[spaniard89277]

I did something similar to a local company here in Spain. Not medical, but a small insurance company. Believe it or not, yes, they vibecoded their CRM.

I sent them an email and they threatened to sue me. I was a bit in shock from such dumb response, but I guess some people only learn the hard way, so I filed a report to the AEPD (Data protection agency in Spain) for starters, known to be brutal.

I've also sent them a burofax demanding the removal of my data on their systems just last friday.

[victornomad]

A similar thing happened to me back in the day when Wi-Fi was still new.

I joined an open network and it turned out to be a law firm. All their computers were on a Samba network with full C: drives shared. I wrote README.txt files on their drives telling them about the issue, but after some time it was still the same.

Then I went directly to the place to talk to them and also with the idea I could land my first job fixing that mess. But... They got incredibly angry with me, since they claimed they had some very good and expensive contractors taking care of their computers and network, and that I had basically broken in.

I left the place quickly...

[embedding-shape]

At one point I worked as a customer support agent outsourced to Apple via the company. Apple forced us to us some very outdated browser UIs, basically for filling in forms, across maybe 4-5 different services in some cases. The machines we were given by this outsourcing company of course where Apple computers, fairly locked down.

But one thing they hadn't locked doll wn, was installing extensions in Safari, and given I had some development chops from coding a bunch in my freetime, I saw the opportunity to write a tiny extension that saved me a ton of time by merely copy-pasting stuff into the right forms and so on. Basically making the whole thing more efficient for me.

Everything was great, until the person next to me saw I had something different. Cautiously eager, I let them try the extension too, they loved it, and without thinking about it, spread it to other people in our team. Eventually, the manager and the IT team picked up what was going on, said they'investigate if I could maybe start doing those kind of things full-time instead of being a support agent, and just focus on tooling.

Fast forward two weeks, I get called into a meeting, apparently someone in the company had been "stealing" CC numbers from the customers on the calls, and since they don't think they've found the right person who did it (or something like that), the person who was known for "doing stuff to the computers" was the next possible suspect, and they fired me right there.

Eventually this firing let me find my first actual programming job, so I'm not too mad about it, but it really shows how out of touch lots of companies and people are when it comes to how computers actually work.

[randomeel]

Hope you are doing better now

[embedding-shape]

Oh yeah, night and day :) Pretty much the best that could have happen to me, in retrospect.

[fainpul]

> AEPD […] known to be brutal.

Nice. I wish more countries had something like that. Many of these organizations are lethargic and have to be forced into action by civilian efforts or the press.

[bjoli]

AEPD are well known, even in the rest of the world. They have a different strategy compared to other countries. Ireland's DPC are also heavy handed, but focus on large companies mostly.

France's CNIL is also not bad. They are particularly hard against things like "you accidentally sign up for x y z services when only wanting to sign up to service A".

Gdpr in the EU is also miles ahead of what the US has, or at least what it has been enforcing for a long time.

[rsynnott]

> Ireland's DPC are also heavy handed, but focus on large companies mostly.

Also, generally, very, very, VERY slow. The massive fines you hear about are usually for behaviour _years_ ago.

[fakedang]

Is the CCPA anywhere near?

[abc123abc123]

Thta's wonderful! Most of europes GDPR/Data protection autohrities are completely worthless and seem to constantly side with big corps.

Only when they start to side with the people, actually fining business billions and billions will things start to change. I hope we'll see this happen in europe at large, and not only in a few countries.

[embedding-shape]

> Thta's wonderful! Most of europes GDPR/Data protection autohrities are completely worthless and seem to constantly side with big corps.

AFAIK, most ones seems to be acting at least once every now and then, judging by https://www.enforcementtracker.com/, is there any specific countries you're thinking about here?

Particularly, Romania, Italy and Spain seem to have had lots of cases.

[petesergeant]

> [burofax is] a service that allows you to send a document with certified proof of delivery and confirmation of the date of receipt, and this confirmation has legal validity

[darkwater]

Can you keep us updated in this thread how it evolved?

[ramon156]

You only burn your hand once, unless you're a company, then you never learn.

[dwaltrip]

Ah yes, companies don't have hands. Nothing to burn!

[ramon156]

I'm also curious how much effort it would be to setup some OWASP tools with an agent and crawl for company tools. I'm sure I'm not the first one to think of this, but for local businesses it would give a solid rep, I suppose.

I have a feeling that next year's theme will be security. People have turned off their brain when it comes to tech.

[thisisit]

People building these apps often have no idea about various data privacy rules.

I am part of a forum with many small business owners. One particular owner has been gung-ho about how he built his entire business app using vibe coding. And my first reaction was - All the power to him. It’s his business and he is free to do so.

But then came the question of data privacy rules and he had no clue. This was concerning because the impact went beyond his business. His response when the oversight was pointed out to him was that being ignorant of the law was enough to save him. Still he went to one of the vibe coding Reddit subs to get help. Then came back fuming because devs on Reddit asked him to hire real developers. He believes that these developers are delusional and a dying breed and AI is so ahead that developers are going to be dead in a years time.

[sixtyj]

They should give you a chocolate at least.

I think that having paper documentation will be safer very soon :)

[franktankbank]

You rule.