Just because it can by beaten doesn’t mean making it harder isn’t useful. This p...

CiPHPerCoder · 2024-04-13T04:41:28 1712983288

> Just because it can by beaten doesn’t mean making it harder isn’t useful.

Fair.

> This person/team used a VPN. Masking your location is a big red flag for just dev work like this. These things could be exposed in UI.

I disagree strongly, and am surprised to hear this argument on Hacker News of all places.

ogurechny · 2024-04-13T05:34:39 1712986479

People are so used to see artificial bureaucratic structures as more real than their real counterparts that they constantly invent such naive solutions. “Just make the gub'ment provide an official paper (with a stamp) that Joe Random Dude is a real developer, a father of two, not a fan of satanic metal music, and the project will be safe”.

xcrunner529 · 2024-04-14T05:05:51 1713071151

People already do this in a general sense for authenticating a person and deciding if they’re trustworthy.

ogurechny · 2024-04-14T07:30:39 1713079839

Not “trustworthy”, but “able to play their role in certain scenes”. When you're outside of that structure, those decorated clothes lose any meaning.

jamespo · 2024-04-13T09:07:12 1712999232

The VPN is just part of the picture (sock puppet accounts complaining about speed of dev, no meaningful history of other contributions from the dev, no trusted "personal network" for the dev, etc) that in hindsight should have raised red flags.

xcrunner529 · 2024-04-14T05:05:06 1713071106

If they constantly are on a VPN and not willing to disclose a real location or IP then I fail to see why they should be trusted when they don’t provide anything trustworthy themselves.

markhahn · 2024-04-13T14:59:10 1713020350

new project idea: OpenBackgroundCheck

volunteer osint researchers attempt to dox any identity you submit, so you can know whether they're the Right Kind of OSS contributor or not.

/s

asveikau · 2024-04-13T16:25:41 1713025541

Most people you interact with electronically, you don't even bother trying to see if they're using a VPN or make any attempt to geolocate them.

xcrunner529 · 2024-04-14T05:03:50 1713071030

Sure but GitHub could have that as a badge to provide useful info that can help with vetting someone who wants to be a maintainer.

mbs159 · 2024-04-15T14:08:31 1713190111

Not everyone dev that uses a VPN or something like Tor is doing so due to some malicious reasons. Some people face challenges regarding privacy.