Comment by snickerbockers
2 days ago
So how is this any different from all the random employees who might have access to this data as part of their jobs? I would understand if there was this sort of scrutiny over every federal employee but as it stands I never know who has access to my data and if they can be trusted.
Usually you don’t have access to “everything”. It might even be illegal to cross reference certain data, e.g., the same person or department might not even be allowed to have access to two databases.
I don’t know if the cross reference is true for the US, but it is for other countries.
[flagged]
Course theres something wrong with it. When the frik did Americans, and American techies - get so blasé about personal information security! America fought against the idea of biometric ID cards. People on HN have railed against giving more information to the government forever.
What the hell? Like this shit didn’t happen back home in INDIA, and that’s a nation which is comfortable with a stronger state.
It’s NOT OK, and you can very well acknowledge that fact because you can just imagine what eviscerating a legacy code base without a replacement looks like. It looks like the disaster you wish on your worst enemy while you quit the firm and look for a new job.
This isn’t beyond the project execution and technical ability of most people here to grasp.
ask yourself how many consecutive miracles would it take for this to go off without a hitch. Then ask yourself if you are that lucky.
5 replies →
So more ambitiousness means you should get access to more user information?
This is generally quite restricted. I personally had to undego a "Public trust" civilian security clearance (which is binding for life unlike the 75 years of TS-SCI).
Public trust is not a security clearance; it is simply a more involved background check. A security clearance is only granted after a T3/T5 investigation and adjudication of the request. The SF312 NDA signed in order to receive your clearance does not expire.
And do we know the DOGE employees don’t undergo this?
Given the little background we know of the employees includes a guy who was fired for leaking secrets, I think it’s safe to say they didn’t
1 reply →
lol
https://www.bbc.com/news/articles/c93q625y04wo
I already know the answer to this, but if Obama had George Soros hire a bunch of anti-white people to oversee the Doge systems, would you still be supporting it? Or it's okay because you're white and the people are in charge are white.
Except in exceptionally poorly run or small organisations, random employees do not have access to everything; generally they need a reason to look at stuff, and there’s a paper trail indicating that they looked at it.
Oh sweet summer child
The fact that it crosses departmental boundaries. The fact that the employee has multiple businesses that could benefit from such data.
I strongly suspect no single employee had access to all that data.
accountabilty and role-based permissions based on least-privilege.
None of that matters with what DOGE is doing. That should worry you.
> So how is this any different from all the random employees who might have access to this data as part of their jobs?
Are you asking why it's any different a non-American billionaire who has multipole government contracts having access to your data any different than Joe Bob who was hired and vetted by those same people unlike the other guy?
> a non-American billionaire
This is false.
Elon Musk has South African, Canadian, and US citizenship. Let's not play the xenophobia card.
There are considerable processes to make sure that happens, including proper background checks, seniority at the job, etc. You don't just hand some rando newbie the keys to the kingdom -- any company that did that would be laughed at.
Yeah I more concerned “God Mode” is a thing that exists. One would hope that these systems are heavily locked down but my experience maintaining legacy systems makes me think “God mode” is a thing you get because you have to run a quarterly report and it is too much of a hassle setting up the correct permissions.
Anyone who has ever had root on a database server has that access. There's no technology available that prevents the people responsible for correcting failing RAID volumes from reading blocks from /dev/sda. In theory, yes, there are DRM technologies that prevent you from getting a copy of a song Spotify stores in your cache. But those technologies are not used on multi-gigabyte databases.
The only thing that protects that data is professional ethics, and in extremely paranoid (i.e. airgapped) environments, metal detectors.
Sincerely, God Mode on x DBs, where x > 1.
Wow you know a lot about computers
It is not, it's the same there are just different people viewing your private information, probably more corrupt who banks all that money to themselves now instead of it going to whoever it was going to previously.