this post was submitted on 06 Oct 2023
381 points (97.0% liked)
World News
32771 readers
306 users here now
News from around the world!
Rules:
-
Please only post links to actual news sources, no tabloid sites, etc
-
No NSFW content
-
No hate speech, bigotry, propaganda, etc
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This doesn't absolve them of anything. If you see thousands of accounts being individually logged in from the same block of IP addresses, and those users have never logged in from there before. That should raise red flags. No, Fred from California shouldn't be logging in from a vpn based out of Ireland right after Anne from NY logged in from that same VPN from Ireland.
Users are dumb. This is why there's tools to track odd behavior and clamp down on it.
"This doesn't absolve them of anything"
Of course it does. "Security" based on behaviour tracking is not the expected default like you are making it to be. (neither should it be.)
Thats how my bank tracks my money, and while it might be mildly annoying to make a quick call to reactivate my card if I triggered a red flag, it is absolutely a well appreciated and useful safety feature that I am glad my bank employs.
Why would I not expect the same level of security for a piece of my medical data? Thats just as important as my money.
Because it's not a bank.
Unless you are super rich and have a lot of throwaway money, it's a false over exaggeration.
You understand that same level of security is used by hospitals, yes? Do you think hospitals are banks?
Ah, an over exaggeration. Ill tell that to all the jews whose data got targeted and stolen. Im sure it was harmless.
No, not all hospitals at least.
Sure, go ahead. You have my permission.
I don't know why you are sure of it. It could cause harm even if you can't think of what harm it will cause.
Your brain works differently from mine. Your idea of protecting your data is to give away and even force them to collect more data on you. Mine to make them collect less data.
Your brain short circuits at sarcasm, so Im not really expecting much from it.
If you are already giving valued medical data to someone, the simple act of checking the ip of login and sending a "was this you?" email isnt even remotely the level of data loss you want to pretend it is.
Its common sense to protect your user, and your database, from phishing. If you want to genuinely claim that phishing protections for medical data is bad, by all means. You already sound like a fool, may as well set the stone.
Personal insults are always great arguments. Please continue at your leisure. Since I am not good at it I will stop here.