We’re talking about 7 million users. Did some of them reuse passwords? Sure, just like on every other site. But claiming that all 7 million made that mistake is a lie used to pass off blame.
Don’t allow 23andMe to define the issue to make themselves look good.
I know what follows can be summarised as “because money”, but I’m a designer who has worked at companies comparable to 23andMe, and a large part of my job is waging a holy war against marketing (or merchandising/ecomm as they can be called).
There is a disease that infects the minds of these people to make them see their customers as a raw material to be extracted. Anything that hinders that extraction is bad. Any cost implied that does not aid that extraction is bad. But most of all, the disease makes them see customers as machines that must respond to instructions: do this, do that, do more, don’t think.
This leads to the biggest problem we all deal with online: how to understand what everything means. Complex landscapes designed to aid the extraction are littered with new (or old but re-packaged or twisted out) concepts, vocabulary, rules and hidden consequences that nobody talks about because the system looks lovely or has some USP. Those willing to play the extraction game suppress dissent by pretending everything is awesome, and that if they can understand it so can you.
One thing I have proposed to at least try to help people orientate in all this is a “log” in your profile that shows anything that might affect you. Some sites have this for extractive purposes or course (LinkedIn’s “12 people saw your profile”) but a more detailed and informative one might help perhaps (“Data about products you have bought was made available to [companyName]”, or such like).
Here’s how the privacy settings work on 23andMe (or at least how they did work in 2019 when I got my kit).
When you log in to view your DNA data for the first time, it walks you through all available privacy settings, step by step. There are no silent defaults: in each case you see an explanation of what a setting means and get to choose whether to opt in or out before moving on. The options include whether your genetic data can be used for research, whether your saliva sample should be stored or destroyed after genotyping, and whether to participate in the social network-style “DNA Relatives” feature.
If you opt in to DNA relatives, that means your partial profile is visible to other users who have a DNA match with you. You get to customize how much information is visible in this profile. At a minimum, the matching user will see your initials, an estimated strength of relationship (e.g. “4th cousin”) and amount of matching DNA (e.g. “0.40% DNA shared, 2 segments”), and nothing else.
You can choose to “connect” with a matching relative. Both users have to connect with each other, and then they see a fuller “enhanced profile”, which includes a breakdown of ancestry composition into geographical populations, mitochondrial and Y haplotypes, plus any genealogical data you entered yourself (e.g. ancestors’ birthplaces and family names, family tree).
So users have quite a bit of control over what information is shared and how. Or course, when making decisions about what information to share with “relatives”, most people will not consider that it may also be shared with anyone who gains unauthorized access to the relative’s account.
I think I’m not impacted by this hack (no password reuse on my account, and I didn’t get any additional communication that the company promised for people whose data was leaked), but I don’t think I would mind it a lot. Anything you put in the basic relatives profile can be seen by thousands of people you’ve never interacted with, so it’s very nearly public information anyway. A leak of information I’ve not chosen to share would be worse, though that’s also a risk I consciously took when getting into this.
Additional information, links:
“The Register approached 23andMe for comment but it did not respond.”
Have the system generate a temporary password is fine, as long as the system forces you to change it at next login. “force password change” has been a toggle on just about every systems I’ve ever used since the mid-90s when I entered the IT industry.
One monolithic ID for all accounts? that’s a terrible idea, although a lot of systems have latched firmly onto the use of an email address as a user ID. What happens when your single ID is compromised? even if your passwords are unique one every site, that still opens a door for abuse. And if your email is compromised? game over, you lose. (Just ask anyone who’s had their Google / Gmail account suspended- Single Sign On can be a very dangerous thing.)
To be fair, Apple has more or less blacklisted El Reg for some years, which they take as a point of pride because they’ve pointed out many of Apple’s flaws… 
(their motto is “biting the hand that feeds IT”, after all…)
“force password change” has been a toggle on just about every systems I’ve ever used since the mid-90s
… aaand we’re back to making it the user’s problem.
And if your email is compromised? game over , you lose.
I think that’s why we have 2FA, as pointed out earlier in the discussion, and SSO seems unrelated to what I’m talking about. Raskin’s point (and he demonstrates it with some mathematics in his books as I recall) is that having a user ID and a password is no more secure than having a single unique ID to the system. But it does make things easier for the users of the system to use it.
Not to disrespect your tenure in the IT business, but you seem to have missed the fact that the things that have always been a certain way in the IT business do not work. This is what we talk about when we talk about security.
This topic was automatically closed after 5 days. New replies are no longer allowed.
