> Server Logs > Like all web services, our servers may log: > IP addresses of visitors > Request timestamps > User agent strings > These logs are used for security and debugging purposes and are not linked to your account.
That's already a huge breach in comparison to mullvad privacy page. (https://mullvad.net/en/help/no-logging-data-policy)
- A web site logs traffic in a sort of defacto way, but no one actually reviews the traffic, and it's not sent to 3rd parties.
- A government website uses a standard framework and that framework loads a google subdomain. In principle, Google could use this to track you but there's no evidence that this actually happens.
- A website tracks user sessions so they can improve UI but don't sell that data to 3rd parties.
- A website has many 3rd party domains, many of which are tracking domains.
- Facebook knows exactly who you are and sells your information to real-time-bidding ad services.
- Your cell phone's 3G connection must in principle triangulate you for the cell phone to function, but the resolution here is fuzzy.
- You use Android and even when your GPS is turned "off" Google is still getting extremely high resolution of your location at all times and absolutely using that information to target you.
Even if they don't, it opens up more attack vectors for malicious 3rd parties who want that data. That's why you can't be careless.
At any time any company could turn evil, and any free(ish) government could become totalitarian overnight. This is a fact, but also pretty useless one.
The real questions to ask are, how likely it is to happen, and if that happens, how much did all these privacy measures accomplish.
The answer to those are, "not very", and "not much".
Down here on Earth, there are more real and immediate issues to consider, and balance to be found between preventing current and future misuse of data by public and private parties of all sides, while sharing enough data to be able to have a functioning technological civilization.
Useful conversations and realistic solutions are all about those grey areas.
Is it isrlsss paranoia when it's happening around us as we speak?
It's strange how we call it "preparation" to spend trillions of dollars on mobilizing a military, but "paranoia" to simply take some best practices and not have the citizen's data dangling around. Its a much cheaper aspect with huge results, like much of tech.
I live in a good neighborhood and I have left my door unlocked once or twice to no consequence. That doesn't mean it's paranoia to make a habit out of locking my doors.
That's all I assert here. Care and effort. I don't know all the subtle steps to take since I'm not in cybersecurit, but we still shouldn't excuse sloppiness.
Even if this sounds innocent, these must be turned over if you are provided a warrant or subpoena (which ever would be appropriate, IANAL).
Shitting on well-intentioned people who merely failed to be perfect is not a great way to get the most of what you ultimately want.
If you think intent doesn't matter then what happens when well-intentioned people decide it's not worth trying because no matter what they will be crucified as murderers even if all they did wrong was fail to clean the break room coffee pot. The actual baddies are still there and have no inhibitions and now not even any competition.
If data exists, it can be subpoenaed by the government.
Personally, I don't understand people's mindless anathema about being profiled by ad companies, as if the worst thing ever in the world is... being served more relevant ads? In fact I love targeted ads, I often get recommended useful things that genuinely improve my life and save me hours in shopping research.
It's the government getting that data that's the problem. Because one day you might do something that pisses off someone in the government, and someone goes on a power trip and decides to ruin your life by misusing the absolute power of the state.
If a government has the data there’s a chance it will stay in the government at least
You either
1) don’t want it stored
2) are happy for government to have it but not companies
3) are happy for everyone to have it
On the other hand, if I'm making death threats on Facebook, there's a much more realistic path: view the threats from a public source --> subpoena Facebook for private data.
Treating the two risks as similar is madness.
Whether the one serving the content is exploiting data at the present moment has very little relevance. Because the end user has no means to assert whether it is happening or not.
My takeaway from this thread is an increased amount of trust in OP. Not because they made a mistake, but because of how they handled it. Well done OP!
Web server logs were not tied to user credentials in any way, they were used for debugging purposes and could not have been used to identify users.
Sounds like a clear "lack of a depth of understanding" to me.
Front page says "zero logs"
Some logs, including specifically datapoints you have promised not to log, but you mean well (?) is pretty different from zero logs
I'm not here to debate, the reason I posted here is to hear what people thought and see how I could improve my platform based on the criticism.
Another issue is with Apache httpd’s routing. Removing the IP messes up routing sometimes when using mod_rewrite.
I've been DDoS'ed exactly once. In 2003 I got into a pointless internet argument on IRC, and my home connection got hammered, which of course made me lose the argument by default. I activated my backup ISDN, so my Diablo 2 game was barely interrupted.
But have those webservers supported a small or medium-sized business?
I've periodically removed Cloudflare because of issues with reissuing SSL certs, Cloudflare being down, and other reasons, and haven't noticed any problems.
The biggest benefit I get from Cloudflare is blocking scraper robots, which I've just been too lazy to figure out how to do myself.
Also you can sue whoever DDoSes you and put them in jail. It's easier than it used to be, since the internet is heavily surveilled now. The malicious actors with really good anonymity aren't wasting it attacking a nobody.
The answer to both this and parent is yes: partial privacy improvements are still improvements. There are two big reasons for this and many smaller reasons as well:
First, legal actors prioritize who to take action against; some cases are “worth seeing if $law-enforcement-agency can get logs from self-hosted or colo’d servers with minimal legal trouble” but not “worth subpoenaing cloudflare/a vpn provider/ISP for logs that turned out not to be stored on the servers that received the traffic“.
Second, illegal actors are a lot more likely to break into your servers and be able to see traffic information than they are to be able to break into cloudflare/vpn/ISP infrastructure. Sure, most attackers aren’t interested in logs. But many of the kind of websites whose logs law enforcement is interested in are also interesting to blackmailers.
(Asking because I really don't know)
But, banks and financial services now must obey "know your customer" laws so it's not beyond imagination that similar laws could be applied to websites and ISPs operating in a particular country.
And the "3 data points, that's it" of the blog post
Web server logs were not tied to user credentials in any way.
Also:
> // What we DON'T collect:
> - IP addresses (not logged, not stored, not tracked)
> - Usage patterns (no analytics, no telemetry, nothing)
> - Device fingerprints (your browser, your business)
so, I've read one blog from this company, and already they're lying or incompetent
Here on datacenters you say your are ISO27001 and SOC2 certified.
"We're ISO 27001 certified and maintain SOC 2 Type II compliance."
You do not have any certificate that I can find: https://www.iafcertsearch.org/search/certified-entities?sear...
https://www.iafcertsearch.org/search/certified-entities?sear...
Who is the company who certified you? What is the certification number?
@ybceo you seemed to represent this org based on your previous comments, is the parent commenter missing something here?
https://duckduckgo.com/?q=https%3A%2F%2Fservury.com%2Fdatace...
It is not visible in the live webpage.
archived versions here: http://archive.today/8LX8s http://archive.today/00mIw
Or was the mistake saying you held a certification that you thought wasn't important to most people?
Informational terrorism, a dysphemism that describes the manner by which certain data is abused to "re-rank content" for a "personalized experience," is encoded into the DNA of certain large tech companies.
The ideal would have been a security-first (privacy-first) industry and supply chain. The ideal never was going to happen, anymore than the early educational ideals of the television industry.
Ergo we are not past the point of no return. That point never existed. We are right where we should expect to be, with most people victimised by the industry and the supply chain, and with a small percentage of people working in security/privacy education to mitigate unsafe practices.
Seatbelts and airbags exist. Smoking is banned in many public settings. It took a senseless amount of carnage to achieve these measures.
We just haven't achieved the requisite amount of privacy carnage. Yet.
The issue is everyone is willing to trade convenience for security.
The point of no return is an individual choice.
This is largely the attitude that led to this in the first place. This is about failures of messaging, campaigning, and organising. It is a lack of democratic engagement that directly stems from the idea of individual choice being supreme over everything.
https://grugq.github.io/blog/2013/11/06/required-reading/
Unlinking one's identity from one's activity is only getting harder as surveillance gets more and more pervasive. Effective OPSEC essentially turns one's life into a living hell and it's only getting hotter with time.
I don’t understand why any company would want the liability of holding on to any personal data if it wasn’t vital to the operations of the business, considering all the data breaches we’ve seen over the past decade or so. It also means they can avoid all the lawyers writing complicated and confusing privacy policies, or cookie approval pop-ups.
They're OK with the liability exactly because of this very sentence. As you said, there's so many data breaches... so where are the company-ending fines and managers/execs going to prison?
Up to EUR 10,000,000 or up to 2% of the total worldwide annual turnover of the preceding financial year, whichever is higher; applies to infringements such as controller and processor obligations, security of processing, record-keeping, and breach notification duties.
Up to EUR 20,000,000 or up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher; applies to infringements of basic principles for processing, data subjects’ rights, and unlawful transfers of personal data to third countries or international organisations.
https://ico.org.uk/action-weve-taken/enforcement/
Some went to prison, some were fined £14M and it's a mixture of small fry and big fry.
It’s not very hard to handle customer data in a legally compliant way, that’s why you don’t see companies deciding against retaining data.
You can do everything right and still have a data breach, and in that case nobody is fining you.
This data is the tool we have to identify and fix bugs. It is considered a failing on our end if a user has to report an issue to us. Mullvad is in an ideal situation to not need this data because their customers are technical, identical, and stateless.
It's not my department but I think we would get laughed out of the room if we told our users that we couldn't do password resets or support SSO let alone the whole forgetting your 'credential' means losing all your data thing.
A lot of companies could be in similar situations, but choose not to be.
All of retail, for example. Target does significant amounts of data collection to track their customers. This is a choice. They could let users simply buy things, pay for them, and store nothing. This used to be the business model. For online orders, they could purge everything after the return window passed. The order data shouldn’t be needed after that. For brick and mortar, it should be a very straightforward business. However, I’m routinely asked for my zip code or phone number when I check out at stores. Loyalty cards are also a way to incentivize customers to give up this data (https://xkcd.com/2006/).
TVs are another big one. They are all “smart” now, and collect significant amounts of data. I don’t know anyone who would be upset with a simple screen that just let you change inputs and brightness settings, and let people plug stuff into it. Nothing needs to be collected or phone home.
A lot of the logs that are collected in the name of troubleshooting and bug fixing exist because the products are over-complicated or not thoroughly tested before release. The ability to update things later lowers the bar for release and gives a pass for adding all this complexity that users don’t really want. There is a lot of complexity in the smart TV that they might want logs for, but none of it improves the user experience, it’s all in support of the real business model that’s hidden from the user.
Well, that's like 99% of the businesses out there. Mind listing of some of the businesses you like aside from obvious mullvad?
A HN user posted about a site they made for faxing documents the other day. It’s a good example of how I think most things should be setup in many cases. You pay a fee and it sends a fax, that is very simple to understand. There are no accounts and the documents are only stored long enough to fulfill the service.
https://news.ycombinator.com/item?id=46310161
You can imagine how most “modern” sites would handle faxing. Make an account, link a credit card, provide your address to validate the credit card. Then store all the faxes that were sent, claiming it’s for easy reference. Meanwhile it’s running OCR on them in the background to build a profile with a wealth of personal data. After all, people don’t tend to fax trivial things. In addition to the profits from the user, they are making a killing on selling data to advertisers… but those details are hidden away in legalese of the fine print in a policy no one actually reads.
You can have cryptocurrencies in your wallet, (on most chains) you are anonymous but have no privacy, your transaction history can be accessed by anyone.
It’s all fine and dandy, you can enjoy your anonymity, about as long as you make your first transaction.
You might be anonymous, but basically you hand over your full transaction history and balance anytime you pay for a coffee or tshirt.
Social media handles are usually pseudonymous at most.
I wonder where the figure of anonymity is. With writing style analysis, correlating pseudonyms is probably pretty easy these days. Maybe we’ll all start writing our ideas into LLMs and have them do the talking…
And if you simply have multiple wallets and try and maintain the appearance of being disconnected, can you move funds between them without establishing a connection that unmasks you?
to clarify: it can be hard to prove that two crypto addresses are the same people
Is that a high bar? I mean, you could have said that about forensic fiber analysis—and then it was revealed that the entire history of the field was just expert witnesses lying their asses off for whatever conclusion law enforcement wanted. It turns out that to prosecute criminals, being complex enough that expert witnesses can provide a smoke screen to rationalize law enforcement targeting that is actually based on prejudice and not concrete facts can be sufficient.
e.g. police look for online drug dealer with blockchain data, get warrant, bust down door, find big pile of drugs.
The point being, the data might not be "proof" on its own but it absolutely illustrates that there is no privacy on public ledgers.
Again, I’m assuming traditional “old school” non-privacy cryptocurrencies.
Kepp in mind, tumblers have also been found to keep logs that ended upp in law enforcement.
Browser fingerprinting: "Your unique combination of extensions/settings makes you identifiable among other users."
Service anonymity: "There are no other users to compare you against because we don't collect identifying data."
When you sign up with just a random 32-char string, there's nothing to fingerprint. No email to correlate. No IP logs to analyze. No usage patterns to build a profile from.
Fingerprinting matters when services collect behavioral data. We architected our way out of having that data to begin with.
There's STILL a browser fingerprint, IP logs to analyze, usage patterns to build a profile from. You may claim you don't collect it, but users need to take your word for it. This is just pseudonymity, which (as many BTC users found out) only gets you halfway there. Real anonymity is way harder, often impossible.
Don't get me wrong, it's good to see organisations that care about privacy and in fact this blog post encouraged me to consider your services in the future. We have some use cases for that at work.
Though by using cloudflare you're NOT putting your money where your mouth is.
But you are 100% right, I will look into alternatives for Cloudflare, which we are using because it seems like the cloud hosting industry LOVES to DDoS new players.
Without (1), people who really care about anonymity won't even care about you (tor is table stakes). (3) is a really strong vote for anonymity, but don't expect many customers that way.
The operator can passively log the network traffic which allows for de-anonymization and you would need to design your application-layer such that the operator couldn't selectively route your traffic to a non-compliant server.
It might not be possible to verify 100% but the more transparency the better i guess. Seeing the 3 way handshake and connection information, the timings, location of the server. Would need to be quite elaborate to fake. Just thought was a fun idea. Have the customer allowed in to production. A lot more difficult then publish privacy page, source code, fake audit reports.
It's basically rule number one. Tor is all about making all users look like the same user. The so called anonymity set. They all look the same, so you can't tell them apart from each other.
It's also part of the rules of proper OPSEC.
https://en.wikipedia.org/wiki/The_Moscow_rules
> Do not look back; you are never completely alone.
> Go with the flow, blend in.
> Vary your pattern and stay within your cover.
https://buttondown.com/grugq/archive/bad-opsec-considered-ha...
As noted in the article, it wasn't the failure of Tor that led to arrest, it was poor OPSEC. Failure to cover, failure to conceal and failure to compartment.
Talk about doubly stupid, first sending the threat, second using Tor on campus. I often wonder what goes (or doesn't go) through the mind of such people.
I guess the lesson there is that if you don't want to be convicted of a crime, don't confess to a crime? They won't give you a lighter sentence for confessing.
Ever hear of moral integrity?
Unless the penalty is unjust (say, execution for a minor crime), a just man will confess and accept his punishment as right as just. He himself will want justice to be done and will want to pay for his crime.
A remorseful murderer knows he deserves death. He might ask for mercy, but failing that, he will accept the penalty with dignity and grace.
Relatedly, this is why I think every "new" social media service that isn't Mastodon is barking up the most wrong tree with "take everything with you," you're essentially helping to build an even harder to erase social history.
Mastodon's individual server model, like email's, is better PRECISELY because each node is a point of "failure." That makes erasure easier. Which is good.
It's no worse than normal internet publishing, but it doesn't magically solve the erasure question.
Nostr fixes both of these. So whilst you're at the mercy of relays storing your data, you can at least be anonymous.
What you need instead is to make it easy and common for people to use browsers that resist fingerprinting, VPNs/Tor, custom email addresses per-account, etc. Because then instead of claiming to not log your information, they simply do not have it.
The biggest thing we need is a better way to pay someone over the internet without them knowing who you are.
I've been saying that for years. Buy a prepaid card for cash at say the supermarket with xyz value on it and a unique email address included (an anonymous debit card with email). That is every new card you buy would have a different disposable email address that would expire when the card is empty.
Such a scheme could also be used to donate micro payments to opensource projects, ad-free Youtubers, etc. and do so anonymously. Moreover, it would make payments easier thus overcome the "requires effort to do" resistance when it comes to donating. Making donating super easy would I reckon greatly increase the income for all those on the receiving end.
However I can't see it happening, governments would outlaw it claiming it'd be used to transfer money for nefarious purposes, money laundering etc.
The major reason I don't donate to good/charitable causes is that I cannot do so anonymously.
Shame really.
I feel like it's too common for people to say "we can't have nice things because the government is run by a clutter of lummoxes" when they should be saying "we should improve society somewhat".
What's the reason you don't want sellers to know who you are?
That would be like buying things in real life while wearing a ski mask and paying with cash.
Any normal pre-total-surveillance store would've had zero issues selling me something for cash if I walked in wearing a ski mask.
Cryptocurrency?
Every one I've tried "just works". The trick is getting people to join you.
As the other comment pointed out, if it's easy enough, that problem will take care of itself. I would also add "lightweight", cloning the entire block is not something everyone would do.
It's got superior privacy properties, sure, but for most people that's not enough. Its gotta be better on other merits too. Until then it wont matter how easy it is to use because you'll still have to turn it back into fiat to use it and now you've just reinvented the problem you were trying to solve with crypto in the first place.
I don't mind using fiat for groceries. I'm talking only about digital currencies for digital services. That's it, at least for starters.
> Its gotta be better on other merits too.
There, a market niche deliberately being overlooked. You can totally reverse benchmark this whole thing if you can actually see its current flaws that prevents it to become mainstream.
> and now you've just reinvented the problem you were trying to solve
One intractable problem at a time my friend. I feel like those are the excuses we've been telling ourselves to not even try. The fact of the matter is that it's going to take time even after you have the infrastructure in place. You can read endless HN comments complaining about, let's call it the situation, on the side but I believe if anything at all it's going to be a grassroots movement and it has to start somewhere. It's actually pretty straightforward, take something that is hard, that you're an expert in, and make it stupidly easy. That's the formula I use anyways but crypto is not my strong suit.
And then there's the other extreme where everybody uses crypto instead of fiat. We have the status quo as evidence that that works to at least some degree. I don't know how many cycles you'll find in the fiat economy, bit its a large number.
For some middle ground situation to work, you don't need everybody to consume exactly as much digital services as they produce, but you need some kind of balance: something like for everyone who consumes twice as much as average somebody else consumes half as much as average. Then you could have this digital-services-only sub-economy.
The more asymmetry you have, the closer you are to having a single producer and millions of consumers, the more quickly you're going to need exchanges involved to restore balance. Else the tech workers run out of fiat to spent on groceries and the grocers run out of crypto to spend on their VPNs and... bored apes gifs?
We can get there by:
1. making the tech easy to use and hope it happens on its own.
2. create artificial demand for digital services via artificial scarcity schemes (this is why modern crypto looks like a casino: tokens as assets).
3. solve a larger share of real problems in ways that make sense to solve digitally (efforts like these are where you get utility tokens from).
More of 1 couldn't hurt. I think we've seen enough of the road that 2 is paving to not want anymore of it. But I think 3 is the bottleneck.
We're in agreement that things could be improved through grassroots change that involves using different payment protocols. But progress in that direction is stalled not because the payments system is hard to use, but because the products themselves aren't diverse enough to sustain their own sub-economy.
If you got better beer out of that arrangement than you can get at the liquor store... That would be and indicator that such dedicated sub-economies can work without an external hype cycle driving them.
Then you could try something more ambitious like VPN service, that way your employees can at least buy beer with that portion of their paychecks (and the brewers can similarly buy VPN serice to avoid interference from the local government, which they might expect if they're "selling" alcohol).
I suppose you could engage in some cloak and dagger exchange at night, but again, the 99% won't do that. The ones who do, are most likely capable of setting up their own services, anonymously, so they don't need to have a commercial, for-profit as their middleman.
talk about anonymity but uses cloudflare. you threw away your tls and allow cloudflare to sit in the middle of the user and your web page. you're a hypocrite.
Many people online seem to think that they are anonymous and so were emboldened to do stuff that they might not have done if they had realized this. They continued to feel extremely good at this right up until the knock on the door.
Most UK and Australian writers would spell it "realised" so there's a bit right there.
Even if you include no personal information, there is information in writing style.
Stylometry is the study of this. Yes, there's also adversarial stylometry - distorting your writing style to fool an analysis. It's probably effective now, but that could change overnight and every archived post that every OSINT organisation has collected is deanomynised.
Yeah you can say "I change my style". But there's some bits that don't have false positives. If I EVER say "praise the omminsiah" I'm definetly au fait in 40k memes. If I ever say au fait I'm a person who has at least a rough idea of what it means. There's no false positive here, so if you can just find about 29 undeniable uncorrelated bits that are known to not have false positives ... a more advanced analysis could exploit this in a more continuous way (e.g. the likelihood of it being a false positive). I should shut up now.
It's as old as history. In the days super-abbreviated telegrams (words were costly) you could even get two for the price of one--the author and the Morse code operator who actually sent the telegram. He could be recognized by his Morse fist, other Morse operators on the network would recognize him by the style of his sending even though they were only listening to dots and dashes,
I could try to prove it to you, but the only proof you need is that cybercrime exists and millions (or tens of millions) of dollars are stolen every day. If anonymity didn't exist it would be easy to stop this, wouldn't it?
There exists a grey area between not getting away with nefarious activities, and not having your life ruined by a lynch mob because you didn't approve their preferred CoC on a hobby project or some other perceived injustice.
If you find yourself a member of any group a campaign can mobilize the mob against, that entire investigatory apparatus can be turned against you.
Without privacy, we are doomed to endless purity purges.
Please do not to rely on fingerprinters or CDNs that does TLS-termination for you.
A lot of our intuitions about both are based on obscurity: nobody is interested enough to devote their lives to you. That's not the case any more. You are exposed to every person on the planet, and they have the tools to automate attacks on every single person.
That's not to say "give up", but we need to find a new understanding of how our lives work. It's like we're all hunter-gatherers who find ourselves instantly in the largest and fastest city, with nobody to teach us the ropes.
There is no anonymity, there is always someone you have to trust in the chain of WAN networking (DNS,ISP,VPN). If you want anonymity and privacy, you selfhost (examining the code is also a prerequisite). There is no other way to do it.
It depends on what service you’re offering. There are many cases where you can have end-to-end encryption so that you can know who your users are, host their data but cannot do anything with it.
Wasn't Crypto recently revealed to be used by FBI (or similar) to track major criminals? They don't broadcast it, since they want people to continue thinking it's anonymous.
I think this paragraph is clear enough about that?
> ...
>5. Confirm identity for "fraud prevention" (now we have your ID)
I can't tell whether OP is being hyperbolic but it's certainly not representative of the average "privacy-focused" service I've came across. The typical service only asks for an email and maybe billing information (can be prepaid card or crypto). The only exception is protonmail, which might require SMS verification[1], but given the problem of email spam I'm sympathetic, and it's bypassble by paying. It's certainly not the "average" service, and no service asked to "Confirm identity".
Most of the time I use a made-up 555 number or if it needs to send an SMS to verify, I'll use a free SMS numbers.
>Ultimately convenience killed privacy.
By design, unfortunately.
be confident that the service is not keeping logs? JÁ!
How?
I go to court for knowing a drug dealer. That case goes nowhere.
I go to court for buying from a drug dealer. That's open and shut.
I'm not a CEO of a trillion dollar corporation or the president of anything. My privacy needs are far different from theirs.
This is very cool. I have wondered for a very long time why such a site does not exist. What pops to mind is that you could get better unit economics reselling really small VMs to the privacy obsessed. I know some netizens who would pay a dollar a month for, say, a tiny NetBSD VM and 64 MB of RAM to serve their tiny static demoscene website of yore. There are some real wizards of there.
Not sure if that's in your roadmap but definitely something to consider in this space.
You're going to have a tussle with law enforcement, and you're going to lose. Your service will last < 2 years because you will not be able to afford the lawyers you need to defend against even one muscle move by the government.
Good luck!
Honest question, but did you add the Cloudflare proxy to solve an actual problem, or did you deploy it a priori without an actual justification?
I once spent an entire year issuing chargebacks on AWS charges coming from god knows what AWS account. Most likely some client project I forgot about and didn't have the login to anymore, who knows. Makes me think about that - for a service where you can't login if you lose the credentials, how do you cancel a subscription? In my case I had to eventually just cancel the credit card and get a new number.
“Anonymity” = the data is public but not linked to its owner’s identity.
If you’re sharing your data with a website (e.g. storing it unencrypted), but they promise not to leak it, the data is only “private” between you and them…which doesn’t mean much, because they may not (and sometimes cannot) keep that promise. But if the website doesn’t attribute the data except to a randomly-generated identifier (or e.g. RSA public key), the data is anonymous. That’s the article.
Although a server does provide real privacy if it stores user data encrypted and doesn’t store the key, and you can verify this if you have the client’s unobfuscated source.
Also note that anonymity is less secure than privacy because the information provides clues to the owner. e.g. if it’s a detailed report on a niche topic with a specific bias and one person is known to be super interested in that topic with that bias, or if it contains parts of the owner’s PII. But it’s much better than nothing.
Can we have just better things or are we going to reject everything that’s not perfect and by doing so concede the whole point and just give up?
Well done OP for the right approach and your business. This has always been my design (when possible) to approach data security. When you don’t have data you don’t have to worry about its security.
Best of luck, ignore the naysayers.
The post also misunderstands privacy
> Privacy is when they promise to protect your data.
Privacy is about you controlling your data. Promises are simply social contracts.
some people believe supply chain attacks are rare and hard to pull off and expensive and only valuable in extreme cases but if you ever worked at a local delivery service or pharmacy or something other where people and the necessary machines are being aggregated in some basements or even backrooms for all use cases from all times for wholesale forgery and fiddling with people, you know that the situation is ugly, not bad. throw in the many coders, network engineers and hardware specialists with ties to above entities and bombaclat, Jahmunkey, we fucked!
#TheEconomicsOfPunchedDrugs #Automation #DataAnalysis #SituationalAssessment #HeyIsThatATurdNuggetAtTheTopOfThatPyramid
Smells like it was written by an LLM so I stopped reading.
But in order to read the article you need to enable JS. What a joke.
Ideally, an argument about privacy would start with its notion of privacy.
https://en.wikipedia.org/wiki/Privacy#Conceptions_of_privacy
running three flavors of the same off brand browser, each optimised for different segments of online content is what seems to be the minimum.
they are so desperate to sell me something, (a truck) that it's wild, as it is one of the few monitisable things I consistently look for (parts, service procedures), the , pause, when I do certain searches gives me time to predict that yes, the machinery is grinding hard, and will ,shortly, triumphantly, produce, a ,truck.
Email is fine when it is an option. Mullvad have even option to pay with a credit card & PayPal. That's more sensitive data than Email.
anonymity in your product could be a sensible design choice that your customers could value. fine. go nuts.
but in general? hard disagree. anonymity is fragile and can't be guaranteed, privacy is a legal obligation which can actually be enforced if push comes to shove.
also that page reads like slop : it's not X, it's Y. blah blah blah. this is a marketing piece trying to go viral.
Sorry but I just couldn't resist hehehe.
Where have I heard this before?
What I'm trying to say is that the core issue is "people aren't trustworthy" and "we need privacy" is a bandaid on the former problem. If we manage to create a society where people are trustworthy, the need of privacy will disappear.
unsafe { anal_reactor }