I see a lot of noise made about responsible disclosure, its drivers, and its rewards. What I don't see is talk about how this is one more datapoint against centralized permanent identities.
Every time I see a service purporting that it works best only with a single link to your Real Identity™, I'm reminded that the vendors only abstractly care about actually protecting the user, and then only sometimes.
Imagine being able get immediately three or four steps closer to doxing anyone interacting on YouTube. That's the actual impact of this bug IMO. It's good that this was fixed, but I don't think this class of bug goes away anytime soon. What do we need to do to get vendors and big companies to realize that this sort of design is landmines waiting to happen?
> Every time I see a service purporting that it works best only with a single link to your Real Identity™, I'm reminded that the vendors only abstractly care about actually protecting the user, and then only sometimes.
I abstractly agree with you. There is a level of obscurity and disposability that should be tolerated in these accounts. They’re just a row in a database somewhere anyways.
That said, many people transact with these businesses with real human money. For example, YouTube premium subscribers or content creators. From a practical perspective, that requires IRL identifiers to be stored somewhere with that otherwise disposable account. And due to fraud risks and other realities of banking, that requires giving these businesses actual identities and addresses which they store too.
While I don’t give random apps and websites my human-identifying information, anyone I do business with necessarily knows the real me, which is a theoretical point of data leaking.
> While I don’t give random apps and websites my human-identifying information, anyone I do business with necessarily knows the real me, which is a theoretical point of data leaking.
Certainly not theoretical. You can be certain that nearly every company who knows your identity has leaked/sold it to others in one fashion or another.
Every time I see a service purporting that it works best only with a single link to your Real Identity™, I'm reminded that the vendors only abstractly care about actually protecting the user, and then only sometimes.
Imagine being able get immediately three or four steps closer to doxing anyone interacting on YouTube. That's the actual impact of this bug IMO. It's good that this was fixed, but I don't think this class of bug goes away anytime soon. What do we need to do to get vendors and big companies to realize that this sort of design is landmines waiting to happen?