I hacked a dating app (and how not to treat a security researcher)

Imagine every time you entered a specific physical location you would increase your exposure to a detrimental disease. After only entering a couple of times you've contracted this disease and each subsequent visit to this place makes the illness worse.

A few people try to warn you but you choose not to listen and, in fact, you recruit the government to make it easier to enter such places with safeguards that don't actually protect you from the disease and encourage you to enter more frequently.

You're then surprised why you're ill to the brink of death and blame the location as the sole cause for your ails. Yes, the location is to blame but so are you for continuing to enter even after getting sick.

Why do you do this? Because you want something. Convenience, pleasure, a distraction, etc. But you refuse to acknowledge that its killing you.

This is how we should view optional services that require us to give our PII data in exchange for hours of attention-grabbing content. They're designed to sell your eyeballs and data to advertisers. You know this already but you can't say no. You're sick and refuse to acknowledge it.

> This is how we should view optional services that require us to give our PII data in exchange for hours of attention-grabbing content.

This is a nice fantasy, but realistically it means you shouldn't use probably 90% of services out there, which isn't reasonable for most people. Plus, there are plenty of companies with treasure troves full of data on you that have equally questionable data security/privacy practices that you've never even directly interacted with.

We need regulation. There is no other alternative. And we need to stop blaming victims of data breaches for companies not putting basic security measures in place. I don't think it's unreasonable to expect every company you interact with to securely store your sensitive data. If a place was physically making people ill like in your thought experiment, they wouldn't be around for very long; I think we should demand the same for our data.

No one is blaming the victims. Please read my comment again. What I'm saying is that regulation puts in guardrails that don't actually do anything to protect your data.

>What I'm saying is that regulation puts in guardrails that don't actually do anything to protect your data.

Right, and when you go to the grocery store you catch listeria every time? Oh wait, food handling is rather safe because of well enforced regulation.

The problem with libertarians is they don't think of the wide spread public effects of their behaviors. Trash piles up outside their house and suddenly bears are eating the neighbors.

Food regulations work. Data security regulations don't. Why? Because food safety is a pretty static practice. It doesn't change that often. But software is dynamic. New vulnerabilities and breach techniques come out faster than the speed at which politicians can regulate them. Its a cat and mouse game and government is a really slow and fat cat.