Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stop Saying, 'We Take Your Privacy and Security Seriously' (techcrunch.com)

Posted by msmash on from the closer-look dept.

Security reporter Zack Whittaker writes: In my years covering cybersecurity, there's one variation of the same lie that floats above the rest. "We take your privacy and security seriously." You might have heard the phrase here and there. It's a common trope used by companies in the wake of a data breach -- either in a "mea culpa" email to their customers or a statement on their website to tell you that they care about your data, even though in the next sentence they all too often admit to misusing or losing it. The truth is, most companies don't care about the privacy or security of your data. They care about having to explain to their customers that their data was stolen.

I've never understood exactly what it means when a company says it values my privacy. If that were the case, data hungry companies like Google and Facebook, which sell data about you to advertisers, wouldn't even exist. I was curious how often this go-to one liner was used. I scraped every reported notification to the California attorney general, a requirement under state law in the event of a breach or security lapse, stitched them together, and converted it into machine-readable text. About one-third of all 285 data breach notifications had some variation of the line. It doesn't show that companies care about your data. It shows that they don't know what to do next.

11 of 192 comments (clear)

  1. And by 110010001000 · · Score: 5, Insightful

    And politicians don't really care about their constituents or the country. And SJWs really don't care about equality. The list is endless.

    1. Re:And by b0s0z0ku · · Score: 5, Insightful

      Which is why there should be laws penalizing invasion of privacy. If companies start getting fined for bad behavior and their assets start being taken, they'll listen -- money talks, BS walks.

    2. Re:And by Anonymous Coward · · Score: 2, Insightful

      It is very hard to make something illegal when it benefits rich people.

    3. Re:And by ShanghaiBill · · Score: 4, Insightful

      Walk away from companies that abuse your data.

      How do you "walk away" from Equifax? The people exposed were their product, not their customers.

      In every one of the other breaches, no customer knew about the sloppy practices until it was too late. So saying that "customer choice" is the solution doesn't work. Even when customers do have a choice, they are not able to make an informed decision.

      TFA is written my someone who doesn't even understand the issues. He complains that Google "sells data about you to advertisers". No they don't. That is not how their business model works. They use your data to place ads on behalf of advertisers, but they do not, and never have, sold or transferred the data to the advertisers.

    4. Re:And by Opportunist · · Score: 3, Insightful

      The problem isn't "the cloud".

      The problem is twofold. One, that security did not keep up with the amount and severity of attacks, and that (personal) data is more valuable than ever before. Which of course is one of the things that drives the attacks.

      Moving out of the cloud and trying to do your own thing again won't solve this. It will probably even make matters worse because I do kinda expect Amazon and Google to have more resources and better people available to secure their stuff than the average company that might collect some data about you.

      What's needed is to make companies actually care about security. And that only works via punishment, unfortunately.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. just like companies, monetize it by supernova87a · · Score: 4, Insightful

    I have a real easy way for companies to care about privacy when they say they "care about privacy":

    Penalties:
    -- $2 for each name + password
    -- $5 for credit card number
    -- $10 for social security number
    etc.

    And multiply for combinations of the above. You'll see companies start fixing their processes (or simply refusing to store unnecessary data, right quick.

  3. No company takes security seriously by OneHundredAndTen · · Score: 5, Insightful

    They all pay lip service to security. That's all. They don't do what they should, because it is simpler, and most cost-effective, for them to do damage control when the inevitable security breach happens than really trying to prevent it. We have heard about huge security breaches in Equifax, Target, Visa etc. Those companies are still there, business as usual. They sure took a hit, but it probably impacted on their bottom line less than having to invest on minimizing the probability of such breaches in the first place.

  4. "Thoughts and prayers" by sacrilicious · · Score: 4, Insightful

    About one-third of all 285 data breach notifications had some variation of the line. It doesn't show that companies care about your data. It shows that they don't know what to do next.

    "We take your privacy and security seriously" is the data tech equivalent of saying "We send out thoughts and prayers". It means nothing concrete, and is meant to end inquiry/discussion into what actions should in fact be taken (or should have been taken).

    --
    - First they ignore you, then they laugh at you, then ???, then profit.
  5. Why, so, serious(ly)? by rmdingler · · Score: 4, Insightful

    I ask you to take $5 from my bank account, and in under 10 seconds you have successfully resolved a transaction in a thorough, secure, and traceable away, even if my bank isn't on the same continent as your bank. Which of these do I think you "take seriously"?

    Interestingly enough, a credit to your bank account can take up to an order of magnitude more time to post than an instantaneous purchase.

    Perhaps the banking powers that be are tipping their collective hand here... when it is in their financial interest to do so, they've developed the uncanny ability to be as fast as they need to be or as slow as necessary to maximize daily balance computations.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  6. We value your privacy by GrumpySteen · · Score: 3, Insightful

    Coincidentally, we value it exactly the same amount that the highest bidder does.

  7. Re:Consumers need to take their Privacy seriously by thegarbz · · Score: 4, Insightful

    Let's break this down:

    - Demand to buy Android Devices with unlockable Bootloaders that can run Lineage OS.

    You just lose most consumers with this line.

    - Maps provided by Osmand on Android

    This is one of the few things you said that's doable.

    - Self Host a Federated NextCloud/OwnCloud Service for Roaming Storage on a PC they own with a Dynamic DNS Provider.

    You now lost a good chunk of the remaining technical crowd and narrowed your solution to only the top tier of nerds.

    - Handle Contacts, Calendaring,and Task related services on a Groupware service.

    What's a groupware service? Asking for a consumer.

    - Instant Messaging/Social Media done Via Libpurple based Spectrum2 Servers. (again, hosted on the same set of Devices as the NextCloud/Groupware Solution.

    That's good and all but I just checked and my friend's aren't on it. Regards, a consumer.

    These are the only things that will really change the privacy game.

    Consider your game lost before the users even got through the instructions for it.