> About the name: The subdomain was called onyx, a reference to the Pokémon Onix (a Pokémon made of multiple boulders, fitting for a multi-node architecture). It was an informal codename chosen by the engineer. It had no connection whatsoever to Fivecast ONYX, an unrelated 3rd party commercial product previously used by ICE. We understand this coincidence caused confusion, and we address it further below.
Yeah I'd sorta second that actually. I can't "judge" on everything they say in the blog post. But some things I definitely recognize as "bad-faith".
Datadog RUM (browser-intake-datadoghq.com) - real-time user monitoring. every click, every page load - on a FedRAMP platform processing PII and biometrics.
Well duh, yes, DataDog does have those capabilities. Doesn't mean you use all of it, just coz you use RUM in general. We also use DataDog and RUM. But we also use filtering, including filtering out the known PII sources we have in our specific case (non-FedRAMP) and we don't have entire session recording enabled for example and we only sample.
Yet no mention of that in the post. They just assume that they must be sending PII from a FedRAMP site to DataDog. No proof of what data actually does get sent.
I agree; I didn't want to editorialize too much as I think the writeup stands on its own.
My takeaway was that in this case, even an author with a clear and extreme bias against this sort of thing could find only unfortunately-common bad practices rather than deeply nefarious intent. Of course, this is just the front-end code, but this just looks like a KYC platform to me. Most of the secondary reports on this write-up seem to completely ignore section 0x13 and jump to the specific conclusions the author does not draw.
The fact that we've created a system where Discord need and want a KYC platform is a different and quite strange thing, but the KYC platform itself just looks like what it says on the tin.
Any time you interact with the financial services industry in a meaningful way, they are doing almost exactly all of these checks on you. It is mandated by law, and they're overseen by FINTRAC in Canada and FinCEN in US.
When you applied for a bank account for your freelancing business (or startup idea), some people googled you, looked for PEPs (politically exposed persons) in your family, stored photos of your IDs and probably even printed them off, and sent everything in a nice package to some "risk" department. Who knows how that department is handling your data.
The only difference is that Persona is trying to put a front-end on it and selling the process as a SaaS. Look up "KYC/KYB saas" and you'll find hundreds of businesses doing this (including, of course, Persona).
edit: I want to emphasize that this isn't restricted to just business banking. Poor wording on my part. Lots of industries are legally mandated to conduct KYC/IDV. Notaries do it in home sales, your stock brokerage is doing it, employers in regulated industries do it to everyone on payroll. The list is very long. Unfortunately...
The government should take on responsibility for KYC imo, instead of letting 100 vendors come up with their own solutions. But that would probably have some nasty externalities.
There is more than “unique web design” that cause reading issues with that article. For one the lowercase and as well as arcane keywords and organization. Not mention the autoplay music. I have communicated this to the author and they shrugged it off.
>> Please don't complain about tangential annoyances—e.g. article or website formats, name collisions, or back-button breakage. They're too common to be interesting.
Yes most of us have read the rule. And I wasnt complaining in my comment I was directing the author as to why their submission was getting complaints and flagged.
Stomping your feet that it doesn’t matter when people are telling your article is slightly unreadable really doesn’t make you or your article worthwhile to invest time in. No matter how good it is.
Have a quirky website fine, but if you have important information you want to be taken seriously for, maybe consolidate that information into a more accessible format. Otherwise people will tell you AND do otherwise.
Some of the most interesting authors in tech on the internet have just absolute awful websites. Blinking animations everywhere, weird sounds, "cute" little javascript animations like it's 1999 again.
the last time the website was submitted, over half the comments talked about website design instead of the actual content. we can probably skip doing it again.
different people have different tastes. people complain about boring websites, people complain about websites with animations or colors. the only guarantee is that the conversation isnt interesting.
if you are on the side that doesnt like music, animations, whatever, i recommend a combination of noscript and using reader mode.
This is my problem with it. Put in a mute button if you're going to do this, otherwise it's just user hostile. No problem with stylized websites and fun animations.
Why not use your main account to post this, unless you mean it was submitted less than 4 days ago when your account was created? Genuinely curious what benefit a fresh account gives you here?
>unless you mean it was submitted less than 4 days ago
maybe you are unaware, but you can browse HN without an account, and you can browse previous submissions (years back, even!). its not like i can only see posts made in the last 4 days.
amazing comment from a 13 year old account. really embodying the spirit of the HN guidelines. thanks for the warm welcome.
so, what exactly, are you basing your accusation on?
was it me saying "use noscript and reader mode" or maybe "people have different opinions"? or just by nature of having created an account after you created yours?
this sort of accusation is what will drive HN to be a shit community to participate in. just accuse anyone you slightly disagree with as being a bot/ai
im not even sure what your issue, or rezonants issue with me even is! all i said was different people have different opinions, and you two are crawling up my ass about it. lets hope we never have to talk to each other about anything slightly important.
I find your surefooted statements about what hacker news is, will become, or ever was to be worth little seeing as you have only just become a part of this community.
Might I recommend leaving the snark at home and approaching your interactions here with good faith instead of acting like you're the authoritative arbiter of community interactions?
>Might I recommend leaving the snark at home and approaching your interactions here with good faith
the highest irony, coming from someone who literally cross-examined me and then insulted me rather than engage with my comments at all! can you seriously not see how ridiculous that is?
somehow i am the one who needs to approach interactions in good faith?
lmao. no. you dont get good faith from me. if you want good faith, dont start your conversations with an interrogation and follow it with an insult.
Your original post was written as if you were a long time community member here and had an investment in how the community works and yet were a brand new green account. Something you probably don't know if you haven't spent enough time here is that it is indeed quite common to use a green alt to post comments that you don't want associated with your main profile. It is so common and allowable in fact that most users doing so just call them throwawayXYZ, as in that exact pattern. So I'm used to seeing this.
But it didn't make sense why you would do that for this particular post, especially while seeming to assert some kind of authority and familiarity with the cultural norms of the HN community. So I asked you about it, not aiming to negate or reduce your point but rather to learn about why you would use an alt account.
Instead of simply replying that you were in fact new and this was not an alt, rather that you were a long time lurker and a first time poster, you jumped down my throat and the throats of everyone else involved in this thread, being toxic and abrasive in every way possible. Both of my posts here which you think are at odds with each other are in service of encouraging you to check yourself, because you are being unreasonable; not meant as an insult demanding you to clap back. "You must be great at parties" should prompt you to step back and think of what passers by would think of your behavior and demeanor, because I'm giving you a social hint that a lot of people will find that behavior off putting. That statement is not a prompt for you to grow more vitriolic and upset, and continue the behavior I'm trying to point out is not going to serve you well in a social space like this.
https://vmfunc.re/blog/persona
I definitely recommend reading this primary source before drawing conclusions about the code as most of the secondary reporting is quite low quality.