undefined | Better HN

0 pointscfors4y ago0 comments

Let me be clear here, I'm not advocating for ZERO access control or audit logs here!

Let's take that bank argument, I'm definitely not advocating for not locking vaults or safe deposit boxes. But somebody has access to those, and when they need access they have a process for getting to it. Frankly, it definitely can be abused and banks wouldn't know for the better until after the abuse when the employee would be terminated and taken to court.

That's because they have audit logs in place. And the reason why its part of your contract as an engineer not to abuse your access to customer data.

I think the larger point I'm trying to make here is that its really, really hard to build a system that prevents any type of abuse of data. Now I'm not saying that we shouldn't strive for systems that make it hard to abuse customers data, but bad actors have ways of beating these systems and I have some empathy for a policy that places trust in employees (who need access, by definition of their job!) to not abuse it.

Anyways, these are all good comments made in response to mine. I agree with them!

[EDIT] Okay - I see the incoming point about them not needing access to that data for their job, that's a fair point. But I think most of us have been at a point in our careers where knowing the piece of information about a user that might have gotten them into a certain state is occasionally a valuable debugging tool.

0 comments

BoiledCabbage4y ago

> a point in our careers where knowing the piece of information about a user that might have gotten them into a certain state is occasionally a valuable debugging tool.

Exactly - that's the problem with the mentality in tech right now. Just because something might make your life easier doesn't mean you get to have it. Trading user privacy is not ok because it's "occasionally a valuable debugging tool". That is exactly the problem.

Too many people in tech companies show no responsibility for the data they have privilege to - and treat privacy as absolutely minimal.

You're a parent, you wonder what's going on in your daughter's life and she isn't talking to you about it. You don't then get to break into her diary and read it all because it might give you a tip on being a better parent to her. Yes if she's for example suicidal and there is an urgent situation where reading it might help save her, then of course access it. But corporations don't get to toss aside privacy just because "it might occasionally be a valuable debugging tool".

Write a debug helper tool to clone all of a users state with lorem ipsum.

cforsOP4y ago

I don't need to know anything about user123 outside of the fact that they are located in Perth, Australia.

Nothing else matters to me for this, I don't have access to any PII data like email or device (look, I know user ID's can technically be considered PII depending on which infosec person you're talking too).

Is this still a problem?

I understand your metaphors but without knowing that user123, who created a ticket in our system, is in Perth Australia (which for some reason that locality in my own metaphorical example is having issues processing payments) how we're supposed to resolve this.

Maybe I'm just hopelessly optimistic that people aren't as awful as we want them to be, or naive.

j / k navigate · click thread line to collapse