You want to secure your site, split the web handling/presentation from the data processing, and the processing from the data extraction. Do not trust the webserver one bit. Assume the webserver is already hacked. Hell, do not trust the middle tier either – allow it only the limited data it needs for each part of the processing.
Re: ( Score: 3)
You could do things like splitting email addresses off into a different database on a different server and just keeping a hash in the main one, but it’s only mm marginally better. Basically you can’t be both secure and provide this kind of service.
As well as the terrible male to female ratio (16:1) the other big issue here is that deleted accounts were not really deleted. The European Right to be Forgotten is designed to force companies operating in the EU to really delete accounts, and this illustrates why
Re: ( Score: 3)
The European Right to be Forgotten is designed to force companies operating in the EU to really delete accounts, and this illustrates why it is needed.
I think you’re confusing two different things here. The “right to be forgotten”, as much discussed recently with regard to Google and the like, is primarily about search engines digging up old information that would otherwise naturally fade into obscurity, and in particular the danger of finding old information that looks plausible but may in fact be misleading without context or now incorrect/outdated.
Re: ( Score: 3)
The search results thing is not the right to be forgotten. Some stupid journalists got confused and called it that, but that seeking sugar daddy birmingham was actually just existing data protection rules dating back to the mid 90s.
The right to be forgotten is still being looked at, but basically will allow EU citizens to require companies to delete data supplied by them (accounts, uploaded photos etc.) on request. The data must really be deleted, not just marked as dormant or whatever.
Re: ( Score: 2)
The search results thing is not the right to be forgotten. Some stupid journalists got confused and called it that
Those “stupid journalists” appear to be in good company, starting with official press releases from both the European Commission and indeed the European Court of Justice itself about the 2010 Spanish newspaper case.
I would be the first to agree that moves towards a more powerful right to be forgotten such as you describe would be a good idea, but as of today, these are mostly just proposals. For example, while there is already a right under some limited circumstances to request deletion of personal data, th
Re: ( Score: 2)
I can only come up with the obvious client-side encryption, but will the network as a whole still be able to use the data as it’s supposed to (in this case; find adult friends)?
This. It seems sexual preferences, age and location is rather essential for the service they provide and email, well how else are they going to notify you that someone has taken an interest in you or that you got a reply? You can’t ask a doctor to not work with medical data, there’s of course good and poor security but at the end of the day if there’s a total system compromise you’re screwed.
Best practice seems to be as follows:1. Public facing server makes web service call to locked down proxy server.2. Pr
NO! Not my IP address. ( Score: 5, Funny)
After the last big hack I had to give up my old IP address, .0.1, which I had used for years. What a pain!