View profile

Hanlon's razor

Revue
 
Please give us feedback on your thoughts regarding the newsletter, or if you don't have much time jus
 
July 24 · Issue #47 · View online
iAfrikan Daily Brief
Please give us feedback on your thoughts regarding the newsletter, or if you don’t have much time just hit the 👍 or 👎 at the bottom of each newsletter issue. Thanks. - Tefo Mohapi

When it comes to user privacy violations and user data leaks, especially those we’ve investigated at iAfrikan across the continent, it is most times a case of negligence (or stupidity if we are not being diplomatic) and not malice (e.g. hacking) that results in users data being leaked on the web. The latest case is what has been revealed with the South African founded flame-grilled chicken restaurant chain, Nando’s.
It turns out that Nando’s has been running a “fan community” website, which was actually a customer feedback and customer data collection (aka survey) website since 2013 known as Firestarters. As part of enticing their fans to give them as much data about themselves as possible, Nando’s offered some giveaways in return.
Thanks to Hollywood, when most people here that a company's IT systems were breached or leaked user data, many people have an image of a person (often wearing a black hoodie) sitting in a badly lit room punching furiously away at their keyboard. More often than not, no such person exists but it is the company's own staff (through negligence) that lead to data breaches and leaks.
Fast forward 6 years later, someone who previously completed the survey, Jarn Arthen, in 2014 receives a creepy and uncomfortable WhatsApp message. Jarn, now feeling uncomfortable, asks the sender where they got his number from, and it is from the Nando’s Firestarter website.
It turns out, as Darryn Van Der Walt would later discover, that Nando’s use a solution by Vision Critical and the NASCAR (USA) website which runs the same survey system, is also leaking user data. It sounds like a school boy error because of all the websites that run this Vision Critical survey system, only Nandos and NASCAR seem to be leaking user data, which would suggest that it’s probably a configuration problem.
This is where Hanlon’s razor comes in.
“Never attribute to malice that which is adequately explained by stupidity,” - Robert J. Hanlon
What exacerbated the problem is that some Nandos users would then go on to post their survey results links on social media. This led to Google Search being able to index those survey result pages with their personal details. Now, at this stage you’d expect Nando’s to take full responsibility for not securing people’s data and not making it publicly viewable.
Nope.
Instead, they say this:
“Nando’s would like to clarify that this is not a data breach, and is instead a circulation of a cached (temporarily stored) page. This private link was shared, despite this action being against our T’s and C’s – we have reached out to the customer, and understand that this was not intentional,” - Nando’s South Africa
That statement alone suggests that Nando’s knew that their system is not secured and as such, should a user share a link on any other platform that Google Search can crawl and index, the user’s data would be publicly viewable and indexed. So, what they decided to do to cover their butts is include a few sentences in their Terms and Conditions (which users hardly read as explained in this newsletter) stating that sharing of survey result links is prohibited. Surely that is not good enough and points to incompetence, or negligence, or both.
Above all, it is another case study where Hanlon’s razor proves true.
Recommended
🧠 Elon Musk announced that his company Neuralink plans to implant electrodes into the brains of people with paralysis by 2020. Aim: create assistive technology for people who can’t move or are unable to communicate. Link
🖥️ Luyanda Vappie and Motsholane Sebola have developed a small personal computer that requires no physical keyboard, mouse or monitor. Known as Prism, it has 2GHz CPU, 64GB on-board memory, wireless LAN and more. Link
🔥 Nando’s has confirmed and subsequently pulled down its Firestarters campaign website after it was revealed that it is leaking users’ personal data. The website was running Vision Critical’s solution for surveys. Link
✈️ An online campaign that has won the Cannes Lions creative data award for 2019 encourages African-Americans to Africa. It does this by replacing the derogatory “Go Back To Africa” phrase with images of black people touring Africa. Link
Did you enjoy this issue?
If you don't want these updates anymore, please unsubscribe here
If you were forwarded this newsletter and you like it, you can subscribe here
Powered by Revue