请问HN:对于如何在面对国家级行为者时保持匿名,大家有什么看法?
自2021年5月阮小环(https://en.wikipedia.org/wiki/Ruan_Xiaohuan)被中国当局逮捕以来,已经快五年了。对于不熟悉他的人来说,他经营着传奇的匿名博客Program-Think(https://program-think.blogspot.com/)超过十年。
让我感到不安的是,尽管他有着精英背景,但他的身份还是被泄露了。他曾是2008年北京奥运会网络安全系统的首席工程师。他的安全操作措施非常严格:他只使用现金,避免所有电子商务,并且从不与任何人讨论他的数字生活,包括他的妻子,直到他失踪后她才得知他的“第二人生”。
尽管他拥有丰富的专业知识,但他的匿名身份是如何被揭露的仍然是一个谜。
作为一名在中国的黑客,我对你们对长期维持真正匿名身份的可行性的看法很感兴趣。是否真的有可能在一场必须做到100%完美的“战斗”中获胜,而对手只需找到一个漏洞?
在这样的高级威胁模型中,最可能的失败点是什么?
查看原文
It has been nearly five years since Ruan Xiaohuan (https://en.wikipedia.org/wiki/Ruan_Xiaohuan) was arrested by Chinese authorities in May 2021. For those unfamiliar, he ran the legendary anonymous blog Program-Think (https://program-think.blogspot.com/) for over a decade.<p>What haunts me is that his identity was compromised despite his elite background. He was the chief engineer for the 2008 Beijing Olympics network security system. His OPSEC was rigorous: he operated on a cash-only basis, avoided all e-commerce, and never discussed his digital life with anyone, including his wife, who only learned of his "second life" after his disappearance.<p>Despite his expertise, it's still a mystery how his anonymous persona was deanonymized.<p>As a hacker in China, I’m interested in your thoughts on the feasibility of maintaining a truly anonymous identity long-term. Is it even possible to win a "battle" where you have to be perfect 100% of the time, while the adversary only needs to find one leak?<p>What are the most likely failure points in a high-level threat model like this?