Slashdot Mirror
Stop Saying, 'We Take Your Privacy and Security Seriously' (techcrunch.com)
Security reporter Zack Whittaker writes: In my years covering cybersecurity, there's one variation of the same lie that floats above the rest. "We take your privacy and security seriously." You might have heard the phrase here and there. It's a common trope used by companies in the wake of a data breach -- either in a "mea culpa" email to their customers or a statement on their website to tell you that they care about your data, even though in the next sentence they all too often admit to misusing or losing it. The truth is, most companies don't care about the privacy or security of your data. They care about having to explain to their customers that their data was stolen.
I've never understood exactly what it means when a company says it values my privacy. If that were the case, data hungry companies like Google and Facebook, which sell data about you to advertisers, wouldn't even exist. I was curious how often this go-to one liner was used. I scraped every reported notification to the California attorney general, a requirement under state law in the event of a breach or security lapse, stitched them together, and converted it into machine-readable text. About one-third of all 285 data breach notifications had some variation of the line. It doesn't show that companies care about your data. It shows that they don't know what to do next.
I've never understood exactly what it means when a company says it values my privacy. If that were the case, data hungry companies like Google and Facebook, which sell data about you to advertisers, wouldn't even exist. I was curious how often this go-to one liner was used. I scraped every reported notification to the California attorney general, a requirement under state law in the event of a breach or security lapse, stitched them together, and converted it into machine-readable text. About one-third of all 285 data breach notifications had some variation of the line. It doesn't show that companies care about your data. It shows that they don't know what to do next.
And politicians don't really care about their constituents or the country. And SJWs really don't care about equality. The list is endless.
Where you say something like you canâ(TM)t browse a web page if you donâ(TM)t know the URL? Duh
I have a pretty simple test for whether people take a thing seriously. How does it compare to how they handle payments?
Consider:
I ask you to stop spamming me, and you say I need to allow you 30 days to stop.
I ask you to take $5 from my bank account, and in under 10 seconds you have successfully resolved a transaction in a thorough, secure, and traceable away, even if my bank isn't on the same continent as your bank.
Which of these do I think you "take seriously"?
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
The only companies that take data privacy seriously are those that DON'T nudge you towards their cloud, that sell software that encourages local storage, preferably in encrypted form.
We took your privacy and security.
It's gone.
The problem is all these companies forgot a semicolon. Let me help.
We take your privacy and security; seriously.
Ads are customers who have to be taken very seriously.
The security to protect the ads all the way beep into the OS and browser.
The privacy to protect the ad tracking from any as blockers.
Domestic spying is now "Benign Information Gathering"
I have a real easy way for companies to care about privacy when they say they "care about privacy":
Penalties:
-- $2 for each name + password
-- $5 for credit card number
-- $10 for social security number
etc.
And multiply for combinations of the above. You'll see companies start fixing their processes (or simply refusing to store unnecessary data, right quick.
They all pay lip service to security. That's all. They don't do what they should, because it is simpler, and most cost-effective, for them to do damage control when the inevitable security breach happens than really trying to prevent it. We have heard about huge security breaches in Equifax, Target, Visa etc. Those companies are still there, business as usual. They sure took a hit, but it probably impacted on their bottom line less than having to invest on minimizing the probability of such breaches in the first place.
About one-third of all 285 data breach notifications had some variation of the line. It doesn't show that companies care about your data. It shows that they don't know what to do next.
"We take your privacy and security seriously" is the data tech equivalent of saying "We send out thoughts and prayers". It means nothing concrete, and is meant to end inquiry/discussion into what actions should in fact be taken (or should have been taken).
- First they ignore you, then they laugh at you, then ???, then profit.
Is also a common slogan that gets little more than lip service.
my company did a major 'safety blitz' with managers and workers and even had half day sessions to enforce their new found 'resolution for safety'.
My first question to the safety facilitator was 'Are they changing the company mission statement to include safety?'. They said no. I said then they are not serious and this is little more than an effort to cut expenses.
It did not go over well.
It';s right up there with "we value your call, that's why we've been claiming unusual call volume and long hold times since 1982". "Speaking of holding since 1982, hang in there Betty, help is only days away".
While the sentiment is appreciated; that was a big ol' non-article. More like a rant.
Stop complaining and whining about everything. Just shut up.
To stop you suing them when you know you should.
We were doing nothing for security that didn't happen accidentally before. We got caught. We now will do the absolute minimum required by a regulatory body. If we have no regulations, we're just saying this because we have to. We want money and couldn't care less about your privacy. Suckers.
Be Excellent To Each Other
Century
If any of these companies took our privacy and security seriously. They wouldn't have to apologize or come up with catchy PR responses for them not taking it seriously. I don't give them a second chance to screw up, can't do it right the first time, I'm going elsewhere. Just too bad we desperately need regulations to protect us from what should be a no brainer.
This is another one that various companies, government departments, and the police, like to throw around.
Whenever you hear it just substitute: "we don't want to say anything to you about this".
They want to keep your private information all for their financial interests, not to be stolen by hackers or other businesses (or both). They take their bank accounts very seriously.
Consumers need to take their Privacy seriously too. This means:
- Demand to buy Android Devices with unlockable Bootloaders that can run Lineage OS.
- Maps provided by Osmand on Android
- Self Host a Federated NextCloud/OwnCloud Service for Roaming Storage on a PC they own with a Dynamic DNS Provider.
- Handle Contacts, Calendaring,and Task related services on a Groupware service.
- Instant Messaging/Social Media done Via Libpurple based Spectrum2 Servers. (again, hosted on the same set of Devices as the NextCloud/Groupware Solution.)
This is so that if you have a Discord/FaceBook/Skype/etc account, It can't track you.
These are the only things that will really change the privacy game.
...just not very much at all.
Please. Poor Norbert is spinning in his grave.
Strange things are afoot at the Circle-K.
They care about your privacy means that the unique data that you provide to them is more valuable than the data you give everyone. They care about your security means if you feel insecure about their offerings you won't engage with their site.
we "take" (stolen) your privacy and security, seriously
Politics is Treachery, Religion is Brainwashing
"...your call is very important to us. Please remain on the line and..."
If it's so important, why did you just make me navigate a 3 minute tree and then wait 5 more, only to hear this malarkey?
It's all lies, from all the corporations (and many small businesses, too, dishonests are everywhere)
The "Civilized World" jumped the shark ca. 1973.
I ask you to take $5 from my bank account, and in under 10 seconds you have successfully resolved a transaction in a thorough, secure, and traceable away, even if my bank isn't on the same continent as your bank. Which of these do I think you "take seriously"?
Interestingly enough, a credit to your bank account can take up to an order of magnitude more time to post than an instantaneous purchase.
Perhaps the banking powers that be are tipping their collective hand here... when it is in their financial interest to do so, they've developed the uncanny ability to be as fast as they need to be or as slow as necessary to maximize daily balance computations.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
We take your Bandwidth Seriously.
- Pay for your email - Don't use social media - Don't use a smartphone That gets you like 95% of the way there, but I don't know anybody other than myself who lives like this.
I don't respond to AC's.
"We take your privacy seriously, but profits even more seriously."
Table-ized A.I.
They do take your privacy and security, seriously. Someone just forgot the comma.
Even more:
... {whatever.}
Your call is important to us, please hold.
Our menu options have changed, please listen to them all again.
Elect me, and I'll
Order Now! Supplies are limited.
Thank you for holding -- so how can I make you hang up faster?
If the universe is someone's simulation -- does that mean the stars are just stuck pixels?
"Your hearing is important. Click OK to be able to actually use your damn headphones"
"This web site uses cookies. We'll cover up most of the window until you accept this fact"
Pushed by the EU nanny state onto the rest of the world.
Maube Peppi-le-Pew should worry about the Middle Eastern Islamic extreminsts (oops, I mean "Asians") right outside their window, who are turning parts of European cities into no-go zones for "infidels", instead of sue crazy special snowflakes.
My E-mail is free, but its IMAP4. There are no Ads with it.
Smart phones are only fine in the circumstance that you have Android, have a spin of Android with LineageOS, Root, Magisk, etc, and do NOT have GApps flashed to your device and largely rely on F-Droid and ApkPure.
Another good one is "we have investigated ourselves and found no evidence of wrongdoing", a la MIT and JSTOR. Practice "The Schwartz Exception" and route these companies out of your life at your network edge.
So, increase the incentive. Instead of fining companies like Target 18.5 million for a breach when they have 72 billion annual turnover, try increasing the fine to 18.5 billion.
except for the smartphone part (work basically requires it), iâ(TM)m with you.
Coincidentally, we value it exactly the same amount that the highest bidder does.
I can only hope there is a lawyer out there that will press this point home in court.
"No your honor, they didn't take it seriously. They need to pay for that lie."
"We take your privacy and security seriously, as long as it's easy & convenient and doesn't cost us any actual money"?
I suppose next I'll have to stop saying "I love you and I'll still respect you in the morning."
Have gnu, will travel.
If a company actually cared about privacy/security, they would take the absolute basics of data, with separation of databases, so web logs are in one repository, access in another. Companies can operate legally and in compliance with auditors with far less info than what they have now. If needing to ID people (for example, Korea requires posters to use their citizen ID number), obtain that info, stash it in a separate database (perhaps as an OpenPGP encrypted blob to ensure it is present, but inaccessible to all but auditors), and just use username and a proper salted PW hash.
In reality, the visitors and customers are not their real customers. The real paying customers are the ad guys who demand a constant stream of analytics.
too much work
i heard that he rents his apartment in a cheap building on purpose
it's easier for him to feel the neighbor's fridge by the heat through the thin walls
then he simply reaches through the walls with his bear-like forearms and tears the sheet metal right off the back
then he eats his way to the front of the fridge
imagine waking up and opening your fridge and all you see are saliva pools and creimer's big eyes staring back at you
he doesn't even apologize he just growls
he may not have teeth but I heard he can gum off a finger if startled
yeah yeah creimer we got it
you weren't above abusing slashdot's TOS to silence the magnificent cdreimer
It's "We're taking your privacy, seriously."
"We take your privacy and security seriously." is the IT versions of "Thoughts and prayers" after a shooting.
Those values are far too low and that's the problem: companies do value our privacy and security but the value they assign to it is woefully low. If your information is leaked the cost of clearing up any identity theft that results is far, far more than the numbers you gave. Indeed, you can't even lock your credit report for this.
A better way would be to simply make companies liable for all "reasonable" costs resulting from a violation of a customers privacy and security. This will make them pay for the time, effort and money it costs to either prevent or clear up identity theft which will make them very much aware of the monetary value of privacy and security.
Well, to be completely fair by the time a company is sending out one of these breach notices they probably are taking our privacy and security seriously, or at least a lot more seriously than they were before the breach. The problem is that it is now far too late.
You have to admire Equifax's completely brazen approach to privacy and security though. They get paid to collect and curate a database of extremely private and sensitive data and then, when they screw up and it gets breached, people pay them even more money to lock their credit reports. That's why they do value our privacy and security: everytime it gets violated they make more money.
This win-win model is almost as good as the one the phone companies pull where they sell you a phone number and service, then sell your name and number to advertising services and finally sell you a call blocking service to prevent ads from reaching you: that's win-win-win!
That is what I'd like to know. :P
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
It means nothing. Just like "Thoughts and prayers"
They took mine last week. Now i neither have any privacy nor any security.
What a worthless story.
Hey, and that works just as well for the same situation!
If that were the case, data hungry companies like Google and Facebook, which sell data about you to advertisers, wouldn't even exist.
A security researcher who seems to know about data and privacy doesn't understand the business practice of the two biggest companies in the data and privacy related fields.
Congratulations Zack Whittaker, you've just shown the world that you're out of your depth. Maybe you should go make instructional videos of how to build computers for the Verge and leave the security, data and privacy related talk to someone who actually knows what is going on in their field.
Let's break this down:
- Demand to buy Android Devices with unlockable Bootloaders that can run Lineage OS.
You just lose most consumers with this line.
- Maps provided by Osmand on Android
This is one of the few things you said that's doable.
- Self Host a Federated NextCloud/OwnCloud Service for Roaming Storage on a PC they own with a Dynamic DNS Provider.
You now lost a good chunk of the remaining technical crowd and narrowed your solution to only the top tier of nerds.
- Handle Contacts, Calendaring,and Task related services on a Groupware service.
What's a groupware service? Asking for a consumer.
- Instant Messaging/Social Media done Via Libpurple based Spectrum2 Servers. (again, hosted on the same set of Devices as the NextCloud/Groupware Solution.
That's good and all but I just checked and my friend's aren't on it. Regards, a consumer.
These are the only things that will really change the privacy game.
Consider your game lost before the users even got through the instructions for it.
My E-mail is free, but its IMAP4. There are no Ads with it.
That doesn't mean there isn't a privacy implication. Google also provides an IMAP4 server and you get your emails without Ads. So does Microsoft. Two companies which openly admit scanning your emails for marketing related reasons.
There's a comma missing: it's "We Take Your Privacy and Security, Seriously". See? All is well!
They're just following marching orders, trying to make rent. Blame the MBAs who don't fucking understand the technology; think that because you can, you should: and want to sell every fucking iota of data they can get their grubby hands on.
The Slashdot TOS is why creimertards are on the endangered species list. Also, creimer has moved on to YouTube. Buy a clue, get a life. Your shit show is not welcomed here.
Seriously, we take your privacy and security.
Halfway through your nuttery I stopped to check who wrote this ranty bit of insane lunacy. Ah, makes sense now. All is right in the world. Just one of our local Marxist sheep baying at the moon, again.
Carry on!
Isn't this the technical equivalent of "thoughts and prayers"?
the title needs to be adjusted to;
Stop saying, 'We take your seriously'
it's just a template sentence that everybody uses when something goes wrong with their product/company.
car company has issues with airbags - we take your safety very seriously
tv broadcast company has outage - we take your leisure time very seriously
etc.
you can find the reason why in the legal department's extensive writing excuses guide.
On a long enough timeline, the survival rate for everyone drops to zero.
"We take seriously the profits we can make from selling your data."
If you are correct and everyone is jumping ship at the first sign of complications, then they don't value privacy.
A century ago, people risked death, killed and died to keep their liberties, rights and to remain free.
People today give up privacy (and with it all associated liberties arising from their blackmail-ability) because it is a bit of a hassle.
If you place convenience over privacy and rights, then of course you're gonna have a ton of convenience and no more rights and privacy. Who do you think will fight for YOUR rights and YOUR privacy? Santa Claus and his little elves? Free of charge of course and pronto, right?
Pathetic.
Interestingly enough, a credit to your bank account can take up to an order of magnitude more time to post than an instantaneous purchase.
The settlement procedures are pretty much identical once the transaction is processed for purchases or refunds. You just don't notice because most of the time the cash flows are out of your account and not in to your account and because your bank hides some of the details. Many types of transactions don't actually close for some time (days) even if they show it posting immediately. My bank will post a transaction immediately because I'm considered a safe risk based on my banking history but it's technically in sort of a "pending" status for a day or two (sometimes longer depending on the counterparty) until the settlement procedures finish. If you want the transaction to finish faster there generally are higher costs associated with that. To your point, how long a company takes to get around to posting the transaction can be telling but the actual transaction itself happens just as fast no matter which direction the cash flows.
Perhaps the banking powers that be are tipping their collective hand here... when it is in their financial interest to do so, they've developed the uncanny ability to be as fast as they need to be or as slow as necessary to maximize daily balance computations.
Sure, they know how to play these games to their advantage when they feel the need. But that mostly happens when the bank is the counterparty rather than simply being an intermediary. If you and I are exchanging money and the bank is just facilitating the transaction they reap no benefit from delaying one side or the other in the transaction.
That is why I have never used Facebook or twitter, have stopped using Windows and Google and Gmail, and never upload anything to YouTube or Instagram or imgur.
The phenomena you've described can easily be attributed to bandwidth increases between endpoints and not the "cloud".
Our little organization uses very few cloud services yet experiences all the benefits you describe.
Some very smart people are working on decentralized computing and storage frameworks right now. You could very well see the decentralization of the cloud in the next 10 years.
I'm looking forward to that.
And politicians don't really care about their constituents or the country.
Awfully broad brush you are painting with there. Yes that is too often true but there are people in positions of political power who actually do genuinely care about the people they were elected to lead/serve. Such people are to be treasured when found.
And SJWs really don't care about equality.
A) The term "SJW" is lazy nonsense catchall pejorative like "hipster" that means almost nothing and accurately describes almost no one. Including your use here.
B) Equality and equity are not the same thing. You're right they don't care about equality because equality isn't necessarily what's fair or necessary. You can charge a rich person and a poor person the same tax rate and that is equal but it isn't equitable because 20% of a poor person's income has a much bigger impact on their life than 20% of a rich person's. Just because something is the same for everyone doesn't mean it is fair or good.
it seems like there are many of us
strange
if creimer has moved to youtube
good riddance
and who are you to talk about who is welcomed here
-narcissism
-puffed up ego
-empty talk
yup that's our chris
Bernie Sanders, before running for president net worth of $500k. After "losing" to Clinton he bought a beach house for $600k CASH. Not the thing to do that close to retirement, spending ALL your money on a beach house with huge taxes. Nope, he didn't care about you he ran to get the CASH from you, and did. Ever wonder why he didn't complain about Clinton rigging the primary? I'll give you a guess.
Warren - lied about being an Indian. Then lied about never using it to her advantage, which has been shown at least to have happened twice. She is all about making things unfair for whites and then pretending she isn't white to use that for herself.
MLK was not a SJW. SJWs are all about identity politics. MLK's quote "I have a dream that my kids will grow up in a world where a person is judged by the content of their character, not the color of their skin.". This has nothing to do with current liberals or the DNC, they would call MLK all kinds of words if he were out giving his speeches today, and they do attack current people who do talk like MLK (such as his children)
If you want to support corrupt people that take your money to buy beach houses, or oppress you so they can have advantages for themselves, that is your choice.
Circular logic. I respond to your comment therefore I must be Chris. I'm just a random AC trolling your sorry ass.
And here's where it's shown that the submitter knows nothing.
Google does NOT sell any information to advertisers. They keep the data to themselves. Google will USE that information to decide which ads are shown to which people. But the advertisers don't get to see any of this data.
You may still not like the fact that Google gathers all of that personal data, and that's a legitimate concern, but you should make a basic attempt to understand exactly how they use that data before spouting this sort of misinformation.
I'm a leaf on the wind. Watch how I soar.
"We take your security and privacy seriously."
Is a synonym/lawyer speak for:
"We done fucked up. Please don't sue us."
-Miser
you want a circle
look at yourself in a mirror tubs
"Sorry about that, OK? We are with you. We are strong. We will not be intimidated."
"Thanks for coming. Coffee on the white table; tea on the blue."
"Till next time? ..."
It little behooves the best of us to comment on the rest of us.
I did pay for my email but my ISP stopped providing the service
Next you'll be telling me that my call isn't important to the people who put me on hold for 45 minutes.
They are volunteering to demonstrate to the court what serious actions have been taken to protect.... nevermind
Here's what a lot of people don't seem to understand: Apple's Facetime problem is a bug. Facebook's issue is a feature. Governments, particularly left-wing governments, get their jollies punishing people for being less-than-perfect. Perfection isn't a standard that's achievable. Ergo, Apple shouldn't be punished for a bug. Facebook, on the other hand, sold the data to a third party. It just happens that the third party that brought this issue to light was working for the right side of the American political spectrum. I'd be willing to bet that if the Clinton campaign had won and used Facebook information to do so, you'd either see news stories about how the campaign was so modern and effective because it leveraged social media or you'd never hear about it. One should never think that a political weapon can only be fired in one direction.
Unfortunately, this one lazy bastard named Joe Sysadmin at our company doesn't seem to agree. Would you believe he left openssh unpatched for the last five years?! He wasn't this lazy when we hired him. Anyway, we fired his ass, we hired someone better, we patched the issue, and we're sorry. Please accept our deepest apologies for not keeping Joe on a tighter leash, and please believe us when we say we've learned from this. We hope you can continue to trust us in the future. Since Joe is the one who screwed you all over, here is all of his personal information. *dump* Please don't hurt him, but please don't hire him either.
At least, that's what I wish they'd say.