App for UK Conservative Party conference exposes all attendees' private info

Originally published at: https://boingboing.net/2018/09/29/cue-benny-hill-music.html

…

Gee. It’s almost like putting shit online is an inherently risky proposition that subjects people to data breaches…

Yes, totally confusing to a little brain person[s] conservatives.

And this is why I don’t install all the myriad apps that everyone wants me to. I’ve already got an app for that–it’s called the web browser.

Especially when incompetents touting themselves as good stewards of a nation’s digital future are doing it.

I don’t think it’s just a conservative problem… it’s not like it was just this app that’s storing data of users. We all do it all the time. Conferences and conventions I’ve been to or have thought about going to almost always ask you to install an app to get around the con, see the schedule, etc.

Yep.

It would be so tempting to log in and use this flaw to sow chaos in the tory party and cause divisions between their MPs by announcing ludicrous policy positions.

But, they seem to be doing fine at that without any outside help, so why bother.

So? I’m sure none of these exceptionally fine persons have anything to hide, ergo they have nothing to fear!
Am I right, or am I right?

Couldn’t happen to a nicer bunch of folks.

giphy.gif332×215 1.99 MB

I mean, it would have helped had they even the most basic checks in the system. I can’t even imagine how this kind of C.F. got created, as anyone with the knowledge to put it together must know how totally dumb it is to allow the use of public information as the sole input required for access…

Well, I guess this really does fit in with their usual “technology is magic” stance. (E.g. invisible Irish post-Brexit border, encryption backdoors, Great Firewall of Britain)

Yeah, it would be rather redundant, wouldn’t it?

I went to an IT conference around the year 2000. They had some third-party marketing firm handle a bunch of stuff.

The bastards spammed me for the next seven years.

(I did get them kicked off of several, increasingly sketchier hosting providers over the years, but like all spammers it was like whack-a-mole.)

And I’d guess that’s actually the BEST case scenario, too. Given how much information some of us keep on our phones, data breaches of this kind can open up all kinds of problems for people who aren’t particularly tech savvy.

Well? They’re representatives, right?

Exactly. At the time the only information they could get out of me was my email address, employer, my membership in a particular user group, and my credit card (which I don’t think they had access to).

All of that is more than enough to dox you, yeah?

And so many people do their banking on their phone now… I’ve seen a person I know take pictures of checks on their phones for deposits… I just don’t get that at all, but it seems like it’s convenient for people and this is probably doubly true for people whose only online access are their phones (this was not this case, though).

it’s not necessarily the stupid little apps they make…
it’s the third party foggy weather distances

This proves the party is totally “open and transparent”.

Exactly! Hands above the duvet!

With the way they stand, I am not surprised that their “private information” gets exposed.

It’s like Osborne is inviting you to kick him in the balls.

/drifts off into wistful reverie

The last fighting game to feature a Tory leader was shite, so it isn’t surprising.