Any business that isn’t willing to be as anonymous as Mullvad, I assume has a compromised business model that I don’t really like. Assuming there aren’t obvious reasons for needing the data, like tax filing, or various regulatory requirements.
I don’t understand why any company would want the liability of holding on to any personal data if it wasn’t vital to the operations of the business, considering all the data breaches we’ve seen over the past decade or so. It also means they can avoid all the lawyers writing complicated and confusing privacy policies, or cookie approval pop-ups.
What I'd really like to see is more honesty: "we store X because feature Y needs it, here's the risk we're accepting," instead of pretending every service needs emails, analytics, and cookies by default
This is what the GDPR requires.
> I don’t understand why any company would want the liability of holding on to any personal data if it wasn’t vital to the operations of the business, considering all the data breaches we’ve seen over the past decade or so.
They're OK with the liability exactly because of this very sentence. As you said, there's so many data breaches... so where are the company-ending fines and managers/execs going to prison?
Here in Japan the government cracks down on it hard. There are fines for every n users exposed and in extreme cases a company can be forced to stop trading for a period of days or weeks. Companies are so scared of this happening to them that a significant portion of orientation for new employees is spent on it. I don't have stats on how effective it is, but I do know that the public is less willing to accept it as they tend to elsewhere.
Is this true? KADOKAWA had a massive hack last year that leaked a large amount of sensitive user data and as far as I know has faced no legal repercussions. Obviously they took a decent financial and reputational hit, but that was just an effect of the hack itself, not any government intervention.
Wow good for them. I wish we took it that seriously in North America.
GDPR has fines:
Up to EUR 10,000,000 or up to 2% of the total worldwide annual turnover of the preceding financial year, whichever is higher; applies to infringements such as controller and processor obligations, security of processing, record-keeping, and breach notification duties.
Up to EUR 20,000,000 or up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher; applies to infringements of basic principles for processing, data subjects’ rights, and unlawful transfers of personal data to third countries or international organisations.
These fines aren’t something you’re responsible for paying by merely being breached. These are imposed for misconduct in data handling.
It’s not very hard to handle customer data in a legally compliant way, that’s why you don’t see companies deciding against retaining data.
You can do everything right and still have a data breach, and in that case nobody is fining you.
Sure, in principle. Have you heard of any company that suffered any significant hardship (say, stock price plummeting, personnel reductions, bankruptcy) because of one of these fines?
Specific to the UK, there's a list of enforcement actions that the Information Commissioners Office (ICO) have taken:
https://ico.org.uk/action-weve-taken/enforcement/
Some went to prison, some were fined £14M and it's a mixture of small fry and big fry.
Big companies arent suffering any of those. But small businesses and individuals are. Just see the enforcement lists. They are fining small flower shops that sent emails to 20-30 people, some of whom subscribed to it decades ago, then forgot. Or small internet startups for missing one subscription record and whatnot. Like all other corporate moat-building efforts, GDPR has been successful in destroying small businesses in favor of big ones.
Infra engineer here. The obvious reasons for needing the data is debugging. I collect logs, metrics, traces, and errors from everywhere, including clients. All of these come with identifying information including the associated user. From the perspective of this thread this is a huge amount of data although it's pretty modest compared to the wider industry.
This data is the tool we have to identify and fix bugs. It is considered a failing on our end if a user has to report an issue to us. Mullvad is in an ideal situation to not need this data because their customers are technical, identical, and stateless.
It's not my department but I think we would get laughed out of the room if we told our users that we couldn't do password resets or support SSO let alone the whole forgetting your 'credential' means losing all your data thing.
> Mullvad is in an ideal situation to not need this data because their customers are technical, identical, and stateless.
A lot of companies could be in similar situations, but choose not to be.
All of retail, for example. Target does significant amounts of data collection to track their customers. This is a choice. They could let users simply buy things, pay for them, and store nothing. This used to be the business model. For online orders, they could purge everything after the return window passed. The order data shouldn’t be needed after that. For brick and mortar, it should be a very straightforward business. However, I’m routinely asked for my zip code or phone number when I check out at stores. Loyalty cards are also a way to incentivize customers to give up this data (https://xkcd.com/2006/).
TVs are another big one. They are all “smart” now, and collect significant amounts of data. I don’t know anyone who would be upset with a simple screen that just let you change inputs and brightness settings, and let people plug stuff into it. Nothing needs to be collected or phone home.
A lot of the logs that are collected in the name of troubleshooting and bug fixing exist because the products are over-complicated or not thoroughly tested before release. The ability to update things later lowers the bar for release and gives a pass for adding all this complexity that users don’t really want. There is a lot of complexity in the smart TV that they might want logs for, but none of it improves the user experience, it’s all in support of the real business model that’s hidden from the user.
>Any business that isn’t willing to be as anonymous as Mullvad, I assume has a compromised business model that I don’t really like
Well, that's like 99% of the businesses out there. Mind listing of some of the businesses you like aside from obvious mullvad?
I wish I had a list, as you said, they are in short supply. If there is a site out there that catalogs simple straightforward business that don’t compromise a customers ability to be anonymous, I’d like it very much.
A HN user posted about a site they made for faxing documents the other day. It’s a good example of how I think most things should be setup in many cases. You pay a fee and it sends a fax, that is very simple to understand. There are no accounts and the documents are only stored long enough to fulfill the service.
https://news.ycombinator.com/item?id=46310161
You can imagine how most “modern” sites would handle faxing. Make an account, link a credit card, provide your address to validate the credit card. Then store all the faxes that were sent, claiming it’s for easy reference. Meanwhile it’s running OCR on them in the background to build a profile with a wealth of personal data. After all, people don’t tend to fax trivial things. In addition to the profits from the user, they are making a killing on selling data to advertisers… but those details are hidden away in legalese of the fine print in a policy no one actually reads.