For context…. we were required to upload birth certificates, tax documents and social security information for proof of eligibility via this 3rd party service… over the internet… but its my responsibility to protect this info?!
It’s your job to upload nothing to save your information
One_Economist_3761 on
Basically, if we’re breached, it’s not our fault. Very lazy.
1bruisedorange on
So I guess I should actually read these agreements instead of just clicking “yes”. Hmmm.
stokeskid on
How is that even legal. I know my neighbors names and address. I’m not liable if I leak or sell that information to criminals?
toyheartattack on
Make sure to redact everything from the uploads and pinky promise them it’s real.
Frelock_ on
This clause is warning you about man-in-the-middle or MITM attacks. If you send them information via email, that’s typically not encrypted. Your email provider, ISP, or a particularly clever hacker could intercept the message in transit, read it, and then forward it on to the site. They’re saying they’re not responsible for the security of that data while it’s in transit.
On the one hand, they’re correct that there’s nothing they can do to protect your data in transit if you send it to them unencrypted. On the other, they absolutely could set up an encrypted session between your browser and their site that would protect the data in transit.
Also, it should be noted that MITM attacks are pretty rare; someone would have had to breach your network or your ISP in order to pull one off intentionally. There’s some data sweeping that tries to intercept *all* Internet traffic, but that’s strictly nation-state level activity.
6 Comments
It’s your job to upload nothing to save your information
Basically, if we’re breached, it’s not our fault. Very lazy.
So I guess I should actually read these agreements instead of just clicking “yes”. Hmmm.
How is that even legal. I know my neighbors names and address. I’m not liable if I leak or sell that information to criminals?
Make sure to redact everything from the uploads and pinky promise them it’s real.
This clause is warning you about man-in-the-middle or MITM attacks. If you send them information via email, that’s typically not encrypted. Your email provider, ISP, or a particularly clever hacker could intercept the message in transit, read it, and then forward it on to the site. They’re saying they’re not responsible for the security of that data while it’s in transit.
On the one hand, they’re correct that there’s nothing they can do to protect your data in transit if you send it to them unencrypted. On the other, they absolutely could set up an encrypted session between your browser and their site that would protect the data in transit.
Also, it should be noted that MITM attacks are pretty rare; someone would have had to breach your network or your ISP in order to pull one off intentionally. There’s some data sweeping that tries to intercept *all* Internet traffic, but that’s strictly nation-state level activity.