
Ask HN: Tor accessibility for throwaways? - fabulist
Hi,<p>I think it would be nice if one could make a throwaway account with the following properties:<p>1. It cannot upvote or flag comments or posts (I&#x27;m under the impression everyone has a multiplier based on magic factors you&#x27;ve found useful in deterring voter rings; this account has a multiplier of 0.)<p>2. It can only interact with stories it has created<p>3. It is marked in a different color than &quot;new-user green&quot;<p>4. It is able to use Tor even though their account is fresh.<p>Unfortunately my reasoning for this did not fit into 2000 characters. If you&#x27;d kindly follow the link below, it shouldn&#x27;t take too long to read (it&#x27;s about 600 words). I apologize for the inconvenience.<p>http:&#x2F;&#x2F;pastebin.com&#x2F;g1r4V3Ds
======
dalke
A solution for your threat model is for the whistleblower to set up a proxy on
some cloud server. For example, here are instructions for how to set up 'Your
own proxy and VPN on Amazon EC2' \-
[https://en.wikibooks.org/wiki/How_to_Protect_your_Internet_A...](https://en.wikibooks.org/wiki/How_to_Protect_your_Internet_Anonymity_and_Privacy/Your_own_proxy_and_VPN_on_Amazon_EC2)
. Problem solved, no, for the problem envisioned in your model?

You write 'the founder logs on to join the conversation ... with only the
throwaway and CEO participating'. Why does the founder even want to 'join the
conversation'? The supposed reason is to prevent overreaction, but there are
naysayers and doubters and even those who lie about a company for the 'lulz',
so it would be odd to see a founder jump on this one criticism and not all of
the others.

The tradeoff is a chance of finding the IP address of a user's NAT'ed machine
[1] among all of the _readers_ (which is larger than the _commenters_ ) vs.
the bigger downside of drawing attention to the thread. More people read a
thread if there are comments, and I'll bet that some people will track posting
by founders of darling companies.

If there is a thread, then why doesn't the founder let all the company's fans
downvote and chastise the whisteblower for being an anonymous liar? And in any
case, the more readers, the less useful the IP/geo tracking data.

The "only interact with stories it has created" has a big limitation. If there
is a big thread, then the founder would post a response to the company's blog,
and someone will post a new story " _X responds_ ". Our whistleblower would be
unable to comment on this new thread.

[1] It would be better for our founder to use the Geolocation API than IP
address. But our intrepid whistleblower even with Tor must be careful to strip
geo and other identifying information from images, and other thing beyond what
HN can hope to do, to be really safe.

~~~
fabulist
I didn't mean to say our hypothetical founder joined the thread in a fiendish
attempt to unmask the throwaway. I don't think this is a very likely
possibility. I do think that they may, opportunistically, hunt through their
logs.

My point was that people are not going to go through the effort to set up a
proxy, they're going to let the matter drop.

~~~
dalke
People who go through the effort of installing and using Tor, and are HN
readers, are not likely to consider setting up a proxy to be much effort.

"they may, opportunistically, hunt through their logs"

That doesn't address my other points. Why should the founder jump on this
specific comment, and draw attention to it? Why should that conversation be on
HN rather than responding on the company's blog? How easy is it to take the
conversation on HN to another story which excludes the whistleblower from
participating?

~~~
fabulist
I guess my bias is revealed in my conception that Tor browser is something
everyone has lying around. If you aren't using plugable transports, installing
Tor browser is trivial (single-click configuration after you've extracted the
archive).

In my experience, setting up a daemon to do something trivial is always "not
much effort" until something goes wrong and you throw in the towel an hour and
a half later. I suppose that SSH port forwarding is zero-configuration,
however, so perhaps you're right, and my suggestion is unnecessary.

I was really trying not to paint a picture of a malicious founder who is
scheming to paper something over with spin. The founder responded in the
thread because they're an honest business person who feels tempted to use a
piece of information that fell in their lap, as we all might.

That was a bad example, so I'm not going to try and defend why that
conversation should happen on HN (you're probably right that it shouldn't).
The reason someone might anonymously start a conversation on Hacker News would
have to be that the community has a vested interest in it's outcome, it is
embarrassing to the influential, and the consequences of revealing it openly
outweigh the perceived benefits.

But maybe my struggle to find a better example is indicative that this
situation is too rare to account for.

------
jmnicolas
I don't think it's useful for what you intend it to do, anonymous
whistleblowing.

I trust nobody on the internet but especially if they are anonymous.

If I tell you that Paul Graham loves to torture kitten, why would you believe
me unless I say it under my real name (and have some kind of proof) ? It would
be too easy to libel anybody you don't like.

Snowden understood that, and he had much more to loose than HN or SV creds or
even his job. If he had remained anonymous, people would still doubt his
revelations.

~~~
fabulist
Perhaps I picked a bad example. People are more likely to say something to the
effect of, "Paul Graham is wearing no clothes."

People are even more likely to say, "These people who, in the future, will be
my potential employers, are stark naked."

