Lately, there’s a new phrase “customer managed keys” used by cloud providers, which sounds really great, but is typically just elaborate hand waiving that ultimately allows the vendor and their staff the same level of data access as if it were not encrypted. Recently Slack made the unbelievable claim on Twitter that their service includes end-to-end encryption (it doesn’t.) SpiderOak customers had been enjoying the impossible for years. In response to customer requests on one of their forums, Mozy explained why it would be “impossible” for a storage service to protect users’ privacy by encrypting the file and folder names customers store in a way Mozy could not read. The deception had been so effective that leading software engineers were shocked to discover Dropbox had full access to the data they had stored online. In 2009 when Dropbox launched, they made misleading claims about the encryption of customer files and their internal ability to access customer’s data or provide that data to 3rd parties, leading to a well publicized FTC deceptive trade practices complaint. Even the most credible journalists writing for well funded publications with fact checking budgets were fooled and repeated these misleading claims to end users. Each competitor claimed that customer data was fully encrypted. In 2007, when SpiderOak launched an online backup product for Linux, Mac, and Windows, the competitors were companies like Xdrive, Mozy, Carbonite and SugarSync. And vendors often exploit the inaccessibility of these topics to make a series of statements that, while often factually correct individually, together create a false sense of privacy. This vocabulary is foreign to most folks. Doing so would require discrimination between: Cloud vendors have been quick to toss it around and unfortunately, it is misleading for the majority of customers.Īt the heart of the issue is the difficulty for end users to decipher the encryption terms cloud vendors use to describe their security. When we saw that Mashable included encryption in their 11 Technologies to Watch in 2017, we were thrilled, but I also thought about the misuse I’ve seen around this term over the past decade. Tech Companies and the Long Tradition of Lying About Encryption
0 Comments
Leave a Reply. |