Agreed, but this was search and watch history. I can see an argument for not keeping search history, but if I'm paying for Spotify, YouTube, or Netflix, I'd like to go back to that song or video I enjoyed last week but can't recall the name of
In other words, this is data we as consumers want to be able to access, and therefore want kept.
You CAN turn off watch history in Youtube (not sure about Spotify). However, for better or worse revealed preferences seem to show that people prefer automatic content recommendations over doing the search & bookmark work themselves.
I believe Bruce Schneier suggested more than twenty years ago now that we think of personal data as like a form of toxic waste or pollution, but this metaphor doesn't seem to have caught on widely.
Anyone who used their personal or work email to sign up to a site like pornhub should expect that email to be made public one day along with any other data they have on the site, including watch history.
In the case of personal emails, that same email can usually be used to look up the victim on social media (Facebook is an example) to reveal their identity, if, like most people, they used the same email on that social media site.
As most on HN will be aware, data breaches like this are extremely common. Its not a matter of if, its a matter of when. NSFW sites in particular are more juicy targets and often have bad security.
I had an inkling! They've been on a roll this past year or so.
>This data includes a PornHub Premium member's email address, activity type, location, video URL, video name, keywords associated with the video, and the time the event occurred.
Well, that's pretty fucking wild! Email address & time and location sent to a 3rd party, nice! Absolutely no reason for that, of course. Especially considering these are paying customers!
I guess somewhat notably is Mixpanel denying that it's coming from their November breach. They have less incentive to lie in this case, given that they've already admitted to being breached, and (presumably) their systems & logs have been gone over with a fine-toothed comb to identify all affected parties:
>"The data was last accessed by a legitimate employee account at Pornhub’s parent company in 2023. If this data is in the hands of an unauthorized party, we do not believe that is the result of a security incident at Mixpanel."
Websites that uses third-party analytics will at minimum send the IP address, time and the url when users access pages. It also very likely they will send API calls if the developers want to track those.
So if any calls looks like "https://example.invalid/api?confirmemail=user@example.invali..." would cause a leak of the email. I have seen multiple companies and websites do this (either with email or username) when signing up or after first login, and I would strongly guess that most of not all of them uses some kind of analytics for that request that leaked data.
Web developers are supposed to scrub their sites so that doesn't happen, but then the main arguments in favor of using third-party analytics is the convenience of enabling it globally with minimum effort and then getting pretty graphs for free. There are occasionally HN posts about self-hosting analytics and the common response is that its too hard and too much work.
3rd party user tracking can slurp up a lot of unexpected data, and no one ever wants to disclose problems when a vendor loses things like this. MixPanel has a long history of problems/
Private Internet Access has denied under oath that they have logs to turn over.
There is no reason to think that more reputable activist providers like Mullvad or AirVPN would if a party like PIA already doesn't.
I'd steer clear of NordVPN though. They have lots of controversy in their history and they are very financially motivated, considering the deluge of YouTube sponsorship and ads they pay for each year. Still don't think they would lie about no logs but why risk it.
I don’t love location tracking but their statistics blog posts are usually pretty funny/interesting. And I’m guessing part of this is to work with specific laws. I read that in US states with draconian laws, they’re actively blocking users.
The thing is, you can do the same statistics without including the user's email address or otherwise directly linking a data point to a specific person.
They may need to retain certain information for laws, but they aren't obligated by law to also share that information with their analytics partners.
Why as an engineer, would you log the entirety of a user’s info on mixpanel? I mean come on, how hard is it to have an obfuscated unique id for your users that can’t be traced back to them when logging info in third party apps? What benefit can you possibly get from logging email ids in mixpanel?
>This data includes a PornHub Premium member's email address, activity type, location, video URL, video name, keywords associated with the video, and the time the event occurred.
I had always known, albeit intuitively, that registering to porn websites was a dumb idea.
But that transferred very sensitive data to a third party without anonymising the amount.
Just by replacing the email with a random anonymizedAccountId the impact would have been reduced from disaster to who cares. This was bad design from the start.
Just mind-bogglingly stupid to send anything about users other than a UserID number/UUID to your web tracking software.
Of course, in a sensitive situation such as that, even IP address can also be problematic, and your 3rd-party tracking software vendor gets that automatically.
If these clowns had hired someone smart instead of just copy-pasting some tracking code and throwing their whole user object at it or whatever, they would have given this some thought.
I'd have used the ability to proxy the MP tracking calls to my own server which most of these services offer but few use. That server would not keep any logs and would perform coarse GEOIP, remove the IP itself or zero the last 2 octets, and relay that information into MixPanel using custom attributes.
Just a quick back-of-napkin sketch, but even that was more thought than they put into it.
reply