Once again, I was reading some news site and the usual cookie message showed up blocking the whole content and wanting me to allow them to do whatever with whatever. I mean, who does actually reads the stuff besides lawyers who want to sue everyone?
But this time I actually read the heading: "We value your privacy". And this just triggered me. Do they actually care about my privacy? Do they really value and protect my data?
What do they actually value?
Do they value my privacy? Well, they DO value my data. And they value not getting sued because they do not comply with GDPR (or whatever law that applies).
I guess everybody knows why they value our data. A tldr: it's basically for advertising and other marketing and thus to spam you with stuff to buy (or at least part of it).
Is complying with GDPR actually valuing our data? Well, for some companies that is probably true, but for the vast majority?... at least it does not seem so.
But before we get into that, let's quickly say something about GDPR...
GDPR and other laws
GDPR and such laws among others calls for data scarcity. This means companies have to minimize the data they collect from you in order to do their business.
For example, an online shop is probably allowed to collect and store your name, address, birthday, IP, credit card after you consented to this and obviously somehow provided that information. Name and address are needed because they need to send you the stuff you bought. Maybe they need to verify you are an adult (what did you buy o.O ?). They store your IP because you might be DOS'ing their systems and your credit card is obviously needed to pay. So that shop has good reasons to store that data and you acknowledge that when you click on that cookie thing (and their terms of service). Well, that cookie thing actually allows them most of the time to store identifying cookies in your browser to track your activity and share that information with their "partners" (all depending on what they actually do, but let's keep it simple)
But if they want to collect your color of your eyes, the shop could probably not properly argue that they actually need that info. So they are legally not allowed to store it. But just because they are not allowed to, there is nothing that does actually prevent them from doing so anyway...
And one other important thing: The shop is responsible for your data now. They are legally bound to protect it from leaking. So they have to have some appropriate security measures is place. (whatever those actually are)
Handling (personal) data is pain
I am working on a small marketing website and GDPR or data privacy related topics are my daily business.
Our customer wants the users to fill out a form with their private info before they can download some very useful whitepaper. Where do you store that? How do you handle that data? Who is allowed to access it? These are just some questions that need to be answered. And especially in a large enterprise these questions are hard to answer because many people and divisions are involved and you have to follow more and more rules.
The more sensitive the data is, the more restrictive everything becomes, just a couple examples:
- You use a database? - You have to encrypt that database, even if all data is public (in general this makes sense, but sometimes it just doesn't)
- Are you processing customer data? - You have to host in Germany
- Are you processing employee data? - You have to host on-prem
This list becomes ever more annoying and it is fairly easy to get into one of the higher security classifications.
I am all for the appropriate security measures if you handle sensitive data, but as a developer it becomes pure pain to work in super restrictive environments as it slows everything down and there are the same endless discussions.
And in the end it is all for a small feature of your otherwise public app.
Furthermore, security is just a best effort. No system will ever be 100% secure. One weak spot can lead to massive incidents and even teams with hundreds of people just for security will eventually miss something. Just a thing to keep in mind.
They don't value our privacy
Thinking of anything that is advertising related, they couldn't care less about your privacy, because "you are the product". The more they know about you the better they can sell you stuff. Whether that is in your interest or not, is up to you. I mean, this can actually be helpful if ads are really well targeted and point you to stuff that is great and you actually like. But most of the time their targets are way off, at least in my case.
This was talked about so much, so let's cut it short here.
They do not actually need your data
Think of the last supermarket you went to. Did they ask for your name and address? Your phone number for contacting you? That would be weird, right? Did you leave your credit card with them, so checkout is faster next time? I guess nobody would actually do that IRL, but why do we leave that data with almost any online shop or service? You wouldn't trust your supermarket with your card, why do you trust some weird online shop?
Getting a newsletter with your real name in it or faster checkout are some "neat" features, but are those essential? Do you actually want them? Especially if they leak your credit card info and you need to order a new one?
Those features are everywhere because someone once thought they were cool and today they are burnt into our brains as some must-haves. Such thinking is actually irresponsible. So they might actually think they value your privacy by securely storing your information, but collecting it in the first place is in most cases just unnecessary.
Does Facebook need your real name and email to post something on their site?
Does your bank actually need your data to give you 0% interest? They just want your money, you are actually just an annoyance
Do Visa and Mastercard need your data? They just want you to buy stuff with that card and to pay your bill late. Your data is not needed for actually paying something, but for breaking your legs and taking your house they obviously need your name and address.
Even Signal, which is supposed to be secure, why do they need your phone number? In many countries your phone number is tied to your ID.
Yes, some of these need to collect that data by law, but that is another topic.
GDPR wants us as developers to practice data scarcity and as I told you, having other people's data is a pain and a responsibility. (Insert spider-man quote here) And I for one don't want to have either.
So for your next app, actually think about what data is really really required while also checking what pains you have to endure in return.
In general, having nothing is the best and less is more. Not having data is one less thing haunting your soul.
Just some suggestions
Just two quick suggestions that might point you in the right direction. These are however kind of "niche" technologies today.
If you have to create some sort account and authentication system, why not use a public/private key mechanism? The public key could be your primary identifier (like a username or email) and is at the same time the password. Webauthn is a rather new standard that provides such a authentication mechanism. It is actually supported by larger tech sites/apps like Google, Github and even Windows.
Sure you need some sort of hardware key, but the more apps are supporting and even pushing it the more adaption it will find.
Just an example: If you do your taxes in Germany you are probably using such a public key mechanism. However, it is implemented in an annoying way because your private key is generated for you and you need to download and store the file. Using a yubikey would be much more comfortable.
How about instead of pushing this information to your users you have them pull them? Publish your important info on twitter or maybe have an old school RSS feed that your users can consume if they wish. Again this might be weird for your users, but by inverting the flow of information you don't have to store their personal data.
You could also just ask for a username and password while making an email optional in case your user wants to be able to recover that password. There are probably many other ways to do this...
You could also use a crypto wallet as your login like most Dapps already do. But I actually want to point to something else:
Instead of using Paypal or even worse storing your user's credit card information you could have your users pseudonymously pay with crypto into some wallet you own. As soon as the crypto arrives, payment if fulfilled and you can send the product or unlock the service. This way you just monitor that wallet and do not care where the money comes from (also because you do not know). And as you do not have any information besides the fact that you received money, you do not have hide or secure any data especially since the transaction is also public on chain.
Again inverting and decoupling helps you not to have data that you otherwise have to secure. Sounds a little bit like inversion of control if you ask me.
In most cases you do not actually need or want your user's data as you are legally bound to secure it which is a whole other super complex topic. Instead, having just the minimal amount of user data, which in many cases is practically nothing, is the most painless and secure way to go for you and your users.
Latest comments (3)
When it comes to payments, I was wondering: would Crypto wallet allow for paying back a purchase a customer want to undo?
Well, the crypto payment of course depends on your use case and your overall process.
If you use a plain crypto wallet, the user is unable to undo the purchase on his own. Just like sending btc to some other wallet is final. In this case the shop would have to return the funds manually just like some bank payment.
But if you opt for a smart contract, your could easily code an undo option that would return the users funds and for example disable the user's access to your service. You could handle the access with some sort of NFT that the user needs to have in his wallet. And if the user triggers the undo function (within a limited time), the contract would burn the NFT token and thus removes access. This is actually fairly easy to code, because these are more or less "native" blockchain functions.
You're opening up a whole new world for me to glimpse (haven't done any crypto or blockchain yet). But it's neat knowing that NFT could be useful in this scenario!