Today I spoke with someone I've known for a very long time. We have a relationship of mutual trust, and when I can, I answer his questions about technology. Today he managed to put me in a difficult position.
He is going through a hard time and would like to do something, but doing it would require him to join a club. This club, although legitimate, legal, and in my eyes perfectly acceptable, could cause him some trouble at work if that information ever came out. Not so much in today's world, but in the world tomorrow may turn into.
Five years ago I would have told him to go ahead, without hesitation. Today, I truly could not reassure him. On the one hand, there is nothing bad or wrong about it. On the other, I no longer trust those who manage our personal data.
A provider has already notified me three times in the past year that my data was involved in a breach. Because of a particular relationship I have with them, I asked for clarification, and they explained that development, which is not managed by them, has become lower quality and that changing company is difficult. At the same time, they are worried about the repercussions.
Now: the fact that I am a customer of that company is not a problem. Even less so my email address, or the hash of my unique password. But if this acquaintance of mine were to be affected by a data breach in that context, he would be taking a serious risk. Much greater than he suspects.
So tonight I'm in limbo. He thanked me and decided not to sign up. I feel guilty, perhaps, for having been overly cautious.
