We'll have to disagree there. I'd be very surprised if
they did any more than looking at their log files
I'm probably a little less trusting on this. An admin seeing the filename in the logfile and just calling its URL out of curiosity seems like a very likely scenario to me. They said something like "...and it was a picture of a cat", not "...and it was named cat.jpg".
How does looking at individual files help to confirm that things are working?
Not in this case, but having access to the file storage system per se is common and useful.
But I didn't write that post because I wanted to plug Tarsnap;
I understand. The combination of pointing the finger at someone for wrongdoing and then asserting your own superiority seemed inappropriate to me though. I understand where you're coming from, but I also believe to you the world is now full of places that should have client-side encryption, when in fact I don't think this is a good fit for what 37signals does at all.
I wrote it because I saw the trust-is-fragile post on HN
Daily and felt that revising their privacy policy wasn't
the right response.
I'm not a 37signals user, and I haven't read their policy. I agree that changing the policy following this incident is very bad timing, but I think this maneuver does correct an unreasonable expectation users might have.
I don't think [client-side encryption] is a good fit for what 37signals does at all.
I'm inclined to agree with you. That's what I was getting at with my "even if 37signals doesn't want to offer cryptographically secure storage, they could at least remove the temptation to look at file names in log files by not writing sensitive information to log files in the first place" line.
I think most computer-savvy people, looking at a file called "cat.jpg," would make the leap to "it's a picture of a cat." The name is practically just a compressed version of that.
That was actually exactly the alternative I had in mind, an icon for a catalog feature in some sort of application (though a PNG would have been more likely.)
