Lauren WeinsteinSo let's be clear about this, we're being told that Musk ordered employees to give an outside reporter access to *everything* internally at #Twitter. Without exceptions. That would mean users' direct messages as well. Think about it.
Comrade Hound@lauren I"m pretty sure If I'm going to expect privacy on messages I send through another platform I'm going to use something cryptographical like Signal.
@skylos That is not always an option. For example, many firms now do their customer support through Twitter, including detailed account information. They link Twitter to their backend systems to verify customer identities, etc.
@lauren I'm puzzled that I am supposed to care about randos knowing about my customer service interactions... It seems realistic to understand those weren't private in the first place - just obscure an inconsequential.
@skylos That is sometimes the case. But in the course of those conversations, PII can easily be discussed, and often is.
@lauren if I toot or tweet, I've *already* PII'd myself right from the get-go, haven't I? Hmm. I guess its a distinction between what identity you're using at the time, but my social media identities I use for such things are irrevocably self-doxed since creation. Getting PII out of that would be redundant. Heh.
@skylos PII has specific definitions.
@lauren sure. "any information that permits the identity of an individual to be directly or indirectly inferred,"
the drymifolia collective@drymifolia @lauren is your phone number really secret? its disseminated fairly widely across many systems. Your home address? This also isn't actually very secret. approximately secret than your bank account number that's printed on every check. I have some doubts that these informations are nearly as 'private' or secret as the pearl clutching about privacy would indicate.
@skylos @drymifolia Having worked on privacy issues for decades, and still running my PRIVACY Forum mailing list on the Net for over 30 years continuously, I will assert that these issues are a bit more complex than you seem to be suggesting.
Summer Breeze@skylos @drymifolia @lauren Your phone number, combined with other information that a customer service person would normally ask, can allow someone to compromise your account, impersonate you, and steal your identity.
Which can be extremely expensive, disruptive, and time consuming to fix.
Which can be extremely expensive, disruptive, and time consuming to fix.
@SummerBreeze @drymifolia @lauren I wonder if the real solution to this is to fix the inadequate mechanisms we have to secure important accounts - rather than trying to pretend the not-really-secrets we're currently using are adequate so we just need to be more careful with them. They're all almost arbitrary and silly, security through obscurity.
@SummerBreeze @lauren Is the safety in numbers, like a herd of gazelle? like, 'if there are a billion possible identities to steal, any one identity is unlikely to be stolen?
@SummerBreeze @lauren By the logic the gazelle isn't safe because the entire herd is going to be eaten shortly. There aren't enough cheetahs. Same for identity thefts - each operation requires manual hand-action its not scalable like that.
@SummerBreeze @lauren I have not encountered or been made aware of any identity theft that happens without manual hand action. I couldn't make a decision or judgement based on that information. And now I know you say this is so.
@SummerBreeze @lauren human curation requirement - most people don't have identity worth stealing - wasting your viable access to identity stealing channels on useless identities would obviate the utility of doing it at all - you can't just file massive applications for credit or hack banka ccounts - there's heavy tarbitting and monitoring of those avenues.