I had an inkling! They've been on a roll this past year or so.
>This data includes a PornHub Premium member's email address, activity type, location, video URL, video name, keywords associated with the video, and the time the event occurred.
Well, that's pretty fucking wild! Email address & time and location sent to a 3rd party, nice! Absolutely no reason for that, of course. Especially considering these are paying customers!
I guess somewhat notably is Mixpanel denying that it's coming from their November breach. They have less incentive to lie in this case, given that they've already admitted to being breached, and (presumably) their systems & logs have been gone over with a fine-toothed comb to identify all affected parties:
>"The data was last accessed by a legitimate employee account at Pornhub’s parent company in 2023. If this data is in the hands of an unauthorized party, we do not believe that is the result of a security incident at Mixpanel."
I had always known, albeit intuitively, that registering to porn websites was a dumb idea.
Time has proved me right.
Getting compromised is more of a matter or time than ability. Someone's going to fuck up at some point.
<https://www.wnycstudios.org/podcasts/otm/segments/what-can-w...> (audio and transcript).
Based on Paul Ford's blog entry: "Fairly Random Thoughts on Ashley Madison & the Swiftly Moving Line" <https://medium.com/message/fairly-random-thoughts-on-ashley-...>.
There is no reason to think that more reputable activist providers like Mullvad or AirVPN would if a party like PIA already doesn't.
I'd steer clear of NordVPN though. They have lots of controversy in their history and they are very financially motivated, considering the deluge of YouTube sponsorship and ads they pay for each year. Still don't think they would lie about no logs but why risk it.
3rd party user tracking can slurp up a lot of unexpected data, and no one ever wants to disclose problems when a vendor loses things like this. MixPanel has a long history of problems/
They may need to retain certain information for laws, but they aren't obligated by law to also share that information with their analytics partners.
So if any calls looks like "https://example.invalid/api?confirmemail=user@example.invali..." would cause a leak of the email. I have seen multiple companies and websites do this (either with email or username) when signing up or after first login, and I would strongly guess that most of not all of them uses some kind of analytics for that request that leaked data.
Web developers are supposed to scrub their sites so that doesn't happen, but then the main arguments in favor of using third-party analytics is the convenience of enabling it globally with minimum effort and then getting pretty graphs for free. There are occasionally HN posts about self-hosting analytics and the common response is that its too hard and too much work.
In other words, this is data we as consumers want to be able to access, and therefore want kept.
Surely this is up to the client, or perhaps explicit bookmarking capabilities. Not implicit records of what you looked for in the past
Sometimes also for engagement, like feed tuning, but usually that's also mostly about selling it.
Not often for user-wanted features, though they might be thrown in, since the data is already captured (to sell it).
When companies mainly want the surveillance data to sell it, now there's a monetary number on it. And a monetary number can also be put on lawsuits.
nusl•3h ago
thuridas•1h ago
Just by replacing the email with a random anonymizedAccountId the impact would have been reduced from disaster to who cares. This was bad design from the start.
We may see some interesting news in a few days.
8cvor6j844qw_d6•1h ago
Similar to Ashley Madison data breach, vulnerable to extortion and various shenanigans.
xp84•44m ago
Of course, in a sensitive situation such as that, even IP address can also be problematic, and your 3rd-party tracking software vendor gets that automatically.
If these clowns had hired someone smart instead of just copy-pasting some tracking code and throwing their whole user object at it or whatever, they would have given this some thought.
I'd have used the ability to proxy the MP tracking calls to my own server which most of these services offer but few use. That server would not keep any logs and would perform coarse GEOIP, remove the IP itself or zero the last 2 octets, and relay that information into MixPanel using custom attributes.
Just a quick back-of-napkin sketch, but even that was more thought than they put into it.