|
|
|
|
|
|
by harianus
2535 days ago
|
|
|
They need to change their business model to be able to become privacy friendly, I totally agree. Not even sure which huge company is privacy friendly. Maybe it's not even possible at that level. But that doesn't mean you shouldn't. I will try to ask as much as possible, and really like your questions of what data points are useful and are they privacy sensitive. Thanks! |
|
|
"I understand many if not all of your employees, and even your interns, are technically capable of accessing at least some data from any user, should they decide to do so against Facebook's will. I also understand the repercussion for this is that they would get fired and potentially sued. However, this is not accepted practice in every company that handle such sensitive data on users' personal lives. Moreover, it is easy to imagine adversaries and targets for which the risk of getting fired and/or sued is easily worth the benefit of obtaining a particular user's private data. How, then, do your security experts, who take security seriously and who surely understand the notion of 'defense in depth', justify that the proper safeguard is an employment/legal threat, and that there should not be a technical barrier preventing interns or other normal employees from accessing any user data?"
Bonus points if you can get them to talk such occurrences, which they almost certainly won't tell you, and why users should trust that they're handling this properly when they're unwilling to report sufficiently precise information on such incidents.