At this point what large company hasn't had breaches or cancelled projects? Hell, is your company doing OK in terms of security? Are they hashing passwords correctly? How large is the security team? My company doesn't even hash passwords...
At some point you need to stop living in a bubble and recognize that plenty of people, businesses, communities, etc. rely on the app in a positive way.
I can understand that you're not using it, or think it's evil, but not everyone shares your opinion.
I understand this is somewhat my privilege speaking here, but I don't think I could continue working at a company that didn't do something as basic as hashing passwords (and refused to prioritize fixing that as soon as I pointed it out). It's a massive ethical, if not legal (IANAL), liability -- and a huge breach of users' trust. It's 2021, hashing user passwords is astonishingly easy; I can't imagine any remotely justifiable excuse for something like that.
For what it's worth, the European Union Agency for Cybersecurity publishes recommendations[0] for measures that digital services should implement to fulfil their responsibilities under the GDPR. One of the recommendations, K.6 is:
> User passwords must be stored in a “hashed” form.
These guidelines aren't legal requirements for every service, but if a data breach occurred, and passwords were leaked, regulators would presumably point to this recommendation, and the ease of complying with it, and take that into consideration when issuing a fine.
> At this point what large company hasn't had breaches or cancelled projects?
'Breaches' and 'cancelled projects' aren't the only scandals and failures to come out of Facebook ... just the other day on HN front page was an article (from 2018) where Facebook openly admitted that their platform enabled the Myanmar crisis.
No, in lots of places. In Scandinavia Facebook is "for old people".
>not everyone shares your opinion
I do and everyone I have asked (and maybe informed as part of asking) agrees. The thing is that people are lazy - it is not that they don't think Facebook is evil - they are just too lazy to do anything about it. Very few informed people sees facebook as Not Evil.
I can't imagine anything even resembling a reasonable excuse for not doing something as basic as hashing passwords, and I don't even want to imagine what else isn't being done by a company which operates in that manner.
More importantly, how big is their whiskey budget?
It's not the greatest proxy, but how regularly your security team drinks is a not-terrible way to gauge how much trouble your org is going to be in should something happen.
FTFY: in the US
> repeated scandal and failure
At this point what large company hasn't had breaches or cancelled projects? Hell, is your company doing OK in terms of security? Are they hashing passwords correctly? How large is the security team? My company doesn't even hash passwords...
At some point you need to stop living in a bubble and recognize that plenty of people, businesses, communities, etc. rely on the app in a positive way.
I can understand that you're not using it, or think it's evil, but not everyone shares your opinion.