undefined | Better HN

0 pointsMaulingMonkey10y ago0 comments

> There's a reason it's not called 'data', is my point.

Is there, actually, in this context? What is the reason you're drawing this distinction? What makes generated passwords 'data', but password reset urls and hand-typed entry names 'metadata'?

0 comments

3 comments · 1 top-level

Laaw10y ago· 2 in thread

Because people seem to think everything they do on a computer is or should be private. It's not and shouldn't be.

MaulingMonkeyOP10y ago

What about everything that is expected to be private, can be made private, has security implications for not being private, and has no gains for being public other than "it's slightly less expensive"?

Why shouldn't my password reset urls be private? They are... in the password database I use.

Why shouldn't my database entry names be private? They are... in the password database I use.

Are you saying that these things are metadata in 1Password by virtue of the fact that they weren't secured? Because that would seem like circular reasoning - that you can never leak data, because leaked data is metadata. I don't share your definition of metadata in such a case.

Are you saying that these things are metadata in 1Password because they shouldn't be private? I just plain strongly disagree if so.

Are you saying that these things are metadata because users shouldn't expect a password database to secure them properly? Then I could at least see where you're coming from. But I don't think it makes sense to tie the definition of metadata to that - among other complaints, I think it lets off companies/software that leak your (meta)data off far too easily, and that such word games absolve them of too much responsibility.

Laaw10y ago

I didn't say anything of the sort. I said metadata isn't data and just because metadata is about you/your data, doesn't mean you own it.

I've been intentionally vague so as to discuss this in more macro terms rather than the specific case as presented here, because I feel there's a panicked "deer in the headlights" attitude that comes with talking about data and metadata, and I'd like to try and help folks think a little more rationally around the topic rather than simply "EVERYTHING RELATED TO ME IS MINE AND NEEDS TO BE ENCRYPTED AND HIDDEN".

I regularly forget about how closed-minded the HN userbase is when it comes to privacy.

1 more reply

j / k navigate · click thread line to collapse