Reply to post: Re: Security!=privacy

App makers, you're STILL doing security wrong

dan1980

Re: Security!=privacy

@FF22

While you certainly make some good points about this specific instance, the larger issue is that these apps are slurping up data that has no relevance to the service being offered.

In other words, the current practice is simply to grab whatever you can or want and assume that that is fine. To argue whether any specific bit of data collected by any specific application for any specific entity is problematic or not is to get bogged down in, well, specifics - to miss the forest for the trees so to speak.

The problem here is the state-of-play of the industry, which sees both security and privacy relegated rather far down the priority list.

This is what is meant by "doing [it] wrong" - the way personal information is being treated is fundamentally incompatible with the goals of security and privacy. Security must be built in from the start to really be effective; it has to guide the development, the features, the technology and the data.

Doing it right means starting from a base position of saying that security and privacy are the most important considerations and so wherever there is a quick buck to be made selling private information, that is trumped by the requirement of ensuring that private information is kept, well, private.

Doing it right means a philosophy of 'least privilege' - grant access to as few systems and as little data as possible.

So, while my SSID is less sensitive than most of the other information PayPal already has on me, they do not need it for any part of the transaction and so it shouldn't be collected.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon