Reminds me of the time I bought lunch at work, and a colleague told me exactly what I bought and how much I paid for it. I called him out and said it was a lucky guess, and then he proceeded to tell me my entire payment history for the past 2 days.
Turns out when I was buying lunch, he was on the phone with a friend who worked at Paytm and that guy gave away my transaction history for shits and giggles.
My trust in private companies has been at it's lowest since then and I absolutely do not trust startups to keep my data safe.
What you must understand is that this is human nature not "private companies."
When I was in high school I had a friend who worked at one of those 1-hr photo processing places. People would bring their film in to have prints made. And there were no small numbers of "intimate" photos on those rolls of film. Yes even in the days of film cameras, people took photos of themselves in sexual situations.
Of course my friend thought it was hilarious and the shop would make extra prints of these photos to pass around among the staff. They had separate categories similar to what you'd see on any porn site. Of course it was in violation of policy but people do this stuff. If you're building something that handles photo/video images you must expect it and build in privacy from the ground up. You cannot rely on your staff to always be on their best behavior.
When I was working for [blank] cellphone carrier we had a competing carrier fire their entire phone repair/support staff in the area because they were keeping a USB hard drive stash of nudes. Tech support staff would pass it from store to store and dump whatever nudes they'd collected from customer phone repairs that week. I don't remember how they got caught.
I had to come down on multiple tech staff at our own store for digging around in photos anytime a hot woman came in with a phone.
Rare occasions we had this one older women that would ask us to transfer photos every year to her new phone and to "verify personally that every photo had been moved." Of course the majority of the photos would be her naked selfies or what seemed to be swinger parties. I've got a 65yo woman in a cowboy hat only seared into my brain because I was the first tech to deal with her kink of having people look through the photos.
Right, so the problem is still private companies not putting in the effort to build in privacy to prevent this.
For physical film it’s hard, but for software you should at the very least record access to personal data and audit it to make sure people actually need it and aren’t abusing whatever permissions they are using to get the data.
The employees in this case aren’t going looking where they weren’t supposed to. This isn’t an auditing problem, like the Google/Facebook/Amazon employee snooping where they aren’t supposed to.
In this case employees are tasked with watching the video clips that car owner intentionally shared with them in order to label it (draw boxes around specific objects).
After spending 8 hours a day drawing boxes around fire hydrants, they would joke about the funny things they saw with their coworkers.
This is literally how all human labeled AI training works. You can’t teach an AI to identify crucial features on the road without building the labeled data set to train it with.
Amazon does the same thing with Alexa. Apple does the same thing with Siri. Security camera companies all do the same thing with their motion and object detection software.
They were sharing recordings and screenshots on internal message boards, even making memes of them. It wasn't just funny stuff either, graphic stuff too. That's far from joking around with your coworkers, even that would be totally inappropriate and worthy of termination imo.
I assume they don’t mean that they are baffled by human nature. The thing that’s sort of unexpected is that, knowing human nature, companies don’t build in safeguards for this kind of sh.
Exactly so. It is repugnant that level of access was even available to a employee based on nothing but curiosity. Unfortunately another part of human nature is that most people profiting off you don't give a shit about your privacy. This is why legislation such as HIPAA has to exist.
> Do you really thing the people in government care about your privacy?
They definitely don't, but at least there is electoral pressure applied to them from constituents who they represent. In the case of private orgs it is gobble up anything you can and there's no way for regular users to hold them accountable.
If the government gave a shit about privacy in general, Equifax would have been fined into oblivion and its owners jailed for a bit. The example is not evidence that they give a shit, it is presented as something without which our healthcare data would be traded as another commodity.
> If you're building something that handles photo/video images you must expect it and build in privacy from the ground up.
I agree with this as part of a bigger solution. There should also be privacy regulations with serious consequences for negligence or abuse. If private customer data were a liability due to the risk of huge fines from misbehaving employees, companies would collect a heck of a lot less of it.
Right now data collection is almost all upside for the company; there are many ways to use or sell it to make more money. But users bear the costs, many of whom don't realize just how much they are being spied on.
To go further, it should also go down on someone's permanent record so that they aren't allowed to work in the same field for someone new. This shouldn't be like being a priest where you just get rotated to a new area but get to continue doing what you got in trouble for in the first place.
> What you must understand is that this is human nature
Seems no one is speaking up in the defense of humanity at large. What you describe is possibly even "common" but it is not ingrained in all of "human nature". There are many people who are simply incapable of certain transgressions - for some even the thought doesn't occur. These are possibly rare but they do exist. What you are describing is the fundamental problem of humanity: we are not a smooth and uniform distribution and practically every political thought ultimately boils down to this foundational problem of our collective but morally and ethically disjoint coexistence.
Human nature? Sure, but very much lack of regulation and of good corporate privacy policies. First, customer data should be in a special, highly logged environment. Anyone logging in for whatever reason needs a justification. Next audit or periodically or if something goes wrong, those logs are checked and people confronted with why they're accessing random person X's data for no work related reason.
Won't make those incidents disappear completely, but it will sure kill off fetching data from a friend of a friend for shits n giggles.
I was at a hackathon once, and they had a startup fair, where various companies had their booths.
One startup had created a student-management system for schools. And the rep was demoing the system. Except with live data. Showing pages of real students with their pictures, home addresses, etc!
So, principles aside, the actions of companies are such that there can be no trust.
I once had a classified ad software hustle, and I needed customer data to debug things. But one of my customers was Canada's largest gay newspaper, and ts classifieds were highly sensitive.
So I wrote a routine that obfuscated the database, changing all phone numbers to 555-xxxx, changing all names to random names of fruit (So a customer might become Banana Grapes, 416-555-1234), and a few other changes to hide other possibly identifiable information.
I had a menu item to do that to the database, it was under a "developer" menu that only appeared when I was personally signed in as the only superuser. I am embarrassed to say the menu item was called "mixed fruit."
One day, I was signed in at the client's office, and the manager came by and wanted to do something or other. I gave him the mouse and keyboard without logging out and asking him to log back in. He did his job, then noticed the developer menu. "What's this," he murmured, and selected "mixed fruit."
No confirmation dialog, no warning, it begin munging the live, production database as I watched in horror. I managed to get everything sorted and the production data restored, but I learned a few lessons that day about building super-features for myself that were extremely sharp and difficult to undo.
Personal ads in those days did not usually have real names or addresses in them, regardless of sexual orientation. Some had personal phone numbers, but in those days you could also pay a few bucks more and rent a voicemail number just to put in the ad, or a "mailbox" for written correspondence. Classified ad software in those days had all kinds of features for supporting pseudo-anonymity and handling the pricing correctly.
So yes of course the ads were public, you could pick up a free copy of the newspaper at any gay bar on Toronto's Church Street. But the details about the customers placing ads were extremely sensitive.
———
Oh man, the stories I heard... Many extremely sad to me, when I think about why people felt the need to be closeted and so on.
Someone might give out their phone number and a fake name, but the back end the software might need to know their real name and address for billing purposes.
Why on earth you create that in the first place, and put it in the menu?
How often do you need to trash production (which should be never -- copying and scrabling is plenty bad enough) that you need a menu shortcut for it?!?
These were the days before you could just ssh and/or vpn into a client's production system, so I would copy their db onto my Mac, run the mongler on it, and then I would take the database home with me, without worrying whether the theft of my Mac could lead to lives being ruined.
If you want to point out that I could have been even smarter thirty-plus years ago, the line forms to the left... Stretches down the block... Goes around the corner... &c.
But while my memory is imperfect, I believe that I hardcoded that feature to only work when running on my personal Mac SE/30, and also changed the feature/name to have a tossed salad metaphor.
Let's just say that while my library of best practices has grown over the ensuing decades, my collection of anecdotes about worst practices has grown even faster :-D
Sorry, that code is strictly worse. Because while the website on the laptop looks fine, there is a database on the laptop which has all the sensitive information. Anyone with access to the laptop just makes a backup of that database and the damage is done.
It's hard for me to say whether you are correct or not; I was under the impression that the data was updated on the DB instance, and in that case I stand by what I said (the prod data would end up on the laptop, but then as soon as the command was run, it would get permanently obfuscated). If the data was just obfuscated on screen, then yes, perhaps you are correct.
Something I have seen done before that I thought was good was that every so often a production database was synced, but during the sync process, things that could identify a customer were redacted or obfuscated. Then almost anyone who had need to work with production data would use the munged version.
Not that it matters greatly, but FYI this app ran on a product called 4th Dimension, a 4GL app-building environment running a proprietary database on Macintosh desktop systems. They also had a client-server version that ran on local networks. There was a runtime engine, or for big money you could buy a compiler that would build standalone executables.
They eventually pivoted to supporting the web (and PHP!), but this story predates all of that.
4th Dimension was orginally called "Silver Surfer," and it is the centerpiece of a story Guy Kawasaki used to tell about how big companies work. Apple was trying to get everyone to write software for the new Macintosh, they gave free hardware and engineering support to Ashton-Tate to port its popular PC database to Mac, &c.
Meanwhile, indie companies like Aldus (who would go on to literally rescue Apple when they released PageMaker) and ACIUS (A company Guy formed in partnership with the original developer to distribute 4th Dimension) shipped software that people actually bought and actually used.
Apple would have done better if they'd told people like Ashton-Tate to "Ship or GTFO," but the history of technology companies is one of people skating to where the puck has been...
> ...I would copy their db onto my Mac, run the mongler on it, and then I would take the database home with me, without worrying whether the theft of my Mac could lead to lives being ruined.
From that, it was definitely run against a copy of the database.
The code that you showed looks like PHP display code. So it will change what is shown to the user, but unless showMixedFruit is horribly misnamed, will not change what is in the database. And therefore does not address the problem that the mongler was trying to solve.
That was implicitly intended to be part of menu template code, so it would show the “Mixed Fruit” option only if it wasn’t prod, and as I tried to suggest in my comment, such code would not execute on prod (the endpoint/backend code would abort if it found itself running in prod). (And the mixed fruit code would, in fact, affect data in the DB). Tbh I think this discussion is less than pointless.
I had a background check company that a previous employer used email me to say:
"I just wanted to verify that this is the correct email address for you, and that the following info is correct:" and proceeded to list my full name including middle initial, name, phone number, date of birth and full SSN."
Mind blown on a couple of levels. Was tempted to reply back "I have no idea who this is - this isn't the correct email".
They also found my girlfriend on social media, got her phone number and called her to "verify my identity".
To be clear, this was a run of the mill SRE position, not any type of background check for a clearance.
Instead, I told my new employer, and they were as livid as I was, profusely apologetic to me, and fired that background check company that day.
If they are Dutch that would be illegal under Dutch law. We have very strict laws around private investigation and anybody doing that without the proper license would be in a lot of trouble.
The United States has similar laws, where licensed Private Investigators have to at least supervise investigations (it's a bit like having a licensed pharmacist on duty while less-trained people actually hand out the meds, or having a medical doctor supervise the work of a group of physician's assistants).
There are some exceptions, but most of the time you need a license to go snooping around. These PI licenses are also a major perk of law enforcement careers, as it's sometimes difficult to get the required work experience without time in law enforcement (unless you don't mind working for nearly-nothing under a PI taking photos of insurance & workers compensation cheats, unfaithful spouses, etc. for years).
That background check company was almost certainly operating within the bounds of the law. They were just doing it Really Poorly.
I've also seen the pendulum swing in the opposite direction. There was a demo for hospital software that was obviously using fake data. It was something like "Patient Name: Mickey Mouse SSN:123456789"
An overzealous IT security manager literally covered the demo with his body until it was taken down. All under the pretense that "You never know, that could be someone's real information."
Someone should have walked up with their phone camera and shouted "ooh hey, nice addresses!" And just started snapping away (or at least pretending to)
Yeah. I would seriously have considered asking "did these students consent to the public dissemination of their personal data?" This kind of behavior will only go away when it becomes a shameful act in the eyes of the public.
I would not be surprised if their resolution to someone taking pictures in order to show them the error in their ways would be for them to call to police and have you arrested.
My awakening was the multiple times I've been talking with a startup and said, "I was surprised there's no self-guided demo or video tour available on your website; can you show me how the product works?" and had them reply something like, "Oh, sure. The reason we don't have a demo yet is that we haven't gotten around to making fake data, but let me pull up one of our customers' accounts and give you a tour using their data. Try not to read anything."
If you build robust privacy guidance mechanisms into the fabric of your startup from the beginning, your ability to handle risk management around these types of cases can be resourced to scale with the customer expectations of the system you build.
Unfortunately, if you do that, you are going to be outcompeted by the teams that are working to get their first 10,000 paying customers by any means necessary, because privacy planning is less capital efficient.
The companies that do get big enough to overcome their immediate survival constraints often have a harder problem identifying and providing resource needs for privacy assurance because it's less on the minds of the people in charge of making resource decisions because you have other operational scaling issues at the front of mind.
Your engineers and support staff doing dumb things with your data is a risk you can have resources allocated to. But it's not on the critical path to market dominance so it shouldn't be expected to be a priority.
Sounds like it should be illegal to share data by default, and that individuals shouldn't be able to sign away their expectation of privacy as part of a EULA.
I'm so glad I've never heard of that service and have no idea what it is.
Thanks very much for calling them out by name, BTW. Presumably someone from that company is reading this as we speak - and soon enough, will be reporting back to us that that employee has been identified, and of course, duly fired.
Indian peer to peer payments app. Generally considered one of the higher-quality made in India applications and very very widely used. Nobody will be IDed or fired until the same thing happens to a celeb or gvmt official.
It's because you don't live in India. Not sure if this is still the case, but Paytm was the Venmo of India, and actually had more penetration than credit cards when I visited ~5-6 years ago.
I don't think it's just private companies. Its really any thing that has data I think.
I used to work at the largest telco in the country on a software project (as a consultant) that involved some integration with existing services. With some playing around it soon became clear that all services were wide open as long as you were on the internal network, you just had to know what they were and how to call them. No authentication required, no audit logs as far as I can determine.
I didn't poke at it too much, but I was able to at least read an arbitrary cell phone's text messages and call logs.
> My trust in private companies has been at it's lowest since then and I absolutely do not trust startups to keep my data safe.
Hate to be the bearer of bad news, but governments aren’t any better. Local government in particular is usually an IT security nightmare.
There was a local government in a state I used to reside in that required folks to have an “alarm license” for their home and fined people for false alarm police callouts. The form to apply required you to give an alarm code for the police, and of course your name, address, and phone number.
Predictably, the database of information was ineffectively secured and basically public on the Internet for years before it was fixed. I don’t recall any burglaries or home invasions happening due to it, but still rather asinine.
At this point in my life I have basically no faith in any institution in society and treat all information I give out as effectively compromised immediately.
You are right, I’ve worked at a bunch of companies with millions of users and access to data was almost out of control within the company. Management doesn’t really care, including the data protection officers and the likes. I only hope Google has better policies, with all the data we store in emails and in docs.
Frankly, everyone is a risk to some extent, which is why it’s handy to just not give someone things that can be a problem if exposed. What they don’t know/don’t have, can’t be used against you.
But someone with minimal direct criminal/financial risks of exposing something is definitely higher risk than others, and that is most startups.
That said Amazon reps have clearly been bought out before, and individuals within most large corps have always been viable targets of blackmail, bribery, coercion, etc.
It’s why some societies are so resistant to phasing out Cash. Anything else gives leverage to folks that historically it’s been a bad idea to give leverage to.
At a fertility clinic they had paperwork that asked my employer, social security number etc. I asked if this was necessary, as I was paying out of pocket. They firmly said yes and asked me to fill it out.
Guess who works for $State Fertility Group, with a social 111-11-1111 and makes 100M/year.
I believe that your assessment of startups is valid. I also think your views are true of big, multinationals as well. It seems that by the time a company gets large enough, consumers start receiving some protections, but workers, not so much.
> Tesla is neither a private company, nor a startup.
The parent implies 'private' in the sense of non-governmental entity (the Indian terminology), and by that metric both Tesla and Paytm are 'private' (and publicly traded)
That's horrific. I work for a fairly large payment processor and it takes multiple levels of approval and oversight from several levels of management to get time limited access to a production database or client interface - all access being logged and ticketed along the way. The idea that someone could just start looking up transactions for shits and giggles would be unheard of.
> The idea that someone could just start looking up transactions for shits and giggles would be unheard of.
What about the DBA maintaining the database? Do they not have query access to the data? How about the devs who are responsible for reporting; do they develop reports using generated test data? It’s naive to believe that data is entirely secure and private. There’s always a level of trust required from employees to not share private data that they may see on the job.
I fully expect this in India. There is no privacy in India and no education or awareness of it either. There are no laws and so no expectations either. I don’t if it’s still prevalent but I know friends who had folks from some company knock on their doors saying they will take a sample and do free blood tests and add it to their website to track it as a service. This is pre covid
This is really disappointing. HDFC wouldn't ever do this to you if you used your debit card for transactions (I realize this isn't feasible for every vendor, I just mean conceptually). Now I have to wonder why Amex was banned for so long for not localizing data. The other payment apps with localized data aren't really doing that much to protect it!
Well, that's India, though. Whether it's a private or a public company there's no real notion of privacy of data. If you want it and you have a friend with access, he'll give it to you. Your job is to then not get caught.
when it comes to security you should always assume the worst intentions, if you can think of it as possible somebody is probably doing it. This is why nobody trusted the NSA and they were proven right with the Snowden stuff
The fact that PayTM doesn't guard sensitive personal data even when it's a local tech behemoth makes me not want to use digital payments and switch to cash.
Why are you advocating sensitivity to the giant corporation here? If there's a defense its "we don't allow random employees to access these records, and anytime an access is performed we audit the access including interviewing the responsible employee and reviewing call recordings. If the access was for anything other than an approved reason we fire the employee."
I don’t recall the source, it may have just been anecdotes online that aren’t easily verifiable, but even after Facebook went legit as a company I’m pretty sure access to data (who’s looking at whose profile, stuff like that) was marketed as an employee perk.
Not a perk, if you look at personal info of anyone in your social circle, you are fired, no matter who you are, for what ever reason. If you need to fix a bug, and you need to look at personal info, it is logged and reviewed, go snooping, you are fired. You use your friend as the example for that bug, you are fired. In fact, when I worked there, I was paranoid I'd accidentally look at personal info and get fired, and rigorously used test data.
For additional sense of timescale - I’ve been there for coming up to a decade, and day 1 of employee onboarding was “you will be fired immediately if you even try to do <list of activities>” (even looking up your own data at the database level is forbidden, because eg foreign keys could imply a list of who has blocked you, which is not visible in the web frontend)
I’ve never dared test the auditing of the user-data-logs, but I have tested the auditing of the network-logs — when I tried ssh’ing from my work laptop to my personal web server (so that I could run an IRC client there), it took seconds for the security team to react ^^;
I think Zuckerberg is a sociopath but this chat log often gets dredged up and it’s never been verified. It could be real but it could be an urban legend or an internet echo or the reincarnation of tubgirl.
Short of Zuck confessing to the authenticity of those messages, what sort of verification would you even expect? If Business Insider was libeling him, why didn't he sue them for it?
The quote is consistent with his behavior and attitudes since then, and with other accounts of his behavior and attitudes at the time. I don't see any reason to believe it's a fake quote. People on HN get upset when the quote is posted because it's posted so frequently, and the reason it's posted so frequently is because it continues to be relevant to and consistent with Zuckerberg's behavior and attitudes to this day.
> Short of Zuck confessing to the authenticity of those messages, what sort of verification would you even expect? If Business Insider was libeling him, why didn't he sue them for it?
Or because it wasn't libel. There is no evidence that it was libel, the man quoted has never said it was libel, so why are you laboring to defend this asshole billionaire who won't even defend himself? Cease your insipid simping.
I don't like Zuckerberg and I think the quote is probably real.
Dismissing someone as a simp is worse than ad hominem because, while an ad hominem criticizes a trait that someone actually has, anyone who disagrees with you on this issue can be labeled a simp. Get over yourself; people can disagree with you for reasons other than being blinded by irrationality.
I think it’s more disturbing that Zuckerberg named his company Meta in reference to a fictional dystopia where an antagonistic billionaire monopolist who runs a V.R. universe tries to literally control the minds of the world population both on and offline to become more powerful than world governments. Hubris is arrogance before the gods but what do you call the same before the devils?
TL;DR: there is factual stuff Zuck does right in the open and is worse than a sketchy internet quote.
> named his company Meta in reference to a fictional dystopia
Meta is a normal developer word - like Uber was. I personally never even knew there was a movie called Meta, although it is entirely obvious there should be at least one. Not saying Zuck wasn’t referencing the movie, but I am saying it is reasonably likely that wasn’t the reason.
Uber was a normal developer word?? I don't remember hearing it used in developer circles.
As to meta, yes, it's a common dev word. But Facebook is using it as short for "metaverse", which Zuck has admitted to lifting from Snow Crash's dystopian world.
Uber is a standard German word, which was often used in English as internet/gaming slang where you’d today use something like “hyper”, eg “uber awesome” or sometimes in video games “I am uber” (= “I am the best”).
> TL;DR: there is factual stuff Zuck does right in the open and is worse than a sketchy internet quote.
All that shit lends credence to the veracity of the quote (which comes from Business Insider, not the amorphous "internet"). A quote which Zuckerberg has never even bothered to deny.
> it could be an urban legend or an internet echo or the reincarnation of tubgirl.
I feel conflicted whenever I see a comment like this.
On the one hand, let's assume it's true: a Paytm employee acted negligently.
But on the other hand, what if it's not true? What if you happen to have a friend or family member who works for a Paytm competitor, or you have some grudge against Paytm for whatever reason, and are instead spreading low-key FUD about the company to make it seem like they have lax data controls and staff disregard for sensitive data?
The issue is that there doesn't really seem to be a way to substantiate your anecdote.
Let's assume it's true: a Paytm employee acted negligently.
Not negligently - maliciously.
The employee knew exactly what they're doing, that it was "wrong" in any conventional sense -- and most likely a huge liability to their career and reputation if it got found out.
most people can't handle it as a career and it has low barriers to entry, so many people do it as an early job. I have met several 10x call center people, and it can be an incredibly lucrative career. It's effectively low level social engineering. It requires extraordinary levels of grit.
From personal experience, people will do anything they are physically capable of doing and think they can get away with. Almost nobody I know has the slightest amount of respect for any private data to which they have access. This extends from people in healthcare breaking HIPAA to tell me about how Jane Doe is an idiot who got a mayo jar stuck in her vagina to IT workers showing me John Doe's cringey nude selfies. Trust absolutely no one. If it's possible, it's happening. The goal should be able to make it not possible to the best extent and when it is, create accountability.
> Almost nobody I know has the slightest amount of respect for any private data to which they have access.
Really? You need to run with a better set of people. It's true that there are plenty of corrupt, terrible people out there -- but it's also true that there are plenty who aren't.
This is what makes the lie more potent. It’s based on a kernel of truth, and because it reinforces beliefs, you can easily believe a Paytm employee acted negligently, with no more evidence than an anecdote.
Oh please. The comment was less about PayTM and more about tech companies being blasé about data privacy in general.
If I had a friend or family member who was an employee of such a publicly facing tech company, I’d be grilling them about their data security and privacy practices. I’ve been burned enough times by Indian companies so ridiculously free with their data sharing that I’ve stopped giving out my contact info to everything but the most essential of services.
Most Indians will lean towards believing the GP because they know how aggressively their personal data is being abused, unless Paytm comes out with concrete details of how they protect privacy inside and outside the firm.
I didn’t even realize Paytm was a real company when reading OP. It sounded like a generic name made up for purpose, like “Jane Doe” for payment companies.
This is why rule of law is important. India has weak rule of law... there's no confidence from anyone that wrongdoing will be punished and there's no confidence that making up stuff to hurt a competitor will be punished.
Given what I've seen I have absolutely no problem believing this. If you don't then that's fine but that simply means you've been living a sheltered life. Have a look at the GDPR enforcement tables for some choice violations.
So you trust a for-profit more then an aneedote by a customer of them? I am sure you'd also forcefully vaccinate your loved ones if $authority told you to do so, right?
In my experience, everything bad you can imagine, a for-profit has already done.
Turns out when I was buying lunch, he was on the phone with a friend who worked at Paytm and that guy gave away my transaction history for shits and giggles.
My trust in private companies has been at it's lowest since then and I absolutely do not trust startups to keep my data safe.