I’d say a small law firm. They don’t have a security team, they’re routinely targeted by phishers, and their data is easier to convert into money than the huge mass of (mostly completely uninteresting) data fed into ChatGPT.
But, you know the space they operate. That space is limited by profits, what their immense legal team allows, and their immense security team controls. The alternative is, literally, a complete stranger, with no track record, unknown motives, and (as the recent hacks showed) doesn't have the skillset to keep your information secure anyways.
Businesses that don’t have security issues when handling private data, obviously.
I agree with the GP, in that ease of starting companies should not be the primary goal, setting security and privacy on the back seat. It shouldn’t harder than it needs to, not easier at any cost.
I would think the odds are much higher of a smaller company either a) selling your data to everyone that they can get money from, or b) just not having the tech skills to keep secure.
Note that I am not criticizing you not wanting to use it at all. Just curious that if it was another name, you would have been ok with it.
It is not my experience that financial services companies are substantially better than startups on cosmetic security issues like username enumeration.
Every company is only a few bad quarters away from selling data about its users, and since smaller companies are less resilient, I would say your data is far more secure in a FAANG.
Have you noticed how large companies often do a poor job on security and tons of personally identifying information gets stolen? Or how data that is supposed to be anonymised isn't, very?
The fact client data is being sent is enough reason to believe they are using it, regardless of unknown internal workings of the business. I don't think benefit of the doubt should apply to privacy or security with companies operating on the net. We know how they make their money and offer 'free services'.
Also, a company that offers a wide variety of services and collects your personal data to distribute internally among those services seems to get a pass. Compared to companies that are more vertical and benefit by selling your data rather than using it themselves. Even though you've lost your privacy either way.
Im not in the security space, but I do work with financial data for small businesses. I’m curious about how people feel about giving their data to third parties.
On the face of it, if you give your company’s financial data to a company, they have very powerful strategic industry information which could be valuable. But on the other hand, if a company like Intuit was discovered selling this data, their online accounting business could evaporate overnight.
The invoice-ocr companies are interesting, because they are collecting company-specific data about an industry, but they are also improving their own algorithms and ML products for the industry.
I’m asking myself if this security firm isn’t providing a similar service when diverse companies share their security, maybe the space is lucrative enough that risking getting caught for shenanigans is not worth it.
I mean, Facebook isn’t getting paid by its users, so their shenanigans are to be expected (though completely unethical if not also immoral).
Man, I would spend time masking sensitive data in a shop with no traffic, but someone like Robinhood or Facebook can get away with it. They don't sweat the small stuff, do they?
They are also a far more interesting target because of their size. Imagine downloading all customer information of paying pornhub clients. Assume it holds basic information (name, address, email, payment info), and not any usage data.
I could use that data to extort at least 10% of those people easily (religious people, celebrities, politicians, etc). This is disregarding the price that I'd get for just leaking the other 90%.
Now imagine the fallout of somebody downloading the same info for a local brewery, a big tech company like Atlassian, a household brand like Staples, or even great big Amazon.
reply