Or for that matter someone who isn't an employee at all. Unless they're claiming they have figured out absolutely perfect security such that they can never be hacked or compromised. Or isn't an employee/manager right now, because the thing about companies is that they tend to grow and die, management changes over time, they get bought, etc. That's the human condition, we don't live forever.
Really it's just a LUDICROUS statement to make. This isn't the 1980s, we know how tech works. We've seen tech companies around long enough for heroes to become villains and even heroes again, to watch all stages of lots of lifecycles happen over and over again, all the good and perverse incentives that can take place. To watch, well, decades. Just raw time. Even without centuries as in some industries, some basics are pretty clear at this point and one of them is that absolutely nobody can claim that data they have access too will "never be used" in one way or another given the pace of change and uncertainties of finances and even law.
Notes tend to be things where people put in sensitive stuff, if only for scratch purposes. It's just inevitable, humans are humans. Or put in stuff they don't think is sensitive but who they're wrong, even security agencies can screw stuff like that up. A notes are a tiny amount of data by today's standards, handling everything client-side is not a big ask. So yeah, kind of a wow.
Edit: another top conversation on HN literally right this instant is "“10% error rate is okay“ – Leaked EU Commission document regarding Chat Control"[0]. What happens when the law is changed such that all notes must be constantly scanned by AI for signs of criminal activity?
> Or for that matter someone who isn't an employee at all. Unless they're claiming they have figured out absolutely perfect security such that they can never be hacked or compromised. Or isn't an employee/manager right now, because the thing about companies is that they tend to grow and die, management changes over time, they get bought, etc. That's the human condition, we don't live forever.
Exactly. The perception I have is that when you subscribe to a non-E2EE service, you're not subscribing to a service. You're actually placing a small bet on the service to: always keep all serverside components up-to-date, proactively monitor for vulnerabilities, proactively implement security controls at the company and technology level, always hire the absolute best engineers, etc.
The problem is that every startup and every company always starts like this. Everyone has the best of intentions. Then the tech debt accumulates, the VC funding dries up, and time goes on. When the service is going to shut down, after being acquired, after being sold, or after being successful, will the serverside security still be perfect?
You have two options: don't store anything sensitive in these services, or assume perfection. I definitely won't bet on the latter.
> Our team will never read or access your note content, unless we have received your express permission during a customer support interaction
So, where is this available? Services with this security property are illegal in the US, and most other countries. (Warrants and bankruptcy courts are two reasons.)
In most currently widely-used E2EE systems isn't the provider in control of the client anyway, and thus there's not really any protection against rogue employees? If I'm in control of the client and I'm encrypting all my data before I send it to the cloud storage provider, then sure, I'm safe against rogue employees at the provider accessing my data (although they could still delete it). But the E2EE systems I'm aware of consist of a provider distributing a client that promises to encrypt data between that client and the provider's servers, but not in a way that makes the process easily auditable by the customer.
I don't know how you do things where you work. But a rogue employ making changes to the product, then wide releasing it or releasing it to anybody is not something you can just do.
And if you did somebody would quickly notice and you might go to prison.
That a pretty high barrier to entry compared to just having admin access on the db.
Of course I'm not suggesting that service providers shouldn't have robust processes to protect against rogue employees. What I'm suggesting is that from the customer's perspective, if you're running a client that was distributed to you from the provider, you should be just as worried about a rogue employee putting something malicious in that client to e.g. compromise the E2EE as you are worried about a rogue employee reading your unencrypted data on the server.
Either naive or dishonest. Can't tell which is worse.
The reason end to end encryption exists is to cover the cases which you can't plan for.
For example a rogue employee reading the notes of their partner.