Skip to main content

Misinfo

Cloud market leaders are sometimes misleading their customers.

Of course, companies like Microsoft/Google/Amazon will claim privacy and security is important to them, and make misleading statements, but if you look at the small letters around their service levels it turns out not to be such a great story.

Just one example: AWS Quotes on its website:

When evaluating the security of a cloud solution, it is important for you to understand and distinguish between the security of the cloud, and your security in the cloud. Security of the cloud encompasses the security measures that AWS implements and operates. We are responsible for the security of the cloud. Security in the cloud encompasses the security measures that you implement and operate, related to the AWS services you use. You are responsible for your security in the cloud. For more information, see the AWS Shared Responsibility webpage.

This is not shared responsibility, this just means, we Amazon take NO responsibility.

Please do note that it's often not even in their control. People using these services are making it insecure by design. Many computers and mobile phones are hacked and make the information accessible to others. Centralized designs are simply more unreliable and unsafe.

Some would claim that even these large organizations like Google are not safe themselves and do not mind making information available. Allow me to not take an opinion here, it's just my intent to show you this possibility.

Many security & privacy claims are void

Often the claim from a company and reality do not align. E.g. WhatsApp claims that the encryption protocol they use between the WhatsApp applications is end2end encrypted, which is probably true, but the reality is that the application itself is leaking information to centralized servers. This is unfair and misleading information. Most application claims do not correspond with reality. e.g. https://www.wired.com/story/whatsapp-facebook-data-share-notification/