undefined | Better HN

0 pointsfalcolas5y ago0 comments

You'd have to figure out some kind of secure key sharing mechanism between phones, tablets, web browsers, and e-readers.

Or, you can trust that a position in a book (bookmarks, notes, etc.) is not sensitive information that really needs to be encrypted. This is my - perhaps overly pragmatic - position.

0 comments

9 comments · 3 top-level

criddell5y ago· 2 in thread

I think the books you read and your annotations should definitely be protected. Imagine reading about Tienanmen Square in China.

falcolasOP5y ago

Simply purchasing/owning a book on that topic would be enough for an oppressive government like China, they wouldn't need to know where in the book you were exactly.

criddell5y ago

Some books sold in China are edited for that market. If you highlight a passage that shouldn't be in your book, you could be in trouble.

1 more reply

gambler5y ago· 2 in thread

>You'd have to figure out some kind of secure key sharing mechanism between phones, tablets, web browsers, and e-readers.

Yeah, it's not like Amazon can afford security experts to work on this or anything.

>Or, you can trust that a position in a book (bookmarks, notes, etc.) is not sensitive information that really needs to be encrypted.

This is an ignorant position that has been proven wrong over, and over, and over again. Private data should be secure by default, because otherwise eventually someone will figure out how to abuse it. This is a lesson form bazillion fraud schemes and social engineering hacks everyone in tech should have learned by now.

dahfizz5y ago

Amazon could also afford to fill the Panama canal with dirt and reunite the American continents, but why would they? A dozen angry (potential) customers on HN is hardly motivation.

jacobr15y ago

I've been thinking about PII in this context.

If all data is secured by default, then the identification of PII is not about deciding to secure that data, it is about identifying where we might impose (and often this isn't required, but now we can consider it) additional UX burden or complexity in order to add _additional_ security.

neiman5y ago· 2 in thread

If I can't think of a way to abuse me by having my data, it doesn't mean that someone else doesn't. I would really rather avoid all this discussion by them not having my data to begin with.

falcolasOP5y ago

If you know of an alternative that offers client-side encrypted sync, I'd love to hear it. I'm considering alternatives to the Kindle as well, even if for reasons unrelated to the analytics.

neiman5y ago

I wish I'd knew:-)

j / k navigate · click thread line to collapse

0 comments

9 comments · 3 top-level

criddell5y ago· 2 in thread

I think the books you read and your annotations should definitely be protected. Imagine reading about Tienanmen Square in China.

falcolasOP5y ago

Simply purchasing/owning a book on that topic would be enough for an oppressive government like China, they wouldn't need to know where in the book you were exactly.

criddell5y ago

Some books sold in China are edited for that market. If you highlight a passage that shouldn't be in your book, you could be in trouble.

1 more reply

gambler5y ago· 2 in thread

>You'd have to figure out some kind of secure key sharing mechanism between phones, tablets, web browsers, and e-readers.

Yeah, it's not like Amazon can afford security experts to work on this or anything.

>Or, you can trust that a position in a book (bookmarks, notes, etc.) is not sensitive information that really needs to be encrypted.

dahfizz5y ago

Amazon could also afford to fill the Panama canal with dirt and reunite the American continents, but why would they? A dozen angry (potential) customers on HN is hardly motivation.

jacobr15y ago

I've been thinking about PII in this context.

neiman5y ago· 2 in thread

If I can't think of a way to abuse me by having my data, it doesn't mean that someone else doesn't. I would really rather avoid all this discussion by them not having my data to begin with.

falcolasOP5y ago

If you know of an alternative that offers client-side encrypted sync, I'd love to hear it. I'm considering alternatives to the Kindle as well, even if for reasons unrelated to the analytics.

neiman5y ago

I wish I'd knew:-)

j / k navigate · click thread line to collapse