Hacker News new | past | comments | ask | show | jobs | submit login
Chinese Data Breach Exposes 'Breed Ready' Status of Almost 2M Women (forbes.com)
118 points by wglb 11 days ago | hide | past | web | favorite | 58 comments

In discussions on reddit yesterday some people suggested this was merely a bad translation of ‘child rearing age’. If so, the bottom end (youngest) of 18 seems to make sense and is a lot less dystopian than it might otherwise read.

The government tracking when a woman is able to bear a child isn’t made less creepy at all by slightly changing the translated name.

The time of women's puberty and menopause is a key health metric for a given population. If it's moving up or down something's likely to be very wrong (e.g. exposure to pollution, hormones in the food/water supply). It would be negligent not to track it for health reasons.

There seems to have been something shady going on here. I won't comment on that, but the government tracking this isn't per-se strange or unwarranted.

Yes it is. Do you think the US doesn't maintain similar statistics based on age? The data including more fertility indices, such as health issues or similar would be another story.

Keeping statistics on something and keeping an actual list of names isn't the same. E.g., I have statistics on credit card purchases in the US, versus I have a list of every purchase rsch made with their credit card.


Did you even try to look yourself? Women of childbearing age is a subset of the population tracked by the US Census Bureau.



Here you go: https://www.census.gov/newsroom/cspan/childbearing/20120817_...

Took 5 seconds to find on google. Unless you're going to move the goalposts.


Please don't cross into incivility on Hacker News.


The census maintains a micro level data-base, which you need clearance to use or do research on, but is used to inform government policy.

Source: I was tangentially involved in a research project once where we wanted, but weren't granted, access to this data.

> What the CN government is doing is far creepier. Individual personal entries.

Yes, thankfully there are no systems in place for the US government to verify/track someone's age (and thus infer their ability to bear children).

No, because that allows for an asymmetrical attack on a conversation, where a person can demand evidence, despite there being readily accessible information at the demander's fingertips, forcing the other person in the conversation to spend much more time than the time it took to request the information.

You're asking someone else to do your legwork, and it's a form of trolling.

Prove you care about this topic to the person you're talking to by doing some cursory research.

Other than the census, tax returns, birth certificates, drivers licences? Or are you looking for ways the governments in the U.S. are specifically using this data such as : https://siliconvalleyindicators.org/special-reports/populati... or https://www.census.gov/newsroom/cspan/childbearing/20120817_...

Uh... Ok, and how do you think countries and the WHO are able to provide data on population structure such as age pyramids, exactly?

This is just the non-anonymized version of the same thing. Never attribute to misdimeanor what can be attributed to negligence or stupidity in the first place.

Isn’t the entire idea of a data breach, that the data you are breaching is something you have been trusted with?

If you e.g anonymously poll the sexual orientation of your population and condense it to down numbers, it is something completely different than having a list with who is gay.

The first gives you insight in the structure of your population and the second allows everybody to target individuals, based on something a poll found.

The Dutch listed religion in their public register (see Hollerith system) before the second world war. Guess who thankfully used that list later?

The realization what data like that allows a fascist dictatorship to do is the main reason why the Germans up to this day are extremely sceptical about any state collected data and have one of the harshest data protection laws in the world.

Equating anonymous statistics with a list of individuals is wrong. And statistics that allow you to identify individuals are unethical and potentially dangerous.

Did I say anything that your answer provides a counterpoint to?


I'd bet dollars to donuts that insurance companies in the U.S. are tracking similar data.

Of course it is. Governments collect vast databases of statistics about all manner of attributes of their population as a matter of course. They even keep track of things like which sexually transmitted diseases people have, and how much money they earned.

They’re not sure who owns the database.

Depends, no? If the translation is "women between 18 and 40", it's harder to be upset about it, because US census data clearly has similar information.

This is a great example of how different translation styles can convey completely different meanings.

We should keep in mind not to trust the connotations of any translated phrase. Heck, we can barely trust the overt meaning.

I saw a different explanation which is that it's a bad translation of "has had children".

could be. that's my first guess.

Beyond that we often track / talk about people who are in their "prime working years".

That doesn't mean the government is planning to round them up and put them to work.

Not the users but the Guardian article the thread was linked to. In the comments on Reddit you constantly watch the few who read the article collect karma for explaining the very same points to those who didn't.

Besides, in the US the census collects the same kind of data, it just probably hasn't used with an agenda. Among EU members, on the other hand, data protection laws often disallow the collection of such information.

The list only includes single, widowed or divorced women, so in that regard the list has been created from a bit more filtering than just age.

EDIT: to your point however, being married would not preclude a woman from being "breed ready" as we understand the phrase. So clearly there is some missing context needed to really understand what that column represents.

While the breach is a reminder that people don’t have good security practices, piling on or focusing on the words ‘breed’ and ‘ready’ shows how eager journalism is to jump on something that isn’t quite fleshed out.

First, they don’t know if it’s governmental or otherwise, second they’re not sure if the words are mistranslations or a shorthand categorization.

The government is concerned the population drop will happen too fast and are also concerned some men will have issues finding a partner due to previous reproductive policies. These latter issues are socially graver issues that could be discussed at length but the article instead decided to focus on speculation.

> First, they don’t know if it’s governmental or otherwise

There is no otherwise.

> The government is concerned

You can't just use this—or safety—to justify anything.

I don't understand is it government database or private company's database?


"Eschew flamebait. Don't introduce flamewar topics unless you have something genuinely new to say. Avoid unrelated controversies and generic tangents."


Are you suggesting the Chinese govt doesn't enact overreaching policies such as the social credit system?

I am suggesting it works both ways. I also believe it's a relatively healthy dynamic.

Most of the West would not care much (about a foreign government knowing who’s reproductive and not, unless it leads to forced reproduction for the motherland). It looks more like journalists wanting to score points. They state they don’t know who owns the database. As of now it’s all speculative.

For all we now it could be about reproductive health.

I bet Kaiser-Permanente knows who is reproductive or not for at least a subset of their patients.

Or they could publish the actual term used so that anybody could check, but they didn't. But they use Beijing written in the characters, as if it was the important part.

They wrote Beijing as 北京市 because that's how it showed up in the database. But they also wrote "BreedReady" because that's how that key also showed up in the database; all the DB keys are English, apparently (https://twitter.com/0xDUDE/status/1104482014202351616). I'd assume it's designed around good ol' fashion fear that not all languages accessing the DB are Unicode-capable for labels and identifiers.

NextWeb's reporting on the Twitter thread suggests that the phrase may be a Chinese attempt to translate to English a Chinese word meaning "woman of child-bearing age" [https://thenextweb.com/tech/2019/03/11/1-8m-chinese-women-de...], but we don't actually know because we have no primary source on what character was translated as "BreedReady."

"Mistranslation" to me implies something that was originally written in another language. Not somebody speaking poor English.

The actual term in the database is "BreedReady". The article translated "北京市" into Beijing because readers probably speak English and not Chinese.

"Mistranslation" to me implies something that was originally written in another language.

Since the database is Chinese, it's fair to assume that the people who came up with the keys are native Chinese speakers, and thus would have translated the concept they wanted to express into English to get ASCII-only keys, and came up with "BreedReady".

It's not just speculation, the fact is the database is Chinese and the key is "BreedReady". I don't find it that difficult to understand how it could have ended up like that.

Oh. No you don't translate when you speak another language, you may be worse at speaking it than your native one, but speaking any language works the same way, you speak or write directly and don't translate.

It still could be a translation to keep the keys in English though.

Let’s say there was a database you were setting up and it only accepted Chinese keys. You have the keys in you head type the into a language to Chinese translator and you use that. You likely aren’t going to check for correctness, whether it’s polite, slang, or jargon. You just use whatever came up. That’s the “mistranslation”.

MongoDB is the premier example [1] of why software should be "secure by default" [2].

1. https://hn.algolia.com/?query=mongodb%20unsecured&sort=byPop...

2. https://en.wikipedia.org/wiki/Secure_by_default

From your [2]:

> Security by default, in software, means that the default configuration settings are the most secure settings possible, which are not necessarily the most user friendly settings.

The hard part is making it both secure by default but also developer (user) friendly.

If you make it so that it is super secure by default, but onerous just to get your product setup because of all the security overhead developers are going to get frustrated and either disable all the security or use a competitor's (less secure) product that is easier to setup and you are back at square one.

There are so many options out there that if you try to launch a product (DB, webserver, etc.) and it's really hard for the developer to get started ("step 1, before you can try out this webserver, first register an account with Let's Encrypt") nobody is going to use it.

It's not an easy problem to solve because people are inherently lazy and want results fast. Security done right is the opposite of that in its current state.

When it comes to databases, either 1) listening on localhost by default or 2) requiring a non-obvious password would seem to strike a decent balance between security and usability.

But MongoDB is web scale! Nobody is going to run it on localhost only! So the default (until 2.6) was to listen on all interfaces by default. AFAIK Elasticsearch still listens on all interfaces by default. Does this choice make life any easier for the developer who is just beginning to learn how to use it? I dunno, most of my development work takes place on localhost. I probably won't even notice if a newly installed database only listens on localhost.

MongoDB has for years been the premiere example of 'what not to do.'

I think I play too much Starcraft that when I see "Breed Ready", I immediately think I must've forgotten to morph workers or overlords.

Clearly China has been communicating with Korea.

You're better of following the Twitter with the guy that discovered this (I do not have the link on hand but will post when I get to my laptop). He explains why this is not usual and concerning. He goes through unsecured MongoDB (US or China) to see what people are up to.

I read on Reddit that it was a bad translation of "has had children". We don't know who owns the database. It might be from a life insurance company.

This definitely can't be a database from any Chinese government organization.

Look at the screenshot from tweet carefully and you can find it store "photo" on fbcdn.net. Which totally blocked by firewall of China.

Probably just an unsecured database of a dead matching/marriage app...

This is clutching at straws... The anti-Chinese propaganda is too obvious on this one, sorry.

I wonder if Plenty of Fish has a larger or smaller database of breed ready females.

a fun game to play is to guess how many of the commenters here on HN who think this is defensible have a uterus and/or are women.

I guess this mostly seems fine to those who are not even potentially affected, as usual.


Or, as the case with the US, we import skilled immigrants.

Sundar Pichai, Satya Nadella, Sergei Brin, Elon Musk, Peter Thiel, Jensen Huang, Andrew Viterbi, Stephen Wolfram, among others, seem like pretty good gets for the US.

How do you know other native-born Americans wouldn't have started these businesses? The business conditions and technological readiness were ripe for talented and driven individuals, it just happened to be these fellas.

I'm not sure we have any evidence to indicate that the universe works that way.

> you might be stuck importing unskilled immigrants

This is actually considered the regular flow of first world countries.

Third world country birth rates become larger and larger to boost and enable larger economies while first world countries require less people to get things done.

In the West, three or four children is a large family while in four or five is normal in African Nations.

The usage of "Breed Ready" gives me goosebumps. Feels like the dystopian future is here.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact