End-to-end encryption is the only foolproof was of preventing this. But if that is not possible, training and audit/alerts is the next best thing.
Training is important because new employees or new college grads might not be aware of truly how egregious it is to view someone's personal data. It really had to be drilled into the culture. By audits and alerts, I mean that if one employee accesses sensitive information, they know that other teammates are getting an alert about it. People do such things when they think nobody will know.
The fact he was able to usually means something is lacking in the backend security. Yes, bad employee, but more encryption and security models are required. Back when I was working on share trading software, this was one of our requirements of the system.
Honestly I'd like to see one of the webmail providers do a decent attempt at gpg. The web migrated from a primarily unencrypted state to an encrypted one - it's not impossible with the right UX.
This is never going to happen because it doesn’t work very well for consumers, and works even less well for businesses.
For consumers, owning the encryption keys means account recovery is impossible when they inevitably lose their keys. IM services can get away with it, because losing your IM history is not nearly as serious as losing your inbox.
For businesses, you’re not going to be able to sell a service that makes filtering impossible. This is bad for consumers too, but an absolute deal breaker for most businesses.
... including spam filtering, which matters somewhat for consumers, too.
Then there's the issue of search - with webmail you have no realistic choice but to rely on server-side search, and the same issue likely applies on phones even when using a dedicated mail app. (And indeed ProtonMail currently only offers meta-data search, but no full text body search)
I didn’t specifically say spam filtering, because there’s technically lots of spam filtering you can do with only metadata. But yeah you’re right, any form of server side content filtering (including search) would be impossible.
The web is _partly_ encrypted in transit. To the point where it hits the closest cloudflare (or other edge) server. From then on it's often unencrypted the rest of the way to the real webserver.
Yes, it would be possible to encrypt email too but it would involve changing every email client and server there is, and there are quite a few of them. And a public key repository for everyone to be able to find the correct key for each receiving adress. Mailing list servers and other group mail would be particularly fun to solve.
Given that you mentioned CloudFlare, they actually encourage using Full SSL (Strict), which requires a valid certificate from the origin server to the edge server. You can also get them to issue an SSL cert for you if you don't want to deal with that yourself. It expires in 10 years by default, but can be revoked easily in case of key compromise.
"Your private key is encrypted with your password. This way your login password receives the status of the private key."
"Your password is never transmitted to the server in plain text. It is salted and then hashed with bcrypt locally on your device so that neither the server nor we have access to your password."
What's stopping them (or being commandeered) to serve you modified javascript which sends them your password, or this being done via an unsanitised email viewed via their web UI?
Having worked for two email companies for over 10 years, I know not trust email providers for privacy.
> What's stopping them (or being commandeered) to serve you modified javascript which sends them your password, or this being done via an unsanitised email viewed via their web UI?
Thinking about this more, the threat model here was an insider. This is something that Tutanota wouldn't be able to prevent with its advertised services given the same situation.
Banks routinely hire hit-n-run contractors to manage systems will low level, uncontrolled, unaudited access to mind boggling resources and eye popping access to private customers info.
Not just contractors. In most parts of the world there will be a 20 year old, with 3 months of "security training" paid less than $1000 a month, running around the data center with keys to the castle.
Everything has to get decrypted at some point, right? I try not to think about what would happen if a Google employee decided to leak everyone's search history.
Wait, what? I knew the part where he wormed Facebook and eventually got hired, but I didn't know that. Do you have a source? I only was able to find the part I already know about.
This is probably a common occurrence in the industry, especially at companies that make money with user data. This is at the core of the issue why the recommendation has always been to minimize data exposure from industry experts.
Even if end-to-end encryption would be applied, there will never be 100% security from administrators and developers. You cannot even reasonably audit these systems with current technologies.
And yes, protected HR and user information will regularly leak into IT departments. If the latter is outsourced to third parties, this means data leaks galore.
The updated Yahoo Finance app is really slick, actually.
It actually makes me wonder WTF happened to Google Finance? Why did they essentially abandon it? Charts just show up at the top of the results page but there's no dedicated site anymore.
The fall of Google finance is astounding. You can go to https://finance.google.com and search for "Slack" with no results. You can search for "WORK" (Slack's stock symbol) with no results. You have to actually type "NYSE:Work" to have it show up in the search results. It's astonishing.
Agreed, Google Finance is garbage. I talked with a Google recruiter and asked if there were any positions at Google Finance, and she thought I meant in the Finance department, not on that particular site. There's so much that can be done with it, and Google has abandoned it.
Simply- google has outgrown it. No inside info but it’s unlikely that finance.google.com will ever grow past $xxx million/billion revenue per year, so its more profitable for google to keep rolling the dice on chat services.
Compare Google Street View with Apple's "look around" feature. Night and day. To be fair I haven't looked at street view recently, and Google's coverage is better for now.
Or Gmail spam filtering... I can't even begin to fathom what they are thinking, whoever is in charge of that. I mean really... they have the privilege of working at Google? And... really, that's the level of effort and quality they give us, after 20 years of time with the problem?
Yes I know it can be a hard problem, and an arms race, but the level to which they are utterly falling down with good signals in the data, like the fact that I explicitly signed up for and sometimes read and reply to a mailing list, is mind boggling.
With Google in particular, I feel like you can tell when a new lead takes over a product. I imagine leading a product is a career move at Google, people move on and new folks take over, diluting the original vision of simplicity, functionality and magic of early Google products.
In Google Maps on Android, the status bar is now transparent, and important information like clock, battery status, connection quality and incoming messages are now drawn on top of the map. I'm sure that looks great in a presentation but now those little icons have little, and varying contrast and are hard to decipher.
In Youtube in the browser, I have autoplay disabled. Every time I log into Youtube (after a reboot), autoplay is enabled again.
Especially amazing since it used to be pretty good. The former codebase must have been an absolute mess for Google to throw it away in favor of the garbage that exists now.
Working for Pentagram seems sweet. Huge cool designer cachet despite the fact that all you do is redesign logos and branding for incredibly uncool legacy corporations
I realize you're posting this in jest, but I actually prefer AOL for this. They're one of the only major providers that will still let you sign up without providing a phone number. And, like Yahoo, I'm kindof amazed that they're still around.
I'm starting am engineering job at a FAANG in a few weeks. They already had me sign something agreeing to not do anything with the data of someone I know in the course of my work, told me access is monitored, not to make actual changes to people's accounts because hacking isn't distinguishable from admin changes by users, if something accidentally happens, notify a specific group so they can reach out to the user.
It feels like they take privacy really seriously, but at the end of the day, yes, employees do have access to your data, so before giving any company your unencrypted data, think hard about it.
Because I used an extremely long password and I used the same password for my gmail and iCloud. And none of them were touched or accessed based on ip access history.
It's sobering to think about this in tandem with the fact that people in the IQ bracket for “engineer” tend to get away with crimes.
Honestly, though, at least this can be turned into a concrete example to shoot down “if you don't have anything to hide...” and the like. The banal, lascivious panopticon elicits a real disgust response that might be moving, as opposed to the “shut up you alex jones weirdo” that sticks to talk of the NSA no matter how many Snowdens happen.
This is even more troubling because smart people are less likely to be caught.
At least, like Snowden's leaks, this is proof that privacy extremists aren't conspiracy nuts, and hopefully it will open a few eyes to the real danger of giving up privacy.
Other comments are right: stop using big words and write plain sentences.
I think it's pretty presumptuous to think a world salad went "over" any of our heads, when a simpler explanation is that the point was obscured by unnecessarily complex language.
English isn't even my first language, so if I have no problem parsing that, it's possible. Even if something is "unnecessarily" complex, what necessitates knee-jerk responses or downvotes?
> so if I have no problem parsing that, it's possible
That's still assuming your interpretation was what the writer intended. As a native English speaker, I can tell you that it's not 100% clear.
> what necessitates knee-jerk responses or downvotes?
The meaning of a down vote is not defined by HN itself, so it's personal. For me, I use it based on value. I up-vote comments that add to or improve the discussion. I down-vote comments that add nothing.
I did not down-vote the root comment here. I replied because I found the content to be locked away by the presentation, and the content seemed to be a worthwhile part of the discussion of the article.
You got me. It wasn't a 100% faithful translation.
I removed "engineer" because it's not necessary to the broader premise that more highly skilled people tend to be both more trusted in our society and more likely to know how to get away with a crime.
I didn't translate "banal, lascivious panopticon" because it was it's one of those faux-profound images that adds very little.
It's hardly revelatory to tell HN readers that people are troublingly comfortable with constant tracking by corporations and governments.
Presumably, this person is airing frustration with common responses to privacy oriented discussions he or she has experienced as participant and/or vicariously. He or she has characterized them ending in ad homenims, whereby the privacy minded individual is construed as politically or intellectually unmoored, similar to Alex Jones.
Spedru posits the covert and exposed deviants within companies, that we've exchanged our data with, are another style of entity (besides state actors) that we ought to strive to deprive of access to that data.
At least, that's as charitably as I can characterize the comment.
Yes. This is exactly what I meant. Didn't mean to come off as obscure, sorry, I'm a little out of it and English isn't my best language on a good day. I meant to tack a “distributed” onto that “panopticon”. A bunch of perverts scattered around tech companies might make for a convincing “actor” to bring up to ordinary people who think talking about government agencies is too crazy-sounding. As for the intelligence bit, I mean to say, “engineers are typically high-IQ, high-IQ people get away with crimes, imagine how many creeps have gotten away with this sort of thing and we'll never know”.
That how smart people can get away with these things and employees can see your images could be a wake up call for taking privacy concerns seriously I think
Training is important because new employees or new college grads might not be aware of truly how egregious it is to view someone's personal data. It really had to be drilled into the culture. By audits and alerts, I mean that if one employee accesses sensitive information, they know that other teammates are getting an alert about it. People do such things when they think nobody will know.