It's data about data. So, still data. The title may be a bit sensationalized ("your data" sound like "all your data", but it really is "some of your data"), but it is not false.
> There's a reason it's not called 'data', is my point.
Is there, actually, in this context? What is the reason you're drawing this distinction? What makes generated passwords 'data', but password reset urls and hand-typed entry names 'metadata'?
What about everything that is expected to be private, can be made private, has security implications for not being private, and has no gains for being public other than "it's slightly less expensive"?
Why shouldn't my password reset urls be private? They are... in the password database I use.
Why shouldn't my database entry names be private? They are... in the password database I use.
Are you saying that these things are metadata in 1Password by virtue of the fact that they weren't secured? Because that would seem like circular reasoning - that you can never leak data, because leaked data is metadata. I don't share your definition of metadata in such a case.
Are you saying that these things are metadata in 1Password because they shouldn't be private? I just plain strongly disagree if so.
Are you saying that these things are metadata because users shouldn't expect a password database to secure them properly? Then I could at least see where you're coming from. But I don't think it makes sense to tie the definition of metadata to that - among other complaints, I think it lets off companies/software that leak your (meta)data off far too easily, and that such word games absolve them of too much responsibility.
I didn't say anything of the sort. I said metadata isn't data and just because metadata is about you/your data, doesn't mean you own it.
I've been intentionally vague so as to discuss this in more macro terms rather than the specific case as presented here, because I feel there's a panicked "deer in the headlights" attitude that comes with talking about data and metadata, and I'd like to try and help folks think a little more rationally around the topic rather than simply "EVERYTHING RELATED TO ME IS MINE AND NEEDS TO BE ENCRYPTED AND HIDDEN".
I regularly forget about how closed-minded the HN userbase is when it comes to privacy.
> I've been intentionally vague so as to discuss this in more macro terms
You may want to lead with that next time - I'm not the only one attempting to interpret your vagueness in-context (that is, in the specific case as presented here) which apparently isn't your intent. Hopefully it'll generate productive discussion instead of a confused chorus attempting to clarify terminology.
> I feel there's a panicked "deer in the headlights" attitude that comes with talking about data and metadata
Are you seeing that in this thread? Or is this more of a generalized feeling of HN? Or of the internet?
I feel like I'm mostly seeing discussions about what specific data was involved, what alternatives are out there, and the severity and history of the problem (which I'm seeing as mostly "not as severe as your initial kneejerk to the title might imply, but not ideal either" - pretty levelheaded and accurate, IMO?)
None of them seemed particularly frozen, unable to move forwards, or panicking beyond the time it took them to evaluate what specific (meta)data was leaking - to me, at least. And given that password databases secure the keys to the castle, so to speak, I'm not sure a little panicking isn't warranted in this specific context.
> I regularly forget about how closed-minded the HN userbase is when it comes to privacy.
If that's in response to this thread, keep in mind that, in-context, the "privacy" many professionals in here are concerned about, is the "privacy" of their amazon account keys, to avoid their servers being subverted into part of a malware distribution botnet. And the "privacy" of their user database - to avoid the reputation hit that comes when all your customer's passwords are cracked, and their inboxes are flooded with porn spam. I think it'd be a mistake to overgeneralize that response.
What you've just done to my comment is common on the Internet, but extremely harmful to an intelligent discourse. I wrote what I did all together because each sentence informs and provides context for the others. In isolation, each sentence may carry a different meaning than if they're grouped.
In the future, remember this when you decide to dissect someone's writing.
The sentences are still grouped together immediately above my post - in your post. This isn't some blog post quoting snippets from some other link, or a book quoting sections from another resource. I also strongly disagree that these things are inherently harmful, if that's what you're indeed saying. They can be misused to harmful ends, to be sure - but what would you have me do, ditch quotes entirely? Quote only entire books? Chapters?
Quoting entire paragraphs may not be sufficient to provide proper context, and especially if being willfully misinterpreted, can be potentially harmful.
But well intentioned quotes, immediately under a post providing them in their full context - which is the case in my post you replied to? I'm hard pressed to see that as distorting your meaning and harming discourse. If you have specific grievances as to how I have, please state them. If my understanding is distorted, there is harm to discourse regardless of whether or not it's visible in the form of distorted quotes.
The many questions I'm asking are my attempts at understanding the context of your statements, to avoid such distortions. The couple that you've answered have clarified some things. A couple more have been mooted by indirect responses. Many others are still relevant and unanswered.
Even now, I'm a bit unsure if you're saying that I've done harm, in the specific post I made that you were responding to - or if you're making vague generalizations again, this time about sentence level quoting on the internet in general. I'm assuming the former for now - but please correct me if I'm wrong. I would ask, but that's clearly not working out for me.
I know, but the website address is still data that I input into the application. My point was that it doesn't only leak fluffy metadata that I don't directly input into the application.
... yes, and that's why your claim that "It's false, insofar that it's not the 'data' you give to 1Password." is wrong. Which was my point.
Also, whatever the unusual definition of data you use that results in metadata being excluded is irrelevant (and it is unusual, look up the definition of data in any dictionary). The important part is that 1Password was not making it clear that it does not encrypt certain parts of the "information" you put into it.
I never said what you're claiming I said, all I said was metadata isn't data insofar that it's not the 'data' you give to 1Password. I never said anything specific was or wasn't data.
And I'm not using an unusual definition of data, that begs the question. My point is just because it's about you, doesn't mean you own it.
Metadata is also not yours in the first place. Data about you or the things you do isn't yours. Does Julian Edelman own the fact that he caught a pass?
How is data stored exclusively on my machines or on my Dropbox account not mine just because it has "meta" as a prefix? It's still data!
Public metadata isn't mine. Private metadata is. And in fact, around here it's illegal to record my metadata, even if publicly viewable - anti-piracy groups have been fined for producing databases of IP addresses+shared files taken from the Bittorrent network.
