I will admit that a level of fatigue has reached me as well. I am not even sure what would be an appropriate remedy at this point. My information has been all over the place given multiple breaches the past few years ( and, I might add, my kid's info too as we visited a hospital for her once ).
Anyway, short of collapsing current data broker system, I am not sure what the answer is. Experian debacle showed us they are too politically entrenched to be touched by regular means.
At this point, I am going through life assuming most of my data is up for grabs. That is not a healthy way to live though.
>I am not even sure what would be an appropriate remedy at this point.
It will have to be political and it's got to be fines/damages that are business impacting enough for companies to pause and be like A) Is it worth collecting this data and storing it forever? and B) If I don't treat InfoSec as important business function, it could cost me my business.
It also clear that certification systems do not work and any law/policy around it should not offer any upside for acquiring them.
EDIT: I also realize in United States, this won't happen.
I agree but I think the problem will be if the consequences are that dire then entire classes of business will cease to exist OR the cost of doing things properly will be passed on to the consumer.
I struggle to see how data brokers, social media, etc are a net benefit to society so would be happy to see those sorts of businesses cease to exist, but I suspect I'm in the minority.
The entire targeted advertising industry is basically a progressive tax.
The "social contract" is that many services are fully or partially financed by advertising. Rich people produce more ad revenue (because they spend more), but they get the same quality of service, effectively subsidizing access for the poorer part of the population, who couldn't afford it otherwise.
If we break this social contract down, companies will still try to extract as much revenue as possible, but the only way to do that will be through feature gating, price discrimination, and generally making your life a misery unless you make a lot of money.
The State of Illinois is going to lose its "business" already for other reasons. Do you think there is a reasonable privacy regime that prevents health systems from knowing where their patients live or using that information to site clinics?
Why is my data freely and instantly available within a centralized "health system" to begin with? Why can't we implement a digital equivalent of clunky paper records? Everything E2EE. Local storage requiring in person human intervention to access. When a new provider wants my records from an old one there should be a cryptographic dance involving all three parties. Signed request, signed patient authorization, and then reencryption for the receiving party using the request key.
What the health system should impose is a standard for interoperability. Not an internal network that presents a juicy target.
This has nothing to do with the "data broker system." Reading between the lines it was more of a "shadow IT" issue where employees were using some presumably third-party GIS service for a legitimate business purpose but without a proper authentication & authorization setup.
Assuming your tea leaf reading is correct, that particular third party would not even exist in its current form without 'data broker ecosystem'. It is, genuinely, the original sin.
A website where you can upload POIs to a shareable map seems like one of those things that's so obvious and so useful it exists almost under any economic arrangement of the advertising industry.
I get that data brokers and big tech are a much sexier topic, but this breach - like so many of the most pressing threats to our privacy - are mundane shortages of competence and giving-a-shit in the IT activities of boring old organizations.
Heh. The shareable map is operated by someone and that someone has information that other people crowdsourced for them for free is even more valuable. If you want a more relatable example, I would like to point to defuct effort ( karma or something.. I can't find the specifics now ), where people were invited to crowdsource all sorts of info on other people. It only got shut down, because it was too on the nose. On the other hand, items like the shareable map like the one you mention is more easily defensible...
<< I get that data brokers and big tech are a much sexier topic, but this breach - like so many of the most pressing threats to our privacy - are mundane shortages of competence and giving-a-shit in the IT activities of boring old organizations.
I think OSM would exist regardless of data brokers. Free services ingesting that data and letting a user annotate it would also exist. People create and operate all sorts of little projects for fun.
Did you actually suffer any negative consequences of these breaches?
I see so many comments about how punishments for data breaches should be increased, but not a single story about quantifiable harm that any of those commenters has suffered from them.
It is difficult to read this. On the one hand, for a good chunk of the population that is true and yet, one knows that is absolutely not true to individuals, who will be affected.
Since I do have multiple breaches under my belt, I could offer you an anecdote, but I won't. Do you know why? Because it is not up to me to quantify harm that was done the same way I don't have to explain, to a reasonable person, why doxxing people is not something people should have to suffer through.
I have a personal theory as to why that state persists. The quantifiable harm is small per individual affected, but high across the population and thus underreported. Sadly, the entities that could confirm that are not exactly incentivized to say they are causing harm to begin with..
If you want to get more stressed about it and consider the impeding dystopian future, I invite you to think about the “harvest now, decrypt later” potential reality that quantum cryptography is going to enable.
At some point, everything that we have ever assumed to be confidential and secure will be exposed and up for grabs.
You would hope so, with regards to law & policy, but then when you consider what is happening in the current times with the AI race it doesn't feel very likely.[1]
I’m from a culture in which family use a very small number of very highly conserved names and non standard name positions. I’ve noticed this is sufficient to confuse the low rent data brokers that do statistical linkage. My parents and grandparents and my siblings and my children have all at various points shared addresses landlines and have overlapping names. The brokers are very unclear on how many people are involved , what sex , what generations what states.
Credit card payments may seem immediate for you, the customer. But for the business owner it's not always so since the customer than issue a recall and many people abuse this to great cost for the businesses. See "chargeback fraud".
We have a long on running research project with the intention of carting a "libpglite" with a C FFI and compiled as a dynamic library for native embedding. We're making steady progress towards it.
Ofcourse, that ignores the fact that for many of these languages there are existing libraries and drivers to connect to databases that would not work with this embedded one, but still.
GNOME added the High-Contrast section to their HIG in 2003 - it prioritised simplicity, and used icons drawn with an "on-the-shelf" (ie. flat) perspective with overhead lighting.
Stylistically, it was a decade ahead of other flat designs - and was much more pleasant to use than the shiny 3D overload of KDE 3 / OSX Aqua / Windows XP.
They are essentially the same as software purchased from the 70s to the 00s though - shrinkwrap software, a term cleverly coined by Joel Spolsky. I just thought of it as buying software in a store at the time.
Perpetual license is also a good descriptor. If you have the same OS you downloaded it on, hopefully you have it backed up.
The scenario "we won't provide it for security reasons" only shows up as a gotcha. The author of that GitHub repo would know better than to use it.
I see that as more than a gotcha. It speaks to what the company really stands for if they say "yeah, we got it, you bought rights to use it, but nah, screw you". They're in no way obligated to provide the installer of course, but if they have the ability, I'd still complain if they don't.
There is no difference. They are exatly the same, because they don't owe you a rationale that you approve of. Even if they offered no rationale at all it changes nothing because they don't owe you anything. You paid, you got, you're both done.
The unique thing about the US healthcare system is that care is directly proportional to how much money you can spend on it. So as a top spender, yes the care is great. Though realistically we should look at the system as a whole for all people it "covers". Looking at infant mortality rate, life expectancy, etc, for the average person, the picture is bleak; the US is shockingly bad.
Exactly. The data tells the story, and the results data of healthcare in America is abysmal. I used to workout at a gym that was near a major hospital. I will never forget a conversation I overheard between two doctors in the steam room many, many years ago where they were talking about this issue and the one doctor quipped to the other "the United States has the best healthcare nobody can afford."
I have used it a year ago with macOS 14 or 15 and it worked. I've had problems copying too many files at once (don't remember the problem exactly), that's why I only copy about 100 at a time.
reply