undefined | Better HN

0 pointsJimDabell8y ago0 comments

As I mentioned in a Reddit thread [0]:

I never agree to sharing my email address with partners, so if that's the case, then it was without my consent.

However generally speaking, I've noticed there's a big difference in the spam you get from somebody selling your data and the spam you get from a database compromise. When somebody sells your data, you get spam from real organisations who happen to be acting in a sleazy way (e.g. bulk promo emails sent to people without their consent). When somebody's database gets compromised, you get things like phishing emails and V14gr4-style emails designed to bypass spam filters. The MyFitnessPal spam was the latter sort.

Here's an example:

    ****Quailty Medstore 2017****
    --Low Pr1ce$ For Pills--
    --Fsat Delivery Wroldwide--
    --Trusetd Onlline Shhop--
    <spam URL redacted>

This was sent to an email address I've only ever given to MyFitnessPal. MyFitnessPal say the breach happened in late February of this year, but this email was sent in August of last year.

[0] https://www.reddit.com/r/unitedkingdom/comments/888ds3/under...

0 comments

4 comments · 2 top-level

plopilop8y ago· 1 in thread

As mentioned in the Reddit thread, the terms now specify that that they share your data with partners. I guess the consent they got from you was "Oh hi, so here's the new version of the app, btw we updated our policies, click anywhere to agree".

JimDabellOP8y ago

It seems like a lot of people think that the existence of a privacy policy means they can do whatever they want. This isn't true.

Did you read the privacy policy? It says:

> only to the extent it is necessary for them to (1) provide their products and services to us, or (2) to provide you the products and services that you have requested.

This certainly doesn't cover the kind of spam I mentioned.

Also, I stopped using the app before that privacy policy was ever written. I've searched my email and they never emailed me about it either. I've never been notified about a new privacy policy.

sorokod8y ago· 1 in thread

However generally speaking, I've noticed there's a big difference in the spam you get from somebody selling your data and the spam you get from a database compromise

Even if this is true, the sold data may be compromised further down the line.

JimDabellOP8y ago

Perhaps so. As far as I'm concerned, MyFitnessPal and Under Armour would still be responsible in this case. If you share my personal data with somebody, and their security isn't good enough, that's on you.

j / k navigate · click thread line to collapse