"When I arrived there were these gentle giants smelling of fcking gold and milk. They could do anything. Now look at them. Fat as fck, scrawny on meth or yoga."
- Logan Roy
I do not want my credit card to offer moral guidance, I want it to buy stuff were it is convenient. Where will it end, my bank telling me I have bought too much alcohol this month?
Your regulators (assuming you bank in the US) disagree with you. Banks have denied service to all manner of people doing relatively innocuous stuff. If the moral compass turns against gun purchasing and ownership sufficiently, there is a banking regulatory model in place to deny credit card processing to armament vendors.
Appeal to legality. A similar argument could be made that this would be to stop mass shootings, meaning this bank ban on guns would fall under legal grounds, not moral grounds.
I'm not entirely sure they should be liable. A car manufacturer isn't liable if someone commits vehicular homicide, and McDonald's isn't liable if someone eats themselves to death with Big Macs.
Devil's advocate: are you really paying them for a service? I guess it depends on if you pay your bill in full each month, but for those that do pay in full, credit cards provide so many "free" benefits (travel perks, cash back, loss protection, extended warranties, so on). So for those, credit cards provide excellent services requiring no payment at all--it could almost be seen as a club with benefits that one joins, and if that's the case why not impose their moral compass onto its members (like most clubs do)?
None of those things are free to me. It's something in the range of %1-%3 of all I spend. Despite the fact that a lot of the time those charges are hidden in the price of the items I purchase, I pay them even if I use cash.
As the article outlines, they already do by not allowing you to purchase cryptocurrencies.
I don't see any logical reason why "I'm paying them for a service" means they can't impose restrictions on the service they offer, except in the case of a monopoly, in which case there may have to be regulations on this.
The cryptocurrency decision was driven by higher than normal share of chargebacks. Even if the consumer is wrong, and bank eventually denies a refund on that BTC @ $16,000 purchase, there are processing and overhead costs that impact bank margins.
I am sick of seeing headlines about teenager hacker being put in jail.
It's not because they are geniuses it's because of poor IT defense.
The companies should be severely fined for criminal negligence.
I get what you mean, but poor defense ain't no excuse to hack the hell out of company, neither legally nor morally. plus i don't buy the notion that some teenager had no clue what he was doing would harm other's livehood (if yes, then he should go through psychiatric evaluation).
if I don't put 3m electric fence with automatic sentry guns around my whole hypothetical house and land, does it mean everybody is automatically invited to freely try to break in, do damage, steal my stuff or post my private and legal data online for others?
state should have better use for these guys, but there should definitely be punishment, not reward in any way. that's how all countries run these days
I am not sure the analogy is very accurate. You do not advertise your house as a place where other people can come and freely store their valuables and then take it out as they please.
If you did, there is a name for what you have built: a bank. And you can be pretty sure people then will not have any issues with whatever security measures you take. Most of all, your cost of security installation is now covered by other people's money, which effectively gives you very precise calculations on what exactly you can and cannot spend. You are more than free to return the money and shut down shop if you feel you are in a completely unsafe neighborhood which makes your bank impossible to run at a profit.
To stretch this point a little further, imagine you did have a bank, and your customer comes and demands to take their money out, and you say "Oops. I had just left it out here on this desk, and when I went to pee, a kid just came in and ran out with all your money. I feel bad for you, but the cost of moving the stuff back and forth between front desk and the vault would make the service unprofitable. Its not my fault, its all these children in the neighborhood who keep pranking me".
The lowered barriers to hacking, combined with an ever moving target for what constitutes good security, are genuine concerns. But as a company, you are expected to shoulder the burden of security as a precondition of making the claim that you provide a good service. One way or another, people actually pay you to take care of their data as part of the service.
> You do not advertise your house as a place where other people can come and freely store their valuables
A house offers protection, no doubt about it and anyone but a social recluse will potentially offer it to others, although not foreigners. You are certainly not trying to say negligence would be OK as long as it concerns foreigners.
> I am not sure the analogy is very accurate. You do not advertise your house as a place where other people can come and freely store their valuables and then take it out as they please.
Your bank doesn't have weapons turrets in its physical branches, either.
I don't think the house analogy works. You don't keep other peoples stuff at your house. If you ran a storage warehouse, I'm pretty sure your customers would expect you to have adequate security. If a customer came in through the back door of my warehouse, and told me the lock doesn't work, I wouldn't punish him. I would fix the lock.
> If a customer came in through the back door of my warehouse, and told me the lock doesn't work, I wouldn't punish him. I would fix the lock.
And if that same customer smashed a bunch of stuff, vandalized the walls, and stole product that was being stored in the warehouse - you'd prosecute the hell out of him... and then fix the lock.
Indeed but if you don't build a fence around your swimming pool and a child wanders over and drowns that is often on you. I'd like to see some fines for negligence in examples like this. Both the attacker and the victim are at fault in my opinion.
If you have a swimming pool on your property, then yes you need to fence it, and fence it well. If some kid climbs that fence and drowns in your pool, kiss that property goodbye.
More like, if you don't put locks on your doors, maybe no one should insure you and maybe the cops shouldn't waste their time when you couldn't be bothered to even take symbolic action to protect yourself.
This analogy fails when you consider the complexities in securing a sprawling IT architecture for a massive corporation compared to putting a lock on a door.
Companies like Yahoo did try to secure themselves. They were just really bad at it.
The point of the analogy is that casual negligence of even the most basic security procedures should have built-in consequences... for the negligent party.
I don't understand the point your trying to make. In most recent high-profile hacking cases, hackers stole customer information (including credit card numbers) from the businesses. The financial fall-out for those customers could be much worse than a physical robbery.
But (this is unrelated matter) why is it possible to steal someone's money just by copying several short numbers? We have all kinds of advanced cryptography today but some payment systems still rely on transistor era technologies.
And even worse, companies can track customers using CC numbers. That is wrong too. The shop should not get your name or other unique identifier when you just buy something with a card.
They didn't steal money, they stole information which could be used to get money. What you're saying is equivalent to, "They stole the design for our car's master ignition key, but since they didn't steal an actual key or a car, no harm no foul." It's not the same as stealing a car, but it's also clearly about stealing cars.
If they're taking password from users (and maybe even other data like Credit Card numbers - regardless of the security failures of the site), they are taking something from you
I'd say that depends on the hack. The hacks just for prestige aren't really that prevalent any more.
These days it's hack for stealing creds or money or secrets or perhaps just putting ransomeware on all the comapanies systems to get a bitcoin payment out of them...
Even for prestige, is it ok for gang members to break and enter properties, even if they don't anything, for prestige? I suspect not so the same should apply.
An uncovered and unlocked hot tub in the back yard can be seen as an "attractive nuisance." Sure, the kid trespassed by climbing over the fence, but he wouldn't have drowned if the thing had been secured.
Sure, the hacker broke the law by hacking in, but I wouldn't have had my PII stolen if the thing had been secured.
You wouldn't say the same about a deadbeat teenager who smashes a car window and grabs someone's purse. "It's not because they're criminal masterminds, it's because of poor car defense."
Locks, physical and mathematical, are for the deterrence and convenience of the generally honest. Law enforcement, as an active defense, is for the deterrence of the actively attacking. At some point you're always going to have to stop turtling and build an army.
And I get downvoted for saying self-driving car companies should be fined signficant amounts of money for both car accidents due to poor self-driving software capabilities but also for security breaches.
What if it's "cheaper" for the car companies to let the cars crash than adopt stronger security? You may think that there's no way a recall would be worth it, but we're already seeing companies such as Tesla "fix" the issue over the air, and chances are most of the new self-driving cars will be fixed the same way, if not all.
The only thing that would be left is the "bad PR", which may be much smaller in the future, because there won't be any recalls. If only 2 people die, and then all cars are fixed, the outrage just won't be as big as when 100 people die due to a brake malfunction, and then 5 million cars have to be recalled, impacting 5 million people (as opposed to only the families of those two in the former example) that would then personally spread the bad news.
Also the "bad PR" doesn't seem to affect tech companies, or even retailers, or banks, all that much, so I doubt it would affect car companies that much more in the future (for the reasons I mentioned above).
All that needs to happen is for a court to define poor IT security as an "Attractive Nuisance", and just generally make companies liable for their customer's information (and more broadly if possible).
Yes, but then, the discussion was about "teenage hackers". More broadly though, I was just trying to get the idea across using an existing bit of common law.
What I find infuriating is how all these companies think they are so unique with their interviewing process then ask the same inane questions. This is worse when the same questions are asked by different people at the same company.
College qualifications or any real qualifications are being dismissed by more and more people but the vacuum that has been left is being filled with crap like 15+ rounds of interviews and/or 12 hour interviews.
The hiring process is currently broken. I think the only fix is to have proper, trusted qualifications (again?).
Qualifications are hard. I just graduated, and now that I'm a CEO I can tell you there's no way I'd hire someone just because they have my degree. At RPI (my school), there are at least as many completely worthless developers as there are diamonds, and they all have one degree.
I agree, I wouldn't hire anyone just because they have my degree either BUT we need some qualifications to fill this gap otherwise the interview process will get more and more unwieldy.
My main issue with Hacker News at the moment is that it is NOT NEWS!
An article from 2010 about quitting hn is not news.
I used to kid myself that I go here "to keep up-to-date" or find out what is happening. I used to think this was a valid news source but it is not. It's got some interesting articles that suck up my time but I've stopped kidding myself that it is news.
