The trouble with platforms

2020-09-27

Airbnb has had caching issues which resulted in some accountholders seeing other accountholders’ inboxes.

As usual for these kinds of incidents they say that a limited subset of users were affected. The obvious point is that as only those who were actually visiting their accounts would ever be exposed to the situation it is probably literally true that it was only a subset of users, but that’s only by pure good fortune. It could actually be 100% of visitors to their account inboxes, but that group of people happens to be a self-selecting subset of all account holders as not everyone visits those pages.

Nevertheless, this isn’t about Airbnb but about platforms as a whole. Which for these purposes means Airbnb, Google, Facebook, Pornhub, Medium, Outlook.com, Instagram - you get the idea. It’s a loose definition, and you may argue that ‘platform’ is the wrong word, but it’ll do for the sake of my point.

Which is that the worrying thing about platforms is that, no matter how good their techies/software/infrastructure/testing/whatever, all it takes is for one little thing to go wrong in an entire stack of interconnected software and hardware, and suddenly there are issues. There is often no such thing as genuinely safe data (even when it is encrypted, as the platform still needs to be able to decrypt it).

The general public are not developers and have a naivety when it comes to tech and privacy (observation not criticism; my knowledge of areas outside my own expertise is probably similarly lacking).

How happy would the public be if they really understood that the difference between their information being kept private(with it’s myriads of public/private settings, two-factor protection, encryption, and so forth) and a breach could be nothing more than a single bit/byte flag somewhere being incorrectly set.

They naively imagine that private stuff is kept separate, as if the digital version of a vault is somehow similar to a physical one. Years of private social media use, porn habits, banking records, the whole lot is as fragile as one bad line of code or dodgy cache or misconfiguration slipping through the net.

Our future privacy is extremely fragile, even when entrusted to the best of the platforms (not specifically meaning Airbnb here).

Only trust a third party platform with what you are happy eventually being made public, no matter how private/confidential it really is. Or use services that strongly encrypt in a way inaccessible to them and hence not exposable by them.