> The is absolutely no veil between the hypervisor and the guest virtual machines. Not in the EBS either.
This is 100% true. To do any useful computation on your data (read, what you're using all AWS for) they have to have 100% visibility into your data.
> If they say they won't read your data, better trust them. If you don't, stay away from their datacenters.
That's it, right there. All of this is based on Trust in Amazon, not some technology that provides any assurances, much less proof, they're not looking at your data.
They can pull the curtain off anything you're running in their cloud, at any time they feel like it. It has to work this way for AWS to be of any use, and by using AWS you're implicitly trusting Amazon with your data.
This is a similar level of trust that you give to banks not to seize your money, or to your bodyguard not to do you physical harm. Stealing data from a customer paying for hosting would be _very_ different, and much more scandalous, than identifying trends on a competitive marketplace and taking advantage of them by launching competing products.
If a bank were to seize your money, you'd notice, because you wouldn't have that money anymore. And it would be very well documented, leaving a clear paper trail to a criminal conviction and a civil suit. If your bodyguard did you physical harm, you'd notice, because your knees would hurt. And there would be ample evidence for a criminal case. If amazon copied all your proprietary data, you would almost certainly never notice, no criminal law would apply, and you'd have a hell of a time proving it in a civil suit.
It's the difference between breaking into a Walmart with a ski mask and assault rifle and stealing a bunch of blu rays vs recording the HDMI out from whatever device you stream Netflix from. They're not the same thing at all, either in terms of harm done, applicable criminal law, or ability to build a compelling civil lawsuit.
> If amazon copied all your proprietary data, you would almost certainly never notice, no criminal law would apply, and you'd have a hell of a time proving it in a civil suit.
For a thought exercise, let's play this out.
Amazon copies data running through VMs (or grabs it from storage).
Let's assume it isn't on hardware certified for capital-letter processing [1], most of which require regular third party audits.
So they have your illegally-obtained data [2], which presumably they want to use to make money.
Except they can't leave any record of its source, in any documented form. This includes server logs, data transfers, emails about data, meeting minutes about data.
So they create some isolated network, run by a third party contractor, that transfers encrypted data from the taps to a store, then decrypts. All of which brings us to the most difficult part.
Who does... what with it?
The source data itself is radioactive. Who knows when "pricing strategy for company X" or obvious equivalent might pop up in the stream?
So you... what? Exclusively touch it via algorithm that outputs only aggregate information? How do you possibly code and maintain that pipeline, sight unseen?
All while risking an incredibly profitable business.
Or, you know, you just operate as an honest IaaS provider and make $10B in revenue / quarter with a 25% growth rate...
Sometimes you can learn a lot from the metadata without actually looking into the actual data stream. For example, if B&H was hosted on AWS, Amazon could deduce the effectiveness of their holiday sale tactics by looking at the overall page traffic, DB writes, etc. These metrics are already recorded by Amazon for billing purposes and someone stealing a glance at them would likely leave zero evidence.
I thought Amazon was already organizationally constructed in very small functional units which each are encouraged to export their units "interface" in an formal way. Is the source data traceable if it becomes anonymized product sales samples exported to apis that mix into a pile of legit data and all fed into some sales analysis engine?
The unit could be the "open sales modeling unit" that just supplies one data feed among thousands.
You overestimate the competency of short-sighted individuals anxiously striving for a seat closer to Bezos, ie thinking for themselves versus the organization. Ironically, I wonder if such news actually motivates some PMs to ask around...
> Except they can't leave any record of its source, in any documented form. This includes server logs, data transfers, emails about data, meeting minutes about data.
They can certainly take the risk. If crimes only happened when there was a 0% change of getting caught there would be no crime.
You're right that they are different, but maybe not as different as you think they are.
> If amazon copied all your proprietary data, you would almost certainly never notice, no criminal law would apply, and you'd have a hell of a time proving it in a civil suit.
If Amazon were doing this and profiting from it, that would essentially be a criminal conspiracy that reaches to the leadership of the company. Is it possible? Sure. Is it likely? I tend to think conspiracy theories are rarely true. Would it be caught? I believe it would likely be caught.
Companies get things done by having meetings, informing their hierarchy, and following executive decisions. In what meeting do you imagine this being discussed? Who floats this idea, and who signs off on it? I just don't see it happening. And if it does, I expect whistleblowers to put a stop to it.
Criminal conspiracies by corporate execs are not all uncommon in the history of business and presuming that you can't possibly run into one because you personally haven't is taking an unnecessary risk. One thing due diligence is supposed to look for is criminal behavior. This is not because they never find it.
This is even more fallacious- the only thing that unsourced opinion proves is that certain types of criminal conspiracies that are uncovered are deemed sensational enough to sell news services. It says nothing about the commonality of successfully covert conspiracies nor about the frequency of uncovered ones that are hard for the general public to understand/care about.
Oh what else can I think of off the top of my head? Uhhh...
That's all I can think of for right now. I mean we can hit the history books or case law to get a solid count I suppose, but to be frank, once a company hits a certain revenue point, it is pretty much guaranteed they've had to do something to get dirty/avoid getting outed as dirty.
So it really isn't that unusual. Throw in stuff that happened back before the rise of the Unions of the last century, and since their decline, and you also end up with so.e decent stories of workforce abuse. Though admittedly there's slant depending on who is telling it.
I know of a case of fraud in oil well lease payouts, someone was stealing a small from a large number of leases and had been doing so for years.
A company auditor caught it. Did they go to the police? No. They paid the guy to leave the company and never talk about it again. The guy might have stolen hundreds of thousands in the process, but the company knew they'd lose millions, just from clients demanding audits going decades back. It was easier and cheaper to cover up and never mention again.
Much like typical crimes, only a subsection of company malpractice comes into public view. There's a few major scandals per year from the largest and most publicly known companies.
The very least we can say is that company malpractice is more common than it appears, unless 100% of it is reported on.
You misunderstand. That is just what I keep in my head and have been accurately tracking and commiting to remembering in the last 5 or so years.
As has been mentioned as well is that governmental/regulatory apparata are typically starved of funding, so must limit their investigation/scrutiny to likely the most obvious cases.
Furthermore, if you've just entered into white collar circles these last few years, you may have been surprised at a tendency to not write things down. This isn't just people not realizing it is a good idea to do so, but a conscious decision in many cases due to eDiscovery, and the effects it has on provability in a court of law.
Pay attention on HN, and you'll get little snippets of other cases of "tribal skeletons" every now and again.
Anyway, by all means, I'm not necessarily arguing against your point; merely stating that given the sample size, and keeping in mind that regulators/the media can only dig up so much muck given limited manpower; it is not prudent to assume there isn't wrongdoing where no one has looked yet. I used to hold the same view you espouse; then I started A)cataloging things and B) noticed how often settlements seem to be applied with no admission of wrong doing.
Absence of evidence does not imply evidence of the non-existence thereof. You just haven't found it yet.
Can't believe I forgot about Wells Fargo, btw. That whole mess.
Mind that that's only the ones. I assume CFPB and other commissions have similar, but do keep in mind they can't be everywhere or investigate everyone. So without stats on how many actions are dropped by prosecutorial/investigator's discretion, it is actually difficult to make really solid claims as to the actual frequency of malfeasance. Further, from my social circle's anecdata, it seems to be a safe bet that just about every organization at least has something in the the way of "muck they've cleaned up after" without getting authorities involved.
as sibling comment author mentioned, look at dieselgate. it was huge conspiracy against emissikns regulations and they did it relatively well for multiple years. and it’s not like it’s simple hack in software. this solution required manufacturing additional special purpoce devices, adjusting assembly line, engineering and so on. definitely it must have some design stages, testing, actual implementaion done.
main thing here is that in big corps you can divide big (evil) task into smaller steps which could be defined as non-evil in isolation, and nobody in actual implementation people crowd would understand big picture.
For one, banks are far more regulated than Amazon is. If governments funded departments with 10s or 100s of thousands of employees monitoring and regulating cloud computing services, then it might be similar.
But the most significant difference is that if the bank seizes my money, I'll know about it pretty quickly and can respond. If Amazon sniffs through my commercial data, I'm unlikely to ever know. Most people are far more tempted to do wrong if they know if the chances of getting caught are miniscule.
Banks mightn't seize your money. They certainly take the data from your bank accounts and monetize/resell it. This is a dirty secret, and pervasive.
How else do you think "closed-loop" measurement of marketing effectiveness, and retargeting based on purchase behavior are done? How else do you think suppliers can pull a D&B report on your company showing your bank account balances?
Banks definitely seize your money. When I was a young teenager my parents encouraged me to put my lawn mowing money in a bank account. I had a total of $100.00! We went over to Bank of America and I opened up an account and deposited my hard earned cash. A month or two later I tried to withdraw some cash and was told I had no money. My full $100.00 had been consumed by insufficient balance fees.
A valuable if painful lesson to learn. I still do all my personal banking with a credit union and consider my relationship with banks to be adversarial. They only own my debt, never my cash.
Actually it's not _that_ uncommon for guards to be involved into the business of braking in into high profit buildings. At least in countries with partially undermined police/law systems. Which sadly applies to most countries of the world even first world countries where people normally don't think about it.
Or your commercial landlord to not send the cleaning staff to rummage around in your filing cabinets. Which, while it could happen, is something that people don't really seem to get concerned about.
Don’t let anyone chastise you for this. Most desk locks are easy to pick. Also, there are like 3 keys to have on your keychain to open like 80% of all manufactured locks like the ones in furniture. Deviant Ulam, a pen tester, gives a lot of talks on this topic.
I pick my battles, I’m not going to complain about a policy unless I think it could really hurt people. If I complained about everything i think is dumb, I’d never be able to keep a job, because most of it seems dumb to me.
No the reason for these types of structures is simply to prevent passive leaks of information which is a far more common occurrence. Any large business is frequently visited by vendors and agencies who also work with others in the industry.
Similarly, if you're presenting externally, it's a good idea to close open applications that are not relevant to prevent info leaks from Alt-Tabbing.
Actually having a competitor pay someone to come into your office to pick locks etc. is rare, comes with criminal liability and is easily detectable on security cameras.
Most "crimes" of this sort would be stopped by simply locking the drawer. Nobody believes that a simple desk lock would keep out a determined attacker.
> This is a similar level of trust that you give to banks not to seize your money, or to your bodyguard not to do you physical harm.
That's not true. I surely don't trust banks, but at least they're regulated to the point that they have to come up with some legal pretense for seizing my funds. A bodyguard is ostensibly a person who I've incentivized more than the competition to not harm me, and who I probably form a relationship with over time. None of these things are true of Amazon.
> Stealing data from a customer paying for hosting would be _very_ different, and much more scandalous, than identifying trends on a competitive marketplace and taking advantage of them by launching competing products.
What part of using data that you have on your competitors but they don't have on you, to sell competing products on a platform where you don't have to pay fees but they do, sounds like a competitive marketplace?
I don't disagree with any of what you've said. I just think that many people are ignorant of that being the case with Amazon, Facebook, Google, etc because they assume 'Well Technology must have solved that'.
Then again, compared to the average bear, maybe I'm unusually circumspect when it comes to all of those things.
If for example I'm fully on amazon AWS for everything, DNS/DB/Web then no matter how encrypted your data is Amazon still has a very good idea of the effectiveness of your campaign. You can't hide the number of DNS queries. You can't hide the number of TCP SYNs. Hell, there is just a huge amount of things that encryption does not cover up, especially involving time for particular transactions to occur.
Don’t be obtuse. Observing some encrypted traffic going in and out gives away some info, but it’s nothing like the email addresses, addresses, names, and order history of all of your customers.
Amazon, if they wanted, could read stats from Netflix’s database about which movies drive the most engagement and use that to determine what to license for Prime video.
It’s the difference between root on the server and capturing encrypted packets on a network.
How about snooping the traffic through a load balancer service managed by AWS? That's exactly 'identifying trends on a competitive marketplace and taking advantage of them by launching competing product', except that instead of looking at sales data of products on your shelves, you look at URL access patterns for sites hosted on your platform.
If AWS used Intel SGX, then it would be possible for them to offer VMs that ran inside of a secure enclave that AWS could not peer into as long as Intel didn't give them a backdoor.
(Well, it seems like SGX is insecure right now with all of the CPU vulnerabilities, but in principle it may be fixed in a future generation and be well-suited for this.)
The fact that you wouldn't have to trust your host specifically could have a real decentralizing effect for cloud hosting: people would be able to run stuff on any cloud host without needing to trust them much. If you just wanted compute power and didn't care about strong uptime/connectivity, you could even safely rent cheap VMs on computers of random individuals.
I'm aware, but thanks for posting nevertheless. I've actually read Gentry's thesis. Last I looked into FHE though it was something like 14 times to 100 times as inefficient (either in time or space depending on the scheme) as operating on unencrypted data.
Now things may have changed since then, but I'd imagine it's not yet gotten down to 1.X inefficiency multiplier regardless of the FHE scheme you're using.
That would increase their computation costs by a fair bit, it would be more expensive to run the same amount of computation on their cloud using fully homomorphic encryption, even without taking the engineering costs on your side into account.
This is 100% true. To do any useful computation on your data (read, what you're using all AWS for) they have to have 100% visibility into your data.
> If they say they won't read your data, better trust them. If you don't, stay away from their datacenters.
That's it, right there. All of this is based on Trust in Amazon, not some technology that provides any assurances, much less proof, they're not looking at your data.
They can pull the curtain off anything you're running in their cloud, at any time they feel like it. It has to work this way for AWS to be of any use, and by using AWS you're implicitly trusting Amazon with your data.