
Stop Calling it ‘Identity Theft’ - herghost
https://securitybytes.io/quick-one-stop-calling-it-identity-theft-10a5ab9e1b60
======
mrweasel
Regardless of what you call it, the fact that someone using your information
to take out loans and signing all sorts of contracts should never be your
problem.

If a credit card company issues a card in your name to someone else, then
clearly they didn't do their verification properly.

It should be possible to have all your personal information floating around
and still be certain that no one can use that information for anything. I'm
pretty sure it works for Sweden where their SSN aren't secret, nor are
addresses or phone numbers.

Sure that may mean that you need to show up in the bank, or have a secure
government authentication method, but that's not beyond implementation.

~~~
snarf21
Exactly, some of this is semantics. To me, a skimmer duplicated card isn't
identity theft. Taking my identifying information and opening new credit is.

Again, this whole industry needs to change. We could cut massive amounts of
the estimated $200B loss in the US with just simple things like mandatory
chip+pin, 2FA or CCV for online purchases, your credit is always frozen and
only unfrozen for a 24 hour period at your specific request (requiring MFA).
It is so silly when I have to type in my 5 digit zip at the gas pump
(something someone could easily find online or by asking for ID) even though
my card has a chip.

~~~
zxcmx
Low trust versus high trust society is the thing you need to understand here.
You live in a high trust society which means that, in general, it is more
efficient to optimise for conversion rate than to deny valid but incompetent
or "unable to provide all the details" consumers.

~~~
zAy0LfpBZLC8mAC
While that might be true to a degree, chances are that what is really going on
here is that it is more profitable to externalize the costs of insufficient
authentication to unsuspecting people. While both result in higher profits,
one does so by actually increasing the value that is being created while the
other does so by making a third party pay, possibly even more than the
increase in profit, so one of them is more efficient for society, while the
other is just more efficient for the company but might still even be less
efficient for society overall.

~~~
zxcmx
I understand, but in practice the fraud liability when it comes to identifying
parties between two huge companies is very, very clearly laid out.

As in, weeks or months or years of discussion.

Not talking about credit cards thougn which are kind of a special case, where
yes, totally merchant gets screwed.

------
datr
Mitchell & Webb did a sketch on this over ten years ago:
[https://www.youtube.com/watch?v=CS9ptA3Ya9E](https://www.youtube.com/watch?v=CS9ptA3Ya9E)
It's worth a listen.

~~~
AndrewOMartin
I was going to post this, just be warned anyone who was meant to be working,
the Mitchell & Webb "related videos" on YouTube is an incredibly addictive
spiral.

------
cableshaft
Someone used my credit card number and went on a spending spree with it about
six months ago, and I had to get my details changed and a new number issued.
Since then I've been referring to it as having my identity stolen. Not too
long ago I met a guy who worked for a credit union, and he ripped me a new one
for it, saying "you didn't get your identity stolen, that's just credit card
fraud!"

While I see his point, that there's much, much more serious forms of it out
there, I still think it's pretty much the same thing, and that just because I
could get it more or less taken care of with an hour at the bank and didn't
have to go through years and years of pain to get things undone doesn't make
it any less identity theft.

Which is kind of the opposite point of the linked rant, I know. He's saying we
shouldn't let it be called that so corporations can pin the responsibility on
you and wiggle out of any liability.

~~~
delinka
Your case is distinctly different from “identity theft.” They simply got an
existing card number (by skimmg, by writing it down while holding your card,
by dumping the database of some ecommerce website, etc.) They didn’t pretend
to be you and ask a bank for a new line of credit. Your case is most assuredly
credit card fraud and nowhere near identity theft.

~~~
amelius
It's both "credit card fraud", and "gross negligence" on the part of the banks
for not implementing a long overdue secure payment system.

~~~
tyingq
There's no incentive for banks or credit card companies to fix online CC
fraud, because it costs them nothing.

They provide no reasonable fraud controls, because for card-not-present, the
merchant pays for the fraud. The merchant even gives the bank a $20-40 "bonus"
in the form of a charge back fee for every occurance.

------
mfisher101
If you are having to spend your time and resources to clean up a mess that was
not of your making, not to mention prove yourself innocent of making it, then
you are most certainly a victim in some sense.

You have a point about insurance, though I would argue that corporations
should be required to carry identity theft insurance in proportion to the
amount of personal data that they collect and store, for the benefit of the
victims created as a result of the theft and misuse of said data.

~~~
zAy0LfpBZLC8mAC
But the point is that the bank is who makes you a victim by baselessly
asserting that you are responsible for their blunders. You are not the victim
of someone pretending to be you, the bank is. You are the victim of the bank
making you spend resources on cleaning up their failure.

~~~
falcolas
This only matters because a measure of blame is assigned to the victims. Even
if we switch the words around and call it bank fraud, individual whose
identity was copied will still be the one to endure the pain and effort of
putting their affairs back in order.

~~~
zAy0LfpBZLC8mAC
Except it probably doesn't, framing matters.

People put up with it because they are led to believe that it's their problem,
just like if someone broke into their home and stole their TV. People would be
much less likely to accept the same reasoning from their bank if it were not
stated as "Someone stole your identity, we are sorry you have to pay this",
but instead as "A third party defrauded us, we are sorry you have to pay
this".

------
xtiansimon
Identity Theft sounds better than, "someone pretending to be me has lead
corporations, agencies, and other bureaucrats who have control and influence
on my life to mistakenly attribute another person's actions to me, costing me
time, damage to my reputation and money." And then all those other things.

~~~
mnw21cam
That, I think, is how this article is trying to re-frame the conversation. If
we describe someone using my details to take out a loan in my name as
"identity theft", then it sounds like the onus is on me to sort it out and
(possibly) absorb some of the cost of doing so. If we describe it as "credit
fraud", then that makes it clear that the problem lies with the loaning
organisation, is independent of me, and I should suffer no consequences.

~~~
wccrawford
Either way, "identity theft" or "credit fraud", the onus is on someone other
than the corporation that let it happen. It's the victim, or the criminal, but
neither of them blame the corporation with the name alone.

So I don't see any point in trying to get millions of people to change what
they call it, if that's the other option.

~~~
panopticon
I think the point is to change the way people think about the situation. If
you reframe the problem for enough people, it might become an issue
politicians campaign with.

~~~
wccrawford
Exactly, but as I pointed out, they've failed to reframe it so that the
company is at fault. It's still the same thing under those 2 names. They're
putting all that work into a new name that doesn't do what they want.

------
daurnimator
The Mitchell and Webb clip about this is great:
[https://www.youtube.com/watch?v=CS9ptA3Ya9E](https://www.youtube.com/watch?v=CS9ptA3Ya9E)

------
naboofry
What amazes me is - Why the social security number was ever used as an
identity number in the first place. This number should simply be used to trace
your account with the social security department when you retire. The practice
by institutions to use the last four digits of your social security as some
sort of de facto secret number is not only foolish but laughable that no one
has a problem with it. I should be able to freely float my social security
number and not expect to have my identity stolen.

~~~
vec
CGP Gray did a really good video[1] about this recently. The short version is
that it's the least terrible mechanism presently available for uniquely
identifying and disambiguating American citizens.

[1]
[https://www.youtube.com/watch?v=Erp8IAUouus](https://www.youtube.com/watch?v=Erp8IAUouus)

------
dvdhnt
I’m American.

I’ve come to understand that the organizations I used to favor, like Google,
consider me to be a product and not a customer. Now, I’m realizing that my
nation considers me to be a resource and not a person.

~~~
B1FF_PSUVM
It's always been like that, what changed was the advertising.

Don't be depressed about it. Poke some fun at the owners.

~~~
dvdhnt
Haha that’s fair.

You’re right - it’s tough not to get angry about it given that I can’t
individually do much about it.

Laughter is the best medicine (or distraction).

------
SAI_Peregrinus
We should just call it "libel".

The credit issuer fails to adequately verify the identity of someone applying
for credit (the thief) and lets them take out a loan in your name. The thief
defaults on the loan. The credit issuer commits libel by reporting that you
were the thief to the credit reporting agencies.

There are two crimes contained in every case of "identity theft". Everyday
consumers are affected by libel. Credit issuers are affected by fraud (enabled
by their own negligence).

------
fredophile
There is a question I've been pondering in the wake of all of these data
breaches but I'm not a lawyer so my assessment doesn't necessarily reflect
what the law says.

If person X opens a credit card in person Y's name and doesn't pay it back,
the bank will tell all of the credit agencies that person Y doesn't pay their
debts. When person Y eventually finds out about this would they be able to go
after the bank for slander?

~~~
SAI_Peregrinus
Libel, not slander. Slander is spoken, libel is written or otherwise
published. I'm not a lawyer, but probably. Since you'd have to prove that the
bank made false statements of fact to get the credit agency to remove the
fraudulent debt from your record anyway you'd necessarily have gathered plenty
of evidence to help your case.

------
jsgo
While I get the author's point, the problem is that for a lot of us in the US
(those primarily impacted by Equifax I believe, unless they do work overseas
as well), if someone claims to be me and gets the IRS to send my income tax
refund to them, they are not going to mea culpa and send me the refund too.
I'm just hosed.

~~~
kd0amg
_they are not going to mea culpa and send me the refund too_

Isn't that exactly the author's point? In that scenario, the IRS has taken
harmful action against you to make up a cost they incurred by falling for
someone else's fraud, and they get away with it by calling you the _fraudster
's_ victim, not theirs.

~~~
jsgo
while that's fair, they also state "The only way I get to be victim is if one
of these organisations is duped and then they can’t or won’t address their
mistakes or shortfalls and therefore they choose to pass the buck to me." And
in this particular case, there is no recourse and you're certainly a victim.
Last year there was something going on that they increased the fraud
prevention-esque refunds with delays for a majority of people filing.
Hopefully the IRS does similar this go around (and going forward).

------
turc1656
"The term ‘Identity Theft’ implies, and its usage accepts, that the person
whose identity is being stolen is the victim. They’re almost always not."

Flat out wrong. They nearly always are. They frequently have their credit
impacted as a result of non-payments for credit, mortgages, etc. Also, I see
"identity theft" as a subset of theft by conversion:
[https://definitions.uslegal.com/t/theft-by-
conversion/](https://definitions.uslegal.com/t/theft-by-conversion/) "Theft by
conversion occurs when someone wrongfully uses property or funds of another
for their own purposes." A person's name, SSN, address, financial history,
credit rating, etc. are all their property. And it is being used without their
consent and in blatant violation of other laws that already exist. They
clearly are a victim (but not the only victim) of these illegal acts.

Also, let's not forget that it typically takes an enormous amount of time and
effort to fully undo the damage. That time alone has a cost - and it has been
forcefully taken from the person whose identity has been stolen by the
perpetrator(s) of these crimes.

~~~
curun1r
I think you're proving the authors point by misunderstanding it. Using the
term 'Identity Theft' buys into the way that the corporations involved want us
to think about the credit market. It allows them to take a crime against them
and allow it to blow back against someone that was not a party to the fraud.
But what the Equifax hack is now forcing people to confront is that no
consumer is able to keep their information private. The system won't allow it.
So forcing consumers to be in any way culpable for what is actually fraud
against the corporation that is extending credit is wrong and we need to
adjust our terminology to make this explicit.

All the pain that you're noting is imposed by the credit system, not the
criminal who's "stealing" your identity. We're not victims of the criminal's
crime, we're victims of the system's response to that crime. And that's an
important distinction. The fact that we treat identity theft any different
than if the bank (or other credit-extending institution) was defrauded/robbed
through some other means (confidence scheme, armed robbery, etc) isn't correct
and if we, as consumers, expect that situation to change, we need to reject
biased terminology that frames the issue in the light that the corporations
want it to be framed.

Your identity wasn't stolen, the bank was defrauded due to insufficient
authentication procedures. When you say it that way, it becomes ridiculous
that the consumer should have to endure the ordeal that they currently do.

------
punnerud
I can’t remember one place in Norway where this is still possible.

Every bank is using 2-auth for sign-in and signing papers. They don’t event
accept your hand signature without the 2-auth in addition.

You can’t pay on webpages without 2-auth, so good luck using my card.

All the mail from the Government is digital, and of course with... 2-auth.

I even got a text when my child was born, saying we could now could fill in
his name. And both parents had to sign the documents with... (you get it)

------
lcfg
Quicker one: start calling it 'identity fraud'

~~~
shawnz
Still missing the point in my opinion. Nothing is happening to my identity, it
is their verification mechanisms which are failing.

~~~
falcolas
Well, something did happen to your identity - someone else associated a bunch
of fraudulent purchases with it.

Whether it's your fault or not, whether banks assume all fault or not, it is
still ultimately your identity (your credit score, your bank accounts, your
home) which ends up troubled.

Consider for a moment the tech alternative. If someone hacks their way into my
Google mail account and uses it to send out a ton of spam, who is going to
suffer the consequences for it? Google, for using insecure sms messages for
2fa and not requiring 2fa for all accounts, or me when my account is closed?

~~~
zAy0LfpBZLC8mAC
> Well, something did happen to your identity - someone else associated a
> bunch of fraudulent purchases with it.

Still, nothing happened to your identity. Your identity is who you are. You
still are you.

> Whether it's your fault or not, whether banks assume all fault or not, it is
> still ultimately your identity (your credit score, your bank accounts, your
> home) which ends up troubled.

Apart from the fact that none of that is your identity, but rather your
reputation, your contract, and your property: No, you actually have it all
backwards.

There is no law of nature that implies that if a third party impersonates you
to a bank, say, that therefore the bank has to start fraudulently telling
people that you don't pay your loans, or harrass you to pay the loan they gave
to that third party. Yes, that is a correct description of what banks actually
do nowadaya, but the whole point of this discussion is that that should be
illegal. The bank should be liable for reputational damage they cause by
incorrectly attributing a third party's actions to you, and you'd be surprised
how little your "identity" ends up troubled next time the bank is defrauded.

> Consider for a moment the tech alternative. If someone hacks their way into
> my Google mail account and uses it to send out a ton of spam, who is going
> to suffer the consequences for it? Google, for using insecure sms messages
> for 2fa and not requiring 2fa for all accounts, or me when my account is
> closed?

Are we talking about what google would do, or about what google should be held
accountable for?

~~~
kiriakasis
I cannot understand the lack of linguistic empathy in this kind of reply; many
commenters are clearly using the term "identity theft" with a precise meaning,
basically to descibe when somebody else is able to impersonate you. answering
by a dictionary lookup of the words definition is entirely offtopic in my
opinion.

And calling for a name to be changed is different from criticizing people who
use it, some concept need to be expressed and sometimes the only way to
meaningfully express them is with an improper term.

~~~
zAy0LfpBZLC8mAC
Well, except that this (sub-)thread was about how "identity" is a misleading
word to use in this context, which is why I read falcolas' comment as a
justification for why it is actually not misleading, which is why I focused on
how that justification falls short.

If that comment was not meant as a justification, the only interpretation I
can come up with is that it's a description of what empirically happens
nowadays when something commonly called "identity theft" occurs, in which case
I agree it could charitably be read as a reasonably accurate description ...
however then it seems like a completely pointless comment, as that is
essentially just the premise of the whole discussion, restated in a context
where it has no specific relevance whatsoever.

Did I miss something?

Though I also think that criticizing people who use misleading language is
legitimate as well, even if the meaning of what they are saying is perfectly
clear, as long as you don't confuse the criticism of the form with criticism
of the content.

------
yellowapple
"The term ‘Identity Theft’ implies, and its usage accepts, that the person
whose identity is being stolen is the victim. They’re almost always not."

What.

If someone uses your information to take advantage of your good credit and get
a car loan, then defaults on that loan, guess whose credit score just got
hurt? Guess who's going to have a harder time getting a loan for one's own new
car?

The whole article stems from the assumption that stealing someone's identity
doesn't make that someone a victim. That assumption is blatantly false, and
therefore so is pretty much the rest of the article.

Call it what you want, but fraud committed in your name still harms you, and
thus still makes you a victim.

~~~
zAy0LfpBZLC8mAC
> Call it what you want, but fraud committed in your name still harms you, and
> thus still makes you a victim.

No, it doesn't. If someone comes to you and claims that they are John Smith,
and you loan them a thousand bucks, only to discover later that the person who
you gave the thousand bucks to actually wasn't John Smith, then you, and you
alone, are the victim, and you are out of a thousand bucks. Nothing of this
has anything to do with John Smith.

Only if _you_ then harass John Smith to pay you a thousand bucks by making
fraudulent claims that you loaned him a thousand bucks and tell everyone that
John Smith is not credit worthy, then John Smith becomes a victim,
specifically a victim of you.

~~~
yellowapple
"No, it doesn't."

Yes, it tangibly and demonstrably does. It means that the process of
establishing/asserting your identity is much harder, since now there's someone
else running around with the credentials normally used to assert said
identity. You now need to spend time and money invalidating whatever
credentials you can and hoping that the ones you can't invalidate aren't
actually compromised.

If someone manages to get your Gmail password and use it to send spam, you're
still a victim of cybercrime, even though you weren't necessarily a victim of
the spamming.

Same thing here. Someone is using your credentials (like SSN and other
identifiers) to defraud someone else. Even though you're not the direct victim
of that fraud, you're still a victim of identity theft, since your credentials
were compromised and used by someone else.

~~~
zAy0LfpBZLC8mAC
> Yes, it tangibly and demonstrably does. It means that the process of
> establishing/asserting your identity is much harder, since now there's
> someone else running around with the credentials normally used to assert
> said identity. You now need to spend time and money invalidating whatever
> credentials you can and hoping that the ones you can't invalidate aren't
> actually compromised.

None of that is a harm from the fraud, it's all harm from the bank's
unjustified claims .

> If someone manages to get your Gmail password and use it to send spam,
> you're still a victim of cybercrime, even though you weren't necessarily a
> victim of the spamming.

If someone manages to get your gmail password from Google, then Google is the
victim of cybercrime. If Google then reacts by closing your account, you are a
victim of Google.

> Same thing here. Someone is using your credentials (like SSN and other
> identifiers) to defraud someone else. Even though you're not the direct
> victim of that fraud, you're still a victim of identity theft, since your
> credentials were compromised and used by someone else.

If you want to call the behavior of the bank (or whatever) in this situation
"identity theft", well, sure. Though I would suggest that that is highly
misleading. More appropriate terms would be slander or blackmail, maybe?

~~~
yellowapple
The fact that this is identity theft - and that the person whose credentials
were used is indeed a victim - has absolutely zero to do with the bank's
behavior. It has everything to do with the fact that credentials were stolen
and used to impersonate someone else.

So:

"then Google is the victim of cybercrime"

Google's credentials weren't stolen. The user's credentials were stolen. The
user is therefore the victim of the theft of credentials - a.k.a. "cybercrime"
or - in this case - identity theft.

Google is also arguably a victim of fraud (or some other related crime), sure,
but that is entirely separate from the fact that credentials were stolen in
the first place.

"behavior of the bank"

Again: the bank's actions are irrelevant to the fact that credentials were
stolen in the first place. Sure, it's a pretty shitty credential system, but
they _are_ credentials nonetheless, and them being used to impersonate someone
makes that someone a victim, plain and simple.

I'm really not sure how else to explain this. Seems pretty cut and dry to me.

~~~
zAy0LfpBZLC8mAC
There is one very important unstated assumption in all of this: Who defines
what is considered credentials?

Let's forget about the Google example for a moment, as it's not really that
great an analogy.

When someone steals your SSN, say, what they have stolen is just your SSN.
There is nothing about an SSN that makes it inherently a credential, it's just
a unique number signifying you. The only thing that then makes it a de-facto
credential is the decision of a bank, say. The bank decides that they will
take someone telling them your SSN as proof of your identity, and that is how
it becomes a credential. If the bank does not decide to accept knowledge of
your SSN as proof of your identity, then there is absolutely no problem with
someone stealing your SSN, because then it's not a credential.

This unilateral decision on the part of the bank is what the "identity theft
victim" is the victim of. The bank might just as well decide that knowing your
first name proves your identity, thus supposedly making your name a
credential.

~~~
yellowapple
"Who defines what is considered credentials?"

Whoever writes Wikipedia articles, for one:
[https://en.wikipedia.org/wiki/Credential](https://en.wikipedia.org/wiki/Credential)

    
    
        Examples of credentials include [...] identification
        documents, [...] passwords, user names, [...] and so on.
    

A social security number would fall under either "username" or "password",
depending on how it's used, and the SS card itself would fall under
"identification documents".

"it's just a unique number signifying you."

A.k.a. a credential.

"The bank decides that they will take someone telling them your SSN as proof
of your identity"

Yes, because this is already commonplace throughout the U.S., including by the
U.S. government. We can debate the pros and cons of the current SSN-reliant
system all we want, but that doesn't change the fact that an SSN is a
credential establishing identity, and that therefore the acquisition of an SSN
by an unauthorized party constitutes theft of that credential and - ergo -
"identity theft". It also doesn't change the fact that the legitimate owner of
that credential was a victim of that actual theft (in addition to whatever
actions from the bank in response to other crimes enabled by that theft).

"thus supposedly making your name a credential."

Your name _is_ a credential, per the above definition. It's a shitty
credential, yes, and one which is easily forged (and by no means unique,
unlike a SSN), but it's a credential nonetheless.

------
nikcub
Credit card fraud and identify theft are distinct threats with distinct
solutions. On underground forums they're also distinct products obtained and
sold in different ways (cvvs/dumps vs fullz).

It has taken a long time and a lot of media exposure to raise awareness of
these two concepts to ordinary people. My parents now know what both identity
theft and credit card fraud are - and they understand the basics of how to
deal with each.

To start over again with any of these terms because of a nuance of definition
and semantics would be extremely counterproductive.

------
andy_ppp
Regarding the way social security numbers are used in the US. It’s the first
thing you learn in security I’d say; don’t ever ever ever use identifiers as
passwords.

------
khedoros1
If someone commits fraud in your name, and you suffer the consequences of
their actions, then you're one of the victims of their fraud.

Noting that things bundled under "identity theft" are actually different
crimes isn't a novel observation; the whole point of that label is to group
the class of crimes where a criminal uses your personal information to
perpetrate various kinds of fraud.

------
kilceem
It is identity theft in that they are posing as you to so they can perform
fraud. It's identity as a societal thing like id with you name but their
picture. Being able to do this remotely like credit charges(can be in brick n
mortars though) etc just means normally they just need enough info. Once again
it is mor societal concept of how we identify people we don't know.

~~~
zdkl
The point is they're not stealing my identity from me, but from a third party.
Why should I be on the hook for the consequences of someone else's negligence?

~~~
twobyfour
What about the _term_ "identity theft" suggests that you should be on the
hook?

~~~
dboreham
The idea that there is a victim, and that's you. You had a bad thing done to
you and are now the worse. In fact nothing was done to you -- some big stupid
corporation gave money to a criminal is what happened. The big stupid
corporation would prefer that this be seen as : you owe them the money because
they thought the criminal was you.

------
2close4comfort
I would call it "losing my sh!t" but I have already lost it even if I didnt
really opt-in in the first place. And now I have lost it so much I have
nothing left to lose...makes you wonder about a credit collapse huh. With
everyone's personal information freely available I wonder if free credit
monitoring would even matter.

------
visarga
It's short for "identity data theft". You can't actually steal an identity.

------
sriku
The cases given are already under regulatory protection and so have their own
terminology. There are kinds of thefts which leave the bit trail pointing to
someone, when they shouldn't be. If the bit trail is not crossing major
regulatory boundaries, but is affecting things like what Google knows about
someone's personal preference or what items Facebook decides to show in
his/her feed, or some personally incriminating things is done to them in the
digital world (ex the recent post about upwork), the fact that folks may trust
the bit trail more than they trust the person can be damaging esply if in-
person contact is not the norm. In all these cases it involves someone taking
an identifying token and pretending to be you for a while. The taking is done
without permission, so it amounts to stealing. So I don't see a particular
harm in bucketing this category of activity as "identity theft".

------
dsjoerg
It should be called "Reputation Theft". Because what the criminal is doing is
harming _your_ reputation with companies that _you_ want to do business with
in the future.

~~~
zAy0LfpBZLC8mAC
No, the criminal is not doing anything like that. It's the company that is
harming your reputation with them by blaming somebody else's actions on you.

------
pjdorrell
[http://thinkinghard.com/blog/IdentityTheft.html](http://thinkinghard.com/blog/IdentityTheft.html)
(2005)

------
jasonmaydie
Identity theft means a specific thing. It doesn't mean someone is pretending
to be physically you. what did I just read?

------
basicplus2
But if one fraudulent use involving your identity enables a different
fraudulent use and then another so that is becomes multiple cases such that it
impunes my character then i would call that identity theft.

------
carloshpf
Identity theft is not a joke, Jim! Millions of families suffer every year!

------
baldfat
Just like don't call people using computers for illegal activity a Hacker.

To bad that one was decided a long time ago.

~~~
wu-ikkyu
Is HackerNews a place solely for news about people using computers for illegal
activity?

~~~
baldfat
Definition of Hacker: [https://www.merriam-
webster.com/dictionary/hacker](https://www.merriam-
webster.com/dictionary/hacker)

1 :one that hacks

2 :a person who is inexperienced or unskilled at a particular activity

    
    
        a tennis hacker
    

3 :an expert at programming and solving problems with a computer

4 :a person who illegally gains access to and sometimes tampers with
information in a computer system

RMS on Hacking and Cracking

Yet when I say I am a hacker, people often think I am making a naughty
admission, presenting myself specifically as a security breaker. How did this
confusion develop?

Around 1980, when the news media took notice of hackers, they fixated on one
narrow aspect of real hacking: the security breaking which some hackers
occasionally did. They ignored all the rest of hacking, and took the term to
mean breaking security, no more and no less. The media have since spread that
definition, disregarding our attempts to correct them. As a result, most
people have a mistaken idea of what we hackers actually do and what we think.

You can help correct the misunderstanding simply by making a distinction
between security breaking and hacking—by using the term "cracking" for
security breaking. The people who do it are "crackers" ( __*). Some of them
may also be hackers, just as some of them may be chess players or golfers;
most of them are not.

[https://stallman.org/articles/on-
hacking.html](https://stallman.org/articles/on-hacking.html)

------
arjie
Well , if we're just going to go on rants about words, then I'm going to bring
up that old pro-piracy thing.

It's not identity theft because the other guy hasn't taken it away from you.
Either both of you have it or neither does, and the first is just copying and
the second is vandalism.

~~~
iamtew
Piracy, not privacy, correct? :-)

~~~
arjie
Haha oops.

