Why Online Privacy Is Broken

Trailrunner7 writes "One of the more trite and oft-repeated maxims in the software industry goes something like this: We're not focusing on security because our customers aren't asking for it. They want features and functionality. When they ask for security, then we'll worry about it. Not only is this philosophy doomed to failure, it's now being repeated in the realm of privacy, with potentially disastrous effects. A quick search of recent news on the privacy front reveals that just about all of it is bad. Facebook is exposing users' live chat sessions and other data to third parties. Google is caught recording not only MAC address and SSID information from public Wi-Fi hotspots, but storing data from the networks as well. But the prevailing attitude among corporate executives in these cases seems to be summed up by Google CEO Eric Schmidt, who famously said this not too long ago: 'If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.' If you look beyond the patent absurdity of Schmidt's statement for a minute, you'll find another old maxim hiding underneath: Blame the user. You want privacy? Don't use our search engine/photo software/email application/maps. That's our data now, thank you very much. Oh, you don't want your private chats exposed to the world? Sorry, you never told us that."

Re:We just need legislation

[Todd+Knarr]

Actually they probably didn't record your credit-card number. What they probably recorded was the sale number (basically a receipt serial number), the receipt information (what was bought), and the type of credit card and the authorization number. They knew your name because it was recorded off your credit card at the time of sale. To handle the refund they just use the authorization number, which the credit-card company can match to your card (but they won't tell the store the card number, they'll just give out another authorization number for the refund).

Now, the store probably doesn't need to store your name at the time of sale. But if you're paying with a credit card, you know you're leaving a connection between you and that sale anyway so IMO it's not a major thing. If you really want no connection, pay in cash and don't give them any identifying information, not even a phone number.

Re:How Precisely Could P2P Solve This?

[betterunixthanunix]

There are a few ways P2P would solve the problem. The first that comes to mind is that it would reduce the incentive to undermine privacy, since the social network would not be funded by the sale of personal data (or data derived from personal data). It would also increase the cost of undermining privacy, since people would not just be throwing their data at a single centralized datacenter.

As for distributing the data across the network, it is very easy to solve that problem cryptographically. You encrypt your data, and the decryption key is distributed as part of the "friending" process. In theory, if your friends are out to get you and want your privacy to be undermined, they could distribute the key further, but this is not much different than the current situation, where they could just copy your data from a website and hand it out to people.

Stop spreading disinformation

[Aqualung812]

If you use it as a debit card--snip--you are fully on-the-hook when it comes to losses - if they steal $2000 from your account, you have lost $2000 - there is no disputing charges or limited liability like with a credit card.

I worked at a financial institution, this is completely incorrect. Your liability is limited by law to $50, and most small banks and credit unions just limit it to -0-. Just make sure you have email alerts on so you know your card is being abused & call your bank & police if so.

http://usa.visa.com/personal/security/visa_security_program/zero_liability.html

http://www.fdic.gov/regulations/laws/rules/6500-1350.html