Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If you upload your data to a third party without first encrypting it with a key known only to you it is no longer yours.

Everything else is just wishful thinking. Like trying to keep a secret whilst only telling one or two friends.



Now imagine how much Google (Gmail) knows about us. It gets scary very quickly. Even if you are as private as you can, you will communicate with people whose email is hosted by Google.


I think Google Search is much worse than Gmail. You tell it things you wouldn't tell your family or even your lawyer or therapist. And it can infer things you didn't even know about yourself (e.g. you are pregnant or suffering a health condition).


I'm surprised we have yet to see chatgpt records as part of a court case yet, as police have been using searches as evidence for some time now.


even worse....if you use GMAIL you get fraud spam from crooks breaking into the classroom google cloud platform to phish victims....


so much truth in your statement.

I had a recent exchange with Microsoft and a group of CISOs and how it was explained to US by MS is that Copilot relies on existing file sharing security (OneDrive, Sharepoint) to determine what user could receive as feedback from Copilot. While it seems like a reasonable approach to rely on existing controls it honestly sent shivers down my spine. Anyone who had some experience securing MS platforms data sharing knows those become a total mess overtime for large organizations.


I just have to look at my ancient msn account being effectively turned unusable for several (notably: Skype, Xbox) MS services due to being stuck in some limbo between MS auth service migrations (?) to gauge my confidence in their control of user data.... And no, several hours with their support agents spread over several weeks did not resolve it.


Exactly what the article is about.


Your comment seems a bit tangential to the central point of this article which is more about poorly governed sharing permissions in SharePoint.

For what it’s worth, Microsoft does have support for customer keys at their E5 licensing level:

https://learn.microsoft.com/en-us/purview/customer-key-set-u...


This is .. not what GDPR or intellectual property law says.


Their point is that that is wishful thinking. If someone violates the law, which does happen, your data can get out. "No longer yours" in this context means "others may disseminate it without your approval". They may be penalized for doing so, but it is absolutely in their power to do so.


You're absolutely right on a legal basis, but people (and companies) act on a spectrum between "legal", "moral", and "what I can get away with".


Sure.

The law also states that crime is illegal.

I wouldn't walk around Compton late at night with a £5K camera though. Even with insurance.


What a law says and what in effect happens is not really the same. How do you GDPR a data breach? How do you DMCA a data breach?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: