19 comments

[ 3.6 ms ] story [ 62.1 ms ] thread
> Among other things, the bill by Feinstein and Chambliss would authorize companies and individuals to monitor their own and consenting customers' networks for hacking and voluntarily share cyber threat data, stripped of personally identifiable information, with the government and each other for cybersecurity purpose.

Who wants to be my first customer?

And what does "consenting" mean? Something written in the ToS, or that you can't deny, like "if you visit this site, you agree to use our cookies...and share everything with the NSA/FBI"? That sort of "consenting"?
"By visiting this site (which you already have because you're reading this) you agree to share your info about your visit with the FBI/NSA (which we just did). Thank you."
Anonymizing datasets still doesn't work. https://news.ycombinator.com/item?id=8010061
It will never work; with enough data to cross-correlate you'll always be able to deanonymize it. Otherwise the data itself would be meaningless.
Side note: I really wish someone would really explain this to Bitcoin people. Bitcoin is cool but it isn't an anonymity tool. Every single transaction is permanently in the ledger, and combined with IP snooping, big data, machine learning, and a bit of gumshoe police work the potential for tracing things is incredible.
Well, if this passes I see many stories like this one coming to light:

http://techcrunch.com/2006/08/06/aol-proudly-releases-massiv...

http://www.nytimes.com/2006/08/09/technology/09aol.html?page...

"Stripped of personally identifiable information", "consenting" [which is probably just a throwaway paragraph in the ToS/privacy policy that no one reads] and "liability protection" in the same bill.

Yep. That will end well. I guess the good news is it is voluntary so, in theory, companies like DuckDuckGo can make it point they differentiate on from a company like Google. I'm not seeing that being a major selling point since most people don't understand that these "anonymity measures" are of limited value unless you can prevent people from connecting literally any dots.

The problem with 0 dots to connect is it would be worthless from a security perspective since a given attack vector is already generally shared when its discovered. :/

Where the hell is the new Intercept article on HN? The more I see obvious manipulation and malevolent flagging on this site the less I want to visit it.
It's here: https://news.ycombinator.com/item?id=8008025

I don't pay close attention to the way HN does these things, but I recall that NSA was one of the terms that the HN moderators chose to penalize. Or they could have manually penalized it as well.

HN is a sandbox that YC created for folks to play in. Their sandbox, their rules. I'm not criticizing you for complaining about the Intercept article being buried on the fourth page or whatnot (I would have more liberal rules if it were my sandbox), but merely saying it's probably not that productive to complain about theirs.

It isn't just the rules. I think the post is greyed out because a number of members seem to have flagged it, for no specified reason as far as I can tell. If you look at the post about their Reddit AMA it's the same story: https://news.ycombinator.com/item?id=8009696
I didn't flag it and wouldn't, but I could understand people flagging it for not fitting in with the type of content they find most valuable on the site. If enough people feel that way and act accordingly, it should indeed be buried quickly.

I personally find this community as a haven away from the types of stories that will be featured on the 10 O'clock news and multiple front pages of common news sites. Especially anything that's highly political.

I enjoy reading about new programming frameworks, thoughtful and fresh approaches to launching a business, or someone that has done something "cool" with any type of "technology". HN is a happy place, and politics are anything but happy.

I'm sorry but this:

> HN is a happy place, and politics are anything but happy.

makes me want to puke a little. I think you are probably right though, I can sense a major demographic on this site who are eager to ignore controversial issues. As I said earlier, maybe it's time to move on, but to where I am not sure.

There is a difference between ignoring controversial issues and not desiring to see all controversial issues in all places including HN. Why assume because it doesn't appear here that HN readers are not aware of an issue?
Not trying to ignore the issues entirely. Trying to ignore them when I come to HN.

I'll gladly read about such issues when I'm in the mood for it from a source where such articles are expected: r/worldnews, firstlook.org/theintercept/, aljazeera.com, etc.

I don't think articles with "NSA" in them should be penalized just because... a lot of this still is very relevant, affects a large number of the HN users, is newsworthy, etc. Granted, there is a lot of "NSA" stuff floating around... but that doesn't mean it should be suppressed... no?
(comment deleted)
If any of the detractors here have better ideas about how to allow companies to work together to avoid falling victim to state-sponsored cyberattacks, I'm sure suggestions would be valuable, even if not sent to the Senate Select Committee on Intelligence.

Just think of it as helping the private sector avoid falling victim to attacks from the NSA, if it helps, since if they can stop the NSA then they should also be able to stop things like the Aurora attack launched against Google.

They can work together already on everything pertinent to an attack. Nothing stops me from publishing/sharing a log file from a machine that was DDoS'd with IP addresses, etc. Nothing stops me from sharing any evidence of an actual attack of some kind.

All this really does is enable them to act as informers on their customers without liability.