the assailant to get caught. so the potential assailants (everyone) has an incentive to think of things more elaborate than picking up their semi automatic gun
Tell me you know nothing about US gun laws without telling me you know nothing about US gun laws. Some states have stricter laws than Switzerland and Czechia.
Not to mention the US having more than one state and open inter state borders ... which somewhat negates the "some states" line of argument.
And Europe has the Schengen area; I assume you're familiar?
Has Texas agreed to adopt the strictest gun control measures in the US sates?

I assume you understand the question re: Schengen.

Schengen allows for border crossings with no checkpoints just like US states. Which means the "different states have different laws" canard is no different than Europe. What's to stop someone from leaving Switzerland or Czechia with a firearm until they get caught?
Schengen doesn't have a Texas - Switzerland raised the bar on semi automatics to match Schengen law - it's a more uniform zone than the USofA is wrt gun law.
Most of the footage from Ukraine is from flat empty landscape targeting stationary targets. Trying to do the same on an urban environment with moving targets is way more complicated.
Changing posession of personal user data from a financial asset to a liability is probably the most effective thing the government could do in the near term to protect people's information. Companies right now are incentivized to collect tons of personal data because it's worth real money to them and others, and the liabilities mostly fall to the users. If there were heavy financial consequences to leaking personal data then companies would self regulate away a lot of terrible behavior that is currently common.
Imho, the test should be "Is targeted advertising barely profitable?"

It should cost enough to retain personal data that, unless that's your primary business and you're very good at it, it doesn't make financial sense.

> Who needs to do a driveby shooting if you could drop a homemade bomb from a McDonalds bathroom 20 miles away using some jailbroken drone?

Driveby shootings are super easy. Drone bombing someone is way harder. Especially from 20 miles away. I don't see how Ukraine would change that.

Getting away with driveby shooting requires about the same amount of faff as getting away with a drone murder. (Because in both cases unless you biff it spectacularly the police is not going to catch you red-handed. They are going to find you based on who wanted the person gone.)

> Because in both cases unless you biff it spectacularly the police is not going to catch you red-handed.

The barriers for police have also gotten lower over the time. The thing where a lot of criminals get caught is dragnet surveillance - just subpoena Google, Apple and the operators of cellphone towers for a list of everyone who was in the proximity of where a crime happened, and they have no choice but to deliver the data you yourself collected to the police.

This is also getting worse because it's just a matter of time until states with abortion bans subpoena Google, Microsoft and Apple for which persons that are regularly in that state have visited known abortion providers in another state in a timeframe consistent with an abortion visit, or who have searched about abortions on the Internet.

Completely agree. Personal information should be a liability to corporations. It should actively cost them money to know anything at all about us. They should be scrambling to forget all they can the second we're done transacting with them.
The drone drop on individuals is not the biggest worry.

Long range autonomous drones clearly are able to take out large scale infrastructure like pipelines, ships etc, the soft underbelly of the western world. And against the poor and proxy war forces of the world, the law is useless. We will miss the covid delivery crisis very soon.

And yes the US has the biggest navy, but against current drifting Kajak sized anti-ship submarine drones it and civil shipping is actually quite vulnerable.

And to make such a device smart enough to sleep until it identifies sounds and ship pictures, it needs no military industrial complex magic. A smartphone will do..

It might be easier to build your own drone rather than jailbreaking a store bought one
On Linkedin there's all kinds of "Top Secret/Security Clearance" groups which lists all the members in that group. Some have 5 thousand people.

Sure, some of those users don't actually have clearance at all, but many actually do, and work at firms all doing contracting for the federal government. Call me crazy, but giving out a list of people with clearance to the highest levels of secrets, usually doing tech work, is a bad idea. Even if a tiny fraction of them has anything that can be used as leverage to flip them, they all have targets on their backs and it kinda blows my mind that they all run around proudly plastering such things on their profiles and in public groups. It seems that's the last thing they would all be doing, as to not draw any attention from "the enemy"

"TS/SCI cleared IT Professionals" - https://www.linkedin.com/groups/3967699/

in a similar area, it absolutely pains me to see the amount of personal information demanded by online job applications. realistically how hard would it be for me to set up a fake job listing on Indeed and just hoover up highly valuable PII? you could even take it further with personality tests, IQ scores, RATs, etc.

if you were a foreign power wanting to gather data on defence programmers, for blackmail, corruption, surveillance etc, why wouldn't you do this?

I've been personally dealing with this exact thing. And it doesn't help that linkedin is a shit show of fake companies and job postings that seem to be doing exactly what you said, phishing for PII. Like, why the fuck is a job application asking me for my address? It's a remote job, the absolute most you would ever need is my city. There's a lot of companies that think I'm the very lucky resident at 123 Main St :) The day a job application asks for my SSN is the day I quit tech for good and go work for cash only under the table
I had an interview with a recruiter recently where I asked them about their data protection practices and they put the phone down on me
It’s pretty normal for job seeking since there are jobs that require a clearance before any other consideration. There’s a whole job site dedicated to clearances.

https://www.clearancejobs.com

Nice now I know where my moles need to submit their resumes!
Normal and allowed, yes, but I share the sentiment that it makes me a little uneasy. I don't mention my clearance on my LinkedIn page, and I'm vague about many other things. Of course, anybody who understands this stuff (like any foreign intelligence agency) could probably infer who's cleared Secret vs. TS/SCI vs. NSA polygraph, etc. based on other information like job skills, locations, and military rank / time-in-service.

I'm also not job seeking, just using it as a rolodex in case I ever need it later. Maybe I'll need to lay out the details if I ever do use it for job seeking.

(comment deleted)
I'm not going to call you crazy but the opposite policy - trying to keep these secret would definitely be crazy. It would be impractical, ineffective and at odds with all sorts of notions of an open, democratic society.
Not mentioning something Vs. putting it on blast online are two ends of a spectrum of common sense when you have access to privileged information that others are willing to kill, in extreme cases, to obtain. This is the only time I can think of where security through obscurity actually can have an impact on your life, and the lives of those around you.
There's no such threat against almost everybody with clearances.
Then why is security clearance required? This is the same level of clearance that Snowden had. He had access to be able to leak a bunch of programs that he literally was worried about being murdered for exposing. If he had access to information he might be killed by exposing, you don't think he and everyone else at that level has the ability to gain access to information someone else might be willing to kill in order to obtain? Cmon now, no such threat, that's ridiculous. People have killed people for a name, of course they will kill to get into these systems.
no such threat, that's ridiculous

There are 140 stars on the CIA memorial wall total, which includes plenty of wars and combat zones.

There's no serious threat to almost all people who have a security clearance. Quds Force is not scraping LinkedIn for the names of these people.

Is there a list of all CIA employees publicly available? You know, "spies" who are doing covert ops, dealing arms and drugs and destabalizing places to overthrow governments, assasinating people, etc. Do we know who those people are? If not, why would there be a list/memorial for them when KIA? The CIA isn't even the topic here though. There are people with this clerance working for all parts of the federal government, NSA, DOJ, CIA, the branches of the military. You're telling me these thousands of people who have secret access, spread across all these departments, don't have the means to access any information a foreign enemy would find useful enough to kill over? I don't think we have a memorial wall for private citizens with TS access who are working for random government contracting firms who are killed in such a case. The federal government doesn't make memorial walls for random company employees who don't technically work for them directly. These aren't government employees, they are contractors, with access levels to our most sensitive information. I'm saying it's for sure an attack vector. How could it not be?
Even the people who work in the most dangerous subsector of this line of work barely die violently, is the point of the memorial wall.

You've listed a whole bunch of questions but the things you've proposed - the threat, its reality, the notion it actually affects someone, etc are entirely of your own making. The onus is on you to provide any evidence of them and there just doesn't seem to be any.

I'm saying it's for sure an attack vector. How could it not be?

Empirically, it doesn't appear to be and hasn't been ever? Again, what makes you think otherwise?

> when you have access to privileged information that others are willing to kill, in extreme cases, to obtain

The key phrase in my original statement is _in extreme cases_ - I'm not saying such a thing is common or even likely, I'm saying when you have a bunch of tech contractors with TS access all over the place advertising to the world that they have such access, there's no way other places haven't used that info in an attempt to intimidate someone, bribe, or force, one of those contractors into helping them get into a system or get information out. If a contractor was able to yank and leak the Prism documents with the same access, working for the same firm as some of the people in the group I linked to, then it's a massive risk that these people are being looked into and attempts are being made to flip them somehow. Might not be by killing people, but who's to say for sure.

Most people's data is being sold. No reason military people would be exempt.
The reason is twofold:

1. Servicemembers hold security clearances and thus access to critical things.

2. Leaked PII is a national security threat. This report, I'd argue, is good 'marketing' for the very real need for privacy protections nationwide. The U.S. military is, despite its best efforts, still an admired and respected institution.

That doesn't have any relevance to my point. Currently there is no infrastructure in place to secure people with clearance more than anyone else, so it's no surprise their data is available.

As for your second point, big shrug. All the data is already out there and isn't going away anytime soon. Best case is to protect future data from being leaked, but the US isn't going to outlaw data brokers anytime soon and holding companies with poor computer security practices to account is very recent.

You are incorrect that there's no infra to secure people with clearances. WRT your second point, 'all the data is out there' is an awful argument.

The solution is simple: if you want to do business with or in the United States, you must respect its citizens' rights. There's plenty of other comparable regulatory frameworks; food safety, weapons, etc.

> You are incorrect that there's no infra to secure people with clearances

I'm not. If there was, their data wouldn't be lumped in with everyone else when it's leaked/hacked from all these large different organizations.

> WRT your second point, 'all the data is out there' is an awful argument.

It's a fact. You won't be able to remove that stuff now that it's out. IT's somewhat an instance of the Streisand effect. Numerous people have it torrented and downloaded locally.

> The solution is simple: if you want to do business with or in the United States, you must respect its citizens' rights.

That's not any kind of solution, especially when much of the issue is internal.

> If there was, their data wouldn't be lumped in with everyone else

You're giving the World's Largest And Most Ineffective Bureaucracy far too much agency.

> You won't be able to remove that stuff now that it's out

Who said it needs to be removed in order to secure these servicemembers' identities?

> That's not any kind of solution

It's the only solution that will work; to treat it as a constiutional mandate. It's one of the only ways to enforce widespread change when it comes to individual rights. Source: history.

> You're giving the World's Largest And Most Ineffective Bureaucracy far too much agency.

Not really sure what you're saying here.

I'll just reiterate my point. If there were any real measures in place to protect the data of specific individuals, their data wouldn't be winding up in hacked databases all over the web.

> Who said it needs to be removed in order to secure these servicemembers' identities?

That's what your previous comment seemed to imply. If that wasn't your point, what was your point?

> It's the only solution that will work; to treat it as a constiutional mandate.

Orrrr you could just have a privacy act like California, Europe and numerous other reasonable states have. It has nothing to do with the constitution or foreign trading in particular.

> Not really sure what you're saying here.

That's pretty clear, friendo. I can't do you thinking for you, but there's plenty of ways to mitigate risk and protect identities beyond deletion of the data.

> Orrrr you could just have a privacy act like California

We agree on this, except it should be at the federal level because privacy is a natural human right that should be enshrined in our most influential and powerful laws.

> That's pretty clear, friendo. I can't do you thinking for you

Sigh. No need for your condescension. You're making poor points and defending them even worse. I'm asking you to be clearer and support your arguments.

The problem isn't with me, but your lack of clear communication.

So far, based on your replies and refusal to clarify and elaborate, the only reasonable conclusion is you don't really know what you're talking about.

Very sorry to let you down.
No worries buddy. I'm on here for for intelligent in-depth discussions. I tried my best to have one with you but if you can't articulate your points clearly and lack knowledge of the subject matter being discussed, that attempt was doomed from the start.

My mistake, I should have known better from your first reply.

Our nation allows private companies to SELL PII. Our nation utilizes the availability of said PII to build their own spying apparatus. Law Enforcement uses harvested location data to track people without any warrants or due process.

You are ignoring huge parts of reality to be able to say those 2 points above.

And you are ignoring the many competing interests within and throughout the federal government. Source: me, with 20 years inside DOD/IC.
No I'm not. I'm telling someone they are ignoring all the bad things our government allows and benefits from. I'm not really sure what competing interests has to do with anything I said. Are "competing interests" the reason our own government is spying on us and tracking our lives in the secret? I'd love to understand what "competing interests" means in the context of what I said and what it has to do with the rights our government violates and answers to nobody over.
If you can't imagine that a bureaucracy as large as the united states government might not have competing interests within... I'm not sure I can help you.
Still waiting to be told what the fuck that has to do with them spying on their citizens...
That user you are replying to seems to make a lot of claims and refuses to clarify or support anything. Very little real world knowledge it seems like.

There is nothing in place to stop people collecting and selling data of any American personnel, and a large market that thrives on it. At the moment sensitive US people, cops, special ops people, judges, whoever, they are just as susceptible to having their data sold as joe schmo.

What ever happend from John Oliver's privacy exposé last year? [0]

Seems he was going to submit a docket of info collected on congress people which was supposed to nudge actions towards regulating data broker collections and online privacy.

[0] https://www.youtube.com/watch?v=wqn3gR1WTcA

I did complain about potential OMB leakage of defense workers to my HR, that too fell on deaf ears.

Then this OMB started leaking fingerprints of TS contractors. They caught the Chinese contractor.

No telling if damage was done.

That reminds me of Strava leaking the workouts of military members, making it very easy to identify the location of secret military bases (this video mentions it: https://www.youtube.com/watch?v=V2WrDZnk33g&t=341s).
I would lean more towards saying that the soldiers leaked their locations, more than Strava itself.
Imagine knowing where the enemy is because you bought the info in Bitcoin from a dark web site. Then you hit them with AI-piloted drones.

Welcome to a cyberpunk novel I could not get through when I was in college, but now it's real.

The issue is made so much worse because banks and the like are willing to withdraw money from someone's account with just the SSN and some other basic information. And the banks aren't held accountable when they give your money to a scammer. Rather they blame you for identity theft, and the government sides with the banks.
this is sad. i wish we had better data privacy
> U.S. military members' personal data being sold by online brokers

Everybody's data is being sold by online brokers. Welcome to the 21 century.

We've spent two decades since 9/11 constantly asking everyone if they are active-duty or former military (boarding priority, 10% off at lowes, free meals on veterans day), and now we have a hunch some data might have been leaked?

What outcome did we expect?

There are some aspects of my work history that no one knows about and I would definitely not share them with a 3rd party just so I can board a plane 3 minutes before everyone else.

I live in Europe (non-EU) and can't wrap my head around the fact that selling PD is legal in the US.