HackerTrans
TopNewTrendsCommentsPastAskShowJobs

fanso99

no profile record

comments

fanso99
·4 ปีที่แล้ว·discuss
This is news to me. Was the customer list also stolen? Specifically, customer records linked to individual vaults?

My concern with anyone identifying themselves as being affected by this breach is that a 3rd party would be able to collect a lot of information about the user for a very targeted social engineering attack. Conversations here often disclose personal information such as approximate age, location, past experiences, hobbies, etc. It's a gold mine for social engineering.
fanso99
·4 ปีที่แล้ว·discuss
They are owned by LogMeIn, which is a pretty shady company in my book (not malicious necessarily, but not transparent).
fanso99
·4 ปีที่แล้ว·discuss
Please stop commenting whether you are a LastPass user or not. Some of your profiles on HN have an email address and in general all your comments are public so can be mined, plus "rich techies" could be prime targets for more direct and elaborate phishing campaigns.
fanso99
·4 ปีที่แล้ว·discuss
> That consent was granted the day they accepted/sent the friend request. [...] They can do with that information as they please, which includes giving it to a 3rd party.

Hm - no. If I accept a friend request I allow that user to read my profile but I do not authorize any 3rd parties to access it. If you show me any mention of 3rd party access in a friend request - I might change my view.

> What if a friend gives me their password or remote desktop access to their computer and I look at your profile?

You don't seem to make any distinction between a first/second party (me and my friend) and a 3rd party (CA accessing data through an API). In fact there is a difference that's very clearly defined in contract law, user agreements, etc.
fanso99
·4 ปีที่แล้ว·discuss
> While I don't know what the prompt exactly said, I bet it was specific enough.

An informed consent from users who's information is going to be collected. In this case it was the friends of the person signing up. Again, that's the only reason Cambridge Analytica was successful. They didn't have that many users, they collected a ton of data on the users' friends.

> I agree. And that company is not Meta.

Meta had an obligation to protect its users' data. It failed at that.
fanso99
·4 ปีที่แล้ว·discuss
The main perpetrator in this case - Alexandr Kogan (now Spectre) - is now a tech entrepreneur leading a company with an investment from a US-based accelerator 43 North. That's how we punish them.
fanso99
·4 ปีที่แล้ว·discuss
I am not buying this. It's borderline victim-blaming. An informed consent must be required. Giving access to an app is not the same as sharing your password with them and explicitly allowing them to do anything they want. Saying that, even if you do share your password, the app should not be able to collect data on your friends without their consent.

There is a huge difference between you stalking someone else's friends and a company collecting billions of data points to use for political manipulation. The purpose, the scale, the incentives are different. We need to stop assuming that the rules should be the same for an individual and a business just because they use the same loophole.
fanso99
·4 ปีที่แล้ว·discuss
Semantic Web 3.0 https://en.m.wikipedia.org/wiki/Semantic_Web
fanso99
·4 ปีที่แล้ว·discuss
I might be remembering the details wrong, but wasn't the main issue that users half-knowingly allowed spying on their friends without any consent required from those friends? Open API isn't the reason this abuse happened IMO - Facebook failed to prevent massive data collection on users who did not give any consent.
fanso99
·4 ปีที่แล้ว·discuss
I might be wrong, but I always lean towards this being the result of prioritization. Most engineers know the difference but prioritize other aspects than ethical. I am not even judging that, just describing. After all, implementing a dark UX pattern that will inconvenience some unknown to you users is not as high priority as providing to your own family.
fanso99
·4 ปีที่แล้ว·discuss
Because looking back at the decades of your work while being retired is just a sweet ethical exercise with very few direct personal and financial consequences.

If you are an engineer employing dark UX patterns _today_ you must look at yourself and evaluate the ethics of your work _today_. This will likely have direct personal and financial consequences.

So the stakes are completely different.
fanso99
·4 ปีที่แล้ว·discuss
No, probably just special treatment: https://twitter.com/whalechart/status/1606293657518080001
fanso99
·4 ปีที่แล้ว·discuss
Intentional in the sense that you understand that you are exaggerating and still repeatedly do it. No one is calling for him to be flogged or beheaded in front of the White House. Jailing a fugitive, a flight risk financial scammer is not unreasonable. He was extremely wealthy at one point and so there is a chance he has enough money stashed somewhere to make fleeing a possibility. In addition, defrauding thousands if not millions of people is a heinous crime, for which the perpetrator should not be given any easy treatment. When we ("the society") catch a serial killer, we agree that letting them go free on a negligible bail and an IOU note is not wise.
fanso99
·4 ปีที่แล้ว·discuss
Honestly, that's not a great example. Re-evaluating your ethical impact on the world is not the same as understanding the direct consequences of your daily work. Both are important, but really different. After all we are not discussing some more abstract issues of modern software propagating capitalistic values (we are all "the system", etc, etc).
fanso99
·4 ปีที่แล้ว·discuss
So then who is the abuser? The users and the developers are the victims. PMs are likely also the victims of their higher-ups, their higher-ups are the victims of the CEO, the CEO is the victim of the shareholders, the shareholders are... the users. So that's a full circle: the users are abusing themselves.
fanso99
·4 ปีที่แล้ว·discuss
There is an argument to be made that these… micro services were a part of a bigger offering from Google. Maybe by itself Reader wasn’t a billion dollar business, but together with other niche features Reader attracted an influential and wealthy audience.
fanso99
·4 ปีที่แล้ว·discuss
The comment you are replying to did not say that he should be denied bail. Only that the rules should apply to him too. 10% is the most common requirement, he didn't meet it.
fanso99
·4 ปีที่แล้ว·discuss
I would guess that there are so many Stanford-affiliated people and so few properties on the market that this fact is not a limiting one.
fanso99
·4 ปีที่แล้ว·discuss
People are upset that he is getting special treatment. Again. He doesn't deserve it.
fanso99
·4 ปีที่แล้ว·discuss
You are intentionally exaggerating this situation. People are calling for him to be jailed — a perfectly reasonable call.