Post Akodt9bgbDN8aYoGHI by jaschop@det.social
(DIR) More posts by jaschop@det.social
(DIR) Post #Ako7NRvljs4ZcT2dqC by futurebird@sauropods.win
2024-08-10T00:37:32Z
0 likes, 0 repeats
We need something like the "Better Business Bureau" but for consumer data privacy. Something that give out grades based on how well companies protect consumer privacy and if they DO NOT engage in sharing data, or collecting data in ways that consumers might not expect or like. F - Has had a recent "breech" D - Highest grade possible without allowing inspection of their methods.etc.This could be a government function (like for restaurants) or it could be a PAC.
(DIR) Post #Ako7rjrRdgULutShpg by phryk@mastodon.social
2024-08-10T00:42:58Z
0 likes, 0 repeats
@futurebird I think the basic problem is that you won't arrive at a meaningful indicator without inspecting their methods.Literally the only thing you can note down is if they are repeat offenders concerning private data leaking.In theory at least the EU has legislation prescribing security minimums for storing PII (personally identifiable information), but I have literally never heard about this ever being verified anywhere – and this is the industry I'm working in.
(DIR) Post #Ako8m2D4bbUD2cQG4u by sysop408@sfba.social
2024-08-10T00:53:10Z
0 likes, 0 repeats
@futurebird Ack! I agree on principle, but please let's not use the BBB as the example. That organization is such a hot mess. Just consider how they get their funding. They're funded by the businesses that they're supposed to be monitoring. You can get away with some much before the BBB starts doling out wrist slaps. By the time someone has an F rating, you don't need any kind of rating agency to know they're awful. By that point, it's just common knowledge.
(DIR) Post #Ako9L9x5oOphBlhFYG by futurebird@sauropods.win
2024-08-10T00:59:32Z
0 likes, 1 repeats
@sysop408 There is more recourse for a company than never ships a product than one who smears your credit card all over the the dark web while selling the list of your favorite ice cream flavors to a political operative.
(DIR) Post #AkoFGBCSLQkFKstKBU by sysop408@sfba.social
2024-08-10T02:05:52Z
0 likes, 0 repeats
@futurebird please excuse my reply. It was a dumb impulsive comment that had nothing to do with the substance of what you wrote. Sorry about that.
(DIR) Post #AkoMiXIIUYFjeC5l7w by blargyblargh@a2mi.social
2024-08-10T03:29:10Z
0 likes, 0 repeats
@futurebird @sysop408 if a political operative showed up at my front door with a pint of my fav, I'd be super creeped out, but much more likely to listen than if they just rang the doorbell WITHOUT ice cream.I am weak, can be bribed with food
(DIR) Post #AkoRIBw3mPLve7wpea by BrilliantIdiot@gaygeek.social
2024-08-10T04:20:43Z
0 likes, 0 repeats
@futurebird Not a bad idea. Seems like something the EFF could get on board with.But any computer in the world can get hacked, so maybe how recent isn't the best metric. Something like, what precautions they tried to take, and how quickly and honestly they addressed it with the public once the hack was discovered? Something like that, maybe?
(DIR) Post #AkoUVMKoj67bWgUxZg by jigmedatse@social.jigmedatse.com
2024-08-10T04:56:39Z
0 likes, 0 repeats
@futurebird Other than BBB, being not really about assigning grades, based on better business practices, but rather assigning grades based on a combination of complaints and how much they pay the BBB. If something was developed that was genuinely independent, businesses would create a "popular" one that really is about self-promotion.
(DIR) Post #AkodNdezKIysWxKJ8q by independentpen@mas.to
2024-08-10T06:36:06Z
0 likes, 0 repeats
@futurebirdThere is the Better World Shopper, which assigns companies a letter grade A-F on several categories; their data may or may not have begun to incorporate this
(DIR) Post #Akodt9bgbDN8aYoGHI by jaschop@det.social
2024-08-10T06:41:49Z
0 likes, 0 repeats
@futurebirdhttps://privascore.org tries to do something like it.@yvonnezlam
(DIR) Post #AkohAB62c7d1zgojbc by mono@mastodon.world
2024-08-10T07:18:31Z
0 likes, 0 repeats
@futurebird Unfortunately, such a score would be meaningless because 99.8% of services would receive an F if graded on privacy. These services lack privacy by design, as their business model relies on monetizing user data.While your spouse might not know about your affair, several data brokers are aware and they even know the person involved…
(DIR) Post #Akp1zFzMBNoB1EKAzo by llewelly@sauropods.win
2024-08-10T11:11:52Z
0 likes, 0 repeats
@futurebird this would help, but ultimately, we need laws against collecting and keeping data. Each megabyte of data stored must result in a company board member, chosen at random losing a bodily appendage, also chosen at random, permanently.
(DIR) Post #AkpJPEJ0lEnmY6UKjQ by knbrindle@creativewriting.social
2024-08-10T14:27:01Z
0 likes, 0 repeats
@futurebird Simply the fact of a recent breech isn't an indication of poor privacy practices. EVERY system connected to the internet will be breeched at some point in time. That's not a battle anyone can win, only keep fighting.I think what's vastly more important to this calculus is:1. WHY are they collecting the data they're collecting?2. what practices do they maintain to protect it?3. how quickly and clearly do they message issues?#1 is by far the most relevant & where most will fail
(DIR) Post #AkpKGmYO9rmw7DDUdE by futurebird@sauropods.win
2024-08-10T14:36:44Z
0 likes, 1 repeats
@knbrindle When I worked for a bit as a part of an IT team I found it frustrating that the people at our office tended to judge our performance mostly based on how long it'd been since the wifi went down-- something we had only minor control over.When you say a breech isn't an indicator of poor practice is this what you mean?I don't know that I totally agree, because I realized that although keeping the wifi up wasn't diagnostic it *was* the most visible part of our job-
(DIR) Post #AkpKaAlkLkgGiii8Ke by futurebird@sauropods.win
2024-08-10T14:40:14Z
0 likes, 1 repeats
@knbrindle By going to extraordinary lengths to keep the wifi up (and educating the office about the external factors beyond our control in advance) we built up the trust and goodwill to get our coworkers to learn about what we saw as the more important security and IT issues. A data breech is the WORST thing that can happen from the consumer perspective. It's not an indicator but a scale that didn't weight it as such isn't user-centric.
(DIR) Post #AkpKsMrm6xjzS4CsKm by futurebird@sauropods.win
2024-08-10T14:43:31Z
0 likes, 1 repeats
@knbrindle I was in charge of databases and my work was mostly research tools to better clean the data, keeping multiple databases in synch, trying to propagate best practices...My co-workers though my job was... IDK laboring on a mill wheel that sends out wifi waves to make the wifi work?
(DIR) Post #AkpLncOn2Bu48Bwr1E by faassen@fosstodon.org
2024-08-10T14:53:50Z
0 likes, 0 repeats
@futurebird@knbrindle I think there are structural measures to take against breaches, indeed.But if a breach happens, how much data is stored openly, stored with encryption, or not stored at all, matters a lot. How much data is collected matters.And data sharing matters, as you said. If you share data with others far and wide, somewhere it is going to be breached.
(DIR) Post #AkpMVaIKDeTQLXtBPE by knbrindle@creativewriting.social
2024-08-10T15:01:48Z
0 likes, 0 repeats
@futurebird In a previous life, I worked in info-sec. What I mean is that it's not just a matter of “do this thing right & you're safe.” The worst actors are backed by the budgets of entire governments. If the bar for a “good company" is "never breeched" then only nation-scale actors have a chance, and even those are not immune, as we knowWhat's vastly more important is what they're doing right/wrong, what info they're collecting and why, and how they respond *when* they are breeched
(DIR) Post #AkpN1xRbgVQFPWfR0y by knbrindle@creativewriting.social
2024-08-10T15:07:36Z
0 likes, 0 repeats
@futurebird Sure. And when a system went down because of a vendor or hardware issue that was not previously known or disclosed by that vendor, was it your fault? New infrastructure or kernel-level exploits are being discovered all the time, usually by the threat-actors. Whose fault is that? Should a manufacturing company be penalized because there's a zero-day in their fully-up-to-date corporate email servers that is only discovered *because* of the breech?
(DIR) Post #AkpZaM7PeS6vETOGLQ by Vrimj@mastodon.sandwich.net
2024-08-10T15:45:51Z
0 likes, 0 repeats
@knbrindle @futurebird As a user what are our options?Not using the company usually. So in terms of what I care about and can control it is heavily binary give them data or not and I don't get a lot of control over what data or what happens with it and even if I think I know there isn't long term assurance that the deal won't change.As a result caring about breeches and fraud are what I have.
(DIR) Post #AkpZaNT4dP21PwX4kK by knbrindle@creativewriting.social
2024-08-10T17:27:06Z
0 likes, 1 repeats
@Vrimj @futurebird It’s a question of calculating risk:What info are they collecting?What is the cost to me of this info being leaked?How much trust do I feel can I put in their processes/systems?Are there alternatives/do I *need* to use this?All of those answers form the calculus. “Have they been breeched recently” is actually not a good indicator of trust, because:1. Not all breeches are the fault of that company (see previous posts)2. They may fix poor practices after a breach
(DIR) Post #AkpaSS0dxvaH8k1DRg by puppygirlhornypost@transfem.social
2024-08-10T17:34:39.369Z
0 likes, 1 repeats
@knbrindle@creativewriting.social @Vrimj@mastodon.sandwich.net @futurebird@sauropods.win Another thing that I want to address is how far was the attacker able to move? Compartmentalization is one of the key components to securing a network, restricting movement of an attacker to their entry point essentially. If I have a web server that just stores static assets (think things such as logos) and it is compromised? It shouldn’t give attackers access to the database I am storing customer data on. What kind of monitoring do they have in place for when (not if) they are breached. How long did it take for them to notice? What was accessed by the attacker?
(DIR) Post #AkpnqDUss8UaU8pHRA by keithpjolley@discuss.systems
2024-08-10T20:07:52Z
0 likes, 1 repeats
@futurebird @knbrindle i was an IT manager at a big engineering company. my job was to make sure we had the resources needed to get chips to market on time. it killed me when i'd want to talk about how to do just that and the engineers wanted to talk about slow email or printing. learned that until you discuss that you'll never get to discussing the big issues.
(DIR) Post #AkpnucB933umBygs4W by futurebird@sauropods.win
2024-08-10T20:08:23Z
0 likes, 0 repeats
@keithpjolley @knbrindle Yuuuuuuup
(DIR) Post #AkptP3r7D5tgUNevNQ by landley@mstdn.jp
2024-08-10T21:10:21Z
0 likes, 0 repeats
@futurebird Elizabeth Warren created https://en.wikipedia.org/wiki/Consumer_Financial_Protection_Bureau but as with all things under the religion of capitalism, it's about protecting money rather than people.Still, it's got some interest in regulating disclosures and selling data...