Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stop Saying, 'We Take Your Privacy and Security Seriously' (techcrunch.com)

Posted by msmash on from the closer-look dept.

Security reporter Zack Whittaker writes: In my years covering cybersecurity, there's one variation of the same lie that floats above the rest. "We take your privacy and security seriously." You might have heard the phrase here and there. It's a common trope used by companies in the wake of a data breach -- either in a "mea culpa" email to their customers or a statement on their website to tell you that they care about your data, even though in the next sentence they all too often admit to misusing or losing it. The truth is, most companies don't care about the privacy or security of your data. They care about having to explain to their customers that their data was stolen.

I've never understood exactly what it means when a company says it values my privacy. If that were the case, data hungry companies like Google and Facebook, which sell data about you to advertisers, wouldn't even exist. I was curious how often this go-to one liner was used. I scraped every reported notification to the California attorney general, a requirement under state law in the event of a breach or security lapse, stitched them together, and converted it into machine-readable text. About one-third of all 285 data breach notifications had some variation of the line. It doesn't show that companies care about your data. It shows that they don't know what to do next.

17 of 192 comments (clear)

  1. And by 110010001000 · · Score: 5, Insightful

    And politicians don't really care about their constituents or the country. And SJWs really don't care about equality. The list is endless.

    1. Re:And by b0s0z0ku · · Score: 5, Insightful

      Which is why there should be laws penalizing invasion of privacy. If companies start getting fined for bad behavior and their assets start being taken, they'll listen -- money talks, BS walks.

    2. Re: And by justthinkit · · Score: 5, Funny

      We take your privacy and security. Seriously.

      --
      I come here for the love
    3. Re:And by ShanghaiBill · · Score: 4, Insightful

      Walk away from companies that abuse your data.

      How do you "walk away" from Equifax? The people exposed were their product, not their customers.

      In every one of the other breaches, no customer knew about the sloppy practices until it was too late. So saying that "customer choice" is the solution doesn't work. Even when customers do have a choice, they are not able to make an informed decision.

      TFA is written my someone who doesn't even understand the issues. He complains that Google "sells data about you to advertisers". No they don't. That is not how their business model works. They use your data to place ads on behalf of advertisers, but they do not, and never have, sold or transferred the data to the advertisers.

    4. Re:And by AmiMoJo · · Score: 4, Interesting

      In the EU you can request that Equifax delete the data they have about you, and not collect any more. You have a legal right to do that.

      The problem is that it buggers up your credit file. There are other credit rating agencies, but it depends if the bank you apply to for a loan happens to use them, or considers the lack of an Equifax file to be suspicious.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  2. Easy to tell whether they take it seriously... by seebs · · Score: 5, Interesting

    I have a pretty simple test for whether people take a thing seriously. How does it compare to how they handle payments?

    Consider:

    I ask you to stop spamming me, and you say I need to allow you 30 days to stop.

    I ask you to take $5 from my bank account, and in under 10 seconds you have successfully resolved a transaction in a thorough, secure, and traceable away, even if my bank isn't on the same continent as your bank.

    Which of these do I think you "take seriously"?

    --
    My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
  3. No, seriously. by stavrica · · Score: 5, Informative

    We took your privacy and security.

    It's gone.

    1. Re:No, seriously. by Anonymous Coward · · Score: 5, Funny

      'We Take Your Privacy and Security, Seriously'

  4. Missed Punctuation by Anonymous Coward · · Score: 5, Funny

    The problem is all these companies forgot a semicolon. Let me help.

    We take your privacy and security; seriously.

  5. just like companies, monetize it by supernova87a · · Score: 4, Insightful

    I have a real easy way for companies to care about privacy when they say they "care about privacy":

    Penalties:
    -- $2 for each name + password
    -- $5 for credit card number
    -- $10 for social security number
    etc.

    And multiply for combinations of the above. You'll see companies start fixing their processes (or simply refusing to store unnecessary data, right quick.

  6. No company takes security seriously by OneHundredAndTen · · Score: 5, Insightful

    They all pay lip service to security. That's all. They don't do what they should, because it is simpler, and most cost-effective, for them to do damage control when the inevitable security breach happens than really trying to prevent it. We have heard about huge security breaches in Equifax, Target, Visa etc. Those companies are still there, business as usual. They sure took a hit, but it probably impacted on their bottom line less than having to invest on minimizing the probability of such breaches in the first place.

  7. "Thoughts and prayers" by sacrilicious · · Score: 4, Insightful

    About one-third of all 285 data breach notifications had some variation of the line. It doesn't show that companies care about your data. It shows that they don't know what to do next.

    "We take your privacy and security seriously" is the data tech equivalent of saying "We send out thoughts and prayers". It means nothing concrete, and is meant to end inquiry/discussion into what actions should in fact be taken (or should have been taken).

    --
    - First they ignore you, then they laugh at you, then ???, then profit.
  8. Consumers need to take their Privacy seriously too by Zombie+Ryushu · · Score: 4, Interesting

    Consumers need to take their Privacy seriously too. This means:

    - Demand to buy Android Devices with unlockable Bootloaders that can run Lineage OS.
    - Maps provided by Osmand on Android
    - Self Host a Federated NextCloud/OwnCloud Service for Roaming Storage on a PC they own with a Dynamic DNS Provider.
    - Handle Contacts, Calendaring,and Task related services on a Groupware service.
    - Instant Messaging/Social Media done Via Libpurple based Spectrum2 Servers. (again, hosted on the same set of Devices as the NextCloud/Groupware Solution.)
    This is so that if you have a Discord/FaceBook/Skype/etc account, It can't track you.

    These are the only things that will really change the privacy game.

  9. Why, so, serious(ly)? by rmdingler · · Score: 4, Insightful

    I ask you to take $5 from my bank account, and in under 10 seconds you have successfully resolved a transaction in a thorough, secure, and traceable away, even if my bank isn't on the same continent as your bank. Which of these do I think you "take seriously"?

    Interestingly enough, a credit to your bank account can take up to an order of magnitude more time to post than an instantaneous purchase.

    Perhaps the banking powers that be are tipping their collective hand here... when it is in their financial interest to do so, they've developed the uncanny ability to be as fast as they need to be or as slow as necessary to maximize daily balance computations.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  10. Heads I Win, Tails You Lose by Roger+W+Moore · · Score: 4, Interesting

    You have to admire Equifax's completely brazen approach to privacy and security though. They get paid to collect and curate a database of extremely private and sensitive data and then, when they screw up and it gets breached, people pay them even more money to lock their credit reports. That's why they do value our privacy and security: everytime it gets violated they make more money.

    This win-win model is almost as good as the one the phone companies pull where they sell you a phone number and service, then sell your name and number to advertising services and finally sell you a call blocking service to prevent ads from reaching you: that's win-win-win!

  11. Re:Consumers need to take their Privacy seriously by thegarbz · · Score: 4, Insightful

    Let's break this down:

    - Demand to buy Android Devices with unlockable Bootloaders that can run Lineage OS.

    You just lose most consumers with this line.

    - Maps provided by Osmand on Android

    This is one of the few things you said that's doable.

    - Self Host a Federated NextCloud/OwnCloud Service for Roaming Storage on a PC they own with a Dynamic DNS Provider.

    You now lost a good chunk of the remaining technical crowd and narrowed your solution to only the top tier of nerds.

    - Handle Contacts, Calendaring,and Task related services on a Groupware service.

    What's a groupware service? Asking for a consumer.

    - Instant Messaging/Social Media done Via Libpurple based Spectrum2 Servers. (again, hosted on the same set of Devices as the NextCloud/Groupware Solution.

    That's good and all but I just checked and my friend's aren't on it. Regards, a consumer.

    These are the only things that will really change the privacy game.

    Consider your game lost before the users even got through the instructions for it.

  12. Broad brush by sjbe · · Score: 4, Interesting

    And politicians don't really care about their constituents or the country.

    Awfully broad brush you are painting with there. Yes that is too often true but there are people in positions of political power who actually do genuinely care about the people they were elected to lead/serve. Such people are to be treasured when found.

    And SJWs really don't care about equality.

    A) The term "SJW" is lazy nonsense catchall pejorative like "hipster" that means almost nothing and accurately describes almost no one. Including your use here.
    B) Equality and equity are not the same thing. You're right they don't care about equality because equality isn't necessarily what's fair or necessary. You can charge a rich person and a poor person the same tax rate and that is equal but it isn't equitable because 20% of a poor person's income has a much bigger impact on their life than 20% of a rich person's. Just because something is the same for everyone doesn't mean it is fair or good.