Stop Saying, 'We Take Your Privacy and Security Seriously'

Security reporter Zack Whittaker writes: In my years covering cybersecurity, there's one variation of the same lie that floats above the rest. "We take your privacy and security seriously." You might have heard the phrase here and there. It's a common trope used by companies in the wake of a data breach -- either in a "mea culpa" email to their customers or a statement on their website to tell you that they care about your data, even though in the next sentence they all too often admit to misusing or losing it. The truth is, most companies don't care about the privacy or security of your data. They care about having to explain to their customers that their data was stolen.

I've never understood exactly what it means when a company says it values my privacy. If that were the case, data hungry companies like Google and Facebook, which sell data about you to advertisers, wouldn't even exist. I was curious how often this go-to one liner was used. I scraped every reported notification to the California attorney general, a requirement under state law in the event of a breach or security lapse, stitched them together, and converted it into machine-readable text. About one-third of all 285 data breach notifications had some variation of the line. It doesn't show that companies care about your data. It shows that they don't know what to do next.

And

[110010001000]

And politicians don't really care about their constituents or the country. And SJWs really don't care about equality. The list is endless.

Re:And

[b0s0z0ku]

Which is why there should be laws penalizing invasion of privacy. If companies start getting fined for bad behavior and their assets start being taken, they'll listen -- money talks, BS walks.

Re:And

SJW derangement syndrome is as bad as Trump derangement syndrome.

Re:And

[aybiss]

... and people who hate on SJWs don't really care about rampant political correctness.

Re:And

[b0s0z0ku]

The ideal would be to make companies too afraid to retain ANY data and personal information -- to drive the cloudpushers out of business by strangling them with regulations.

Re:And

That doesn't make sense; SJWs and political correctness are nearly synonymous. Or is there a "good" SJW out there somewhere that isn't prepared to ruin someone's life for offending their "values?"

Re:And

It is very hard to make something illegal when it benefits rich people.

Re: And

[justthinkit]

We take your privacy and security. Seriously.

Re:And

[b0s0z0ku]

Me? Nah, I'm not "happy" with Google -- fuck Google and the rest of Big Tech, and not in a pleasant way.

Re:And

[fustakrakich]

And politicians don't really care about their constituents or the country.

Apparently the constituents don't care either. They keep reelecting the same class of politicians over and over.

Re:And

[ShanghaiBill]

Walk away from companies that abuse your data.

How do you "walk away" from Equifax? The people exposed were their product, not their customers.

In every one of the other breaches, no customer knew about the sloppy practices until it was too late. So saying that "customer choice" is the solution doesn't work. Even when customers do have a choice, they are not able to make an informed decision.

TFA is written my someone who doesn't even understand the issues. He complains that Google "sells data about you to advertisers". No they don't. That is not how their business model works. They use your data to place ads on behalf of advertisers, but they do not, and never have, sold or transferred the data to the advertisers.

Re:And

[gweihir]

It is a very old form of manipulation: If you know your product/service/agenda/faith/etc. has a serious defect, state with force the exact opposite. Whether this is "now even stronger" after a tissue brand actually got weaker, "we take your privacy seriously" when the opposite is true or "thou shalt not kill" when these fuckers are the most prolific murders available does not matter. What matters is that this dishonest and despicable approach seems to work on many people.

Re:And

[micheas]

HIPAA fines are in the thousands per users data compromised.

Anthem was still compromised.

Personally, I lean towards having a robust plan for after the compromise. Defense in depth is highly underrated.

Re:And

[AmiMoJo]

Is that a desirable outcome?

People seem to have forgotten how expensive computing resources were before the cloud. They seem to have forgotten when sites were Slashdotted regularly, when a site from the other side of the world took 30 seconds to load, when free email accounts were limited to 20 MB, and when off-site backup was prohibitively pricey.

The cloud has been of great benefit to us, we just need to fix it so that it works better for us.

Re:And

[AmiMoJo]

In the EU you can request that Equifax delete the data they have about you, and not collect any more. You have a legal right to do that.

The problem is that it buggers up your credit file. There are other credit rating agencies, but it depends if the bank you apply to for a loan happens to use them, or considers the lack of an Equifax file to be suspicious.

Re:And

[ImdatS]

But isn't the problem (especially in politician's case) that the constituents don't want to hear the truth? Here in Germany, we had a politician who said "it would cost about 1-2 Trillion EUROs to have a united Germany" (when the wall came down), "it will involve a lot of difficulties and we should not rush things, but think about it first". The other politician said "no worries, we will have 'blossoming fields', East Germany will be as rich as West Germany very quickly and it will cost no more than 100-200 Billion Euros".

Guess who got elected Chancellor? People didn't really want to hear the truth. The truth is that East Germany is still considerably poorer than West Germany and we are already past the 2 Trillion Euro mark...

I think if the truth is inconvenient, people generally don't want to hear it. They actually rather prefer a lie...

Re:And

[JaredOfEuropa]

You'll also strangle many legit sites, or make things rather inconvenient for users. I think we should start with laws against the sale of personal data (or passing such data on to other parts of the company), even anonymized data. Then put some additional restrictions on the laws we already have (some of us anyway), such as opt-in rules and the law that states that data can only be used for the purpose with which it was collected. Currently companies say that purpose is "anything, plus whatever comes to mind later". Better would be: you can only collect the data strictly necessary for the operation of the service you are offering, and only for that purpose. With some possible exceptions for aggregated data.

Re: And

[Opportunist]

Why do you bury this gem in the pointless rubbish you respond to? This is the best summary of the problem possible!

Re:And

[Opportunist]

The problem isn't "the cloud".

The problem is twofold. One, that security did not keep up with the amount and severity of attacks, and that (personal) data is more valuable than ever before. Which of course is one of the things that drives the attacks.

Moving out of the cloud and trying to do your own thing again won't solve this. It will probably even make matters worse because I do kinda expect Amazon and Google to have more resources and better people available to secure their stuff than the average company that might collect some data about you.

What's needed is to make companies actually care about security. And that only works via punishment, unfortunately.

Re:And

[AmiMoJo]

Is personal data more valuable than ever? Prices seem to be going down because there is so much of it. If you manage to grab a million records from somewhere, chances are a good proportion of them will be duplicates that someone else already sold from a different breech. Plus over-supply pushes prices down, and it keeps getting harder to translate that data into profit.

Re:And

[Opportunist]

Not being able to trade anonymized data would be a severe hit to anyone trying to create statistics about anything. Countries rely on statistics to put the available resources to good use. How many car owners do we have and where do they drive? That allows us to know how much money to allocate to road construction, and where to build them. How do rents develop, so we know where to zone for more living space. How do people spend their pastime, so we know whether there are security or health issues coming our way.

And so on.

I agree that there should be some checks and bounds to data collection, but oulawing it altogether is going to do more harm than good. Data collection has actual uses besides finding out how to pester you the most effective way with ads.

Re:And

[JaredOfEuropa]

There’s a difference between anonymising and aggregating. For purely statistical stuff, aggregated data often is good enough. In quite a few cases it does mean that whoever stores the data has to run the reports, and that’s a feature rather than an issue. Anonymised data on the other hand is problematic. For example they take off your name and SSN, but date of birth + zip code is still a pretty good identifier. Combine enough data sets and you can often still tie anonymised data to an individual profile.

Re: And

[justthinkit]

You want the truth?

Re: And

[BringsApples]

Dear slashdot, please include the mod option "Right. Fucking. On." please. It applies here. Thanks.

Re: And

[Opportunist]

OK, I bite. Yes?

Re:And

[thomn8r]

Your call is important to us - if you actually considered it important, you would have more people available to answer it.

Re: And

First of all, you are one of just two people who have ever friended me on Slashdot. In the 15 or so years I've been on the platform. You did this a long time ago, and I've remembered.

In the mean time I've filled up my foes page and moved on to the freaks page.

Slashdot is at once the greatest collection of smart people, and the greatest collection of the scum of the Earth.

It is, simply, NEVER worthwhile for me to post with my account name. The lunatics are running the asylum here.

That probably all sounds like sour grapes. In reality I could care less about /. and make a point these days of spending maybe 5 minutes a day here. May it fail like all the other mainstream monstrosities are failing. Learn to code, /. Oh the irony.

The point is that it is not fun to watch the truths of life being suppressed year after year. Only the sickest of sick people could be fine with that.

So these days I have a more subversive approach.

Take good care, Opportunist. You're one of the very few good ones.

Floyd

P.S. For those still reading, this trip down the memory hole has some relevance.

Re: And

[thunderclees]

Just like "To Protect and Serve"

Re:And

[strikethree]

Which is why there should be laws penalizing invasion of privacy.

That will not happen in the USA. The foundational laws of the land tell the government they can't collect that kind of data about its citizens. The un-elected officials are, at heart, dictators. That is a normal consequence of working in government and being lazy.

So how will these would-be dictators get all their data? Through businesses collecting it and then passing laws granting government access to it.

No. You will not get any serious privacy laws passed in the USA. The government wants control/information and businesses want money. I am pretty sure America can be called a failed experiment in Freedom at this time... but, the show isn't over until the fat lady sings.

Re:And

[b0s0z0ku]

The problem is that the VOTERS are also stinking cowards, voting for "tough on crime" cop scum (sheriffs are often elected) that in turn lobby for mass surveillance. For the cheeeeeeldren, of course.

Re:And

[terrycarlino]

First you have to convince people to stop sharing their data. This did not start with Facebook and Google. Long before they ever came along banks and merchant associations started collecting data on people who were asking for credit. Customers wanted them to share the data, because when they went to get credit from a new store or business the only way they had to prove they were good for it was to point to the other people they did business with and say "Look I paid them back."

The local merchants associations and bank transitioned to the big credit companies and credit card companies. They only collect data on people who gave it up. Not using them is easy. Just don't ask for credit. Pay cash for everything. But people are not willing to do that. They want the convenience of credit cards and cell phones and electricity (they do a credit check on you too) and want to rent a place to live (ditto).

The benefits of letting people collect data on you are too good to pass up. Unless you are willing to live the life of Enemy of the States Brill, and have the money and technical knowledge to do so you will be in the system and open to having your privacy invaded.

In many ways privacy is a modern concept. In olden days people existed on their reputation. Most lived in a village or small town and everybody knew their business. That was why your word was important, so people knew who they could trust. Who it was safe to do business with.

Only modern people think they have a right to privacy.

Re:And

[b0s0z0ku]

in olden days, someone could leave a given city or town and start a new life in another, with no one being the wiser. So there was functionally a "right to be forgotten", assuming one wasn't a visible member of an outcast or slave caste.

Re:And

[terrycarlino]

That's great. So you just killed Google & Facebook. While I will experience no great loss over Facebook dying what do you think will replace all of the stuff people use Google for?

Let me make it clear. No Android, which means either using a flip phone or paying Apple, and believe me if they were a monopoly we'd be paying $2000 for an iphone.

No Google Maps. Which means out of date GPS, such as the auto manufacturers support where you get to pay $150 a year to update your maps.

No gmail. which means you can go back to changing your email every time you move or change ISPs or change jobs.

No YouTube. Can we even quantify how bad it would be not to be able to just look up how to disassemble something or remove siding or install a drain trap or any of the 1000 other things people look up on YouTube to learn how to do. That doesn't even cover the array of fact based news coverage that keeps the right and the left more honest than they would be if left to their own devices. Or the free college lectures available. The documentaries, travel logs, etc. 100% better than paid media.

Translate. Hugely better than anything but an actual person who speaks the language.

I haven't even touched on search. I know some people like other engines because of privacy concerns, but let's be honest, when you are looking for something Google search is way better than any of the other engines. Ads are clearly marked and you can slip into image search, video search, book search, etc. easily.

Pass a law like that and it all goes away and no one will replace most of it. They will only replace some of it and you'll be paying out of pocket for it.

Re:And

[terrycarlino]

It's just silly at this point.

Everyone has been compromised.

The problem is not a privacy problem. It is an identity problem. They are separate issues. Equifax, Target, Etc. getting compromised is a problem because it can allow someone to steal your identity. That is only a problem because it can screw up your ability to get credit, buy a house , etc. No one that I know of has ever had to pay for stuff bought with a stolen identity. If you notify a bank or credit card company your identity was stolen in the U.S. the most you can be force to pay is $50.

Most decent banks will even return money stolen from your bank account.

This can be fixed by companies not using your SSN as an ID. They don't want to do that because it increases the friction of getting credit, which costs them money. The same goes for better ID and security practices at purchase sites. They won't fix it for the same reason. Higher friction at purchase sites means fewer sales. Until they are convinced that increasing security doesn't reduce credit accounts and purchases they won't change the way they do business.

All this is very different from what Facebook and Google do with personal data. Which is to target ads or in Facebook's case sell data to allow others to target ads. Google does not sell data. Data is their Golden Goose. They sell access to their ability to target data. They sell your data they have nothing.

Re:And

[david_thornley]

In the US, a Social Security number is just fine as identification. It really, really sucks as authentication. The problem is not people seeing my SSN and associating that with me, but with people assuming that anyone with my SSN is in fact me.

Easy to tell whether they take it seriously...

[seebs]

I have a pretty simple test for whether people take a thing seriously. How does it compare to how they handle payments?

Consider:

I ask you to stop spamming me, and you say I need to allow you 30 days to stop.

I ask you to take $5 from my bank account, and in under 10 seconds you have successfully resolved a transaction in a thorough, secure, and traceable away, even if my bank isn't on the same continent as your bank.

Which of these do I think you "take seriously"?

Re:Easy to tell whether they take it seriously...

Soooooo...pay them money to stop spamming you?

What did we learn?

Re:Easy to tell whether they take it seriously...

[charliemerritt03]

Out of modpoints.
Mod this up up up^^^^^^^^^

Re: Easy to tell whether they take it seriously...

[DingerX]

"Take seriously" = "Have a legal team in place." As in "we take shoplifting seriously." The message isn't "we care about you", but rather "although we screwed up, any legal action against us regarding your privacy will be met with force."

Re:Easy to tell whether they take it seriously...

[AndrewFlagg]

easy how the phrase came to be; same lawyer firm recommended by the same state bar recommendation on who to phrase the response without liability. same as cease and desist does not work on stalkers, where a TPO or TRO makes things work, yet disturbing the peace has teeth and works.

Re:Easy to tell whether they take it seriously...

[gweihir]

Excellent point.

Re:Easy to tell whether they take it seriously...

[houghi]

That is because it is two different thing.

Disclaimer: I live in Europe where we have GDPR.

Often a marketing campain is set up before it is actually send. This means that the moment you request to be taken from the list the excelsheet (or other data output) is already send to whomever is working on the email. This means that the emailing list works with old data all the time. It is not uncommon that we use email lists that are a week old for plenty of marketing campaigns.

With paper the data can be even older between when we make up the list and you receive it in your letterbox. List is send to the printer conmpany. They will have to do their stuff and prints it all in one go (for cost) sending it out might be done in batches, as not to overrun phonelines with questions and can not overlap other mailings we must send to customers by law.

Then there is the post whi tells everybody they deliver the next day and experience show that to be a lie. Delivery times of 4 to 5 working days are not uncommon.

So to take all this into account and to be sure you can give one time period, saying "a month" is normal. The majority of people will be confused if you say "Well, for outgoing phonecalls it is done right away, for SMS it will be done over night, for emails it is foen right away, except for those that are already send out to be processed, that will take a week, letters where the datalist is already send out will still be processed. We also have the legal obligation to send certain information to you that we can not send in any other way."

The payment is done via SEPA (in Europe) or via a credit card company and done via a different process.

So yes, even if we take that privacy serious (due to the GDPR and laws that existed before it) we still have these statements.

Yes, I also understand that you do not care that it woulkd cost a lot of money to go through thousands of envelopes each and every day just to find those one or two letters.

The only companies...

[b0s0z0ku]

The only companies that take data privacy seriously are those that DON'T nudge you towards their cloud, that sell software that encourages local storage, preferably in encrypted form.

Re:The only companies...

[Cmdln+Daco]

Also hardware that encourages local storage. I.e. a 'phone' (portable data terminal) that has an SD card slot, not one that forces your data to 'the cloud.'

Re:The only companies...

[b0s0z0ku]

Yep, that too.

No, seriously.

[stavrica]

We took your privacy and security.

It's gone.

Re:No, seriously.

'We Take Your Privacy and Security, Seriously'

Re:No, seriously.

[emaname]

LMAO! And no mod points to give.

Missed Punctuation

The problem is all these companies forgot a semicolon. Let me help.

We take your privacy and security; seriously.

The security to get the ads into the browser

[AHuxley]

Ads are customers who have to be taken very seriously.
The security to protect the ads all the way beep into the OS and browser.
The privacy to protect the ad tracking from any as blockers.

just like companies, monetize it

[supernova87a]

I have a real easy way for companies to care about privacy when they say they "care about privacy":

Penalties:
-- $2 for each name + password
-- $5 for credit card number
-- $10 for social security number
etc.

And multiply for combinations of the above. You'll see companies start fixing their processes (or simply refusing to store unnecessary data, right quick.

Re:just like companies, monetize it

[micheas]

It's about 1,000x that if the data falls under HIPAA. health insurance companies still have breaches.

Re:just like companies, monetize it

[Opportunist]

No. Do it like with copyright. "We determine that by selling this information you could have netted a revenue of..."

Re:just like companies, monetize it

[toddestan]

The problem with the SSN is that it's treated like a unique, personally identifiable piece of information that only I know. For accessing way too many things, the SSN is the equivalent of both a username and a password.

Really, it should be treated like public information and only used for its intended purpose. I shouldn't have to worry about someone knowing my SSN because there should be absolutely nothing they could do with it.

Probably the best thing that could happen is the government saying at some date, say Jan 1st, 2020, the government will publicly post a list of everyone's SSN, which would force everyone that's been using and abusing SSN's to stop treating them as something special and fix their shit.

No company takes security seriously

[OneHundredAndTen]

They all pay lip service to security. That's all. They don't do what they should, because it is simpler, and most cost-effective, for them to do damage control when the inevitable security breach happens than really trying to prevent it. We have heard about huge security breaches in Equifax, Target, Visa etc. Those companies are still there, business as usual. They sure took a hit, but it probably impacted on their bottom line less than having to invest on minimizing the probability of such breaches in the first place.

Re:No company takes security seriously

[SirAstral]

Taking is seriously is not the only problem. Actual security is also minunderstood. Most security methods are "theater" like the TSA. Things are done a certain way to make you "feel secure" not to actually make you secure.

Take the lowly password for example. For years everyone decided that there should be "complexity requirements". Pure security theater right there. Poor saps that though 1337 was where it was at.

Or how about interior corporate security... masses of firewalls installed between devices costs more in work and effort than being saved. The ports most malware is already going over are already open on the firewalls. People are not doing raw network scans much anymore, they are sending payload in specially crafted packets that are let through the FW and Zero Day and other vulnerabilities. Malware up a website or document and send it to HR.

Actual security is fundamentally misunderstood... and you see signs of it everywhere, to all the hacks being made, to all the data being stolen right down having to fucking install a video game as a fucking Administrator!

No one cares about security, not the developers, not the businesses hiring the developers, not the industry, not even Security Professionals take security seriously, instead they just get a bunch of requirements to make all sorts of changes that make no flipping sense in actuality. Stupid things like... Disable and Renaming Guest accounts... wait.. you just disabled it... what is renaming it going to do now? Waste of time and nothing but a BS checkbox people are looking to do for nothing other than just a bunch of busy work. Yes, some things are worth doing, but most of them... totally not worth doing... like UAC and that joke of a trash implementation.

"Thoughts and prayers"

[sacrilicious]

About one-third of all 285 data breach notifications had some variation of the line. It doesn't show that companies care about your data. It shows that they don't know what to do next.

"We take your privacy and security seriously" is the data tech equivalent of saying "We send out thoughts and prayers". It means nothing concrete, and is meant to end inquiry/discussion into what actions should in fact be taken (or should have been taken).

Re:"Thoughts and prayers"

[rmdingler]

About one-third of all 285 data breach notifications had some variation of the line. It doesn't show that companies care about your data. It shows that they don't know what to do next.

"We take your privacy and security seriously" is the data tech equivalent of saying "We send out thoughts and prayers". It means nothing concrete, and is meant to end inquiry/discussion into what actions should in fact be taken (or should have been taken).

Well said. There's been not enough stick for the most egregious offenders, and there's the tasty carrot up front in the form of budgets for security in the neighborhood of what you tip the homeless if you worked at 7-11.

Re:"Thoughts and prayers"

[thegarbz]

"We take your privacy and security seriously" is the data tech equivalent of saying "We send out thoughts and prayers".

Not quite. Thoughts and prayers are free cop-outs. Taking data and privacy seriously is usually said by companies who at least pay someone to be in charge of data security.

The fact that this person is incompetent is beside the point.

Actually sticking with your theme, maybe a better example would be "We're going to arm every teacher with guns, and every student with hockey pucks!" That sounds more on the theme of blowing money down a hole of incompetence.

We value your call

[sjames]

It';s right up there with "we value your call, that's why we've been claiming unusual call volume and long hold times since 1982". "Speaking of holding since 1982, hang in there Betty, help is only days away".

translation

[schklerg]

We were doing nothing for security that didn't happen accidentally before. We got caught. We now will do the absolute minimum required by a regulatory body. If we have no regulations, we're just saying this because we have to. We want money and couldn't care less about your privacy. Suckers.

Privacy & Internet Security are a myth in the

[Hey_Jude_Jesus]

Century

Consumers need to take their Privacy seriously too

[Zombie+Ryushu]

Consumers need to take their Privacy seriously too. This means:

- Demand to buy Android Devices with unlockable Bootloaders that can run Lineage OS.
- Maps provided by Osmand on Android
- Self Host a Federated NextCloud/OwnCloud Service for Roaming Storage on a PC they own with a Dynamic DNS Provider.
- Handle Contacts, Calendaring,and Task related services on a Groupware service.
- Instant Messaging/Social Media done Via Libpurple based Spectrum2 Servers. (again, hosted on the same set of Devices as the NextCloud/Groupware Solution.)
This is so that if you have a Discord/FaceBook/Skype/etc account, It can't track you.

These are the only things that will really change the privacy game.

We value your privacy and security...

[mishehu]

...just not very much at all.

Stop saying "Cyber"

[Lije+Baley]

Please. Poor Norbert is spinning in his grave.

it is obvious

[boojumbadger]

They care about your privacy means that the unique data that you provide to them is more valuable than the data you give everyone. They care about your security means if you feel insecure about their offerings you won't engage with their site.

its all in how you "word" it

[FudRucker]

we "take" (stolen) your privacy and security, seriously

Old one..

[TigerPlish]

"...your call is very important to us. Please remain on the line and..."

If it's so important, why did you just make me navigate a 3 minute tree and then wait 5 more, only to hear this malarkey?

It's all lies, from all the corporations (and many small businesses, too, dishonests are everywhere)

Why, so, serious(ly)?

[rmdingler]

I ask you to take $5 from my bank account, and in under 10 seconds you have successfully resolved a transaction in a thorough, secure, and traceable away, even if my bank isn't on the same continent as your bank. Which of these do I think you "take seriously"?

Interestingly enough, a credit to your bank account can take up to an order of magnitude more time to post than an instantaneous purchase.

Perhaps the banking powers that be are tipping their collective hand here... when it is in their financial interest to do so, they've developed the uncanny ability to be as fast as they need to be or as slow as necessary to maximize daily balance computations.

Re:Why, so, serious(ly)?

[fred911]

"Interestingly enough, a credit to your bank account can take up to an order of magnitude more time to post than an instantaneous purchase."

  But your banker settles receipt of funds before the banking day is done. The longer they float funds they say are "in transit" the more cost free liquidity they have. They make a large percentage of their earnings from float.

Re: Why, so, serious(ly)?

[Jesus+H+Rolle]

Interestingly enough, a credit to your bank account can take up to an order of magnitude more time to post than an instantaneous purchase.

An order of magnitude more than instantaneous? Please explain.

Re:Why, so, serious(ly)?

[rmdingler]

In economics, float is duplicate money present in the banking system during the time between a deposit being made in the recipient's account and the money being deducted from the sender's account.

This is why you read /. kids...they're not slinging knowledge like this on the twitter.

Re:Why, so, serious(ly)?

[houghi]

In Europe we have SEPA. This means that banking is done on a European basis.

The EU was working on the fact that even while all the paymnents are done by computers, the banks still took several days to process that money.

This money was loaned to them free of interest, so thye could work with it.

So the EU went against the will of the banks to do paymets imidiately. They got as far as doing this between private people inside the country. Then some idiots flew into a few buildings and the US suddenly needed to see what was going on with transactions and the EU gave in.

Obviously the banks where not a demanding party, so they did nothing and relaxed. So now it takes longer for a payment between companies than it is between people.

That said, I can easily transfer money between different countries without a fee, I will have it after 2 or 3 days. The most supid thing is that they pull the plug on the computers during the weekend and holidays.

Re:Why, so, serious(ly)?

[rmdingler]

...they pull the plug on the computers during the weekend and holidays.

Good point. A Saturday transaction still pends electronically in seconds, but there is no posting until human oversight returns Monday, even though that posting typically happens at Midnight when human bankers are in short supply.

Why banks don't post transactions on weekends.

Bank credit is another instrument of profit for Banks. You either have the money at the time of the transaction or you don’t. The practice of “floating” a check is when the person writing a check knows they don’t have the money, but writes it anyway, hoping it’ll show up by the time the recipient cashes it. That worked back when The Good, The Bad and The Ugly first came out, but not today. Bank systems don’t work on paper, it’s all digital where things take seconds, not days, to “process”. In practice, checks “bounce” frequently. The consumer pays about $40 each time. It’s all avoidable. Banks should not be permitted to profit to this extent. What is the $40 for anyway? To fund their Cobol programmers’ pensions?

Re:Consumers need to take their Privacy seriously

[DogDude]

- Pay for your email - Don't use social media - Don't use a smartphone That gets you like 95% of the way there, but I don't know anybody other than myself who lives like this.

Modification

[Tablizer]

"We take your privacy seriously, but profits even more seriously."

We Take Your Privacy and Security Seriously

[grep+-v+'.*'+*]

Even more:

Your call is important to us, please hold.
Our menu options have changed, please listen to them all again.
Elect me, and I'll ... {whatever.}
Order Now! Supplies are limited.
Thank you for holding -- so how can I make you hang up faster?

Re:Consumers need to take their Privacy seriously

[Zombie+Ryushu]

My E-mail is free, but its IMAP4. There are no Ads with it.
Smart phones are only fine in the circumstance that you have Android, have a spin of Android with LineageOS, Root, Magisk, etc, and do NOT have GApps flashed to your device and largely rely on F-Droid and ApkPure.

We value your privacy

[GrumpySteen]

Coincidentally, we value it exactly the same amount that the highest bidder does.

so..

[xlsior]

"We take your privacy and security seriously, as long as it's easy & convenient and doesn't cost us any actual money"?

Stop Saying

[PPH]

I suppose next I'll have to stop saying "I love you and I'll still respect you in the morning."

Big misunderstanding!

[exigentsky]

It's "We're taking your privacy, seriously."

Better Value

[Roger+W+Moore]

Those values are far too low and that's the problem: companies do value our privacy and security but the value they assign to it is woefully low. If your information is leaked the cost of clearing up any identity theft that results is far, far more than the numbers you gave. Indeed, you can't even lock your credit report for this.

A better way would be to simply make companies liable for all "reasonable" costs resulting from a violation of a customers privacy and security. This will make them pay for the time, effort and money it costs to either prevent or clear up identity theft which will make them very much aware of the monetary value of privacy and security.

Technically true

[Roger+W+Moore]

Well, to be completely fair by the time a company is sending out one of these breach notices they probably are taking our privacy and security seriously, or at least a lot more seriously than they were before the breach. The problem is that it is now far too late.

Heads I Win, Tails You Lose

[Roger+W+Moore]

You have to admire Equifax's completely brazen approach to privacy and security though. They get paid to collect and curate a database of extremely private and sensitive data and then, when they screw up and it gets breached, people pay them even more money to lock their credit reports. That's why they do value our privacy and security: everytime it gets violated they make more money.

This win-win model is almost as good as the one the phone companies pull where they sell you a phone number and service, then sell your name and number to advertising services and finally sell you a call blocking service to prevent ads from reaching you: that's win-win-win!

Who takes security seriously?

[antdude]

That is what I'd like to know. :P

We value your contribution to Slashdot

[ET3D]

What a worthless story.

It's right up there with "So sorry for your loss"

[Babel-17]

Hey, and that works just as well for the same situation!

Wow. Talk about killing your career

[thegarbz]

If that were the case, data hungry companies like Google and Facebook, which sell data about you to advertisers, wouldn't even exist.

A security researcher who seems to know about data and privacy doesn't understand the business practice of the two biggest companies in the data and privacy related fields.

Congratulations Zack Whittaker, you've just shown the world that you're out of your depth. Maybe you should go make instructional videos of how to build computers for the Verge and leave the security, data and privacy related talk to someone who actually knows what is going on in their field.

Re:Wow. Talk about killing your career

[bluefoxlucid]

It's more than that. Think about it: we take safety seriously, which is why it's illegal to ever leave your house and cars are banned from our society.

Risk. Everything is about risk.

Re:Consumers need to take their Privacy seriously

[thegarbz]

Let's break this down:

- Demand to buy Android Devices with unlockable Bootloaders that can run Lineage OS.

You just lose most consumers with this line.

- Maps provided by Osmand on Android

This is one of the few things you said that's doable.

- Self Host a Federated NextCloud/OwnCloud Service for Roaming Storage on a PC they own with a Dynamic DNS Provider.

You now lost a good chunk of the remaining technical crowd and narrowed your solution to only the top tier of nerds.

- Handle Contacts, Calendaring,and Task related services on a Groupware service.

What's a groupware service? Asking for a consumer.

- Instant Messaging/Social Media done Via Libpurple based Spectrum2 Servers. (again, hosted on the same set of Devices as the NextCloud/Groupware Solution.

That's good and all but I just checked and my friend's aren't on it. Regards, a consumer.

These are the only things that will really change the privacy game.

Consider your game lost before the users even got through the instructions for it.

Re:Consumers need to take their Privacy seriously

[thegarbz]

My E-mail is free, but its IMAP4. There are no Ads with it.

That doesn't mean there isn't a privacy implication. Google also provides an IMAP4 server and you get your emails without Ads. So does Microsoft. Two companies which openly admit scanning your emails for marketing related reasons.

Thoughts and Prayers!

[cjeze]

Isn't this the technical equivalent of "thoughts and prayers"?

template wording

[sad_]

the title needs to be adjusted to;

Stop saying, 'We take your seriously'

it's just a template sentence that everybody uses when something goes wrong with their product/company.

car company has issues with airbags - we take your safety very seriously
tv broadcast company has outage - we take your leisure time very seriously
etc.

you can find the reason why in the legal department's extensive writing excuses guide.

Transaction processing

[sjbe]

Interestingly enough, a credit to your bank account can take up to an order of magnitude more time to post than an instantaneous purchase.

The settlement procedures are pretty much identical once the transaction is processed for purchases or refunds. You just don't notice because most of the time the cash flows are out of your account and not in to your account and because your bank hides some of the details. Many types of transactions don't actually close for some time (days) even if they show it posting immediately. My bank will post a transaction immediately because I'm considered a safe risk based on my banking history but it's technically in sort of a "pending" status for a day or two (sometimes longer depending on the counterparty) until the settlement procedures finish. If you want the transaction to finish faster there generally are higher costs associated with that. To your point, how long a company takes to get around to posting the transaction can be telling but the actual transaction itself happens just as fast no matter which direction the cash flows.

Perhaps the banking powers that be are tipping their collective hand here... when it is in their financial interest to do so, they've developed the uncanny ability to be as fast as they need to be or as slow as necessary to maximize daily balance computations.

Sure, they know how to play these games to their advantage when they feel the need. But that mostly happens when the bank is the counterparty rather than simply being an intermediary. If you and I are exchanging money and the bank is just facilitating the transaction they reap no benefit from delaying one side or the other in the transaction.

Broad brush

[sjbe]

And politicians don't really care about their constituents or the country.

Awfully broad brush you are painting with there. Yes that is too often true but there are people in positions of political power who actually do genuinely care about the people they were elected to lead/serve. Such people are to be treasured when found.

And SJWs really don't care about equality.

A) The term "SJW" is lazy nonsense catchall pejorative like "hipster" that means almost nothing and accurately describes almost no one. Including your use here.
B) Equality and equity are not the same thing. You're right they don't care about equality because equality isn't necessarily what's fair or necessary. You can charge a rich person and a poor person the same tax rate and that is equal but it isn't equitable because 20% of a poor person's income has a much bigger impact on their life than 20% of a rich person's. Just because something is the same for everyone doesn't mean it is fair or good.

No, Google does not sell your data.

[bgarcia]

If that were the case, data hungry companies like Google and Facebook, which sell data about you to advertisers, wouldn't even exist.

And here's where it's shown that the submitter knows nothing.

Google does NOT sell any information to advertisers. They keep the data to themselves. Google will USE that information to decide which ads are shown to which people. But the advertisers don't get to see any of this data.

You may still not like the fact that Google gathers all of that personal data, and that's a legitimate concern, but you should make a basic attempt to understand exactly how they use that data before spouting this sort of misinformation.

Doublespeak

[Miser]

"We take your security and privacy seriously."

Is a synonym/lawyer speak for:

"We done fucked up. Please don't sue us."

-Miser

Sounds like gun violence ...

[CaptainDork]

"Sorry about that, OK? We are with you. We are strong. We will not be intimidated."

"Thanks for coming. Coffee on the white table; tea on the blue."

"Till next time? ..."

What? But...

[Thad+Boyd]

Next you'll be telling me that my call isn't important to the people who put me on hold for 45 minutes.

Feature vs. bug

[RogueWarrior65]

Here's what a lot of people don't seem to understand: Apple's Facetime problem is a bug. Facebook's issue is a feature. Governments, particularly left-wing governments, get their jollies punishing people for being less-than-perfect. Perfection isn't a standard that's achievable. Ergo, Apple shouldn't be punished for a bug. Facebook, on the other hand, sold the data to a third party. It just happens that the third party that brought this issue to light was working for the right side of the American political spectrum. I'd be willing to bet that if the Clinton campaign had won and used Facebook information to do so, you'd either see news stories about how the campaign was so modern and effective because it leveraged social media or you'd never hear about it. One should never think that a political weapon can only be fired in one direction.