Hector Martin

“Can” is *extremely* relative. It’s technically possible to invert a hash given given sufficient resources, but it’s definitely *not* the same as posting plaintext. There’s also some plausible deniability in that usually there are collisions.

I wonder if it might help for different posters to use different hash functions, so if one person has targeted multiple people, their name can be triangulated on because it will very likely be the only one in common between the possible plaintexts of different posters’ hashes.

If you wanted to make being targeted by some bizarre countermovement harder, you could post a salt with your hash, but that makes it SO much harder to use it to find others victimized by the same person that it mostly defeats the purpose.

If your goal is to be able to search Twitter for other victims with plausible deniability, then as I said a viable approach is to *deliberately* weaken the hash to ensure collisions. As for countermovements, "bizarre" is exactly what 4chan excels at.

Again, these are things you have to *consider* and analyze and model. You need to understand the risks. You need to *explain* those risks. You need to try to come up with the best possible solution. Not doing so is dangerous and a disservice to victims.

Yo, I thought you said you were done Sealioning.

Thanks for using that term, I had forgotten what it meant. I think I kinda get it after reading a bunch of comments. Basically, even if someone did find the name associated with the hash, and made it public, they'd be doing so at their own risk and publicizing it themselves?

Which I find to be a silly notion. The burden would still fall on the person making the accusation (hashed or not), not the person who merely deobfuscated it. If I randomly cracked a hash, who would you think the attacker and media would go after, me or the person who posted it?