(alexschapiro.com)

560 points bearsyankees | 1 comments | 12 May 25 16:39 UTC | HN request time: 0s | source

Show context

9283409232 ◴[12 May 25 17:16 UTC] No.43965328[source]▶

There's no penalty for failing at privacy and security so companies would rather play the odds that they will be fine than invest in proper practices. Alex says Cerca is being misleading when it comes to encryption but it seems to me they are outright lying and will likely face no consequences for it. In a more just world, this would trigger so many regulatory and compliance audits.

replies(3): >>43965421 #>>43965598 #>>43965867 #

1. thesuitonym ◴[12 May 25 18:04 UTC] No.43965867[source]▶

>>43965328 #

> Alex says Cerca is being misleading when it comes to encryption but it seems to me they are outright lying and will likely face no consequences for it.

Trasmitting information via HTTPS is usually enough to say your app uses "encryption and other industry-standard measures to protect your data."

↑

I hacked a dating app (and how not to treat a security researcher)