The Sorry State Of Online Privacy

The Cloud is looming large, offering us ways to store and share our data in ways that were never before possible. We can effortlessly share our documents and photos with our families and friends, while maintaining control over their spread using powerful granular privacy controls. But it’s quickly becoming clear that the cloud isn’t ready for us. Because the services we rely on are letting us down with a frequency that is simply unacceptable.

I’ve been putting this post off for a while, mostly because I didn’t want to point to a single breach and call it a trend. But in only the last two months, we’ve covered at least three major web services that suffered security lapses tied to software bugs or scaling issues. In our posts covering these problems, one of our commentors will inevitably say something along the lines of, “that’s what you get for uploading your data to X service“. And the more problems I see, the more I’m beginning to agree with them.

For a recap, let’s revisit some of the problems we’ve recently seen.

In March I wrote about a bug in Google Docs that would share your files with people whom you’d never given access to. Granted, it would only share these files with contacts you’d previously interacted with, and not the entire world, but this did little to ameliorate the issue – in some cases it would be better to share a supposedly private document with a stranger than a coworker.

Two weeks later, we were alerted to a bug on Facebook that would allow users to circumvent any ‘limited profile’ lists they’d been placed on by their friends. For example, if you had placed your boss on a ‘Limited’ profile list so they couldn’t see your latest party photos, they’d be able to get around it. This ‘exploit’, if it could even be called one, was so easy to carry out that I’m sure many people did it accidentally.

Finally, earlier this week Twitter posted a note to its Status blog saying it was having issues with “misdelivery of direct messages”. In other words, some supposedly private messages were being routed to the wrong users. Given Twitter’s problems with bugs in the past this didn’t come as a huge surprise, but it’s unnerving nonetheless.

When faced with such security lapses, most services try to downplay them by pointing out how few people (relatively speaking) were affected. In the case of the Google Docs issue, Google promptly explained that only .05% of all documents were wrongly shared. But when we’re talking about userbases of millions, even an apparently trivial percentage becomes significant, with thousands of people affected. What’s worse, I’m sure this sort of phenomenon is far more common than we realize. The other services involved just aren’t big enough (or honest enough) for anyone to notice.

So why is this happening? There seems to be an accepted notion among many engineers that as their service scales, there is no way that it will be 100% secure. To some extent, I acknowledge and agree with this. Very smart people are always going to be trying to access valuable data by whatever means necessary, and complex security exploits are unfortunately a fact of life on the web. But that doesn’t mean that it’s acceptable for the service to wrongly share user data simply because of a bug. It’s the difference between having your bank apologize for losing your money because someone robbed it, and it telling you that the teller accidentally withdrew a few thousand dollars from your bank account and handed it to someone else. This sort of thing just can’t be happening.

My real issue with these security lapses isn’t so much about the misdirected messages or the wrongly shared photos – the odds of these being truly damaging really are quite low. It’s that these problems serve to undermine the public’s trust in ‘the cloud’. Once we get past the security problems, having our data immediately accessible no matter where we are is incredibly valuable – and probably inevitable. It’s only a matter of time before our health records are going to be stored online in some form, simply because having instant access to them can be lifesaving. But if the public loses faith in the integrity of their data stored online, or the security measures protecting it, then it could take years to regain its trust.

So what can we do? Though I’ve dabbled in programming for years, I unfortunately am not an engineer by trade (a fact that I’m sure opponents of this post will promptly point out to show that I can not possibly know what I’m talking about). But the answer seems clear regardless. If an application is cracking under load, or is too complex for its own good, then new signups and features should be put on hold until the damn thing actually works properly. The word ‘private’ should not mean “this will remain hidden until we accidentally break something”.

To close, I want to make clear that I understand that these engineers are dealing with extremely difficult problems, scaling their incredibly complex services at unprecedented rates. And I respect the hell out of that. But the more often issues like these pop up, the more the general population is going to distrust the security protections of these online services, no matter how good they eventually become. Which is why we need to sort these problems out now.

Image by Subcircle/Nick Carter, via Flickr