Threads collects so much sensitive information it’s a ’hacker’s dream,’ experts say

stopthatgirl7@kbin.social · 1 year ago

Threads collects so much sensitive information it’s a ’hacker’s dream,’ experts say

Arotrios@kbin.social · 1 year ago

If I leave my door unlocked while I’m gone, and you come in and steal my laptop, it’s still theft. Yes, I’m an idiot, but you’re still a criminal.

That being said, I fully agree with you that the hospitals should bear equal fault - the lack of protections around patient records is criminal, and I’d really like to see those whose records were exposed sue both the hospitals at fault and Meta, or better yet, a criminal case from the FTC and the Department of Health.

Not likely, I know, but I’m a dreamer.

wagesj45@kbin.social · 1 year ago

Not trying to be a hater, but that analogy isn’t quite right. The web designers didn’t leave their door unlocked. They invited Meta in, put their laptop in Meta’s hands, and then said “Please take this. Enjoy.” They weren’t idiots. They chose to give Meta that data deliberately.

Medical institutions need to be held to account as much as Meta does for everything they do. I agree with that completely.

Arotrios@kbin.social · edit-2 1 year ago

So now you got me digging into this because I take an absurd amount of pride in my analogies, and it looks like the Meta Pixel tech they embedded was basically like the standard Google Analytics tracking tag on most websites. The hospitals were stupid to install it on their password protected pages, but they were also misled in the fact that Meta’s Pixel took far more data than a standard tracking tag, claimed they weren’t tracking sensitive data when they were, then claimed to filter the data even though their engineers admitted they couldn’t:

The Markup was unable to confirm whether any of the data referenced in this story was in fact removed before being stored by Meta. However, a recent joint investigation with Reveal found that Meta’s sensitive health information filtering system didn’t block information about appointments a reporter requested with crisis pregnancy centers.

Internally, Facebook employees have been blunt about how well—or not so well—the company generally protects sensitive data.

“We do not have an adequate level of control and explainability over how our systems use data, and thus we can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose.’ ” Facebook engineers on the ad and business product team wrote in a 2021 privacy overview that was leaked to Vice.

So, to perfect the analogy, this would be like a hotel installing security cameras in their rooms, and then finding out the company that makes the cameras and runs the network is selling porn starring its customers. Not only that, now that the porn is in their system, it can’t be adequately filtered or removed.

The hotel is stupid and liable, but the security company is just flat out vile.

Ok, I’m done. Have an upvote for putting up with that ;)