Hacker News new | ask | show | jobs
by csallen 5266 days ago
Are you serious? They merely stated that one of their MILLIONS of customers uploaded a picture of a cat. There was zero identifying information there. How can you call that an issue?

Really: What is it here that makes you so upset? Would you be concerned if your dentist told you, "I filled a cavity last year"?
2 comments
Someone 5265 days ago
I am not upset at all; I merely point out that, IMO, they should not have disclosed any of their client's data, no matter how small.

IMO, there is customer data on their servers that they should not disclose without the consent of their customer. If so, the moment you allow a service provider to expose some information without such consent, you are accepting the fact that there are is a border (no matter how vaguely defined) between 'OK to disclose' and 'not OK to disclose' data, and that it is up to the service provider to decide where that border lies.

Because of that, I think a provider should not disclose any information about their clients, no matter how tiny, even if the information cannot be traced to any particular user, unless their terms of service clearly state what they will disclose (or sell to third parties)

(And yes, I _do_ read terms of service)

link
JeremyBanks 5266 days ago
The debate is not over them posting the filename, it is over the fact that it is exposed to them.
link
bad_user 5266 days ago
Uploaded data is always exposed, unless the user encrypts it before sending and doesn't give the decryption key to the company. Which of course is impractical for most people. If you think that doesn't happen, then you are naive - so yes, if you talk about your sex life on your GMail account, there's a chance some Google employee will see it.

We can go back and forth on this all day long, but these are the facts: (1) your online data is not safe, unless you encrypt it yourself and (2) in this instance, no user identifiable information was given.

At least 37signals never said that they don't have access to those files, like other companies would make you believe:

http://www.businessinsider.com/dropbox-updates-security-term...

link
csallen 5265 days ago
> Uploaded data is always exposed, unless the user encrypts it before sending and doesn't give the decryption key to the company.

Fucking BINGO. I'm always shocked how many people on HN don't understand this, considering the high percentage of techies and programmers.

link