you should assume that to sufficiently motivated megacorps, palantir, and the u.s. federal government, your best attempts at online anonymity can probably be circumvented by one failure point or another. i've taken relative pains to separate my username from my real life, and i know it's still not really meaningfully anonymous if the right company wants to figure it out. if they want ya, they got ya. everyone should post accordingly.

[–] ComradeRat@hexbear.net 12 points 1 month ago

I always figure theres little point having better opsec than me org (we use google lol 💀)

[–] chgxvjh@hexbear.net 7 points 1 month ago

There isn't that much traffic on hexbear. ISP could pretty easily time TCP connections to Hexbear with when accounts post stuff.

[–] BountifulEggnog@hexbear.net 10 points 1 month ago* (last edited 1 month ago) (1 children)

I wondered about this and had an idea for a (similar but worse) pipeline, very interesting paper.

Wonder when this will be on github and every nerd has a copy running on their computer.

[–] RNAi@hexbear.net 6 points 1 month ago

The Gestapo 3.0 will be crowfunded by the worst people you know

[–] quarrk@hexbear.net 9 points 1 month ago (2 children)

Even if it’s possible, don’t make it easy. Too many people post here hyper specific details like “my grandfather with has an adopted daughter from Bangladesh who became a rural doctor”

Don’t make things too personal here, even if most of us are friendly

[–] Tabitha@hexbear.net 9 points 1 month ago

Stylometric surveillance is already here and does not depend on the target telling the same story twice. I'm not even sure LLMs help the surveillors, but as a community we should investigate more into adversarial stylometry.

[–] electric_nan@lemmy.ml 9 points 1 month ago (1 children)

Salt your posts with disinformation as well. Mention things about yourself that aren't true.

[–] Liketearsinrain@lemmy.ml 9 points 1 month ago (1 children)

This is the way. I do it by having bad takes on purpose.

[–] LeninWeave@hexbear.net 1 points 1 month ago* (last edited 1 month ago)

deleted

[–] TankieTanuki@hexbear.net 9 points 1 month ago (1 children)

How is it possible to validate the results?

[–] BountifulEggnog@hexbear.net 6 points 1 month ago* (last edited 1 month ago) (1 children)

The paper has several different datasets and explains how they got them, but for their test data they already knew the link existed. I think this one is probably the most relevant for actual attacks. They split accounts, giving a one year gap in their post history to simulate an abandoned account etc and added some fake profiles that didn't have a match.

If you mean running this yourself, you can't, they didn't post prompts or anything. Just an overview of their pipeline. Sorry at first I thought you meant how could they validate that the users were the same person.

[–] TankieTanuki@hexbear.net 8 points 1 month ago (1 children)

Oh I see, they stripped the usernames and matched the comments. I thought they were claiming to have matched usernames to legal identities.

[–] BountifulEggnog@hexbear.net 12 points 1 month ago

They did that too, with hackernews and linkedin accounts, as well as some anthropic interviewees. I'm less sure how impressive that is, because the accounts were linked by the owner. So they obviously don't care about opsec, so they're probably less careful then they otherwise would be. The paper isn't a super hard read if you're interested. But yea they don't actually dox reddit users, they do multiple different steps in that chain but not the whole thing. Guess we'll all have to see how well this works in practice.

[–] XxFemboy_Stalin_420_69xX@hexbear.net 8 points 1 month ago

:shocked-pikachu: