@paco @BenAveling it is just a stupid electronic device
-
@alice @ElBeeToots @paco The correct way to safely store sensitive personal data is *not to fucking do it* unless storing that data is necessary to carry out your customer's task and then, and this is the important bit, *delete the god damned data once you're through with it!!!!*
Since I know that nobody is good at storing personal data securely, I'm extremely reticent to give any data to anyone. If you want to verify my age, fine, you can look, and then you've done it and don't need it anymore
@StarkRG @alice @paco Authorities like your national government or financial service providers like banks have to permanently store personal data, some of it sensitive.
But I agree that it's seldom necessary for most commercial parties to store that data beyond the scope of the service that they provide.
-
@alice @ElBeeToots @paco The correct way to safely store sensitive personal data is *not to fucking do it* unless storing that data is necessary to carry out your customer's task and then, and this is the important bit, *delete the god damned data once you're through with it!!!!*
Since I know that nobody is good at storing personal data securely, I'm extremely reticent to give any data to anyone. If you want to verify my age, fine, you can look, and then you've done it and don't need it anymore
@StarkRG I agree. My dermatologist wanted to scan a copy of my ID and I didn’t want them to. I got into a bit of friction at the check-in desk. Ultimately I asked “are you going to refuse to do business with me if I don’t let you scan my ID?” And they relented.
Medical companies are notorious for having bad cyber security. It’s bad enough that these folks have my medical records. But that’s what they do, so they must. No need to give them anything optional to store.
-
@StarkRG @alice @paco Authorities like your national government or financial service providers like banks have to permanently store personal data, some of it sensitive.
But I agree that it's seldom necessary for most commercial parties to store that data beyond the scope of the service that they provide.
@ElBeeToots @alice @paco Sure, if the need to keep the data is ongoing and known, it makes sense to keep it. Most of the time, though, they keep the data just in case they might need it again in the future for some as yet unknown purpose. That should not be allowed.
This is also why I almost never accept store credit for a refund. No, I gave you money for the thing, and now you have the thing so you need to give me back the money.
-
@paco Yet another reason to not use Discord. It was bad from the start and it hasn't gotten better. I wish companies would stop leaning on it more and more for things like tech support too. We shouldn't have to risk identity theft for tech support.
@paco@infosec.exchange @xoagray@tiggi.es Id already be glad when FOSS projects would stop using it.
-
@paco I enjoy these posts -- and will follow and boost.
-
-
@shinspiegel @elaine @paco
which doesn't make things any better, though -
@paco well
If he does not remember his own password the account will be super secure.This is only true if a drive encryption is enabled.
-
@killick Agreed. C-level execs care a lot about their own skin and their own money. Put it at risk and things will change. Let them throw a third party under the bus and they won’t.
-
@alice I love this headline from the Beaverton.
-
@x41h Go!
@punissuer
-
My first thought is:
"Due to our totally shitty and essentially non-existent customer service, we are experiencing higher than average call volumes. The current wait time is three days, seven hours, nineteen minutes. Your call is important to us but not as important as reducing staff to goose profits. Please hold for the next available representative."
-
@alice I love this headline from the Beaverton.
I fucking hate Rogers. When they took over Fundy Cable, the service got worse and prices increased. The call centre was farmed out to lord knows where and when I moved, they wanted me to drive the cable box to Saint John from Fredericton, which I refused to do. They relented and I dropped it at the local Rogers store.
Years later, when Rogers bought out Shaw (who I was happy with), I again had to move. It took three hours on the phone to cancel my service because you couldn't do it online for whatever reason, and had to pay $340 to close the contract.
Fuck those guys.
-
@alice @roohafzaluvr @paco “We value your privacy … at about 35¢.”
-
Oh, jeeze that's enraging.
When I was working in the US, I heard a lot of stories about Comcast, none good.
What I hate is I was happy with NBTel, Fundy Cable and later Shaw Cable. They were bought out by Rogers or Bell Canada, the conglomerates with the worst customer satisfaction scores in the country.
The regulator just rubber stamped the deals without paying any attention to public feedback.
-
@shinspiegel @elaine @paco
which doesn't make things any better, though -
-
@globcoco@mamot.fr @paco@infosec.exchange Do you think your bank is better at cyber security than Google? You give them the same information.
The alternative is giving photos of your photo ID to random websites with no full-time security team.
If the data is collected who has a objectively better cyber security team? Google or a random adult videos website.
We do have an alternative to age verification and it's censorship. It could just be illegal to transmit material harmful to minors across state lines. No age verification because there's no material to age gate.
Unless you're willing to actively advocate that there should be zero safe guards to prevent a small child or teenager from being exposed to the materials, for the sake of adults having easier access to the material.
Governments are going to do something. We can either present them with options that avoid harm as much as possibl, or we can stay silent l, and let them decide and it'll probably mean everyone loses. You might have to provide a government ID to use the internet, and there's censorship. -
@shinspiegel@mastodon.social @ki@chaos.social @paco@infosec.exchange The LLM thing is a bit overblown. Contrary to popular beliefs, large language models do have practical size limits in terms of being able to perform inference. If we collected every single chat message, social media message, every keystroke of every user in the world, the language model would be too big. So instead of a library of all of the information in the world, you need the most popular and most relevant information.
Both xAi and Perplexity both use retrieval augmented generation, a process where they collect information from their index and pass to the prompt, of social media posts rather than including them in the model. -
@paco No one should let anyone get away with "third party". Your subcontractor - you own it, just as if it had been your own employees. Don't like it? Don't outsource your responsibilities.
