I was recently looking at the dashboard of my hosting account and discovered my password displayed in cleartext (it was masked, so one can assume it was safe and sound). When I raised the issue with them, they simply said it was for their support to be able to help me debug issues if they arise, as it were a normal practice. My point is that we don’t even know how websites store our passwords. In years of development I have had the misfortune of working with sites that stored them in cleartext or unsalted md5. We trust our data to companies without basic due diligence or presuming they would apply at least some common sense to dealing with our personal information. Sadly, the reality is that we shouldn’t trust anyone to do right by us online —privacy aside, software development by overworked and underqualified staff is a reality of an evergrowing demand fueled by one-day bloomers of the start-up world. Propelled by lack of basic technological aptitude in management and marketing, with big shiny ideas, unrealistic deadlines and anxious investors, it becomes a disaster of global proportions.