That's essentially a retaliatory hit piece the NYT printed because they were mad that Scott deleted his website because the NYT wanted to doxx him. Not saying there's no merit to the article, but it should be looked upon skeptically due to that bias.
NYT wanted to report on who he was. He doxxed himself years before that (as mentioned in that article). They eventually also reported on that (after Alexander revealed his name, seeing that it was going to come out anyway, I guess), which is an asshole thing to do, but not doxxing, IMO.
They wanted to report specifically his birth/legal name, with no plausible public interest reason. If it wasn't "stochastic terrorism" (as the buzzword of the day was) then it sure looked a lot like it.
> He doxxed himself years before that
Few people manage to keep anything 100% secret. Realistically private/public is a spectrum not a binary, and publication in the NYT is a pretty drastic step up.
> They wanted to report specifically his birth/legal name, with no plausible public interest reason.
Siskind is a public figure and his name was already publicly known. He wanted a special exception to NYT's normal reporting practices.
> Realistically private/public is a spectrum not a binary
IIRC his name would autocomplete as a suggested search term in the Google search bar even before the article was published. He was already far too far toward the "public" end of that spectrum to throw a tantrum the way he did.
Siskind is a practicing psychiatrist, which is relevant to his profile. Using his real name makes it possible to discuss that. Putting Kendrick's surname ("Duckworth") into the profile adds nothing.
Siskind is a public figure—I don't know why so many people think he is entitled to demand that NYT only discuss him in the ways he wants to be discussed (i.e. not connecting his blog to his physciatric practice).
> Siskind is a practicing psychiatrist, which is relevant to his profile. Using his real name makes it possible to discuss that.
The NYT of all entities should be comfortable talking about whether someone has particular qualifications or a particular job without feeling the need to publish their birth/legal name.
> Siskind is a public figure—I don't know why so many people think he is entitled to demand that NYT only discuss him in the ways he wants to be discussed (i.e. not connecting his blog to his physciatric practice).
Again the NYT of all entities should understand that there are good reasons to hide people's private details. People get very angry about some of the things Alexander writes, there are plausible threats of violence against him, and even if there weren't, everyone agrees that names are private information that shouldn't be published without good reason. His blog is public, the fact of him being or not being a practising psychiatrist may be in the public interest to talk about, but where's the argument that that means you need to publish his name specifically?
> there are good reasons to hide people's private details
They do, and they do grant anonymity sometimes. But it's their call, and they made the call. They're not a PR firm; they have no obligation to be kind or gentle in their coverage. If they wanted, they'd be fully within their rights to publish a noxious hitpiece on the man. They were much milder than I'd have been. Siskind's said some awful stuff.
> everyone agrees that names are private information that shouldn't be published without good reason
The NYT doesn't. They use the real identities of the people they cover by default (that's generally how news works), and consider anonymity a privilege granted under special circumstances.
> where's the argument that that means you need to publish his name specifically
Because I would not want to give my business to a man who's recorded as thinking that Black people are genetically stupid. I'm not really interested in litigating Siskind's political views—I don't think this is the place for it—but I won't gloss over them. They're pretty foul.
API keys are symmetrical, so every client needs a unique one.
Singing allows the server to have only one certificate for all clients (webhook receivers). More convenient.
But the server has no problem storing a unique webhook address for each client.
I suppose you can just add a bearer token into the address, if you need that. A different address per association, containing a bearer token, with HTTPS, provides the same security as if the bearer token was sent in a separate header.
