Hacker News
1I verified my LinkedIn identity. Here's what I handed over
- The author verified their LinkedIn identity through Persona, a third-party company, which collected extensive biometric and personal data including passport scans, facial geometry, and behavioral patterns. This data is shared with 17 US-based subprocessors including AI companies like OpenAI and Anthropic, and is subject to US surveillance laws through the CLOUD Act despite being stored in Germany. The author warns that users unknowingly become training data for AI systems and their biometric information could be accessed by US authorities without their knowledge, all for a simple LinkedIn verification badge.
Persona CEO's response and credibility
Persona's CEO responded on LinkedIn claiming no AI training use and data deletion, but users are skeptical since these assurances aren't reflected in legal documents. Many argue executive promises are meaningless without proper terms of service backing.LinkedIn's data practices and trustworthiness
Users share experiences of LinkedIn selling email addresses and engaging in questionable data practices. Discussion covers LinkedIn's history of breaches, spam generation, and aggressive contact harvesting that violates user trust.US tech dominance vs European alternatives
Debate over whether Europe should have created LinkedIn alternatives versus criticizing American companies. Some argue Europe failed to innovate while others claim US engineered dependency through market dominance and aggressive acquisition strategies.
2I found a vulnerability. they found a lawyer
- A diving instructor and platform engineer discovered a critical vulnerability in a major diving insurer's portal while on a dive trip. The system used sequential user IDs and a shared default password, exposing personal data including minors' information. Despite following responsible disclosure protocols, the company responded through lawyers, threatened legal action, and demanded he sign a declaration taking liability. The vulnerability was eventually fixed but users may not have been notified of the breach.
Professional engineering certification for software developers
Discussion centers on whether software engineering should adopt professional licensing similar to other engineering fields, with PE certification providing legal accountability and authority to push back against unsafe practices, though concerns about industry resistance exist.Legal risks of vulnerability testing
Debate over whether accessing other users' data to verify security vulnerabilities constitutes illegal activity, with comparisons to physical trespassing laws and differing views on appropriate boundaries for ethical hacking.Standard vulnerability disclosure practices
Discussion of whether setting deadlines for vulnerability fixes is appropriate standard practice or perceived as blackmail, with arguments about balancing security researcher protocols against company management perspectives.
3Turn Dependabot off
- The author argues that Dependabot creates excessive noise by generating thousands of false positive security alerts for vulnerabilities that don't actually affect projects. They recommend replacing Dependabot with govulncheck, a more precise vulnerability scanner that filters based on actual code reachability, and using scheduled GitHub Actions to test against latest dependencies without automatically updating them. This approach reduces alert fatigue while maintaining security.
CodeQL vs traditional vulnerability scanning
Users praise CodeQL for performing real code path analysis rather than simple version checking, showing step-by-step vulnerability paths. However, some report frustration with false positives and workarounds that mask real issues without fixing them.ReDoS vulnerability noise in client-side code
Developers complain about excessive ReDoS alerts for NPM packages used only in client code, where denial of service isn't relevant. Discussion includes whether DoS should even be considered a security vulnerability vs operational concern.Govulncheck's superior approach
Go's govulncheck tool is praised for checking actual code paths to verify if vulnerable functions are called, rather than just version numbers. Users wish this approach existed for all ecosystems instead of noisy tools like Dependabot.
4Wikipedia deprecates Archive.today, starts removing archive links
Archive.today's technical capabilities and paywall bypassing
Discussion centers on how archive.today reliably bypasses paywalls, with speculation ranging from paid accounts to Googlebot impersonation. Users debate the technical feasibility of different methods and note the service's effectiveness compared to alternatives.Content modification and trustworthiness concerns
Users express concern about archive.today retroactively editing archived content, including removing usernames and potentially altering pages for revenge. This raises questions about the authenticity and reliability of archived content for reference purposes.DDoS attacks and ethical behavior
Discussion focuses on archive.today using visitor browsers to conduct DDoS attacks against critics, particularly a blogger who investigated the site's operator. Users debate whether this response was justified given alleged doxxing attempts.
5Across the US, people are dismantling and destroying Flock surveillance cameras
- Civilians across the US are destroying Flock surveillance cameras that conduct warrantless vehicle tracking and share data with ICE, with incidents reported in at least five states. Despite public opposition at city council meetings, municipalities continue contracts with the $7.5 billion company, leading to widespread sabotage campaigns supported by online communities who view the cameras as constitutional violations.
Methods to disable surveillance cameras
Discussion of various techniques to disable Flock cameras including drones with paint, paintball guns, lasers, and spray foam. Debate over whether subtle disabling or visible destruction is more effective for activism.Effectiveness of surveillance vs. crime prevention
Argument that cameras only record crime rather than prevent it, with environmental improvements like lighting and cleanup being more effective. Counter-argument that video evidence helps prosecutors.Corporate and political involvement
List of major tech investors in Flock including Y Combinator, A16z, and others. Discussion of political engagement through city council meetings and comparison to UK surveillance systems.
6Child's Play: Tech's new generation and the end of thinking
- The article describes San Francisco's tech culture through the lens of Cluely, a controversial AI-powered cheating tool startup. The city is portrayed as dystopian, with bizarre B2B advertisements contrasting sharply with homeless people on streets. Cluely's founder Roy Lee represents a new "agentic" overclass that Silicon Valley believes will thrive in an AI-dominated future, while others become obsolete. The company helps people cheat in job interviews and social situations using AI, embodying concerns about a future where humans simply follow machine instructions rather than thinking independently.
Erosion of mastery vs. superficial hype
Concern that vital technical expertise (power grid, compilers, security) gets no recognition while flashy but shallow work gets funding and fame. This imbalance threatens civilization as capable minds chase visibility over depth, leading to steady erosion of real mastery.San Francisco's cultural transformation
SF has completely overwritten its previous cultural identity (Beats, hippies, old money) with tech monoculture. Unlike other cities that retain historical layers, SF now feels like a work-focused conference center with B2B billboards on every corner.The rise of "agentic" personalities
Discussion of how the "move fast and break things" mentality creates people who bulldoze through obstacles without permission. This creates both innovation and serious problems like security issues, as speed and scale increase faster than wisdom.
7What not to write on your security clearance form (1988)
- At age 12, Les Earnest and his friend created a code based on a cryptography book. When Earnest lost his glasses case containing the code key, the FBI investigated him as a suspected Japanese spy during WWII. The investigation cost thousands of dollars before agents discovered he was just a child. Years later, when applying for security clearance, a security officer advised him to conceal this FBI investigation to avoid clearance problems.
Security clearance bureaucracy and systemic problems
Discussion of how government security clearance systems force people into rigid categories, leading to advice to lie on forms. Users debate whether the system's inflexibility creates the very security risks it aims to prevent.Lying vs. honesty on security clearance forms
Debate over the security officer's advice to lie about FBI investigation, with users discussing the moral and legal implications of dishonesty versus the practical reality of navigating bureaucratic systems.Inconsistent enforcement of security standards
Users share experiences about how different violations are treated unequally - functional alcoholics keeping clearances while marijuana users face harsh scrutiny, highlighting arbitrary enforcement patterns.
8MuMu Player (NetEase) silently runs 17 reconnaissance commands every 30 minutes
- MuMu Player Pro for macOS secretly collects comprehensive system data every 30 minutes, including all network devices, running processes, installed apps, and kernel parameters. This extensive surveillance is tied to your Mac's serial number and sent to Chinese analytics servers, none of which is disclosed in their privacy policy or necessary for Android emulation functionality.
Chinese software privacy concerns
Users express wariness about Chinese-made games and software potentially spying on users and sending data to China. Discussion includes concerns about popular games like Genshin Impact and Black Myth Wukong, with calls for Western governments to ban such software.Western vs Chinese data collection comparison
Debate over whether Chinese apps collecting data is meaningfully different from Western apps doing the same for intelligence agencies. Some argue domestic spying is preferable to foreign, while others see both as problematic.Technical security and sandboxing solutions
Users discuss practical approaches to mitigate risks, including running suspicious software in VMs, using separate devices for gaming, network isolation via VLANs, and mobile sandboxing solutions like work profiles and GrapheneOS.
9PayPal discloses data breach that exposed user info for 6 months
- PayPal disclosed a data breach affecting its Working Capital loan application that exposed customers' personal information including Social Security numbers for nearly 6 months in 2025. The software error affected approximately 100 customers, with unauthorized transactions detected on some accounts. PayPal has fixed the issue, reset passwords, and is offering two years of free credit monitoring to affected users.
Paypal account freezing and money seizure
Users share experiences of PayPal freezing accounts and seizing funds without clear justification, including a $15 seizure requiring notarized documents to recover, and Notch's $600k freeze during Minecraft's early sales.Paypal's declining relevance and alternatives
Discussion of whether PayPal is still necessary given alternatives like Stripe, Apple/Google Pay, and regional solutions like Vipps and e-Transfer, though PayPal retains advantages in international coverage and micropayments.Data breach response and corporate accountability
Criticism of PayPal's 2-month delay in disclosing the SSN exposure, the inadequate "not a breach" framing for a coding error, and broader concerns about lack of executive accountability for security failures.
10Nvidia and OpenAI abandon unfinished $100B deal in favour of $30B investment
- Nvidia and OpenAI have abandoned their unfinished $100 billion deal and instead opted for a $30 billion investment arrangement. This represents a significant scaling back from their original ambitious partnership plans in the artificial intelligence sector.
AI bubble concerns
Discussion centers on whether OpenAI's potential IPO will mirror WeWork's collapse, with debates about AI hype levels, lack of clear profitability paths, and whether current valuations are sustainable. Some see parallels to past tech bubbles.Investment portfolio adjustments
Users debate moving retirement funds out of stocks due to AI bubble fears. Responses range from conservative shifts to bonds/gold to warnings against market timing, with mixed experiences of those who already repositioned.Hardware pricing impacts
Frustration over inflated RAM and component prices due to AI demand, with users struggling to afford basic hardware builds. Discussion includes hopes for price corrections and impacts on hobbyist computing projects.