I notice a user was offering to contribute one bitcoin to the reward there, upping its value in present-day terms by $9000. At the time, it would have been worth around $135.
This will send a DNS A record request for sdf.org and on some platforms, a request for SSHFP records, too. Unless the system is configured to route all DNS traffic over Tor, it may be possible to correlate those requests' originating IP with the published update timestamps.
> Unless the system is configured to route all DNS traffic over Tor
Edge cases like this is why I always use things like Tails when I want to do something over Tor. There are just too many gotchas, and many of them are barely even avoidable in the first place (like correlating timestamps).
I've known about sdf.org for a long time because they advertise in 2600. It's the kind of service that makes me so happy it exists to the point that it kind of makes me sad that I personally have no use for it :).
Yeah, this gives me temendous nostalgia. SDF was my first introduction to Unix, must have been 12 or 13 years old at the time. I'm almost giddy when I find these sorts of early internet systems / services are still online.
Analyze voidnull's use of pronouns and do a sim search over other users' accounts on HN and the Web.
"Our most forgettable words, such as pronouns and prepositions, can be the most revealing: their patterns are as distinctive as fingerprints." [1] - Prof James W. Pennebaker
I haven't read the book, but does it talk about whether it's possible to "fake" the way you write? I'd also be interested in whether it explored the way people write in web communities, I have a strong feeling people change their tone and phrasing based on the audience (especially when upvoted and downvotes are involved).
i would go through a loop of translating the documenting using online translators between X languages.
It will create syntax errors but will provide maybe some "hashing"
It's fine and was always fine. Probably it got affected by a software filter at some point when it was new, but a moderator marked it legit so that wouldn't happen again.
> There have been a couple of quick updates I posted on the linked page. First, SDF does accept Bitcoin for validation.
Second, SMJ is personally upping the prize to $100. See the link for details.
> I am very happy with the result of this stunt. So far this page has gotten over 100,000 which works nicely towards the goal of driving more users towards Tor and SDF.
The anonymity of sdf.org accounts and VPS/servers are all limited by association through access and payment. Tor is arguably the most anonymous access method for any of them. Excluding login chaining via Tor through botnets and compromised servers, anyway.
If done carefully, using well-mixed Bitcoin is arguably as anonymous as sending cash through the mail. There are ways to screw both up, but also ways to do both with arbitrary overkill.
Anyway, this is cool. I mean, six years is an OK run. But on the other hand, all remote VPS and servers that I setup are just about as anonymous. And yes, it's lots easier now than it was in 2013.
I think it's much easier and safer to send Monero or to convert it to Bitcoin using something like xmr.to than to mix bitcoins, which can be traced back.
we do know, as far as proving a negative goes anyhow; i’m a sdf member & volunteer ... the voidnull page has never been put away for too long & if anyone was able to deobfuscate the user’s identity beyond the website page proper it would be a whole exciting todo for our community.
if it becomes 2023, and if by then nobody’s doxed voidnull i think a special edition “everyone wins especially voidnull sdf forever” mug &or hoodie would be in order!
Seems long enough that a future AI could connect writing style to other people writing about privacy during this time using an offline copy of the internet.
This is super interesting, brings back memories. We take for granted how easy anonymity is in age when anyone can spoof their MAC address at a public wifi point and be fairly anonymous.
Question: Is there a technical reason the author does not suggest simply using torsocks? (eg: torsocks ssh sdf.org). I thought maybe it didn't exist in 2013 but the github has some files that date back that far.
It's generally safer to use torsocks, because it routes DNS queries via Tor. As oil25 notes, using the ProxyCommand option doesn't. However, it's possible that torsocks in 2013 didn't reliably block DNS leaks.
In any case, Whonix was available in 2013, and using it would have -- and does -- prevent DNS leaks.
I don't understand the part about 1 dollar donations. Surely that can't be enough money to do much of anything given how rare I imagine it is for people to create an account.
Of course it is. We don't ask for names. We don't even have a way for users to give us their name, unless they choose to publish it via their username or the About field of their profile.
I thought maybe "HN is a community—users should have an identity that others can relate to." meant our nyms should point to a real person, and that the account mentioned in the article was terminated for being registered via Tor.
I try to find the middle ground with this account.
You can probably find out who I am, but I hope people will respect it's important to have nyms where we can have informal convos. (Also luckily most snoopers are lazy so simply not tying my legal name to this is sufficient considering I'm not expressing anything particularly controversial...)
Kind of like how half of Gotham seems to know who Batman is, but they pretend not to ;)
> I thought maybe "HN is a community—users should have an identity that others can relate to." meant our nyms should point to a real person
Your HN username should represent you as a person in the sense of providing an identity over time, because that's necessary for a community. But it's totally fine not to use your real name. I've posted a bunch about this over the years if anyone wants more: https://hn.algolia.com/?sort=byDate&dateRange=all&type=comme....
There are several rings of anonymous HN accounts which are guarded such that anybody (who knows a bit of a trick) can use them to post whatever they like. These accounts aren't official, but grey; officially, there's not really a way to prevent such a thing.
voidnull's anonymous page has been my mood ring for about six years.
on good days i visit and appreciate the accomplishment + appreciate that our good ol' SDF is a public access multi-user system on which such a feat is possible!
on bad days i start thinking about writing evil sudos and shit, just grasping at straws.. that f'king page done been mockin' me since 2013 :P
on today, i love seeing the spirits of HN & SDF intersect!
so many incredibly insightful, funny, creative approaches abound in this comment section. warms my heart!
>Any illegal activities which includes, but certainly isn't limited
to spamming, portflooding, portscanning, unauthorised connections to
remote hosts and any sort of scam can really not be tolerated here.
Why? Because there are many here on this system that can suffer from
this sort of abuse. If you want to use SDF, you really have to care
about this system and the people here. If you don't want to care,
then you really shouldn't use this resource.
So what if he did? Even if we had his DNA, we wouldn’t know whose DNA it is. It would be as useful as finding a key on the ground without knowing which house it unlocks.
Seems safe to assume we could identify nearly anyone these days using DNA thanks to the services that collect such information for genealogical or medical purposes.
Yep the only way to identify someone with DNA from an unknown source is to already have a copy of their DNA on record, that you know is theirs. Or maybe a close relative’s DNA on record.
It would depend on the country whether or not their DNA is likely on record. Most Americans do not have their DNA on record. However it’s interesting that Kenya recently required collection of DNA from all citizens.
But yep those who have signed up for 23 and Me with their real name (or maybe a close relative) can be identified from an anonymous DNA sample. Or previously incarcerated, since then the government would have their DNA on record.
Or if they were already a suspect, then their DNA could then be taken and matched against the anonymous sample.
So maybe by disclosing that he didn’t lick the envelope, he’s inadvertently telling us that his DNA is on record somewhere?
In the US, enough people have submitted DNA to 23andMe, Ancestry, GED match, etc., that a random DNA sample can be identified by so-called “genetic genealogy” methods.
Basically because your generic relatives have submitted their DNA to these services, a small pool of potential candidates for your DNA can be identified, and traditional investigation methods can identify you in that pool.
As the density of people who have submitted DNA to these services increases in the total population, identifying random samples will be easier. (It is already getting easier.)
These techniques were publicized with the Golden State Killer case but have been used in several other law enforcement investigations.
My contact with this field is mostly through friends in the industry, but The Daily podcast’s series on it seemed like a good introduction:
Very little of your DNA is exclusively your own. Most of it was passed into you from other people, and by correlating what you have against what other people have, it is not too hard to trace out where you came from and who you are.
243 comments from 6 years ago