Mastodon

Weekly Update 384

I spent longer than I expected talking about Trello this week, in part because I don't feel the narrative they presented properly acknowledges their responsibility for the incident and in part because I think the impact of scraping in general is misunderstood. I suspect many of us are prone to looking at this in a very binary fashion: if the data is publicly accessible anyway, scraping it poses no risk. But in my view, there's a hell of a big difference between say, looking at one person's personal info on LinkedIn via the browser versus having a corpus of millions of records of the same data saved offline. That's before we even get into the issue of whether in Trello's case, it should ever be possible for a third party to match email address to username and IRL name.

To add some more perspective, I've just posted a poll immediately before publishing this blog post, let's see what the masses have to say:

Listen on Apple Podcasts
Get it on Google Play
Download via RSS

References

  1. Sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. Trello had 15M records scraped and posted publicly (somehow the narrative feels like it's pushing back on things that were never said to begin with)
  3. The "Mother of all Breaches"... which isn't (someone leaving their personal stash of existing breaches doesn't make everything re-breached)
  4. HIBP got a nice little shout-out from our MP for Cyber Security (I'm still fascinated at just how mainstream this little service has become 😊)
Weekly update
Tweet Post Update Email RSS

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals