zlacker

[return to "Image Scrubber: tool for anonymizing photographs taken at protests"]
1. comboy+iO[view] [source] 2020-05-31 21:38:59
>>dsr12+(OP)
Really weird that nobody in the thread is pointing out that this is basically a website that says "give me your photos, specifically from protests, which have details that you want to keep private".

It doesn't matter that it theoretically all happen in the browser. You can serve different versions to different IPs etc. Every heuristic in me would be screaming don't use that if I would have a need for such tool.

◧◩
2. vagab0+a91[view] [source] 2020-06-01 00:09:57
>>comboy+iO
Can you imagine yourself being convinced somehow that this is safe to use? I've had similar ideas before that I ended up not pursuing precisely because I knew I couldn't find a way to convince people like you.

See also https://haveibeenpwned.com/Passwords.

◧◩◪
3. mulmen+ua1[view] [source] 2020-06-01 00:20:51
>>vagab0+a91
haveibeenpwned is explicit about not entering passwords you use. If you want to check a password that you intend to use then download the database and check for yourself.
◧◩◪◨
4. vagab0+Db1[view] [source] 2020-06-01 00:34:15
>>mulmen+ua1
I don't get it. If I check for a password I used before, presumably I want to keep using it if it's safe. Otherwise what's the point?
◧◩◪◨⬒
5. abathu+6p1[view] [source] 2020-06-01 03:34:17
>>vagab0+Db1
FWIW, I don't think the post you're responding to is correct? At least, I couldn't readily find a place where HIBP tells me not to fill in the form. And it bothers assuring me that it goes to great lengths not to make it obvious what password my client is checking.

Your question is on target--one I've wondered myself--but I've come to the conclusion that it isn't for people who already have the sense not to put their passwords in random forms on the internet.

I can only assume it has 2 main uses:

1. Poke (some) holes in the bubbles of people with dated password hygiene practices (and a poor sense of how good other humans are at helping attackers reduce the possibility space) by giving them a playground to make new passwords against for a while.

For example, I decided to enter "silverfish3" in the form because I know more than one person who still uses <noun><number> passwords that are multiple characters shorter than this one. It's still turned up in the database 40 times. "dichotomy14" hasn't been pwned yet, but "dichotomy7" has already been pwned 5 times.

You don't have to use a real password of your own to discover that your schema is well explored.

2. I can only hope HIBP password search has scared a few thousand of the kind of person naive enough to fill in the form with a real password straight.

[go to top]