And <i>this</i> makes it obvious why you should use a unique username everywhere!<p>It makes pervasive tracking a lot harder.<p>Also when you do any research on health related topics, be extra privacy conscious.
It's a really overengineered fn() { browser site1/$1 site2/$1 ... }<p>Tools like these insult the users' intelligence and generate needless drama[1]
the only data needed are the urls from <a href="https://github.com/sherlock-project/sherlock/blob/master/sherlock_project/resources/data.json">https://github.com/sherlock-project/sherlock/blob/master/she...</a><p>[1] <a href="https://www.reddit.com/r/github/comments/1at9br4/i_am_new_to_github_and_i_have_lots_to_say/" rel="nofollow">https://www.reddit.com/r/github/comments/1at9br4/i_am_new_to...</a>
For people who want to have a professional social presence (FB/linkedin) as well as an anonymous one (Reddit etc), it’ll be super useful to see if the accounts are truly unlinkable. Moreover if you are opening a new anonymous account, maybe a good idea to search the new username using this tool to make sure it’s not “taken”
Interesting tool, but it generates false positives. Try Sherlocking some randomly generated usernames that cannot possibly exist and it will still return results for some of the URLs in its list.
I’ve successfully used Sherlock to track down a colleague that I only connected with on MeetUp. It’s an amazing tool. Worth running on your own usernames as an easy account inventory
Remember when IPv6 decided on 128 bit addreses and defaulting to /64 blocks because someone thought using a 48-bit MAC address as the IPv6 equivalent of a port was a good idea? Fast forward a decade or two and we realize how this is a PII leak issue so nobody does it but we're still stuck with 128-bit addresses (for those who use IPv6).<p>There are several things that are a security issue or simply a privacy issue. These include:<p>- Your username (as I assume this tool is demonstrating)<p>- Your email address. While this is treated as your "public identity" to some extent, I think we're rapidly approaching a point where we need to not do this;<p>- Your phone number; and<p>- Your profile pic. I would advise to never use the same pic across accounts and certainly don't use services like gravatar (if that's still a thing).<p>Email is particularly problematic because you can end up on spam lists if a site is compromised and you can't really identify where it comes from.<p>What I think we need is a more integrated solution for logging in and creating throwaway addresses (eg like SimpleLogin) so it's basically seamless. Gmail seems well-positioned to do this. I honestly don't know why Google hasn't done this.<p>Interestingly, Facebook Groups seem to handle this kind of anonymity reasonable well. Each group your in is a separate profile. You can't find out what other groups someone is in from either their personal identity or any group's identity. Weirdly, your FB profile is associated with any pages or profiles you comment on.<p>It should be clear to these companies by now that people want to silo their public identities (aka pseudonomity).
Reminds me of this excerpt from "A Study in Scarlet".<p><i>'Have you read Gaboriau's works?' I asked. 'Does Lecoq come up to your idea of a detective?'<p>Sherlock Holmes sniffed sardonically. Lecoq was a miserable bungler,' he said, in an angry voice; 'he had only one thing to recommend him, and that was his energy. That book made me positively ill. The question was how to identify an unknown prisoner. I could have done it in twenty-four hours. Lecoq took six months or so. It might be made a text-book for detectives to teach them what to avoid.'</i>
There's a UI design element here which I don't like.<p>The UI presents a text field which is for entering search terms.<p>You click it and expect to type - but NO! - SURPRISE!!! it's actually a button!!<p>And now the page changes, pops up an <i>actual</i> text field, somewhere else and new, and you abruptly are forced to set aside your thoughts about search to process the page layout a second time and go and click <i>again</i> to type in a term.<p>Why on God's clean Earth would anyone ever do this?
I dont plan to run for president or anything, but find myself increasingly censoring my online speech. I think the biggest risk is some out of context post being pulled into a civil suit, or professional cancellation following that.<p>Things like advice in an alcohol recovery forum would be prime evidence for a liability suit.<p>There are also groups that vacuum the internet for offensive posts, and use them to try to get people fired for things they said 10 years ago.<p>At this point, I assume all internet activity can and will be de-anonymized, and restrict my speech accordingly. I'm sure there are some meaningful precautions and nuances, but it is too much to keep up with.
I get this error upon first run, both with pipx and with a regular venv: <a href="https://github.com/sherlock-project/sherlock/issues/2294">https://github.com/sherlock-project/sherlock/issues/2294</a>
The tool didn’t work as well as I expected. It claimed to have found the username I entered on 40 websites, but when I followed several of the provided links, they led to 404 error pages.
Is it querying an offline or an online database? Because if it's the latter I hope people don't give it their various disparate usernames allowing them to link them together.
This will be very handy because when I see someone post something I disagree with on HN I can also go downvote them on reddit and swipe them in the ugly direction on tindr and/or grindr. I am justified in doing this because everything I don't like should be banned.