IdeaWell

Project ideas from Hacker News discussions.

Privacy doesn't mean anything anymore, anonymity does

Original Article

Hacker News Discussion

๐Ÿ“ Discussion Summary (Click to expand)

1. Unnecessary Data Collection by Businesses

Many users argue companies hoard personal data for profit or convenience, not necessity, unlike Mullvad's model.
"Any business that isnโ€™t willing to be as anonymous as Mullvad, I assume has a compromised business model that I donโ€™t really like" (al_borland).
"I donโ€™t understand why any company would want the liability of holding on to any personal data if it wasnโ€™t vital to the operations of the business" (al_borland).
Spivak notes debugging needs data, but al_borland counters retail/TV examples purge data post-transaction.

2. Weak Deterrence from Privacy Regulations

GDPR/Japan fines exist but rarely impact big firms; small businesses suffer more.
"Have you heard of any company that suffered any significant hardship... because of one of these fines?" (tsimionescu).
"Big companies arent suffering any of those. But small businesses and individuals are" (zrn900).
tjpnz praises Japan's strict enforcement; Hakkin cites KADOKAWA hack without repercussions.

3. Challenges in True Anonymity and Verification

Anonymity is hard due to fingerprinting, logs, Cloudflare; pseudonymity โ‰  anonymity; verification paradoxes persist.
"the more privacy oriented you are, the easier you are to fingerprint" (theturtletalks).
"There's STILL a browser fingerprint, IP logs... This is just pseudonymity" (integralid).
ybceo disables logs after criticism; dns_snek: open source/attestation insufficient against passive logging.

๐Ÿš€ Project Ideas

Anonymous Micro-VM Marketplace

Summary

  • A "Mullvad for VPS" service that rents out tiny, RAM-only virtual machines for $1-$2/month.
  • Solves the problem where privacy-obsessed users need to host simple logic (a static site, a bot, or a proxy) without providing PII, email, or a credit card.
  • Core value: Service-level anonymity through a prepaid account system (random hex string IDs) that requires zero user data.

Details

Key Value
Target Audience Privacy-focused developers, "tiny web" enthusiasts.
Core Feature Stateless, RAM-only VMs provisioned via anonymous IDs.
Tech Stack Firecracker (microVMs), KVM, Monero/Lightning for payments.
Difficulty Medium
Monetization Revenue-ready: $1-$5/month prepaid (No subscriptions).

Notes

  • Direct response to HN users saying: "I know some netizens who would pay a dollar a month for... a tiny NetBSD VM... out there are some real wizards" and "reselling really small VMs to the privacy obsessed."
  • Avoids the "Mullvad vs. Servury" debate by using RAM-only infrastructure to ensure data cannot be retrieved post-reboot, addressing the "debugging logs" vs. "anonymity" conflict mentioned by commenters.

Zero-Knowledge Identity Bridge (ZKiB)

Summary

  • A browser extension or middleware that allows users to authenticate with services using Zero-Knowledge Proofs (ZKP) to prove age, residency, or membership without revealing the underlying PII.
  • Solves the "Stacy-fication" of the web where every site demands an email/phone for "fraud prevention" or "compliance."
  • Core value: Replaces shared identifiers (Email/Phone) with unique, site-specific cryptographic proofs.

Details

Key Value
Target Audience SaaS owners wanting to reduce data liability; privacy-conscious users.
Core Feature Anonymized validation of user credentials (KYC/Humanity).
Tech Stack Circom (ZKP), WebAuthn API, Rust.
Difficulty High
Monetization Revenue-ready: Per-verification fee for businesses.

Notes

  • Addresses the developer frustration: "How tf are you supposed to provide working authentication without storing the email somewhere?"
  • Provides a middle ground for the commenter who noted that "A phone number IS identity these days" and "GDPR has been successful in destroying small businesses" due to data liability.

The "Gray-Area" Trust Auditor

Summary

  • A third-party technical auditing service that uses Remote Attestation (TPM/Secure Boot) to verify that a company is actually running the code it claims to be running, with logs disabled at the kernel level.
  • Solves the "Trust Paradox": Users shouldn't have to take a company's word that they "don't keep logs."
  • Core value: Moving from "Social Trust" (Privacy Policies) to "Technical Trust" (Cryptographic Proof of infrastructure).

Details

Key Value
Target Audience Privacy-first startups (VPNs, Encrypted Storage, Anonymous Hosting).
Core Feature Continuous remote attestation and public proof-of-config.
Tech Stack Intel SGX/TDX, TPM 2.0, Go.
Difficulty High
Monetization Revenue-ready: Annual certification/monitoring fee.

Notes

  • Directly addresses the "audit" skepticism on HN: "You may claim you don't collect it, but users need to take your word for it" and "SSH is just a protocol, you're trusting the SSH server to give you a shell inside the real production environment."
  • Leverages the suggestion to use "TPM + secure boot + remote attestation" to achieve a level of certainty beyond a simple privacy policy.

Read Later