
Data Is a Toxic Asset - _delirium
https://www.schneier.com/blog/archives/2016/03/data_is_a_toxic.html
======
CM30
I agree, the biggest reason all these security breaches are as bad as they are
is because every company and site seems to want to store as much data about
its users as they can.

And this point from the article is great:

<i>The Ashley Madison data breach was such a disaster for the company because
it saved its customers' real names and credit card numbers. It didn't have to
do it this way. It could have processed the credit card information, given the
user access, and then deleted all identifying information.</i>

Tip 1 for 'anonymous' or 'secretive' services like this; don't store personal
information. There's no reason a site about cheating on your partners needs a
real name or any real personal information, at least on the site's part (that
can be shared between the actual users when they want to share it). Similarly,
there's no reason any anonymous service should store anything bar a username
and maybe email address. Or for that matter, get access to any device features
like the camera or contact list. That way, if it ever gets hacked, the data is
(for people who didn't use their real name and email) completely useless.

