Amazon & Instagram data leaks
Internet companies need a culture around protecting user data
Past few months have been pretty rough on the internet giants. This month, we got news about few more data leaks at some of the leading internet companies.
1. Amazon
2. Instagram (Facebook)
The attitude is more concerning than the leaks
In both cases above, the companies showed very little concern about the their customer’s privacy. They sent out emails with minimal details of the issues, the impact they might have or how they are going to avoid it in future. It looked more like a formality as opposed to a genuine concern for such issues.
Here are some of the public reactions from twitter :
In Instagram’s case, the password was leaked when users tried to download their data from Instagram because they were already concerned about their privacy. Apparently, these passwords were stored as it is in Facebook servers without any encryption. They must have broken a dozen security best practices not just one or two.
Of course, these issues affected a small number of people. But that doesn’t mean these issues can be taken lightly. People across the world are waiting to exploit this kind of loopholes to their advantage. If not this week, it will be exploited at a later time when it might end up having more significant outcomes.
Anything that can go wrong will go wrong — Murphy’s Law
But even after all these independent instances, these companies seem to be more worried about fixing specific bugs & errors and repairing their public images.
Will incremental changes solve these problems
Most of the internet giants were built in the early days of the Internet when user data wasn’t a thing. The problems these companies faced in the initial days and the race they started running demanded the aggregation of more data at any cost. The structures they built to support this data collection and the data we pumped into these structures made these companies what they are today.
The privacy related issues we face today are rising from the same structures. Making incremental changes to these structures is like using duck tapes to fix individual broken pots instead of making new pots that can’t be cracked easily. Most companies aren’t thinking out of box to solve these issues.
The problems have evolved. Our structures haven’t.
So the core problem is
Today’s internet companies have built their cultures around getting people online and connecting them to information and other people. They assume users will be happy as long as they are connected to the relevant information. But that is no longer the case. Data Privacy awareness and concerns are becoming more common. The Generation-Z (more than 25% of current U.S. population) has been using the internet since their young ages, and they have very different expectations.
Most internet companies are currently in one of these situations:
- They ignore the problem. They underestimate the growing need for privacy and believe that they have it all under control. Eg. Google
- They misunderstand the problem. They think giving better privacy controls to users will make them happy. But they don’t understand that users are not willing to put them in a central entity in the first place. Eg. Facebook
- They understand the problem. But they realize their culture can’t be changed that easily. Their investors might not like it. They are too big to refresh their talent pool. It will be a considerable impact to rebuild the culture from the bottom again. So they are just delaying the inevitable — being replaced by companies with newer models. Eg. Amazon
- They are taking action. The ones that understand the core problem are taking the temporary hit and rebuilding their culture around privacy. Eg. Apple
What are your thoughts? Can these companies rebuild themselves around data privacy & decentralization or Will they soon be replaced by new companies that have privacy & decentralization built into their culture.
