undefined | Better HN

0 pointsharimau7771y ago0 comments

My theory is that most people think about data misuse, perhaps unconsciously, from the viewpoint of your average good person. E.g. "if I got a hold of a stranger's bank information, then I'd be tempted to steal from them."

Instead they should think from the perspective of an evil person. E.g. "how can I proactively use whatever data that I can get to hurt someone."

For example, at a previous job I went to my managers and pointed out that every developer working on our system had access to our user's names and their involvement with racial justice programs our client was running. By guessing someone's ethnicity from their name, a bad actor could target minorities involved in racial justice. The response I got was not to fix the security issue; instead it was horror that I would ever conceive of such a scheme.

0 comments

2 comments · 2 top-level

dns_snek1y ago

> Instead they should think from the perspective of an evil person

From experience, they usually come up with some variation of "If you have nothing to hide, you have nothing to fear" [1]. And even those who buy the idea that private information could be used against them, most of them don't believe that someone would do this to them. What seems to be missing is understanding of how scalable and automated these attacks can be in the digital world.

[1] Amusingly enough, one of those "I have nothing to hide" people was pretty shaken when they asked me to take a look at a scam email that said "Hello <firstname from leaked database>, we have photos of you watching porn. Pay us or we'll post them on Facebook."

Has anyone had success with informing people about these types of abstract dangers? I find that people either get it almost immediately, or they never really get it until it happens to them.

aziaziazi1y ago

I hate those management arrogance. Reminds me a teacher that amply mocked me in front of the class to have mentioned Light Pollution [0] (I heard about in a youngster science magazine) during a chapter about... "various pollution type"!

Do you have a written record of the conversation?

0 https://en.wikipedia.org/wiki/Light_pollution

j / k navigate · click thread line to collapse