It would be a valuable service to point the people targeted to information about them. I’m imagining something like Have I Been Pwned, but if you don’t want to post the info in cleartext, perhaps you could encrypt the information about each person with name as the key?
The way I see it, if I were on this list, I’d want to be able to find out. You keeping the information to yourself (or telling only cops who ignore the information completely) out of some sense of ethics doesn’t help me very much.
I have had very random people reach out to me who have been the target of threats etc so I have looked them up.
But compared to the scope of data breaches and the ease of checking them via an email address, my 1000 names is not at that scale. I have had some very small scale investigations work commissioned off of these queries, but it’s so quick and easy for me to do I have not got around to charging or doing extended investigations.
It would be very easy for someone to write a script that queries common first name surname combinations, or cross-references with public record/social media information, and then you’re back to the original problem.
Then you can charge ~a dollar per query. Or include some additional information in the key, like zip code. Or if you’re sophisticated enough, if the threats include photographs, you could require anyone submitting queries to submit a photo with matching identity.
I don’t believe that this information can’t simply be dumped on the internet “ethically,” and I don’t have a good model for precisely what requirements the author has made up, so I can’t offer good workarounds. If a bit of security theater is enough, my suggestion will do.
It would be a valuable service to point the people targeted to information about them. I’m imagining something like Have I Been Pwned, but if you don’t want to post the info in cleartext, perhaps you could encrypt the information about each person with name as the key?
The way I see it, if I were on this list, I’d want to be able to find out. You keeping the information to yourself (or telling only cops who ignore the information completely) out of some sense of ethics doesn’t help me very much.
I have had very random people reach out to me who have been the target of threats etc so I have looked them up.
But compared to the scope of data breaches and the ease of checking them via an email address, my 1000 names is not at that scale. I have had some very small scale investigations work commissioned off of these queries, but it’s so quick and easy for me to do I have not got around to charging or doing extended investigations.
It would be very easy for someone to write a script that queries common first name surname combinations, or cross-references with public record/social media information, and then you’re back to the original problem.
Then you can charge ~a dollar per query. Or include some additional information in the key, like zip code. Or if you’re sophisticated enough, if the threats include photographs, you could require anyone submitting queries to submit a photo with matching identity.
I don’t believe that this information can’t simply be dumped on the internet “ethically,” and I don’t have a good model for precisely what requirements the author has made up, so I can’t offer good workarounds. If a bit of security theater is enough, my suggestion will do.