#tinyprivacytip β Public Fediverse posts
Live and recent posts from across the Fediverse tagged #tinyprivacytip, aggregated by home.social.
-
Tiny Privacy Tip for Organizations ππ:
1. If you are not absolutely required to be able to contact people by phone, do not make a phone number field mandatory in your forms βοΈπ«
2. If you are not absolutely required to be able to mail/ship something, or visit someone in-person, do not make a home address field mandatory in your forms πͺπ«
3. Do not make mandatory (or even request) any data in a form that you do not *absolutely require* to fulfill the purpose of this form π«
4. If you use a third-party vendor for your forms, make sure to remove any piece of data you do not actually absolutely need to collect. If you can't, select a different vendor that will allow you to ππ
Yes, this mandatory by law.
-
Tiny Privacy Tip for Others' Data π§βπ€βπ§π
If you post screenshots of other people's posts:
Please keep in mind that if you are posting a screenshot of someoneβs post without their explicit consent, you are effectively removing their ability and right to delete their data later on or to auto-delete it.
Please refrain from doing so if you respect the poster and use a link to the post instead. Remember, caring about privacy also means caring about other's people data.
Privacy is team work! βπ
-
Gentle Privacy and Security Reminder
for Organizations ππ:One of the easiest way for your organization to not have data stolen in a data breach, is simply to not have this data.
One of the easiest way to save your organization future headaches and costs is to simply delete thoroughly the data you do not need anymore as soon as you do not need it anymore.
Whenever possible, it's even better to not collect it at all in the first place.
You might need to retain some data of course, but when an incident occurs, you will greatly reduce the harm, damage, and cost if you keep only the minimum data required.
You cannot be held accountable for the data you simply do not have.
Keep this in mind! βοΈβ¨
-
A Word on Data Anonymization π₯π:
Data anonymization is the
process of removing any identifiable information to ensure a piece of data cannot be linked to an individual anymore.Anyone using this technique must be extremely careful about it.
Only removing the obvious identifiers, such as name and email, might not be enough. When applying anonymization techniques, it is vital to consider the data in context.
Here are a few examples to illustrate my point π§΅π:
1/4
-
Tiny Privacy Tip for Application Developers πβ¨
Every piece of data you
collect on others with your application becomes a liability to you.You are responsible for
safeguarding and keeping track of every single piece of personal data you collect.This is a heavy responsibility.
Especially if you collect and store a lot of data.
A much easier approach is to collect only what is absolutely necessary and delete it thoroughly as soon as it is not necessary to keep it anymore. You will save yourself so many headaches adopting this practice right from the start in your software development.
Remember: You can't be liable for the data you simply never had.
This is the easiest path for you,
and the safest path for your users. -
Tiny Privacy Tip About Encryption News ππ
As end-to-end encryption becomes more popular (yay! :rainbowdance:β),
Celebrate yes,
But also remain skeptical about how this word is used and if this claim warrants your trust.
Do not trust blindly.
End-to-end encryption is a wonderful protection when well implemented. But not all apps that use end-to-end encryption are equals.
Verify that:
1. The provider is trustworthy :blobcatthinkingglare:ββ
2. Trustworthy third-parties have verified and confirmed the provider's claims πβ
3. Metadata is also encrypted and/or that, ideally, its collection is minimized :blobcatpeekaboo:β
4. Solid security measures protect the data as well (For example, if your data is end-to-end encrypted from your password but your password is vulnerable then your data is vulnerable as well) π‘οΈβ
5. Encryption is truly end-to-end, meaning only the sender and the receiver can access the data and nobody else β:ablobcatpeek:β
Finally keep in mind that even if a service uses minimal encryption (for example one that still collects a lot of unencrypted metadata) it is still better than the same service using no content encryption at all,
BUT there are almost always much better services that offer truly complete and well implemented end-to-end encryption for their services.
Always favor the latter when you have a choice πβ¨
-
Stop attributing
personal secrecy to malice.Secrecy is boundary.
Secrecy is civility.
Secrecy is intimacy.
Secrecy is safety.
Secrecy is security.
Secrecy is privacy.
You do not need any reason to refuse sharing something personal.
And itβs okay to give a name that isnβt yours for your order at the coffee shop.
Only you can define your own comfort in sharing your personal information. And only you should πβ¨