Comment by TimByte
9 hours ago
Soo the strongest form of privacy protection isn't better storage or better policies, it's simply not creating the data in the first place
9 hours ago
Soo the strongest form of privacy protection isn't better storage or better policies, it's simply not creating the data in the first place
Instead of fixing consequences, eliminate the cause? It sounds almost like common sense.
I think most laws should look reasonable from the common-sense viewpoint. And when they don't, there should be a serious explanation.
Privacy legislation and infrastructure are both designed to eschew common-sense. It's how the fed gets away installing backdoors in iOS and Android: https://arstechnica.com/tech-policy/2023/12/apple-admits-to-...
Beautiful :-\ But it's not a backdoor on devices, it's eavesdropping push notifications when they pass Google's or Apple's servers.
Corollary: a secure notification should consist of a link with a random number token which opens the real message via an authenticated API on an encrypted channel. Would look a bit weird though. iOS at least has silent notifications for that.
2 replies →
Yes. It's more secure to have your website simply not require the user's SSN than to implement the best security in the world to handle their SSN.