No prob, and I’ll go a little further, from having seen this kind of thing many times before. Lots of times these info leaks happen because it was technically convenient or somehow useful to do X, without thinking through the privacy implications. Security vulnerabilities happen the same way. People just want to get their thing done with minimum fuss, rather than dithering around weighing complicated tradeoffs. So X is not explicitly a policy decision at all, but instead is a technical decision that turns out to have policy implications.
I’m a security developer so I have to be attuned to this kind of thing, but I miss stuff too, as does everyone. Most of the time nobody is being “bad”. They are just trying to ship product in a complicated environment full of subtle interactions, and it is easy to overlook stuff, especially if you haven’t already spent a lot of time dealing with those same issues.
No prob, and I’ll go a little further, from having seen this kind of thing many times before. Lots of times these info leaks happen because it was technically convenient or somehow useful to do X, without thinking through the privacy implications. Security vulnerabilities happen the same way. People just want to get their thing done with minimum fuss, rather than dithering around weighing complicated tradeoffs. So X is not explicitly a policy decision at all, but instead is a technical decision that turns out to have policy implications.
I’m a security developer so I have to be attuned to this kind of thing, but I miss stuff too, as does everyone. Most of the time nobody is being “bad”. They are just trying to ship product in a complicated environment full of subtle interactions, and it is easy to overlook stuff, especially if you haven’t already spent a lot of time dealing with those same issues.