Those are some interesting papers, thanks for linking.
In the case at hand, I do disagree with your conclusion though.
In this situation, the most a user could find out is who checked them in dialogues. They wouldn’t be able to find any data about checks not concerning themselves.
If they happened to be a capable enough dev and were willing to go through the schleps to obtain that information, then, well… we’re a small team and the world is on fire, and I don’t think we should really be prioritising making Dialogue Matching robust to this kind of adversarial cyber threat for information of comparable scope and sensitivity! Folks with those resources could probably uncover all kinds of private vote data already, if they wanted to.
we’re a small team and the world is on fire, and I don’t think we should really be prioritising making Dialogue Matching robust to this kind of adversarial cyber threat for information of comparable scope and sensitivity!
I agree that it wouldn’t be a very good use of your resources. But there’s a simple solution for that—only use data that’s already public and users have consented to you using. (Or offer an explicit opt-in where that isn’t the case.)
I do agree that in this specific instance, there’s probably little harm in the information being revealed. But I generally also don’t think that that’s the site admin’s call to make, even if I happen to agree with that call in some particular instances. A user may have all kinds of reasons to want to keep some information about themselves private, some of those reasons/kinds of information being very idiosyncratic and hard to know in advance. The only way to respect every user’s preferences for privacy, even the unusual ones, is by letting them control what information is used and not make any of those calls on their behalf.
Those are some interesting papers, thanks for linking.
In the case at hand, I do disagree with your conclusion though.
In this situation, the most a user could find out is who checked them in dialogues. They wouldn’t be able to find any data about checks not concerning themselves.
If they happened to be a capable enough dev and were willing to go through the schleps to obtain that information, then, well… we’re a small team and the world is on fire, and I don’t think we should really be prioritising making Dialogue Matching robust to this kind of adversarial cyber threat for information of comparable scope and sensitivity! Folks with those resources could probably uncover all kinds of private vote data already, if they wanted to.
I agree that it wouldn’t be a very good use of your resources. But there’s a simple solution for that—only use data that’s already public and users have consented to you using. (Or offer an explicit opt-in where that isn’t the case.)
I do agree that in this specific instance, there’s probably little harm in the information being revealed. But I generally also don’t think that that’s the site admin’s call to make, even if I happen to agree with that call in some particular instances. A user may have all kinds of reasons to want to keep some information about themselves private, some of those reasons/kinds of information being very idiosyncratic and hard to know in advance. The only way to respect every user’s preferences for privacy, even the unusual ones, is by letting them control what information is used and not make any of those calls on their behalf.