>We filtered out all spatiotemporal edges in the entity graph with an implied speed of <300 kilometers per hour or <200 kilometers distance, IIRC. This was the proxy for "was on a plane". It also implicitly provided the origin and destination.
Sounds like the bigger issue is that you're able to get "spatiotemporal" data in the first place? Otherwise it's like saying "we can figure out all stores you've been to, if we have your credit card transaction history". Sure, it's kinda creepy that you can figure out which stores I went to, but the bigger problem is that you can get the transaction data in the first place. Moreover whatever "spatiotemporal" data needed to reconstruct such flight history is probably more valuable than the flight history itself. Who cares if you know Joe flew on United 8340 when you have hour-by-hour updates on his rough location?
> Otherwise it's like saying "we can figure out all stores you've been to, if we have your credit card transaction history".
The preposterous thing is that payment processors aren't just allowed to collect this information and tie it to your name, they're required to do that.
People talk a big game about fighting fascism, but how can you allow these laws to exist if you can contemplate what happens when actual fascists get hold of that data going back decades? They need to be dismantled now.
You can't have a functioning society/civilization without giving some entities power: much like root privileges or ROP gadgets, anything designed for good can be abused in the hands of malicious parties.
There is no in-band method to prevent[0] subversion- no one can design an instruction set, security scheme or laws that are immune from subversion.
0. Except the evil-bit header in IPv4. Routing equipment always drop evil packets before they reach the victims network, stopping attacks before they happen.
Even if they weren’t required to do it, they would do it anyway because it’s an important part of fraud detection.
The vast majority of payments fraud is caused by the regulatory environment. Use cards with chips that can be read by commodity PCs and phones using published open standards and then require the card to be physically attached to a device to authorize a new merchant and criminals can no longer make fraudulent credit card charges without stealing the physical object or breaking strong cryptography.
The only reason we don't have this already is that the law makes it so hard to start a competing payments network -- in no small part as a result of KYC requirements -- that the incumbents are insulated from real competition and then don't have to fix the flaws in their systems.
Meanwhile you don't actually need everyone to do it, all you need is someone to do it and then that both becomes a competitive advantage in the market and allows any victim of official misconduct to use that one.
The people most opposed to this IME have been the "fascists" who wanted bitcoin. It's another one of those horseshoe situations I guess.
Arguing that we shouldn't do something because it would make it harder to enforce laws is not a convincing argument to me. It sounds like you want to enable people to be criminals.
> Arguing that we shouldn't do something because it would make it harder to enforce laws is not a convincing argument to me. It sounds like you want to enable people to be criminals.
I find this view to be lacking in nuance.
Laws are intended to exist with the consent of the governed. Substantially the whole of society agrees that murder should be illegal, so if someone commits murder we're willing to commit significant resources to investigating and prosecuting the perpetrator. It doesn't have to be efficient or have perfect enforcement because its purpose is to act as a deterrent. Everyone is willing to spend the resources to enforce those laws because everyone agrees that their enforcement is important. Enforcement efficiency is not required when there is popular consent.
Opposing laws that "help criminals" exposes society to shifts in the definition of a crime. When there is a law against being of a particular ethnicity or religion or political ideology, you want to enable people to be criminals. Preventing laws like that from ever being effective is worth sustaining a significant amount of inefficiency in the enforcement of other laws.
And this is not a binary distinction with "laws against murder" on one side and "laws against being Jewish" on the other. The latter is only the viscerally powerful extreme that once made us say never again.
The spectrum spans the full scale, where the middle is filled with police corruption and political retaliation against the opposition and petty busybodies inducing poverty and homelessness through the incompetent micromanagement of society.
Should governments have the ability to freeze the bank accounts of protesters? It doesn't matter what they're protesting or what crimes some minority of the protesters are alleged to have committed when the account freezes are instituted as collective punishment, the answer is no. The government should not have the ability to do that, because in that case they are the criminals, and structural defenses against government abuses are important.
>Opposing laws that "help criminals" exposes society to shifts in the definition of a crime.
This is not necessarily a good thing and laws can change without requiring them to be broken.
> This is not necessarily a good thing and laws can change without requiring them to be broken.
That's kind of the problem, right? Suppose you have a system that actually allows perfect enforcement and then the government passes a law against some religious practice. Espousing atheism is banned, or Islam, or Christianity, depending on who controls the government this time; take your pick. If anybody who does it is instantly brought up on charges with severe penalties then nobody does it. But that's bad. That's the problem. You need to sustain enough friction to prevent things like that from being possible because enforcing laws like that is worse than anything that could come out of making ordinary law enforcement require more resources.
>If anybody who does it is instantly brought up on charges with severe penalties then nobody does it. But that's bad.
I don't think it's bad. Similar to closed and open source software there is room for closed and open societies. They are different approaches that have different pros and cons.
Okay, let's go with your approach. Then the closed society is China or Iran and the open society is the US and other western countries, right? In which case we shouldn't have any such thing in the open countries.
>China or Iran and the open society is the US and other western countries, right?
Sure, but of course it isn't black and white.
>In which case we shouldn't have any such thing in the open countries.
I still think being able to effectively apply the will of We the People would be good to do. Being afraid that the people will be able to want for something you don't like to happen is disrespectful to the will of the people.
> It sounds like you want to enable people to be criminals.
Yes, wherever it is criminal to improve the wellbeing or support progress of society, I support the ability of people to be criminals.
Rosa Parks wasn't allowed to sit at the front of the bus. Criminal.
I doubt MLK had a permit for every march. Criminal.
I doubt the founding fathers were legally allowed to oppose the British taxes. Criminals.
A society with no crime is a dystopia.
You can justify almost anything as "progressing society" Tech companies can be "making the world a better place", but that shouldn't give then permission to break laws.
The mental model of how the law works that most people have is wrong.
The law does not, by default, prosecute all crimes. There is no country in the world that has even close to the law enforcement capacity to investigate and prosecute all crimes. What tends to happen instead is crimes that to put it colliquially, "piss off the wrong people" get prosecuted. ie, crimes that draw attention of either the general public or specific people in power.
A reasonable approximation is single digit or less of crimes get investigated and prosecuted, with it obviously being high for violent and visible crimes like murder and lower for less violent and visible crimes like stealing the office paperclips.
Another way of looking at this is, in the current system, if your house get burgled, you need to report it to the police if you expect anything to happen, whereas one could imagine another system where the police already know your house has been burgled and you don't need to report it.
I believe with AI we will be able to scale enforcement much better than a single digit percent. This will allow for more fair enforcement and reviews and cleanup of old laws or punishments which don't make sense anymore.
> Arguing that we shouldn't do something because it would make it harder to enforce laws
If you want to do it, get a warrant.
In almost all cases the best policy solution balances idealistic/theoretical goals with feasibility/pragmatism. A two dimensional analysis. This is more effective in nearly all domains, including this one.
Or from a different direction: if your method of analysis leads you to believe a HN contributor “want to enable people to be criminals” based on their policy preference about KYC, you’re not taking the discussion seriously.
At this point in human history, is it relevant to the individual whether someone is a criminal? What matters is whether they've injured someone else.
To use the US as an example (I doubt other countries are much better) it's estimated that every adult in the US commits multiple Federal felonies per day[1], Federal law is replete with ridiculous laws[2] and the number of federal laws is uncountable by Congressional Research Service staff. Does it matter at that point?
[1] Three Felonies A Day - ISBN 978-1594035227
[2] https://x.com/CrimeADay
>[1] Three Felonies A Day - ISBN 978-1594035227
That's not a serious estimate: https://news.ycombinator.com/item?id=43744267
Is a statistical analysis of the specific number actually the point? Suppose it was three felonies a year. What difference does that make when the prison sentence for each felony is also at least a year? The problem is the same; a prosecutor can throw anyone in prison simply because there are so many laws nobody can follow them all or even realize when they're violating one.
You can check the rest of the thread, but I'm not even convinced that the median person commits 3 crimes a year. Maybe there's an average of 3 felonies per day/month/year if you count all the small businesses that aren't complying with federal product/safety regulation to the letter (thus dragging up the average), but I can't think how realistically the average joe is committing 3 felonies per year.
> I can't think how realistically the average joe is committing 3 felonies per year.
Someone who smokes weed daily in a place where it's illegal could easily commit multiple crimes a day just for drug possession and consumption, for example.
Only 16% of Americans marijuana, according to Gallup. If you exclude people who are in states where it's legal/decriminalized, that'd probably be even lower. Needless to say, even if all 16% of them are criminals, that's far from the median person committing 3 felonies. Moreover the weed example isn't not even applicable to thesis of the book or the commenter that invoked it, which is that the US has so many regulations that nobody can hope to comply with them.
If 1/6 of Americans are potential repeat federal felons based on just one activity, I find it highly dubious that the other 5/6 can't be as well in the other hundreds of activities we undertake each day. Using your parents' Netflix/ Disney+/ etc password can technically be prosecuted under CFAA[1], for example. That's probably another 1/6 at least. Now it's 1/3 of the country.
[1]: https://decider.com/2022/01/04/is-it-federal-crime-to-share-...
> In 2016, the US 9th Circuit Court of Appeals ruled that sharing online passwords is a crime prosecutable under the Computer Fraud and Abuse Act.
Wikipedia on the case in question:
https://en.wikipedia.org/wiki/United_States_v._Nosal
>A few months after leaving Korn/Ferry, Nosal solicited three Korn/Ferry employees to help him start a competing executive search business. Before leaving the company, the employees downloaded a large volume of "highly confidential and proprietary" data from Korn/Ferry's computers, including source lists, names, and contact information for executives.
Extending that ruling to netflix password sharing is a stretch.
Moreover you can't say "I can think of one activity that many americans do is a felony", and then apply induction on it to claim that the other activities americans due surely contain felonies.
>That's probably another 1/6 at least. Now it's 1/3 of the country.
That's only true if you assume the population of weed smoker and netfilx watchers don't intersect, which is... doubtful.
> If you exclude people who are in states where it's legal/decriminalized
There is no state where cannabis derivatives are federally legal.
https://www.ecfr.gov/current/title-21/chapter-II/part-1308
Yeah I agree, though include "knowingly employing unauthorized immigrants" in those averages.
Exceeding the driving speed limit is more of an "infraction" and not a crime until it becomes reckless.
> Maybe there's an average of 3 felonies per day/month/year if you count all the small businesses that aren't complying with federal product/safety regulation to the letter (thus dragging up the average), but I can't think how realistically the average joe is committing 3 felonies per year.
To begin with, let's not ignore how broad a category "small business" is. Laws requiring health inspections or licenses etc. often operate on the basis of frequency or number of patrons. If you have around a dozen people over for movie night every Saturday with the event published on social media and you all chip in for pizza, are you a food service business? For that matter, is that a public performance in violation of copyright?
If some criminals break into one of your devices or your personal website while you're traveling and you find out about it while you're out of state but don't have time to deal with it until you get back home, have you committed a crime? What if they put some illegal materials there and you clean off the device but still have a backup containing the illegal materials? What if you do delete all of them right away; is that destruction of evidence? What if there's a federal law against keeping the materials and a state law against destruction of evidence and a very specific way to comply with both of them at the same time that may not have been clearly decided by the appellate court when it was happening but has been decided by the time they bring the case against you? What if it was clear ahead of time but wasn't intuitive and you can't afford a lawyer and can't have one appointed until after you've been charged?
It's unreasonable to expect ordinary people to be able to navigate this.
>To begin with, let's not ignore how broad a category "small business" is. Laws requiring health inspections or licenses etc. often operate on the basis of frequency or number of patrons. If you have around a dozen people over for movie night every Saturday with the event published on social media and you all chip in for pizza, are you a food service business? For that matter, is that a public performance in violation of copyright?
That's what courts are for. I don't think there's any case where people tried to prosecute a shared movie night as a business, because it'd be laughed out of court. Same goes for whether it's copyright infringement or not. Moreover if you look at how authoritarian regimes work in practice, dissents are often prosecuted under national security laws, campaign finance violations, or libel laws, not because they violated the health code by having a movie night.
> That's what courts are for.
That isn't really how courts work. If you're violating the letter of the law then you are breaking the law and an actual impartial judge would enforce it against you. In practice whether they let you get away with it is based in significant part on whether or not they like you. If the judge doesn't like the administration then maybe they do like you. But if the judge doesn't like you for the same reason the administration doesn't like you then you're going to jail. And it shouldn't have to depend on that; we shouldn't have laws that people are constantly in technical violation of so that the only thing keeping anyone out of jail is prosecutorial discretion and judicial affinity.
Meanwhile you can characterize anything in a negative light. A random home kitchen typically isn't going to meet the standards for commercial operation and the prosecutor's press release isn't going to say "we're prosecuting our enemies for movie night", it's going to say "defendants were operating a for-profit restaurant in violation of zoning rules and storing uncooked meat above fish in the freezer used for storing food sold for resale in violation of the health code" and then stick them with a fine that would make them lose their house.
> Moreover if you look at how authoritarian regimes work in practice, dissents are often prosecuted under national security laws, campaign finance violations, or libel laws, not because they violated the health code by having a movie night.
When the dictator of petrolistan wants to retaliate against their enemies and those laws are available for that, sure.
When the mayor of some US town wants to do the same thing, they might very well resort to health code violations that wouldn't have otherwise been enforced.
Deterrents well short of political executions are still very much official misconduct.
Dissidents are most often prosecuted under those laws, yes, which is a good reason to not have those laws. But I’m aware of at least one case where a Cuban dissident was apprehended and prosecuted for buying cement in the black market, something the government was able to know because they most likely had somebody tagging the person 24/7 [^1]
But that exotic case is not that much needed. Laws will be abused by the powers whenever they want; you don’t need to look farther than the current USA administration and how the president is using war powers to treat poor laborers as enemy combatants and send them to concentration camps. And yet, USA’s system of government was designed in a way that should have prevented the executive to abuse power; why it has failed is another (difficult) discussion, but the founding fathers seemed well acquainted with the despotism of other nations.
[^1]: https://www.rtve.es/noticias/20090828/cuba-detiene-a-disiden...
> Sounds like the bigger issue is that you're able to get "spatiotemporal" data in the first place?
Almost all data is spatiotemporal data, people just aren't used to thinking about it like that. Everything that "happens" is an event with associated times and places.
Tagging of events with spatiotemporal attributes, or with metadata that can be used to infer spatiotemporal attributes, is pervasive. Every system data passes through, even if not the creator of it, observes the event of the data passing through it. Event observation is not trying to track things but it implicitly and necessarily creates the data that makes tracking and spatiotemporal inference possible.
These kinds of analyses rely almost entirely on knowing the events occurred; you could encrypt the contents of the data and it wouldn't matter. Software leaks spatiotemporal event context everywhere across myriad systems, internal and external, that incidentally collect it. There isn't anything nefarious about most of it and much of it is required for reasons of criminal and civil liability.
What people underestimate is that you can analytically stitch together many unrelated sparse data sources with spatiotemporal attributes, many of which are quite crap or seemingly unfit for purpose, to reconstruct a dense high-quality graph. Counter-intuitively, diverse and seemingly irrelevant data sources often produce better data models. It surfaces bias, errors, manipulation, and processing artifacts in individual sources you might otherwise miss.
It is much more difficult to access the obvious first-party data sources than it used to be, mostly because people with that data are far more selective about who they give access. It doesn't really matter, that is a speed bump for the unsophisticated. The exponential growth in the scale and diversity of network-connected telemetry of all types pretty much guarantees these data models will always be constructible.
The historical limiter has always been the absence of data infrastructure platforms that can handle these kinds of analytics at scale.
>Tagging of events with spatiotemporal attributes, or with metadata that can be used to infer spatiotemporal attributes, is pervasive. Every system data passes through, even if not the creator of it, observes the event of the data passing through it. Event observation is not trying to track things but it implicitly and necessarily creates the data that makes tracking and spatiotemporal inference possible.
>These kinds of analyses rely almost entirely on knowing the events occurred; you could encrypt the contents of the data and it wouldn't matter. Software leaks spatiotemporal event context everywhere across myriad systems, internal and external, that incidentally collect it. There isn't anything nefarious about most of it and much of it is required for reasons of criminal and civil liability.
>What people underestimate is that you can analytically stitch together many unrelated sparse data sources with spatiotemporal attributes, many of which are quite crap or seemingly unfit for purpose, to reconstruct a dense high-quality graph. Counter-intuitively, diverse and seemingly irrelevant data sources often produce better data models. It surfaces bias, errors, manipulation, and processing artifacts in individual sources you might otherwise miss.
That's a lot of technobabble for what essentially sounds like "there's some ad SDK that's phoning home with your gps/ip geolocation every few minutes, if you cross reference that with when flights are, you can guess what flight someone took". How far off am I? Or is there some galaxy brained AI that can infer that from disparate facts like that you stopped posting on twitter for 12 hours, your car's license plate was caught by an ALPR to be heading towards the airport, and 3 weeks ago you visited some portuguese tourism site that had an ad beacon installed?
Thank you for cleaning that up.
Education starts in the home: if it's not locally runnable and useable offline, it does not exist. We need to teach people how to be sneaky kids trying to sneak all things past authoritarian parents. That mindset is what will drive otherwise lemmings to doing things like making Qubes OS primary, getting a Google tablet and installing GrapheneOS on it, building a 48 hour battery life "comms bag" which is an LTE modem (or 5G) + a good OpenWRT capable router + battery packs and charging equipment.
Idea is: baseband is divorced from application processor and packed away into a separate radio station which can be brought online completely under the owners' control. That will be my next "cell phone."
> Sounds like the bigger issue is that you're able to get "spatiotemporal" data in the first place?
Yeah, this just sounds like it's written from the perspective of a data broker.
Tying particular ad analytics (presumably ip geolocation?) to thousands of particular individuals and having it well populated enough to track them is "privileged first-party data access" by another name.
Your location is leaked in many, many ways. Even if you have location services off on your phone, the first-party (Google, Apple) has access to your precise location. On Android, this bypasses VPNs, and I believe on iOS/Mac first-party apps also bypass VPNs. You are trusting that this data is not leaked to any third-parties. You cannot verify this, as the data is exfiltrated to servers which you can't verify.
Okay, fine, I'll just install another operating system then, like KDE plasma mobile or GrapheneOS. Your location is still leaked 24/7. This is because your cellular modem has it's own operating system, running underneath your phone's operating system, which is triangulating your location at all times. Once again, you are trusting that telecommunications companies aren't misusing this - but please remember they're complied, by law, to make a lot of this information available to numerous third parties.
Okay fine, let me just remove the Sim then and use my phone on Wifi only, always through a VPN. Your location is still being leaked potentially, for example, by your car. Your car also has a cellular modem which leaks your location, and you probably signed a contract allowing that data to be given to hundreds of third-parties.
Of course, all of this is assuming you don't use any social media. Social media can also leak your location, even without location services. If you review a restaurant - that's your location. Where are your friends? You're probably around them. And on and on.
> Your location is still being leaked potentially, for example, by your car. Your car also has a cellular modem which leaks your location, and you probably signed a contract allowing that data to be given to hundreds of third-parties.
Ok, fine. I'll just drive classic cars for the rest of my life. Your location is still being leaked by a global network of automated license plate reading cameras https://deflock.me/
We literally need to train kids in Spy vs Spy tier information security if we want them to have a chance at being adults capable of avoiding this grid in any appreciable way.
>On Android, this bypasses VPNs
source?
>You are trusting that this data is not leaked to any third-parties. You cannot verify this, as the data is exfiltrated to servers which you can't verify.
At least on Android you can theoretically disable "google location accuracy" which stops it sending nearby hotspot mac addresses to Google. That's the only public route where google gets your location without you knowingly sending to it. You also imply that mobile operating systems are surreptitiously sending locations back to google/apple even if users have all location related features disabled, but I'm not aware of any evidence this is the case, and this falls into same category as "facebook is secretly listening to you" territory until proven otherwise.
I mean you're saying a lot for rhetorical effect, but it doesn't get around the fact that there aren't that many avenues to reliably collect this data, with high enough resolution and tied to identity, for thousands/millions of individuals, and if you do have that data, you're basically a data broker. I mean, yes, all those things are true, and they're pooled together and available for sale by data brokers.
It's also disappointing that the root comment is distracting from the 4th amendment violations by making the conversation about their vague claims of selling mini-palantir demos through abusing web ads.
The assumption that the data must be "high resolution" is erroneous. Low resolution noisy data works just fine, you just need a lot more of it. You can use standard signal processing tricks such as stacking noisy low-resolution data to extract high-resolution features. This requires a lot more processing but that isn't much of a limitation. These reconstruction techniques work even if the data is from unrelated sources that aren't even trying to measure the thing you are measuring.
Any data exhaust will work, people have created interesting PoCs leveraging things like HVAC data, RF attenuation, etc. High-precision weather models essentially work the same way, making inferences by stitching together diverse event data that has nothing to do with weather.
High-quality high-resolution data sources largely don't exist in the way people imagine they do, so you need to do this anyway. If you have a high-resolution spatiotemporal graph for entities, tying it to identity is always trivial.
It would be more common if it weren't for the fact that open source platforms scale poorly for this type of analytical processing.
Anyone could have acquired this data the time, it was all either free or cheap. Like I said, my business was specialized data infrastructure (e.g. storage engines and analytical parallel processing), we just used these data sources for testing and demos because "free or cheap".
I also have a lot of experience with privileged first-party data but that is governed by a different set of rules and is often regulated. You have to be much more circumspect about how you use it.
Even though it might be convenient to e.g. slurp telemetry off a mobile carrier's backbone, what you eventually realize is the inability to do this isn't a real limitation and in some ways is a blessing in disguise.
Twitter has had timestamped amd geotagged posts for ages. Just clustering things like hashtags of tweets spatiotemporally results in a treasure trove if information about events.
I'm sure that other platforms attach the same kind of info to posts. It's just a matter of scraping it.
but it's obviously very easy ro get from social media? e.g. you have a post from paris and then later that day a post from brussels
There's dozens of flights per day from paris to brussels, so that wouldn't uniquely identify a flight.