
How We Uncovered the Real Identity Behind “Startup L. Jackson” - dshankar
https://syrah.co/joshdickson40/5604e5e10fc1786b0152a51a
======
eli
> _The more I dug into the real SLJ, the more wrong it seemed. It felt
> uncomfortably close to doxing._

I'm having a hard time seeing how it could possibly be anything but "doxing."

~~~
david_shaw
I think that depends on how you define "doxing." Yes, you're identifying a
person's real information. On the other hand, malicious "doxing" usually means
publishing phone number, address, kid's name, personal email address,
Facebook, etc.

I think there's a clear difference between correlating a pseudonym to a real-
life identity, and malicious "doxing" that could cause harm.

~~~
JoshTriplett
> I think there's a clear difference between correlating a pseudonym to a
> real-life identity, and malicious "doxing" that could cause harm.

People use pseudonyms for a reason. Deanonymizing them can cause them harm,
ranging from getting fired to getting arrested to causing severe social
strife. Not your decision to make.

~~~
mbrutsch
> Deanonymizing them can cause them harm, ranging from getting fired to
> getting arrested to causing severe social strife.

Luckily I committed no crimes, or I would have had a hat trick.

> Not your decision to make.

There's actually a lot of debate and discussion about this issue; I am always
surprised at the number and tenor of those who wholeheartedly support making
this kind of decision.

~~~
iwwr
You can be an asshole even without breaking the law.

------
gkoberger
Great analysis, and really glad Josh didn't out SLJ.

SLJ is great because, due to his anonymity, his ideas stand on their own
merit. Being outed killed Fake Steve Jobs; it'd do the same to SLJ.

~~~
elektromekatron
I do wonder though, given the outcome, whether they did get a knock from the
wolf.

~~~
joshdickson
i'm on the lookout

~~~
mhartl
He's thirty minutes away. He'll be there in ten.

~~~
hoers
He's precise like that.

~~~
mhartl
Your response is a _non sequitur_ , which could explain the downvoting (though
certainly not by me). My comment was a reference to this:
[https://www.youtube.com/watch?v=ANPsHKpti48](https://www.youtube.com/watch?v=ANPsHKpti48)

------
tsieling
Props for not going through with the outing. There's a weird sense of
entitlement that people have, that they have the right to unmask someone doing
nothing wrong but choosing to be anonymous. I'm really glad to read the author
overcame that urge, it helps keep the world a little more interesting.

~~~
joshdickson
Author here. I'm not sure it's directly a sense of entitlement, though you
could certainly argue that it's in play whether or not the author seems to
notice. There's a sense that you found out the truth, and people want to know
the truth. That's where Gawker got stuck; when one of your mottos/mantras is
something like "we put truths on the internet," you feel like it's your __job
__to go through with it. You feel like people are entitled to know. This is
certainly borderline, and I feel like I could have defended either call, but I
think we made the right decision.

~~~
biot
I think some people get a high/rush/satisfaction [0] from revealing privileged
information. Others get the same feeling from guarding privileged information
and being one of the trusted few to know.

[0] I'm sure there's a nice, concise word that fits what I'm unable to
articulate here.

~~~
uxp
Isn't that the same feeling that comes when one believes what is popularly
construed as a conspiracy theory? I mean, you have this bit of information
that the entire world doesn't know (or doesn't care or believes differently),
and you _know_ that it's correct. Granted, one like this story is factual
information where as conspiracy theories are theoretical (obviously), but the
sense of responsibility of knowing that information makes people want to share
it as wide and as far as they can muster so they can be the leader or
originator of a movement changing the status quo.

------
Perceptes
One thing I've always wondered about these types of anonymous "Internet
famous" people: How are they not instantly outed by someone who works for any
of the providers in between their Twitter client and the readers? Are they all
taking extremely careful steps to use things like Tor and anonymous email to
prevent the process of tweeting from leaving a trail of bits anyone with
access can see?

~~~
patio11
If your adversary is a Twitter employee, you graph "Payoff for 'outing' vs.
likelihood of being fired" and come to the conclusion that no Twitter employee
has cared enough. If your adversary is substantially better resourced than a
Twitter employee or would not suffer equivalent costs (e.g. if your adversary
is law enforcement), assume the inevitability of compromise.

An interesting question is "How would you rate the ability of e.g.
investigative journalists on this score?", to which I answer "Equivalent to
their ability to ask someone in their social circle to tell them what the
answer is."

~~~
hkmurakami
I'd add that the potential is worse than just getting fired. This could cause
a fall in the stock price and a subsequent lawsuit.

~~~
azernik
Those probably don't hit the employee themselves; those hit the company.
Classic principal-agent problem.

~~~
nostrademons
Companies will often sue for the difference. If random company X employee
doxes a client of X, and then the market cap of X falls by $Y on the news and
consequence loss of trust, company X has a pretty good case that financial
damages of $Y are warranted through the actions of the employee's breach of
contract. Chances are, the employee has nowhere close to $Y in assets, but
will settle for $Z << $Y to avoid having a huge lawsuit with the potential to
garnish many years worth of wages hanging over their head.

Many people who might think that the risk of being fired is worth having the
inside scoop on a story might reconsider when the threat is a lawsuit from
Google/Facebook/Twitter.

------
ajsharp
Really cool article. However, I found myself thinking, "ok, that's nice of you
for not doxing the guy, but, you kinda just handed the keys to the kingdom to
the internet." Doesn't seem like SLJ cares one way or another, but, I got the
feeling that the author knows that this article will undoubtedly lead to SLJ's
outing within a month, two months tops. There's _more_ than enough bored
programmers out there who'll just apply the methods described wholesale, and
throw it out there on reddit, or wherever. So, I'm not sure how I feel about
the whole "doing the right thing by not doxxing" issue, b/c it seems like
we're sort of splitting hairs on the issue.

~~~
joshdickson
Everything that we used is now completely gone.

~~~
Schwolop
Right, so now we need to look for people who've recently deleted posts, and
recently followed you, and ... :-)

------
flashman
This is the (ultimately fruitless) approach I used:

1\. Find the people who were within SLJ's first few hundred followers (the API
gives an account's followers in the reverse order they followed the account).

2\. Assuming some of the early followers knew SLJ's real life identity, find
which accounts many of them were following prior to following SLJ.

3\. Accounts which are followed by relatively many of SLJ's early followers,
but relatively few of SLJ's later followers, are candidates for SLJ's real
identity.

Ultimately I couldn't make it work, although my guess is that SLJ has some
connection to Pivotal (either is a former employee or has worked with them on
projects).

------
syllogism
Great article. If nothing else, spreading the word about the severe
limitations of stylometry is very important. This stuff gets used in
forensics, and like other oversold forensic techniques, causes some terrible
injustices. Once the court has allowed some expert testimony, the jury is
instructed to take it at face value.

~~~
joshdickson
I am by no means an expert, in fact, it was really that having no expertise
led me to dismiss it from what I ended up doing. I still wanted to mention it
because (1) it's super interesting, (2) I think that it's not well known
about, and (3) maybe I could catch someone who is only sort of tangentially
into code or engineering, and hook them in with this sort of use case.
Probably asking for a little too much on the last part ;)

------
bsmith
Cached version:
[http://webcache.googleusercontent.com/search?q=cache:https:/...](http://webcache.googleusercontent.com/search?q=cache:https://syrah.co/joshdickson40/5604e5e10fc1786b0152a51a)

Looks like HN has hugged it to death...

~~~
joshdickson
thank you for linking this!!!

~~~
bsmith
Anytime. Thank you for a fascinating read :)

Any idea why the images aren't working?

~~~
joshdickson
yes our hosting provider is having problems with them, and when we get them
mounted it kills the site. when traffic dies down a little they'll go back up.
unfortunately #4 on HN is a little late to make a site arch change lol

------
jsnk
Am I the only one who can't see the scrollbar on the page? Looks like a misuse
of overflow:hidden;

~~~
cryptonaut
I'm missing the scroll bar too, it's really annoying. After looking at the
stylesheet it looks like it's due to this rule: body::-webkit-scrollbar {
width: 0!important; }. If you remove that rule the scroll bar will be visible
again. Here's some JavaScript that you can copy-paste into the address bar to
fix it (only tested on Chromium):

    
    
        javascript:void(_(document.styleSheets).chain().pluck('rules').map(_.flatten).flatten(true).findWhere({selectorText:"body::-webkit-scrollbar"}).value().style.removeProperty('width'))

------
aaronbrethorst
I haven't got anything to back it up, but I've always assumed it was Dave
McClure. I'm much more curious about who FAKE GRIMLOCK is.

~~~
ghayes
I once heard Dave say who knew who SLJ was, and he directly denied it was
himself.

~~~
joshdickson
It's not him.

------
doughj3
Does this website not have a scrollbar?

~~~
RIMR
You know how you're never supposed to screw with the scroll elements in a web
page? Syrah.co missed the memo...

I guess everyone in the whole world has a scrollwheel and/or touchscreen.
Screw anyone who doesn't, you can just read the top of the page...

~~~
joshdickson
I wrote the post and made the site it's on. There are really people who don't
have either of those?

But really, we just don't have everything done yet, I wrote everything on my
own. We'll fix it in an upcoming update, sorry for the issues.

~~~
nfoz
> we just don't have everything done yet, I wrote everything on my own.

Scrollbars work perfectly when you don't write anything.

~~~
joshdickson
Look this is a pet project, we're experimenting with different things, I
happen to like it the way it is. Last time we were on the top of HN earlier
this month our font was too light; I liked it as is, but I was wrong. It
changed. If we're wrong on this, it'll change too.

------
sarciszewski
I'm extremely delighted that they spelled doxing correctly (one X, not two).

~~~
joshdickson
lol it was wrong in drafts!

------
raimille1
Great job man!! This is awesome, on point ethics lesson as well.

~~~
joshdickson
Thanks, the last part was the hardest to write, by far. I revised it a number
of times. The goal there was really to sort of draw a comparison with the
Gawker post, which I found abhorrent when it happened, and getting caught up
in your own thing and not seeing the situation clearly. Seems to have come
across OK.

------
vermontdevil
I'm sure he's prepared for being outed one day in the future. Glad it's not
now. Always enjoyed his tweets.

------
robgibbons
He won't talk? Time to grab my wrench...

------
sireat
True Names and other dangers.

~~~
teddyh
For those who might not have gotten the reference:

[https://en.wikipedia.org/wiki/True_Names](https://en.wikipedia.org/wiki/True_Names)

------
keithwhor
Fantastically resourceful. Great read.

------
juiced
The posts top picture of Eminem is already telling me it is Ben Horowitz.

