View Single Post
  #364  
Old 24 September 2018, 07:42 PM
Richard W's Avatar
Richard W Richard W is offline
 
Join Date: 19 February 2000
Location: High Wycombe, UK
Posts: 26,443
Default

My security concern with the whole idea is when you haven't got a new computer or phone, or had to log into Google or anything, but somebody else "obtains" your existing one, and suddenly all the passwords and security measures (except the one on your phone or computer, if set, which may be weak - especially for a phone with the "swipe" feature turned on, where you can quite possibly see the greasy swipe lines by holding it up to the light!).

It makes a mockery of all the other things we used to be told to do, such as "never write down your password, and if you do, never keep it next to your computer!", if - I was going to say, "your computer itself" but it's not even your computer; it's an external corporation which you have no control over and which is storing the information somewhere beyond your control - if that entity effectively not only writes down all the passwords, but types them in for you anyway! I do stay logged into the board, but it's only a local cookie and I could delete it whenever I wanted...

(And that's an irony of the previous lot of EU security regulation; the one that's just been superseded and which concentrated on "cookies"; the cookies weren't the flipping problem! If anything, cookies give you plenty of control over things because they're stored locally and you can delete them - unlike the actual data if it's stored elsewhere, so trying to discourage cookies was counterproductive. The law mentioned "other similar technologies" but a lawyer could easily have got round that by arguing what "similar" meant, I should think. The new laws are supposed to close this loophole by concentrating on the actual data; ironically they seem to have got American companies to finally catch up with the "cookie consent" thing required by the previous laws, but which may not address the issue... the sites that are actually shutting out European users have effectively just admitted that their business models can't survive without collecting stuff that people don't know they've agreed to, and are probably being more honest than the rest!)

Sorry to use your password saga as the basis for a rant, Lainie. I do understand what happened, and that you knew what you had or hadn't agreed to. I was just using other people's confusion as a jumping off point. I also prefer not to have that option switched on...!

(eta) The UK's Data Protection Act, from back in the 1980s, was pretty good on this in the first place. (If you've ever watched Yes Minister, the fictional version of this was one of the few bits of legislation that Jim Hacker ever managed to get passed). It just didn't seem to be in any way enforced until recently. People didn't take it seriously, but did take the EU version seriously. I'm sure it will be the other way around when we come to trade negotiations and product standards, though. Hooray for Brexit, eh?

Last edited by Richard W; 24 September 2018 at 07:47 PM.
Reply With Quote