I share this sentiment. Whenever I see his name I end up reading his article and whether I agree with him or not, the quality of content he puts out sets a very high bar. Whenever he writes a comment on HN it's one of those rare instances where I'll stop and read it carefully rather than blaze through it. Jeff is truly a gem in the community.
FWIW I did not expect bad news since I didn't see a date range after the name in parens.
The site was rife with perverts, Neo-Nazi propaganda, CSAM distribution, and honeypot operations. I think people are idealizing what it was in recent years, believing it was the same fun as in the early 2010s. It was an absolute shitshow.
The owner acts like Omegle was about innocent curious internet explorers asking cute questions and spreading knowledge. Bull shit. I never met a professor on Omegle. The most common encounter is a pervert who quickly ends the chat. I probably would have needed to sink 300+ hours on the platform in order to meet one. And by the time I would have met this professor, I would most likely have gained nothing from the exchange. Therefore, in my experience, I have found such innocent encounters to be the exception. By far. There is no corner on the internet where that happens organically. Even on HN, where comments are verbose and technical, it's only because of the perceived clout and proximity to VC money. The open connectedness of the internet has little to do with it.
If you access Tor, which is considered the peak of anonymous interconnectedness, you will also find a draught of intellectual activity. I would love to find intellectual discussions occurring on Tor, if anyone knows one please let me know the onion address. (Pro-tip: it's an impossible quest.) Instead all you will find are CSAM, scams, and honeypots.
I have found that my life has gotten immeasurably better since I generally stopped using the internet. The reddit API lockdown woke me up and I realized pretty much everything on the internet is garbage. Even HN is of lower quality than before, with the average post being a flex of one's social status rather than a helpful tip from one hacker to another.
Fuck all this noise. The internet is so full of low quality social content that it is overall not worth using for social connection.
The public internet has always been garbage dude. Ever since eternal september in 93. The trick is a good filter. It seems like you lucked into some good filters in the past, but forgot to rotate them when they stopped working
Wasn't trying anything, I was legit curious about places where intellectual conversation happens. I suppose you are right that exposing such places to air will risk their integrity, then you'll be left in the same situation as me. Forget I ever asked.
I have taken out the word "outside" from my post, because you seem to be addressing a very minor component of my overall message. Please note: My main point is that pure, intellectual connection is almost nowhere to be found. It is drowned out in a sea of shit.
While I did criticize HN in my post, I will note that it is sort of a last bastion of intellectual conversation. I believe the motives are not as pure as before, and I lament that. There simply is not a space for intellectual conversation for intellectual conversation's sake on the internet anymore. It is all twisted.
Call me naive, but I don't see why we need Kant's ideas of noumena and phenomena when we have Plato's Allegory of the Cave and Analogy of the Divided Line. In my limited experience, Plato's philosophical primitives prove more useful for thinking about whether LLMs possess intelligence and what reality really is. In my opinion the most groundbreaking contribution of Kant is adding in the a priori and a posteriori distinctions to how belief is constructed. Even so, nothing of Kant's work impresses me more than Plato's allegory.
Think of a sparse mixture of experts generating a space of solutions. A different mixture of experts may generate the same space. That the space can be factorized in multiple ways grants you knowledge of reality.
I was looking at the first one (Suzuki version) living in Tokyo but decided it was too cramped for even a small family and the crash ratings are not as good as a full size car. In particular the luggage space is lacking.
Agreed entirely. Even more glycemic foods than sugar (which is only half glucose), are not a metabolic problem. I started eating pasta, white bread, and white rice and have been able to lose weight. People on this very forum will tell me that what I do is impossible, but I'm done taking the advice of bots and people who aren't fit. I am downright skinny now. Go ahead and downvote my post, after all HN is an echo chamber full of IYIs and shills, is it not?
No, I think it's fine and honestly I can understand the need to compulsively use AirPods especially among the anxiety prone. Forcing people to endure the noise of the world, which is increasingly inorganic and terrifying, just because you insist on them listening to you in a subservient manner, is very strange and the sort of insistence I would expect only from narcissists. I personally wear my AirPods Pro at all times when in public because it makes it that much easier to tolerate it. I have transparency mode on so I can still listen to you, probably better than without AirPods.
If the person is listening to you and responding just fine, then the AirPods are not a problem. If the person is obviously distracted then you have cause to ask them to take them off. Simple as.
From a decision-making standpoint it seems difficult to argue that you made the wrong choice. At the time when the $99 kits were ubiquitous, 23andme seemed like a solid, reputable company.
Back then, few people had the mindset of, "if they own my data, they own me." But we're starting to see it take hold.
I don't know about that. Geneology has been a hobby for me for a couple decades and I'd say only tech illiterates were willing to trust 23 and me. I've never seen any company I've worked at do well enough with security that I'd trust them with my DNA and with the constant data breaches across the industry with zero consequential penalties, this seems like the norm. Have you ever seen security done right anywhere? In my experience, it's always the bare minimum. Banks are about as close as it gets and that's only because they have higher obligations than most.
Gave them my DNA last year, am not tech illiterate. It was cool to see the results, though not life-changing. I don't regret the decision - I don't understand why I should care that my DNA sequence is on a shady website somewhere. I don't understand the threat model people have here - how will my life be negatively impacted by this?
> how will my life be negatively impacted by this?
Your would-be future employers may reject you because of this data. Why hire someone with a higher risk of certain diseases or disables? It'd be illegal, but companies don't care about breaking the law if it's profitable and it'd basically take a whistleblower for anyone to know it happened. They certainly won't tell you that's why you weren't hired.
You could be denied housing or be targeted by extremists. More likely though, you'll be targeted by pharmaceutical companies. If the police didn't already have a copy of your DNA on file you might now have a place in every police line up, in any state in the US, for every crime committed where DNA evidence is collected. You could get wrongly flagged as a match through human error or statistics but either way it'll be on you to hire the lawyer who will have to prove your innocence.
We're moving toward a digital caste system (several really) where the data governments and corporations have on you will determine what you're allowed to do, how much you'll pay for things, and what opportunities you'll have. Every scrap of data you surrender will be used against you by anyone willing to pay for it, used in whatever way they think will benefit them, at any time, and you'll probably never even realize what happened. Just like right now, where companies don't tell you that they used your personal data to determine how long to leave you on hold. There's no telling what kinds of harms this could bring you, and there's no taking your data back to prevent any of it either.
I hope that data never comes back to haunt you. I'd sure hate to need to count on that never happening though.
Do you really think a judge would allow a guilty verdict based on stolen genetic data obtained from a hacker?
Do you really think braindead landlords and HR people would make decisions based on Promethease or whatever future tool replaces it?
Monetarily the genetic data is marginally valuable at best, which is the same reasons 23andme revenue comes almost entirely from novelty-seeking consumers rather than industry.
> Do you really think a judge would allow a guilty verdict based on stolen genetic data obtained from a hacker?
The judge won't have any idea how the innocent person's data got entered into the government's DNA database. The same way that judges doesn't care how police got your fingerprints on file (They got mine when I was in grade school. Teachers lined all the kids up in the hallway and the police fingerprinted us all. They told us it was in case we were kidnapped.). The judge cares about how the DNA was collected at the scene of the crime. It's enough that it matched DNA in the government's database. Even if it was discovered that the DNA came from 23andme's data I doubt they would care.
> Do you really think braindead landlords and HR people would make decisions based on Promethease or whatever future tool replaces it?
They already perform illegal background checks on employees and renters. (see https://money.cnn.com/2014/04/09/pf/data-brokers-ftc/index.h...). Whatever interesting data can be extracted from the DNA that was leaked will be added to the dossiers data brokers have on the victims.
At the begin of Hitler's reign, the Nazis started to ask people at many occasions for so-called "Ariernachweis" papers. Those were collections of documents to show that someones ancestors were pure according to their race theory. Many people didn't question this at the beginning. Later that data was used to round up minorities, i.e. to commit the wellknown atrocities.
Once data is centrally collected, you cannot know for which future purposes it'll be used. So, the question with regards to companies like 23andme should be: Do you trust the current owners, all future owners, and current and future business partners to not misuse and safeguard your DNA data?
> Monetarily the genetic data is marginally valuable at best
Tell that to big pharma, health insurers, adoption agencies, dating sites, and companies that produce addictive products for consumers.
> Do you really think braindead landlords and HR people would make decisions based on Promethease
They have shown to make decisions based on DEI declarations. I rest my case.
> Do you really think braindead landlords and HR people
Maybe that part is far fetched. But insurance people will make user off it I'm sure. By letting this data out there you might be opting in to higher costs, or hassle getting insurance at all, that way.
You convinced me that, as I was already suspecting, there is no more risk in having your dna public than, for instance, having a picture of you on the internet. Arguably, even less.
"no more risk" is an odd way to frame it. Its all compounded. Having a pic of yourself online is a risk. Having your DNA leaked a risk. Carrying a cell phone is a risk. Using Google is a risk. The more risks you take you more likely you are to get screwed over.
You forgot finger prints, photo's, AI, medical history through routine exams, spending habits harvested through CC use and any form of digital banking, living habits analyzed through electric bills, internet activity, auto use, travel, etc.
Your fear is misguided and you have already lost the game.
You seem to be supporting the fact that this is a valid concern. Every piece of data can (and eventually will likely) be used against you at some point. The more data you give up, the more ammo you're handing over to the people today and tomorrow who want to exploit you. DNA contains a ton of data, and it's very different from the data in your utility bills or your GPS history. Keeping your DNA out of the dossiers data brokers keep on you would be a smart move even taking into account how much other data they already have.
The breach affects those related to you and affects you multi-generationally so there’s a lot of time for the impact to materialize. There are strong financial incentives for genetic discrimination on the part of insurers and employers. There are also plenty of fascists are happy as a clam to discriminate against anybody with certain genes.
If there’s any reason not to care, it’s not the lack of impact, it’s the impossibility of securing the data. I could sit here all day and convince you that you should care and then your cousin would get a dna analysis done and that would ultimately make all your caution mostly irrelevant. The only effective way to ensure genetic privacy is a legislative effort to control access to genetic databases, trying to avoid being put in such a database is only going to slow down how fast this happens.
see, this is where I don't get it. Can you send your material anonymously (burner email, pay in cash/crypto/prepaid debit card)? Then how could they match your DNA to your identity to sell it to insurance companies, etc?
Was there ever a case of a convict getting caught by their direct DNA being found in one of these databases? I thought all cases where correlated from relatives. Government gets DNA sample, asks the databases: 'who do you know that's a genetic relative of this suspect?' and then they go and interrogate that person's every third cousin. You can't keep your family tree private, your birth certificate is out there. Opting out of 23andMe won't help you here.
But that’s just it. You now get the 23 and me defence… my DNA data was hacked therefore there’s reasonable doubt the DNA linking me to the murder was synthesized from the 23 and me leak.
The fact that there is so much potential for the use of that information yet we haven't even started putting mechanisms in place to utilize it is what scares the hell out of me. If the threat model is 'to be determined' then especially when the data is being used commercially, for somewhat trivial reasons and without any substantial legal protections then the way to act is 'from my cold, dead, hands'.
Just remember that no matter who in charge you think is neutral or bad or great, things change, attitudes change, shit happens (remember the Patriot Act?)...
It isn't paranoid to say 'I don't trust the future, let's act cautiously instead of frivolously with things that have the potential to be extremely valuable to me, extremely impactful to society, and in which currently sits the greatest unexplored potential of this generation'.
Cool so you going to wear gloves every time you eat out, touch a door, hold a glass etc.? You’re shedding DNA throughout the day. How is that fundamentally different?
If I said I didn't want to go hunting with Dick Cheyney would you ask if I wore a bullet proof vest everywhere I went? When people look before walking into an intersection do you ask them if they erect bollards in front of their house?
But ok. Next time you go in for surgery tell the doc not to wash their hands because you aren't a scaredy cat.
Refusing to willingly take stupid risks is different than trying to live a life without them at all.
Biometric auth being used more and more every day. Not hard to see requirements or and crime/impersonation in the future. Gattaca is still far off but one step closer than it was.
Someday when DNA synthesis machines have enough write length to be able to synthesize entire human chromosomes, someone with your genome data could clone you without your consent. Even if this takes 50 years to become possible, you still might not want unauthorized clones of you being made using data that you gave up when you were younger.
That's not possible with 23andMe data, they have 640,000 SNPs, not the entire genome/exome/methylome. They have 640k points where the genome is often different from others, but your own genome is 3Gbp long (3,000,000,000 basepairs) with usually a few million SNPs per person. 23andMe has a subset of the diversity in your genome.
That's good to know. In that case, my concern would lie with the physical saliva samples that 23andMe has retained, since they could be comprehensively sequenced later.
That is true! Samples are usually good forever in the freezer. Do they keep all samples?
Running -80C freezers is not cheap! I have 3 -80C freezers in my lab, those large chest-freezers, and each uses 22 kWh per day for a total of 66 kWh per day. Apparently the average US household consumes 29 kWh per day, so we use up 2 houses per day.
Our freezers certainly don't hold the 14 million samples 23andMe supposedly has, more like in the low thousands. They'd need the power-usage of a city to keep all those samples OK!
You can extract the DNA and store that instead - and they already had to that to their analysis in the first place. Far smaller volume than the raw sample.
Storing this for an effectively indefinite amount is not uncommon. I used to work at a clinical genetics lab, and some material had to be stored (by law!) for a whopping 120 years.
That was not the question asked. Google is good at data security, and at the same time they are probably the biggest privacy violators, and both of this can be true.
Some users may consider targeting advertising to be a threat, others less so.
My take is, if targeted advertising is the biggest thing you're worried about in terms of cybersecurity, you are probably doing reasonably well at staying secure.
It's the kind of answer that makes me wish people actually followed the HN guidelines. I understand people are very passionate, but I prefer to make decisions based on facts. My experience is that the people who are super passionate often show themselves to be uninformed when you drill down and start asking them hard questions about their strong claims.
I'm not particularly worried about Google stealing my credit card number and making fraudulent purchases. But I am worried about criminal organizations doing this.
There's so much FUD on HN about big tech companies, but I'm skeptical that their wickedness actually lives up to the hype. I suspect it is more of a clickbait miasma (journalists hate Google because they took revenue from the media industry) than anything based in fact. Google provides free and useful products (Google Search, Gmail, Android) to people across the world. Billions of people use this stuff voluntarily -- why?
If Google is "about as user hostile of an organization as there has ever been", it should be easy for you to come up with at least 3 examples off the top of your head (no searching for "14 ways Google is evil" listicles) of them being at least as nasty (on a per capita basis relative to the population of people they have relationships with) as the literal mafia. It should be no trouble at all. So, could you please do that for me?
Over a billion people smoke cigarettes, doesn't make it a good idea. Most of the worlds population can't afford an iPhone, so are left using Android.
Is it unreasonable to think they're probably doing something else illegal that hurts us right now? Or that they'll use their ill gotten treasure hoard to buy the resolution of their choice when they're caught again?
I agree that if the NSA is your threat model, then you shouldn't trust any company.
I also think we can learn a lot about security from Google even if they comply with federal court orders requesting user data. "Willingness to comply with federal court orders" and "competence at securing data against cyberattacks" are two different things.
"if NSA is your threat model" sounds like something somebody from the 1980's would say. It's been a long time now that we've known they spy on everybody and that they share the data, and they Five Eyes the data they can't get. NSA is everybody's threat model and it has been for a long time. Intervening in electoral politics, getting private companies to do their bidding... where have you been?
The turn this thread has taken has been interesting. A few comments ago,
stcroixx wrote:
>Have you ever seen security done right anywhere? In my experience, it's always the bare minimum.
I think there's a lot of ground between doing the bare minimum for security and hardening your organization against the NSA. Every step towards greater security is a step I support, even if your organization isn't able to reach the "hardened against the NSA" level.
I'm happy for you if you want to harden yourself against the NSA, but I dislike black-and-white thinking. I care about harms to users which come from non-NSA threats too. Case in point: the original post about hackers selling 23andme data -- presumably to clients who are not the NSA, in some cases.
If every discussion of how to improve security gets derailed into a discussion of how evil the NSA is and how practically no one is secure against them, then organizations will continue to do security badly, and we'll see more breaches like this 23andme breach. Fatalism is a self-fulfilling prophecy. I see it every day here on HN.
When "your" military officers are selling state secrets out for $5k in bribes [0], you realize there's probably very little you can do to prevent bad actors in positions of trust from blowing up any security model anywhere. Your only choice is between minimizing your risk with hoping for the best, or rolling your own everything and not taking part in any modern anything and living and dying alone. And even then, there's still probably going to be a file on you somewhere.
What's interesting to me remembering this is that back then, even that late into Google's life, Google had enough people to actually be pissed off about this and try doing something about it. Google of today? I have the sense that management would just shrug its shoulders and let the violating by any nation-state-backed group that pleases continue.
There's a mutual cynicism here. If Google's users think: "Google will violate my privacy no matter what, there's no point in complaining", then Google's executives will think: "Users will believe we are weak on privacy no matter what, there's no point in protecting user privacy".
To break the cycle, it helps to share concrete evidence of Google misbehaving rather than just presenting it as a fact that everyone knows. You get what you incentivize. If the feeling that Google sucks on privacy isn't linked to specific Google misbehavior whenever it is brought up, Google execs will correctly realize that users will feel the same no matter what decisions they actually make.
As a concrete point for discussion, in the zdnet article it states:
>After the news about NSA snooping first broke over the summer, Google decided it was time to start encrypting its datacenter-to-datacenter communications.
Is there an analogous security story from more recently where Google didn't try to address the problem in a similar way?
One thing I've come to realize over the past couple of decades is that with internet/tech/VC startups in particular, the statements they make about goals, philosophy, core values, and ethics are subject to change as needed to secure more funding, increase revenue, or in case of acquisition.
You really cannot trust what any company says until they've been in business at least ten years with an unbroken record of responsible, trustworthy operation. And even then it can all change with a merger.
Well, maybe. I for one _absolutely_ didn't participate b.c. I didn't want my DNA and personally identifying information owned by any company. I can't imagine that there aren't many others like me.
I would, however, love to send my DNA to a company if they could provide the results without knowing any information about me whatsoever. For instance: I would be more than willing to buy the kit with cash and send it back with a burner email. Has anyone heard of such a service?
But then, without all that extra data, they would actually have to do some dna testing, rather than than determining your likely background heuristically.
I read somewhere a while ago that the FBI gets free access to the data, which was enough reason for me. This is just icing on the cake. Though more than likely a few of my relatives sent it there already, so not that it matters anyway.
There is a reason Pootin, and some other world leaders, have a black case carried behind them by a member of security team. This is to collect poo so no genetic information falls into the vials of the enemy.
This is hilarious, and completely absolves everyone from bad decision making like this. My immediate reaction to 23andme was "there's no way in hell I'm sending something as private and personal as my DNA to a private company".
Why? Because there's no telling what happens to it. It's a failure of judgement to believe that just because a company is reputable today that it will be reputable tomorrow. Companies change owners, they change board members, they get bought and sold. And _hacked_.
So let's stop this nonsense of giving everyone a free pass because it was a "solid, reputable company". Maybe we can give grandma a pass, but someone on a technically minded forum such as HN should know better.
Paranoid me can imagine a situation where some political enemy needs eliminated and a fall guy needs found. Sprinkle a little 23andme acquired DNA on the scene and some random citizen gets convicted.
>Back then, few people had the mindset of, "if they own my data, they own me." But we're starting to see it take hold.
Really? You're being either very generous or very naive here, because even back then it seemed blindingly obvious that it's a bad bloody idea to trust a tech company of nearly any kind to safeguard your data securely or honestly. Then double the paranoia when it comes to your genetic information. For somebody working in the tech space in particular to have not been be cynical about this is plainly absurd.
From a decision-making standpoint it seems difficult to argue that you made the wrong choice. At the time when the $99 kits were ubiquitous, 23andme seemed like a solid, reputable company.
I am interested in genetics, but I didn't trust google, and I trusted a google spouse company even less (it's like John Lennon's Google, and Yoko Ono's 23andMe, when I didn't trust Lennon to begin with) and my data hasn't been spilled. Half of you are thinking of all sorts of epithets to call me, but fact is, I was right about 23andMe. From a decision-making standpoint, slam dunk for me and anybody who listened to me. It was not an unusual position to take. "What. Could. Go. Wrong?"
(I'm fully aware they probably already have my data from numerous blood tests I've taken from normal medical checkups, etc. but what could I have done about that?)
I don’t know. I trust Google the most. They’re basically an aimless company with the strongest technically secure infrastructure I’ve seen with the strongest privacy policies implemented (just read about their infra). I think people give in to what people say versus say what they do. Just because Google runs an ad company doesn’t mean shit. What they’ve done with your data (their “actions”) for the past 25 years means way more (they absolutely do nothing with your data — in fact, they seem to completely waste it).
The link between 23andme and Google is tangential at best. Anne Wojcicki and Sergey Brin were married and that’s it, but they are completely two different people.
I have no idea how you’d ever consider 23andme a reputable company. Reputation comes from 20+ years of history — your actions, not what you say. 23andme is not even 20 years old yet — how can you trust something that young?
I forgot which company I used, but part of their deal was that you had the ability to delete your DNA data. Which I guess would’ve come in handy for a lot of people with 23andme. If you had chosen to do so of course.
While we’re on the subject of social media I feel the need to point out that you don’t need to keep saying this and it also doesn’t make much sense to bother. This isn’t a debate club meetup. People can latch on to parts of the conversation and focus on that if they want.
If you see the alternatives as moderate the thread or ignore it all, I agree with you. But for me the alternatives are moderate the thread or allow them to drag me into a hundred debates about a hundred different things. I was going to participate in the discussion either way.
I don't know if I necessarily agree, especially with D = decoupling. However I do like the idea of dead simple code. Often I'll find code written by self styled haxors who omit curly braces and nest ternary operators because they can. That's great but it ends up biting you in the ass.
The code itself should be treated internally like part of the product and it should be easily extensible, of uniform style, and written so safely that if a child added a line to the code it wouldn't break it entirely.
This is especially true of languages that support macros. If inclusion or modification of macros in your code cannot be done, it is probably a bad sign. When writing code to be resistant to hardware attacks for instance there is a different style that must be adopted entirely, if everyone is writing the fanciest for-loops fathomable then it becomes inefficient and a risk to code correctness to mutate the code to resist classes of attacks. This is terrible and not worth it just because an elite haxor wanted to write a for loop in a single line.
> Often I'll find code written by self styled haxors who omit curly braces and nest ternary operators because they can. That's great but it ends up biting you in the ass.
I've worked on codebases where omitting curly braces for single line IF was the style, but can't recall ever being 'bitten in the ass' by that particular style choice. I can see how when combined with other questionable style choices it could yield some very ugly and error prone code, but by itself I really have trouble understanding why people object to it.
