Obviously when you make a support request your record should be displayed for th... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jonknee on Jan 25, 2018 \| parent \| context \| favorite \| on: Former employees say Lyft staffers spied on passen... Obviously when you make a support request your record should be displayed for the customer service agent, but this is the other way around where they can seek out people. I don't think that's a valid use case and there's the obvious abuse case.

joshuamorton on Jan 25, 2018 [–]

Right, but the solution to that isn't 'encrypt everything', its 'define reasonable (and this definition may vary, but its certainly not "none") access controls for user data and pii'.

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact