The article says that privacy by design but then goes on to list examples of privacy by policy:
- "Don’t track anyone’s search histories"
This can simply be changed by changing you policy and deciding to start tracking it
- "Be careful that anonymized data really is anonymized, and is minimized to provide the most benefit with the least data."
A bad actor can always save a non-anonymized copy for "law enforcement" purposes
- "Keep nothing if users select the “Do not track” option in their browser."
A real example of privacy by design is duckduckgo's hidden service since it cannot, by nature, know who is using it.
I found most of the courses of action suggested by the article to be privacy by policy, which is laudable but it aint privacy by design.
well first i think you should be commended on having these policies and I think that this is the best you can get with a website. However an adversary can force you to change these policies. While an adversary can also force a developer of a free software project (private by design) to put in some kind ofof backdoor, in theory the target will be able to avoid this by reviewing the patches made to a project, in practoce I imagine a single target could be compromised by this backdoor, but i imagine it would soon be discovered. This is the key difference
I'm really curious what the HN community thinks about Privacy by Design, and also the tradeoff between keeping all of the exact data on all your users' behavior vs. keeping summary data that obscures most of the details while getting most of the benefit.