this post was submitted on 03 Jan 2024
748 points (93.7% liked)

Technology

76337 readers
2151 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS
 

Hope this isn't a repeated submission. Funny how they're trying to deflect blame after they tried to change the EULA post breach.

you are viewing a single comment's thread
view the rest of the comments
[–] Duamerthrax@lemmy.world 23 points 2 years ago (5 children)

They're right. It the customer's fault for giving them the data in the first place.

[–] lagomorphlecture@lemm.ee 21 points 2 years ago (1 children)

But hear me out, I have no control over my cousin or aunt or some random relative getting one of these tests and now this shitty company has a pretty good idea what a large chunk of my DNA looks like. If people from both sides of my family do it they have an even better idea what my genetic profile looks like. That's not my fault, I never consented to it, and it doesn't seem ok.

[–] oce@jlai.lu 6 points 2 years ago (1 children)

I also know about 99.9% of your DNA.

[–] lagomorphlecture@lemm.ee 7 points 2 years ago (1 children)

Sorry, I thought it was obvious that we're talking about the part that varies by individual humans...

[–] oce@jlai.lu 3 points 2 years ago

It was, just being a smartass.

[–] Buffaloaf@lemmy.world 11 points 2 years ago (2 children)

If your credit card information gets stolen because someone stole it from a website you bought something off of, is that your fault?

[–] Duamerthrax@lemmy.world 2 points 2 years ago (2 children)

I can change my credit card. I can't change my dna. This wasn't even for any medical reasons. 23andme is just a vanity service.

[–] Buffaloaf@lemmy.world 6 points 2 years ago (1 children)

And what of the money lost? Should the credit card company say "well you're an idiot that gave sensitive information to some company, we're not going to help you?" It's still victim blaming.

[–] Duamerthrax@lemmy.world -1 points 2 years ago (1 children)

In reality, yes. If the data breach because users were reusing passwords, then they are partially at fault. If someone gets rear ended by a drunk driver and their injuries could have been limited by by wearing a seatbelt, then yes. They are partially at fault for it. People who don't wear their seatbelts are the same types that reuse passwords. They don't think it will happen to them and take their luck up to that point for granted.

[–] frezik@midwest.social 2 points 2 years ago* (last edited 2 years ago)

Even if they are partially at fault, the company tends to have more power to fix security problems than the customer does. That's why we tend to put the onus on the company to fix these issues. It's not really fair to put it on either one for something criminals did, but at least the company has more power to control things.

In the case of credit cards, the US industry has implemented PCI compliance to force a level of security on all the individual companies. Now, I happen to think PCI is a flawed approach. Payment gateways in most other countries work something like PayPal or Google Wallet, where only the processing company ever sees payment data. The merchant only sees that the payment is verified and has the correct amount. However, US internet sites evolved where each individual merchant has to hold on to credit card data, and that necessitates PCI. Fortunately, PCI compliance is such a PITA that many companies are turning to payment gateways like everywhere else in the world.

In the case of 23andme, they had a few broken passwords that then affected half their customer base through the relationship feature. Aside from dropping relationships, they also could have used MFA methods. My Steam account uses MFA, and it's far less important than my DNA information.

[–] Case@lemmynsfw.com 5 points 2 years ago

I have a relative who did it.

But they are super into genealogy.

At this point, to go deeper, they would need to learn a new language and travel half way across the world.

I was not consulted before this was done. I would have cautioned against it.

[–] spacesatan@lemm.ee 0 points 2 years ago (1 children)

Bad analogy. The only people who had their information exposed are people who reused passwords and people who decided to make their info semi-public. It's more like deciding to tell all your cousins and 2nd cousins your credit card info and one of them leaked it.

[–] asret@lemmy.zip 1 points 2 years ago

And then trying to hold the card issuer liable rather than your cousin...

[–] JackbyDev@programming.dev 3 points 2 years ago (1 children)

This is such a fucking braindead, victim blaming take.

[–] Duamerthrax@lemmy.world -2 points 2 years ago

They became a victim the moment they gave their data to that company. Why is anyone that works at 23andme more trust worthy then rando hackers? They aren't obligated to any HIPPA laws.

[–] KingThrillgore@lemmy.ml 1 points 2 years ago

I SHOULD NOT BE GETTING GASLIT FOR WHAT SEEMED LIKE A NEAT IDEA AT THE TIME

[–] JIMMERZ@lemm.ee 0 points 2 years ago

Absolutely; and this is another example in a long list which should serve as a lesson for people to not share their personal data with any company if possible. Yet, I feel that lesson will never be learned.