We all passed through a password retrieval form. You give your email, you get a message with information to create a new password. This is also the simplest way to know if anyone you know the email of is actually registered to an online service.
This is the most basic privacy leak your site could have, and still even big networks sensationally fail at it.
The following screenshot comes from WordPress.com, pretty huge service I’d say.
It’s a mild privacy threat but still a threat, it’s even the easiest issue to fix but very few cares. Say you have a forum where people share experiences about a rare disease or a Selfies for Furries gallery or whatever. If I want to know if a friend, colleague, relative have that kinky habit all I have to do is check his email on the “Forgot password” page.
Why should you care? And for such a small threat moreover. Thanks for asking. Let me digress for a moment.
From a service provider (you, the developer) standpoint there are no mild or critical privacy concerns. Only your users can decide what is privacy, you have no rights to choose for them. Privacy starts from complete lock-down with opt-in options, not the other way around.
That’s also the reason why “I have nothing to hide, I’m no terrorist” statement makes no sense. Paradoxically freedom is the right to define your own boundaries, not the absence of boundaries altogether.
Solution for developers
You are so good at pixel perfect design and military grade security and still you fail in protecting the privacy of your users starting from the very smallest things.
If you have a service, don’t disclose if an email address is present in your database. The easiest solution is to just say that an email has been sent despite the user being registered or not.
“An email has been sent to the provided address. If you don’t receive it within few minutes try again.”
But why lose the opportunity to tell your users how much you care?
“We care about our users’ privacy! We can’t tell you if the email you provided is in our database, but if it is you’ll soon get a message. If you don’t receive it within few minutes you can always retry.”
Simple as that. If you don’t care about your users’ privacy I don’t know why I should care about your silly startup!
Solution for end users
The truth is that companies cares about your data more than you care about your privacy. It’s their job, they have an immediate turn back from it. You get nothing tangible in return for protecting your own privacy, until you actually discover that someone violated it. At that point you feel betrayed, you think that you should have been protected or better informed.
The first thing you can do before registering to a new service is to check their email retrieval policy. Click on “forgot password” and fill your email in. If they tell you that you are not actually registered do not use that service. They give a shit about their users’ data.
If you totally have to register anyway, create a new hard-to-guess email address (or even a disposable one) and never use that address for anything else apart logging in to that service.
It’s unbelievable that we still need a post like this…