@paco @BenAveling it is just a stupid electronic device
-
@elaine @paco I don't think everyone sending their id to one of 3 American mega corps is a "win" for anyone.
1. They're all actively supporting the regime
2. Even without the current president, they're under the cloud act so that data is still accessible by US
3. Even if the mega corps were not owned by the US, they don't care about our data, privacy, human rights, they are involved in wars and oppression of various peoples.
4. Centralised services are not safer per se....and I should not have to submit ID to my operating system, or to access my own computer!
-
-
-
@harryadney @paco The government wonks were told too, it's just that this time instead of holding off on deployment (kicking it into the long grass) they charged ahead and damn the consequences. Brexit grade "who needs experts?" idiocy.
-
@paco Yet another reason to not use Discord. It was bad from the start and it hasn't gotten better. I wish companies would stop leaning on it more and more for things like tech support too. We shouldn't have to risk identity theft for tech support.
@xoagray Agreed. Plus, discord is not organized or searchable. What I can’t understand is why the maintainer of a product would want people to pop in and ask basic questions in chat. Advanced questions? Sure. Inter-developer communication on the core team? Sure. We’ve had IRC for that for ages and I can see how discord fills that need. But when we think about the basics, that’s what forums and faq’s and web pages and stuff are for. As a maintainer I’d want easy stuff to be answered by RTFM and only ping a person for unusual stuff.
I get frustrated with projects that have crappy documentation and push everyone to discord. It’s so hard to get basic info out of it.
-
@xoagray Agreed. Plus, discord is not organized or searchable. What I can’t understand is why the maintainer of a product would want people to pop in and ask basic questions in chat. Advanced questions? Sure. Inter-developer communication on the core team? Sure. We’ve had IRC for that for ages and I can see how discord fills that need. But when we think about the basics, that’s what forums and faq’s and web pages and stuff are for. As a maintainer I’d want easy stuff to be answered by RTFM and only ping a person for unusual stuff.
I get frustrated with projects that have crappy documentation and push everyone to discord. It’s so hard to get basic info out of it.
@paco Or even just basic email support. That should be a universal constant and it's just not anymore.
-
@paco the only thing discord is better than a forum: it is not searchable!
When aksing dumb question in the chat, nobady can answer "use search function first, we answered this about 1k times!" because everbody knows even following the own thread is a pain in the ass. Reading the followUps to questions from random dudes is like runnning naked in 6 circle of hell beeing chased by porcupines. -
@alice @ElBeeToots @paco The correct way to safely store sensitive personal data is *not to fucking do it* unless storing that data is necessary to carry out your customer's task and then, and this is the important bit, *delete the god damned data once you're through with it!!!!*
Since I know that nobody is good at storing personal data securely, I'm extremely reticent to give any data to anyone. If you want to verify my age, fine, you can look, and then you've done it and don't need it anymore
-
@paco The small races matter. Thank you for your election service.
-
@alice @ElBeeToots @paco The correct way to safely store sensitive personal data is *not to fucking do it* unless storing that data is necessary to carry out your customer's task and then, and this is the important bit, *delete the god damned data once you're through with it!!!!*
Since I know that nobody is good at storing personal data securely, I'm extremely reticent to give any data to anyone. If you want to verify my age, fine, you can look, and then you've done it and don't need it anymore
@StarkRG @alice @paco Authorities like your national government or financial service providers like banks have to permanently store personal data, some of it sensitive.
But I agree that it's seldom necessary for most commercial parties to store that data beyond the scope of the service that they provide.
-
@alice @ElBeeToots @paco The correct way to safely store sensitive personal data is *not to fucking do it* unless storing that data is necessary to carry out your customer's task and then, and this is the important bit, *delete the god damned data once you're through with it!!!!*
Since I know that nobody is good at storing personal data securely, I'm extremely reticent to give any data to anyone. If you want to verify my age, fine, you can look, and then you've done it and don't need it anymore
@StarkRG I agree. My dermatologist wanted to scan a copy of my ID and I didn’t want them to. I got into a bit of friction at the check-in desk. Ultimately I asked “are you going to refuse to do business with me if I don’t let you scan my ID?” And they relented.
Medical companies are notorious for having bad cyber security. It’s bad enough that these folks have my medical records. But that’s what they do, so they must. No need to give them anything optional to store.
-
@StarkRG @alice @paco Authorities like your national government or financial service providers like banks have to permanently store personal data, some of it sensitive.
But I agree that it's seldom necessary for most commercial parties to store that data beyond the scope of the service that they provide.
@ElBeeToots @alice @paco Sure, if the need to keep the data is ongoing and known, it makes sense to keep it. Most of the time, though, they keep the data just in case they might need it again in the future for some as yet unknown purpose. That should not be allowed.
This is also why I almost never accept store credit for a refund. No, I gave you money for the thing, and now you have the thing so you need to give me back the money.
-
@paco Yet another reason to not use Discord. It was bad from the start and it hasn't gotten better. I wish companies would stop leaning on it more and more for things like tech support too. We shouldn't have to risk identity theft for tech support.
@paco@infosec.exchange @xoagray@tiggi.es Id already be glad when FOSS projects would stop using it.
-
@paco I enjoy these posts -- and will follow and boost.
-
-
@shinspiegel @elaine @paco
which doesn't make things any better, though -
@paco well
If he does not remember his own password the account will be super secure.This is only true if a drive encryption is enabled.
-
@killick Agreed. C-level execs care a lot about their own skin and their own money. Put it at risk and things will change. Let them throw a third party under the bus and they won’t.
-
@alice I love this headline from the Beaverton.
-
@x41h Go!
@punissuer
