
Chinese Data Breach Exposes 'Breed Ready' Status of Almost 2M Women - wglb
https://www.forbes.com/sites/zakdoffman/2019/03/11/exposed-chinese-database-includes-breed-ready-status-of-almost-2-million-women/#6062b62817e7
======
docdeek
In discussions on reddit yesterday some people suggested this was merely a bad
translation of ‘child rearing age’. If so, the bottom end (youngest) of 18
seems to make sense and is a lot less dystopian than it might otherwise read.

~~~
dymk
The government tracking when a woman is able to bear a child isn’t made less
creepy at all by slightly changing the translated name.

~~~
rscho
Yes it is. Do you think the US doesn't maintain similar statistics based on
age? The data including more fertility indices, such as health issues or
similar would be another story.

~~~
WillPostForFood
Keeping statistics on something and keeping an actual list of names isn't the
same. E.g., I have statistics on credit card purchases in the US, versus I
have a list of every purchase rsch made with their credit card.

------
mc32
While the breach is a reminder that people don’t have good security practices,
piling on or focusing on the words ‘breed’ and ‘ready’ shows how eager
journalism is to jump on something that isn’t quite fleshed out.

First, they don’t know if it’s governmental or otherwise, second they’re not
sure if the words are mistranslations or a shorthand categorization.

The government is concerned the population drop will happen too fast and are
also concerned some men will have issues finding a partner due to previous
reproductive policies. These latter issues are socially graver issues that
could be discussed at length but the article instead decided to focus on
speculation.

~~~
PavlikPaja
Or they could publish the actual term used so that anybody could check, but
they didn't. But they use Beijing written in the characters, as if it was the
important part.

~~~
fixermark
They wrote Beijing as 北京市 because that's how it showed up in the database. But
they also wrote "BreedReady" because that's how that key _also_ showed up in
the database; all the DB keys are English, apparently
([https://twitter.com/0xDUDE/status/1104482014202351616](https://twitter.com/0xDUDE/status/1104482014202351616)).
I'd assume it's designed around good ol' fashion fear that not all languages
accessing the DB are Unicode-capable for labels and identifiers.

NextWeb's reporting on the Twitter thread suggests that the phrase may be a
Chinese attempt to translate to English a Chinese word meaning "woman of
child-bearing age" [[https://thenextweb.com/tech/2019/03/11/1-8m-chinese-
women-de...](https://thenextweb.com/tech/2019/03/11/1-8m-chinese-women-deemed-
breedready-by-creepy-new-database/)], but we don't actually know because we
have no primary source on what character was translated as "BreedReady."

~~~
PavlikPaja
"Mistranslation" to me implies something that was originally written in
another language. Not somebody speaking poor English.

------
tlrobinson
MongoDB is the premier example [1] of why software should be "secure by
default" [2].

1\.
[https://hn.algolia.com/?query=mongodb%20unsecured&sort=byPop...](https://hn.algolia.com/?query=mongodb%20unsecured&sort=byPopularity&prefix&page=0&dateRange=all&type=story)

2\.
[https://en.wikipedia.org/wiki/Secure_by_default](https://en.wikipedia.org/wiki/Secure_by_default)

~~~
umvi
From your [2]:

> Security by default, in software, means that the default configuration
> settings are the most secure settings possible, which are not necessarily
> the most user friendly settings.

The hard part is making it both secure by default but also developer (user)
friendly.

If you make it so that it is super secure by default, but onerous just to get
your product setup because of all the security overhead developers are going
to get frustrated and either disable all the security or use a competitor's
(less secure) product that is easier to setup and you are back at square one.

There are so many options out there that if you try to launch a product (DB,
webserver, etc.) and it's really hard for the developer to get started ("step
1, before you can try out this webserver, first register an account with Let's
Encrypt") nobody is going to use it.

It's not an easy problem to solve because people are inherently lazy and want
results fast. Security done right is the opposite of that in its current
state.

~~~
kijin
When it comes to databases, either 1) listening on localhost by default or 2)
requiring a non-obvious password would seem to strike a decent balance between
security and usability.

But MongoDB is web scale! Nobody is going to run it on localhost only! So the
default (until 2.6) was to listen on all interfaces by default. AFAIK
Elasticsearch still listens on all interfaces by default. Does this choice
make life any easier for the developer who is just beginning to learn how to
use it? I dunno, most of my development work takes place on localhost. I
probably won't even notice if a newly installed database only listens on
localhost.

------
potatofarmer45
I think I play too much Starcraft that when I see "Breed Ready", I immediately
think I must've forgotten to morph workers or overlords.

~~~
ralusek
Clearly China has been communicating with Korea.

------
syntaxing
You're better of following the Twitter with the guy that discovered this (I do
not have the link on hand but will post when I get to my laptop). He explains
why this is not usual and concerning. He goes through unsecured MongoDB (US or
China) to see what people are up to.

------
sky_nox
I read on Reddit that it was a bad translation of "has had children". We don't
know who owns the database. It might be from a life insurance company.

------
sinxccc
This definitely can't be a database from any Chinese government organization.

Look at the screenshot from tweet carefully and you can find it store "photo"
on fbcdn.net. Which totally blocked by firewall of China.

------
zachguo
Probably just an unsecured database of a dead matching/marriage app...

------
Fricken
I wonder if Plenty of Fish has a larger or smaller database of breed ready
females.

------
undoware
a fun game to play is to guess how many of the commenters here on HN who think
this is defensible have a uterus and/or are women.

I guess this mostly seems fine to those who are not even potentially affected,
as usual.

------
ElBarto
This is clutching at straws... The anti-Chinese propaganda is too obvious on
this one, sorry.

------
close04
The usage of "Breed Ready" gives me goosebumps. Feels like the dystopian
future is here.

