« One-dose vaccine strategy elevates PR over science | Main | Real-life demonstration of the value of statistical controls »


Feed You can follow this conversation by subscribing to the comment feed for this post.

Mirek Długosz

As someone working in IT, I feel compelled to comment on two points:

1. User tracking is usually implemented on client-side code (in browser or mobile app). Backend code usually doesn't have a way of executing such code, as it uses completely different interfaces. Administrative accounts for backend systems usually are not in any way tied to normal user accounts (in fact, backend systems might connect to different user database/dictionary). While backend actions monitoring is not exactly novel concept and I would expect security-oriented company to have it implemented, it definitely is possible for both statements to be true at the same time.

2. Using SMS (which requires providing phone number) was standard for 2-factor authentication some 5 years ago. In recent years, token-based 2FA became increasingly popular. In that system, you first exchange keys (usually by scanning QR code) with your "authenticator" app (usually on your phone), and then use code generated by app to authenticate. Such system doesn't require providing phone number to vendor. Having said that, I have no idea if Ubiquiti supported token-based 2FA.


MD: Thanks for the useful comments.

Reading behind the lines, I see one of the key underlying problems, which is that there exist different technologies to do the same thing, and some of them are better in terms of data privacy (or the lesser standard of data protection) than others - and so the existence of a better method doesn't mean that it has been adopted or it is commonly adopted.

I have an experience related to point #2. For a particular app, I finally set up 2FA after learning about hardware keys a few months ago. In the process of setting that up, I was forced to set up the phone 2FA first. There was no way to avoid it. As you indicated, this experience isn't true in general.

As regards point #1, I'm a fan of client-based solutions. If the data don't leave the phone, that'd be better. And it's even better if the app informs me that no personal data leave the phone. Today's experience is the opposite, though: many apps require users to allow it to do many things that seem to require transfering data out.

I expect people to hold different views because everyone values security, convenience, etc. differently. So having these conversations help readers sort out their own trade-offs. Thanks again!

The comments to this entry are closed.

Get new posts by email:
Kaiser Fung. Business analytics and data visualization expert. Author and Speaker.
Visit my website. Follow my Twitter. See my articles at Daily Beast, 538, HBR, Wired.

See my Youtube and Flickr.


  • only in Big Data
Numbers Rule Your World:
Amazon - Barnes&Noble

Amazon - Barnes&Noble

Junk Charts Blog

Link to junkcharts

Graphics design by Amanda Lee

Next Events

Jan: 10 NYPL Data Science Careers Talk, New York, NY

Past Events

Aug: 15 NYPL Analytics Resume Review Workshop, New York, NY

Apr: 2 Data Visualization Seminar, Pasadena, CA

Mar: 30 ASA DataFest, New York, NY

See more here

Principal Analytics Prep

Link to Principal Analytics Prep