Thread | Brutkey

it makes me sad when I see people twist themselves in “but opsec!” anxiety knots over things like “I can’t post that I had a nice birthday party this weekend, then strangers on the internet will know that I was born in approximately mid-June!”

my sibling, there’s only 365.25 birthdays and we all have one, yours is in hundreds of databases that have leaked dozens of times, and whether strangers on the internet know you had a nice birthday party with your friends or not has absolutely no bearing on any risk of any kind, you’re just performing trauma your mom gave you in 1996 when she heard there were kidnappers on the internet

unless you really ARE the one leading the resistance or whatever, in which case @‘ing me to tell me how wrong I am and how much opsec you need is not very good opsec

Leeloo
@leeloo@chaosfem.tw

@0xabad1dea@infosec.exchange
Some of us live in countries where each person has a unique identifier consisting of birth date + a few check digits. There are services that allow you to look up the name of s person if you know their unique id, so if you know their birth date and name, it only takes a few tries to get the remaining digits.

And some online stores still accept orders with "just send me a bill" with the unique id as the only proof that you are that person.

(It's not a good/secure/well thought out system).

abadidea
@0xabad1dea@infosec.exchange

@leeloo@chaosfem.tw correct, it's not, due to see point "it's already in hundreds of databases that have leaked dozens of times"

People who want to commit fraud this way can just... make up an ID and whoever gets unlucky gets unlucky, they don't need to comb social media to find a random stranger's birthday. I actually did this myself to get into the Korean-only beta of an MMO many years ago!, I made up a Korean social security number that would decode to someone old enough that it was very unlikely they'd actually be trying to play the game (because I wouldn't want to accidentally lock some random person out)