# Thoughts on Keybase

Robert J. Hansen rjh at sixdemonbag.org
Wed Jan 7 17:14:53 CET 2015

```> Aside from only demonstrating possible earlier intent rather later
> actions, the fraction of comments of "I'll kill you" that actually convert to
> murders is vanishingly small. If I were a juror, this evidence would
> tell me nothing about guilt or otherwise.

One more thing — remember that probabilities are tricksy things.  They vary wildly depending on how one looks at the problem.

Let’s say there are 10,000 threats of murder that are made, and only 10 murders.  If we assume that only ten of those 10,000 threats was connected to a murder, the probability of any given threat being connected to a murder is vanishingly small — one in a thousand, or 0.1%.  Starting from the fact there was a threat, it would be foolish to conclude the speaker intended on murdering someone.

However, if we look at the murders, we discover that 100% of them are connected to threats.  If you start from a murder, it would be pretty wise to start looking into who threatened the person.

If the only fact you have is “Alice threatened Bob’s life,” then yes, that’s pretty poor evidence on which to investigate Alice for Bob’s death.  But if the facts you have are “Alice threatened Bob’s life and Bob was killed under suspicious circumstances,” then yes, that’s actually pretty good evidence on which to investigate her.

ObComputerSecurityStuff: this turns out to be a recurring mathematical pattern that pops up all over in computer security.  If you have 10,000 IDS red-flags warning of catastrophe and catastrophe never happens, that’s a pretty bad system… but if in post-incident analysis you discover, “hey, IDS correctly reported this when it was happening,” Management will ask you some really harsh questions about why you didn’t pay attention to the warnings.  I think this is how IDSes manage to get sold: too often we look at them from a postmortem, rather than premortem, perspective.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3634 bytes
Desc: not available
URL: </pipermail/attachments/20150107/989c69e0/attachment.bin>
```