A major security firm was hacked today. The hack was publicly announced via Reddit’s /r/anarchism.
The hacked company is known for selling surveillance and hacking equipment to countries like Bahrain. The equipment was instrumental in squashing civil revolutions.
I was intrigued by the analysis of a Hacker News comment.
TLDR: Your spacing and punctuation is enough to identify who you are.
I wonder if those passages are enough to perform style analysis. reddit doesn’t let us search comments, but we know they’re a member of /r/Anarchism. These parts seem identifying to me:
Capital letters and proper punctuation. Investigating the source code shows that they one-space.
Single quotes, not double quotes, around individual words.
Repetition in triplets with a serial comma (“…more empowering, more fun, and far more…”, “…programmers, hackers, and reverse engineers…”.
No semicolons, sparing use of exclamation points at the end of comments only.
Always uses contractions.
With further analysis we could probably find regional dialects, average sentence length, rate of punctuation use, etc. Crawling /r/Anarchism with that criteria could identify them.
Pure guesses and speculation follow: the hacker probably posts comments on /r/Anarchism. With 50,000 subscribers, there may be about 5,000 commenters. Of those, perhaps 80% of them put one space after a period. So, with only that criteria, we’ve reduced the anonymity set to 4,000 people.
For what it’s worth, I commend their efforts (and am seeding the hell out of the torrent) but think it was a serious mistake to make a post announcing it. They should have posted it on major sites anonymously, not pseudonymously. To post prose online risks being identified by stylometrics or things like time between key presses, etc. (Perhaps these could be defeated by copy and pasting to and from Google Translate.)