Hacker News new | ask | show | jobs
by dmitrygr 2410 days ago
A few questions:

1. "images that leave our system..."

Why do they at all??

--

2. You're a startup. Meaning: 90%+ chance you die. What procedures have you put in place to make sure that ALL the data is destroyed in case your company changes hands, so that it cannot be used by somebody whose ideas and privacy are different than yours, simply by buying you (or your carcass after you are bankrupt)?

--

3. What use is watermarking in case of a giant data breach? The fact that we know that YOU lost our data doesn't help us any. What are your plans for data storage such that a breach in your systems does not allow easy exfiltration?
1 comments
ericlevine 2410 days ago
Appreciate the thoughtful questions.

On the point of why images leave our system at all, we provide a way to show our work to our customers — they won’t trust our results if they can’t see that they’re accurate. When they access information on our dashboard, if we render the images, they’ve left our systems. To be clear, we’re not syndicating this information to any third parties, just showing this information directly to our customer (who is the owner and controller of this data).

As for what procedures we put in place, we enforce short retention periods for the data we store in our systems for precisely the reason you are worried about. At the expiration of that period, the data is permanently deleted. Furthermore, in the event of a change of control, the contracts we’ve put in place with our existing customers govern how the information can be used. This is super important to us as we personally take privacy extremely seriously.

The aggressive watermarking is important for several reasons. First, in the worst case scenario, we can trace how a breach happened and when. Second, it is watermarked in such a way that the images become much less functional than they would be otherwise — the intent is to ensure that the images cannot be used to verify an identity on any other service. We take security very seriously — we’ve already secured SOC 2 certification and continue to invest heavily in security using industry best practices.

link
Terretta 2410 days ago
Cannot be used out of embarrassment, or you are actually ‘de-facing’ the identity?

For example, shutterstock logo sure doesn’t stop people from using those. Plus there are open source tools to reverse such watermarking.

link