I work for a large educational company you have probably heard of on a product you may or may not have.
I was on vacation a couple years ago, and in some downtime I was just scanning PRs awaiting code review, because I am bad at work/life balance. Lo and behold, there was a PR ready to go that would have exposed students directly to a third party. A reputable third party, but a third party nonetheless. It had the requisite votes but the user had not merged it. I very quickly threw up a blocking review and called my boss.
I made quite a stink about it to my boss, but he didn’t seem to think it was a big deal. I went up the chain to his boss, and he also didn’t see what the problem was. At this point I call my bosses boss and basically beg him to talk to legal about it. He does, and they put the kibosh on the whole thing right out the gate. I’m sure I burned some political capital that day, but in my book at least it was well worth it.
Hanlon's Razor in full effect. Even then though, I know these people well and know they’re not dumb, the way the web is structured makes it really easy to expose people and not even realize it.
So often these things happen with the best of intentions. We use OS level geofencing support in our mobile apps at work to provide some functionality to customers, and have been looking at providers of better support for that recently to try and work round some problems.
During a call someone mentioned they were looking at a provider who provides a full location history for debugging purposes, which was being looked on favourably (who doesn't want better debugging?) until I stepped in and pointed out we don't want to be anywhere near a full precise location history for our users. It provides basically no benefit to us other than debugging being a bit easier, and the massive risk that if someone's account for this service is compromised they've potentially facilitated stalking our users.
The third party doctrine in the US also means that this data is accessible without a warrant from the provider, if the provider turns it over on a request. The fact that it's your location doesn't matter, it's the provider's data to do with as they wish (including rat you out to police fishing expeditions) if they feel like it.
Then again, anyone who has location services on systemwide on an iOS or Android device is sending this log to Apple/Google anyway (because location services transmits all of the visible Wi-Fi APs to Apple/Google to improve location).
I was on vacation a couple years ago, and in some downtime I was just scanning PRs awaiting code review, because I am bad at work/life balance. Lo and behold, there was a PR ready to go that would have exposed students directly to a third party. A reputable third party, but a third party nonetheless. It had the requisite votes but the user had not merged it. I very quickly threw up a blocking review and called my boss.
I made quite a stink about it to my boss, but he didn’t seem to think it was a big deal. I went up the chain to his boss, and he also didn’t see what the problem was. At this point I call my bosses boss and basically beg him to talk to legal about it. He does, and they put the kibosh on the whole thing right out the gate. I’m sure I burned some political capital that day, but in my book at least it was well worth it.
Hanlon's Razor in full effect. Even then though, I know these people well and know they’re not dumb, the way the web is structured makes it really easy to expose people and not even realize it.