Yandex.Food and deleting your orders from the service is an attempt to whitewash yourself


The problem of personal data suddenly becoming public is not new. In the beginning of March

Yandex leaked user data"Yandex.Food", then data binding to the map appeared, in a convenient form it was possible to search for a person's phone number, see which addresses he ordered food and in what quantity. The company apologized to the victims, but they did not pay any compensation, it’s too bold to apologize for your mistakes. Usually, Yandex issues coupons for discounts with every mistake, trying to somehow make amends for its jambs. But in this case, the number of victims was so large, and the company is so bad with finances, that a strong-willed decision was made to simply sweep the story under the rug. I will not procrastinate the beginning of the story again, you can remember how it was, or read our material.

Data leakage in the Yandex.Food service is a problem of personal data

Data leakage in the Yandex.Food service - what you ate, how much you spent, where you live. And all this in a convenient form on the map.

During this time, I heard several stories about howthe secret became clear, relations between people crumbled (“Where did you order sushi every Tuesday at 8 pm, did you go to the pool?”). The fine for data leakage for Yandex amounted to an impressive 60 thousand rubles, while there is no information about hearings on claims against the service from the victims, considerations will begin in mid-July, and I think that it will open in all its glory as far as the state supports Yandex and does not support affected citizens. Although I would like to believe that fair compensation will still be awarded to everyone who suffered from this data leak. According to various estimates, claims were filed by from several thousand people to ten to twelve thousand victims, it is extremely difficult to accurately estimate their number. But in any case, this is a significant amount of claims, and even if we consider that in theory everyone can receive compensation of 20 thousand rubles (the maximum compensation in such cases is up to 50 thousand rubles, but it is hardly achievable), then we will get a spread of payments from "Yandex" from 40 to 240 million rubles. In Yandex, of course, they don’t want to pay, they proved it with all their actions. No compensation, they themselves are to blame for using Yandex.Food.

The image impact on Yandex is unprecedented,superimposed on all the problems of the company, which are only growing. In the absence of a sane PR service, a strategy to put out fires that constantly arise, Yandex looks like a punching bag. The only thing that the company knows how to do is post bravura messages in various media about how wonderful everything is.

To partially extinguish the fire with Yandex.Food" and data leakage, the company came up with a brilliant move in its own way - to tell that they created a tool that allows you to delete all your data about orders, delivery address, and so on.

Data management takes place in Yandex ID, withsummer 2021 there are more than a dozen services of the company. But the company was in no hurry to add the same "Shop" or "Food", since there was no point in this. Why? The answer lies on the surface - this data in Yandex must be stored for a certain time, they cannot be deleted at the request of the client.


Affiliate material

Reality and prospects of the IT professions market

What professions are the most popular and highly paid?

Saturday coffee #206

Pour a cup of invigorating Saturday coffee andcheck out the news of the week. Telegram Premium has become available to everyone, VK have taken up their services, a new car brand is coming to Russia, and in January we will see Cheburashka in the cinema…

Full tank #14. Lexus ES350 F Sport test

Saturday, which means it's time for our automotive column. Today we will talk about the seventh generation of the Lexus ES business sedan, a roomy, quiet and calm car from the Japanese manufacturer.

Books. Thomas Hein, "Total Packing"

How packaging has changed product marketing and become a value in its own right. An amazing book, simple and profound at the same time.

Now is the time to ask: how so?After all, such a large corporation, the leader of the IT market, cannot issue press releases about something that does not really exist? Are they cheating with us and showing us not quite what we have?

Let's figure out together why in Yandexcreated a "tool" that de facto removes nothing, and that's what it looks like. So, let's start with the fact that the leak in Yandex did not occur due to some external influence, all the data was "taken out" by an employee of the company, that is, a person from the inside. We were promised that this would not happen again, inside the company they strengthened data protection, limited the number of those who have access to them. But this does not at all guarantee that some regular Yandex employee will not be able to repeat such a trick and our data will not appear somewhere on external resources. Such a guarantee cannot be given, and such a situation is observed in any large company, it is almost impossible to protect yourself from a person inside. One can only hope that there are more adequate people than those who, for some reason, crap in this way.

I don't like what's in Yandex instead of a solutionreal problems give the appearance of such a solution - a false sense of control over their data. That is, the company promises that you can delete Yandex.Food order data in the service.

In fact, records of your orders are deleted, whichyou see in the application, but all information about them continues to be stored on the company's servers. How so? We were promised that “Data deletion is an irreversible process. If you delete information about orders, you will no longer be able to see recommendations of your favorite restaurants and dishes in Yandex.Food.” Get a grasp of what is written, it is precisely formulated, and then your problem is that you interpret the text the way you like it. If you erase the data, you will not be able to view it. Not Yandex, but you.

The good old misrepresentation thatare always used in Yandex. You erase your data only for yourself, worsen the service for yourself and create for yourself the illusion that you are in control of something. Recall that in the Yandex.Food data leak, for most consumers, there were orders for the past six months. This is the period during which Yandex.Food stores data about your orders. Why such a period?

Let's look at an excerpt from Yandex's description of what they should store. You can find this text here.

We are interested in the phrase “Some data on transactions, for example, on making a payment or purchasing goods, Yandex may store during the statutory limitation period.”

In "Yandex.Food, you pay for your order, courier services and a service fee, we had a separate material about the latter, soon companies will need to justify its existence, while the court is on the side of users.

Service fee - a penny from each, millions in your pocket

Why food delivery services charge a service fee, where did this money come from and why you don’t need to pay it. Court decisions and reactions to company extortions.

Yandex cannot delete this data, sincethe minimum limitation period for services provided by Yandex.Food is six months. And if the user of the service goes to court within six months after the provision of the service, then Yandex is obliged to provide the documents that are on his side. And such documents include the cost of payment, delivery address, list of goods sold, and so on. That is, it is no different from the leak that happened in March 2022. And the Yandex employee who organized that leak would almost certainly see exactly the same data today, since they are apparently stored in exactly the same form.

So why promise data deletion?To calm the indignant users, give them an imaginary tool for managing their data. Look, we care about your safety, you can delete all your orders yourself. The only problem is that after the same six months, these orders are already deleted from the service, and during this period they must be stored, since claims against Yandex.Food are possible and the description of the orders is simply necessary to work with them. I sincerely doubt that Yandex is breaking the law and simply deleting orders from everywhere. If you imagine such a possibility in theory, then this is a huge loophole in order to sue the company and get a tidy sum from it, no one has canceled consumer extremism, and a company like Yandex knows this firsthand.

No one in Yandex explains clearly and understandably,that the company is compelled to store such data. It would be possible to tell how data protection was improved, access to them was limited. But the initial leak was related to a company employee, and all these stories would not have had a noticeable effect, but then they came up with this move - you manage the data yourself. For those who are especially anxious, they gave a button that you can press and get a sense of security, so that the person believes that he did everything right. It's like buying shark insurance for those who go to Australia and don't even want to swim somewhere far from civilization. Insurance that does not protect, but only calms the nerves that you have done something about a potential threat.

I think that you should always know howreal world. And here Yandex plays a bad game, as it creates the appearance of protection, but in fact cannot provide it. And if another data leak happens, then the company will look very pale, and there will be nothing to fix here. Will such a data leak happen? Almost certainly, the punishment for companies is too small for them not to continue to be so nonchalant about protecting user data.

Data leakage in the Yandex.Food service is a problem of personal data

Data leakage in the Yandex.Food service - what you ate, how much you spent, where you live. And all this in a convenient form on the map.

Personal data and its leakage. How to protect your data

Large-scale leaks of personal data, whether we can protect ourselves or not; why many data are critical - the entrance ceases to be a closed space; HIV tests and other aspects of our data.