What is truly damaging about this breach is that it allows for bidirectional mapping of phone
⭤ name (and often location, since the data can include town/employer).
The risk is much bigger than "I'm going to get more phone spam."
Examples:
- An abusive ex/stalker type can now search by name and find his ex's phone number and maybe even city/town.
- Have you ever dealt with an irate person via phone? (craigslist deal gone wrong/creepy, for example). This person can now know your name and even photo since the leak includes your fb id.
I am certain that both of these things will happen in the next few months or years. If privacy changes are to happen at the legislative/personal responsibility level, it would behoove an organization like the EFF to find one such case and use it to sue the living daylights out of FB. I think it's also worth mentioning these sorts of risks instead of focusing on "spam".
Unfortunately, even if that were to happen, we'd end up with a moral panic, which almost always ends up punishing the wrong people. What we really need is a change in the kinds of data that are allowed to be kept, and a change in data/identification infrastructure.
Things like:
- The creation of a standardized & subsidized token/OTP platform. In the US for example, you should be able to go to the post office and get a NIST approved token generator, which should be mandated to be used by all banks and replace SMS and SSN as authentication.
- A pseudonimity middle-layer (ie, Stripe for Privacy). For example, when I buy a t-shirt online, I should be able to simply give the merchant my pseudonym, and they shouldn't store my actual name & address. If they want to store that there should be much much higher data protection requirements.
This infrastructure should be free market but with a "public option" in order to prevent oligopolization of these services.
Seriously. I downloaded the leaks to see if any of my family members were included, so that I could alert them to watch out for targeted scams.
But of course I couldn't resist grepping for a few other things. For example, there were about 25,000 phone numbers, emails, and names of single people in my home city.
The same info is available for about 180,000 US-based people who list Facebook as their employer. I sure hope that nobody takes it into their head to complain about the breach to those people!
It is hella creepy that anybody can search through such a vast quantity of extremely personal information so easily. But this is also a predictable late-stage result of mass-scale social media use.
All of your solutions are currently possible on the blockchain.
>The creation of a standardized & subsidized token/OTP platform. In the US for example, you should be able to go to the post office and get a NIST approved token generator, which should be mandated to be used by all banks and replace SMS and SSN as authentication.
DeID
>A pseudonimity middle-layer (ie, Stripe for Privacy). For example, when I buy a t-shirt online, I should be able to simply give the merchant my pseudonym, and they shouldn't store my actual name & address. If they want to store that there should be much much higher data protection requirements.
Deid, paired with the fact that i don't give them anything. I send them the money instead of giving away my information. This is a key distinction. When i pay for things with my credit card, I am swiping my card, they are saving my information and running my card. Sending them money, with some DeID to acknowledge receipt is entirely different. Instead of them 'Taking', I am 'Giving'.
Also, the Deid can come with a parsing function that 'Shares' the keys to your address and name, without the ability to capture your information. It works directly with the EDI to provide the 'keys' to your address but never allows them to store it.
>This infrastructure should be free market but with a "public option" in order to prevent oligopolization of these services.
Polkadot and many other cryptos with governance is also solving this problem.
What is truly damaging about this breach is that it allows for bidirectional mapping of phone ⭤ name (and often location, since the data can include town/employer).
The risk is much bigger than "I'm going to get more phone spam."
Examples:
- An abusive ex/stalker type can now search by name and find his ex's phone number and maybe even city/town.
- Have you ever dealt with an irate person via phone? (craigslist deal gone wrong/creepy, for example). This person can now know your name and even photo since the leak includes your fb id.
I am certain that both of these things will happen in the next few months or years. If privacy changes are to happen at the legislative/personal responsibility level, it would behoove an organization like the EFF to find one such case and use it to sue the living daylights out of FB. I think it's also worth mentioning these sorts of risks instead of focusing on "spam".
Unfortunately, even if that were to happen, we'd end up with a moral panic, which almost always ends up punishing the wrong people. What we really need is a change in the kinds of data that are allowed to be kept, and a change in data/identification infrastructure.
Things like:
- The creation of a standardized & subsidized token/OTP platform. In the US for example, you should be able to go to the post office and get a NIST approved token generator, which should be mandated to be used by all banks and replace SMS and SSN as authentication.
- A pseudonimity middle-layer (ie, Stripe for Privacy). For example, when I buy a t-shirt online, I should be able to simply give the merchant my pseudonym, and they shouldn't store my actual name & address. If they want to store that there should be much much higher data protection requirements.
This infrastructure should be free market but with a "public option" in order to prevent oligopolization of these services.