Because they /can't/ do it. Anyone who claims that legislative or legal peril will accomplish the goal to "safeguard your private info" must be almost impossibly naive. It requires a foundation of /perfect/ cryptographic and operational security, which is ... somewhat unlikely.
The only viable solution is to make it so expensive for them to hold /any/ of your data that they will look for a decentralized solution where you hold your data, and grant authorization for the corporation to use some of it (eg. your name and postal address).
Then, they might be able to fumble that, but the damage is limited to just publicly available data.
Agent-based system that are designed for building large-scale distributed and decentralized systems are the future.
Holochain is one such system. There may be others, but it seems to be the most advanced.
We are not talking about perfection here. Of course there is always a potential attack vector. But when you look at virtually all of the recent major breaches, they were a result of gross negligence.
I have (checks spreadsheet) 787 accounts where some rando on the Internet (eg. Mark Zukerberg, ...) holds my personal information.
"Gross Negligence" is guaranteed.
Any solution that doesn't involve me securing my information w/ my own private keys (secured by whatever level of security I deem adequate) will lead to all of my private information released into the wild, eventually.
Fortunately, most of it is so out-of-date as to be worthless.
However, consider the implications. Even if I'm catastrophically bad at securing my data (for example, I print my private keys and give it to a few friends to put in their filing cabinets or whatever) -- some attacker can gain access to only the data they specifically target! Probably, a handful of low-value accounts, obtained at great expense using one-by-one attacks on individuals.
There is literally no approach vector that harvests all of the data for every account holder on some random poorly-secured rando's website, say, like AT&T!
I've been at this for 40 years. It's getting worse, not better. The solution isn't "more security". The solution is: the data simply isn't there, but in 8 billion individually secured hands.
Are there issues with this? For sure. But -- they only affect you, not your 1,000,000 neighbours.
5 comments
[ 763 ms ] story [ 450 ms ] threadThe only viable solution is to make it so expensive for them to hold /any/ of your data that they will look for a decentralized solution where you hold your data, and grant authorization for the corporation to use some of it (eg. your name and postal address).
Then, they might be able to fumble that, but the damage is limited to just publicly available data.
Agent-based system that are designed for building large-scale distributed and decentralized systems are the future.
Holochain is one such system. There may be others, but it seems to be the most advanced.
"Gross Negligence" is guaranteed.
Any solution that doesn't involve me securing my information w/ my own private keys (secured by whatever level of security I deem adequate) will lead to all of my private information released into the wild, eventually.
Fortunately, most of it is so out-of-date as to be worthless.
However, consider the implications. Even if I'm catastrophically bad at securing my data (for example, I print my private keys and give it to a few friends to put in their filing cabinets or whatever) -- some attacker can gain access to only the data they specifically target! Probably, a handful of low-value accounts, obtained at great expense using one-by-one attacks on individuals.
There is literally no approach vector that harvests all of the data for every account holder on some random poorly-secured rando's website, say, like AT&T!
I've been at this for 40 years. It's getting worse, not better. The solution isn't "more security". The solution is: the data simply isn't there, but in 8 billion individually secured hands.
Are there issues with this? For sure. But -- they only affect you, not your 1,000,000 neighbours.