Unless you are using a service like tarsnap, your admins can and will peek at your data. If you use a service like tarsnap, and you lose your password, your data is deader than disco. Pick one - security, or an admin who can save your account.
And while it's theoretically possible to develop a rich web app without seeing user data, it just doesn't happen. You need realistic data to do testing. The most realistic data you can possibly get is your user's data. Guess what 99.999% of websites use for testing?
If you have sensitive information, use good encryption. Better still do what the professionals (i.e. the government) do, and leave it on an internal-network only computer, in a steel reinforced room. If you're paranoid, lock the hard drives in a safe when you leave the room. And use encryption.
But don't make a fuss when the admin peeks at your data, in a semi-random way. If they are stalking you specifically, or leak any damaging information, that's another matter. But if you just don't trust them, don't give them your data.
> Pick one - security, or an admin who can save your account.
There's a simple way to eat your cake and have it too, though: put a copy of your passwords in a safe-deposit box. Passwords don't strictly have to be private to protect you from would-be attackers—they just have to only be accessible to people who have absolutely no incentive to help any would-be attacker.
Hmm; what you're saying is true, so I think I phrased my statement a bit wrong. In general, yes, people do want to help. But your bank just isn't in the business of knowing what's in its safe-deposit boxes, just like Tarsnap isn't in the business of knowing what's on its servers.
The whole business model of a safe-deposit box relies on other people not being able to get into them without the owner's consent—so if anyone, including the bank itself, took a peek in there, that would instantly lose them all the trust they had ever accrued as a safe-deposit-box provider—and thus a lot of money. They have much more of an incentive to keep your data private than they have an incentive to help those who want it, because keeping your data private is what keeps them in business. That's the meaning I was going for.
I agree completely. I run a service where thousands of files are uploaded a day, containing a persons location information (GPX/TCX logs from GPS devices). I have to use that data on a regular basis to further improve our ability to process these log files, which are generated by hundreds of separate pieces of software. The ability of my service to process these files requires my intervention semi-regularly. That wouldn't happen if, like some people are suggesting, I had to go to a safe deposit box to decrypt those files.
Unless you are using a service like tarsnap, your admins can and will peek at your data. If you use a service like tarsnap, and you lose your password, your data is deader than disco. Pick one - security, or an admin who can save your account.
And while it's theoretically possible to develop a rich web app without seeing user data, it just doesn't happen. You need realistic data to do testing. The most realistic data you can possibly get is your user's data. Guess what 99.999% of websites use for testing?
If you have sensitive information, use good encryption. Better still do what the professionals (i.e. the government) do, and leave it on an internal-network only computer, in a steel reinforced room. If you're paranoid, lock the hard drives in a safe when you leave the room. And use encryption.
But don't make a fuss when the admin peeks at your data, in a semi-random way. If they are stalking you specifically, or leak any damaging information, that's another matter. But if you just don't trust them, don't give them your data.