Comment by CGMthrowaway
17 days ago
> The ID is immediately deleted. We do not keep any information around like your name, the city that you live in, if you used a birth certificate or something else, any of that information.
Everyone says this, including the TSA. But they never say they don't keep a hash, or an eigenvector of your biometric. Which is equally as important.
They also never say it goes through datacenters in room 641A or though Utah before it's "deleted", because it's a US company and they can't refuse that.
In case someone is unaware, 641A and Utah and both references to the US mass surveillance systems in this context. Specifically interceptors that a company wouldn't be able to prevent from saving your data for the few seconds they need to process and delete it
I might be misremembering, but AFAIK, that kind of surveillance mostly worked because many companies didn't bother encrypting datacenter-to-datacenter traffic, thinking that those networks are trusted. That mistake has since been rectified though.
With almost everything going over TLS these days and HTTPS being the norm, even for server-to-server APIs, it's much harder to snoop on traffic without the collaboration of one of the endpoints, and the more companies you ask for that kind of collaboration, the higher your risk of an unhappy employee becoming a whistleblower.
5 replies →