Hacker News new | ask | show | jobs
by neilv 775 days ago
Quoting `https://www.lovefuel.app/team`:

> PAS - Personality Assesment system

> In cooperation with neuropsychologists, couples therapists, and psychologists, we have developed DIREBP. (Dyadic interpersonal romantic emotional behavior profiles).

> Each user has one DIREBP, and it represents you and your personal profile inside of the PAS. The DIREBP represent you measures of psychological personality descriptors. It keeps track of descriptors like: Extrovertism, Anxiety, The Relationships sense of Commitment, and several of hundred more descriptors.

This is very sensitive, intimate, personal information.

Does this profile stay on the device only, and are there conscious measures to prevent inadvertently leaking information about the profile (e.g., such as avoiding leaking interests implicit in secondary network accesses it makes)?

Or is this profile accessible directly by the corporate mothership?
1 comments
popcalc 774 days ago
It would be wise to assume the goal is to sell it along with the company at a later point to a data broker.
link
Joakim_Habekost 774 days ago
Hi. Thank you for the question. + this comment? 1. Never sell it. See text in the post. I know this is normal in the US, but way less so where I/we are from in Scandinavia. There's a fair mistrust given the norms in other countries, but as said in the post, I would rather abandon the project then start selling the data. 2. The data of the personality profiles gets processed anonymously. You as a user cannot even access the anonymous-results directly, there's an encrypted service in between the data-points, fetching only select data. 3. Everything is encrypted, on device, from device to servers, and on servers.
link
neilv 774 days ago
In other words, the intimate data doesn't stay on the device, and the user must trust the company that is grabbing the data.

Regarding trust, the must trust the company to not misuse the data now, must trust that future version of the company (and asset acquirers) not to misuse the data, must trust the company to perfectly secure the data against intruders.

(The talk of encryption and anonymization is usually mostly a diversion or misunderstanding.)

link