Tool beeps every time data is sent to Google

[nonrandomstring]

> It would be a huge scandal if any of those cloud providers were caught peering inside their customer's VMs.

No it wouldn't.

At this point it could be revealed tomorrow by mountain of incontrovertible evidence and most people would shrug, move on and ask "what next?".

Snowden. Shrug. Cisco backdoors. Shrug. Pegasus. Shrug. Solar winds. Shrug...

The past decade can be described by the pattern "It would be a terrible scandal if X happened", and then precisely X happens. Then we normalise to it.

> Have I missed that scandal?

You may say it semi-sarcastically, but of course the irony is that actually you very well could have misse it. You only need to take a vacation for one week, a major shitstorm hits the front pages and fades from the news cycle. Now it's the "new normal".

The important point is, you might never know. Without homomorphic encryption you simply have to trust entities that have the means, the motive, the opportunity and the track record for screwing you over.

[pedrocr]

I'm all too aware that nobody cares. But I do and did follow all the examples you cite. So it would be very surprising to me if that was found out and it would indeed be a scandal like those others. That nobody cares after even a small amount of time is depressing but it's a different discussion.

[nonrandomstring]

You and I probably follow this stuff more than the average person. These days it's pretty much my job to. And yet I missed Carrier-IQ, the Android vendor malware. Eventually read about it a year after the first investigations. Also I almost missed the Apple CSAM debacle, being busy with a couple of contracts. Total time from tentative leak, through disclosure, expert-public outrage to Apple backing down was about 8 weeks, please correct me if I am wrong?

This is Blotto front exhaustion and fatigue in action. It's in the counter-terrorism literature. When you're under attack on many fronts, and adversaries regularly create new ones, and attacks are frequent but random, eventually some get through.

And I very much consider "big tech" to be adversaries in the civic cyber-security game, because they can and will do whatever would make them money, bending and breaking laws, covering up wrongdoing, silencing critics and smearing whistleblowers. They've done so reliably for years.

Perhaps at issue is what we think a "scandal" is.

Scandals used to be mainstream news events that caused widespread public discontent, led to lengthy investigations. government reports, companies being fined, shut down, careers being ruined, even suicides and jail time....

Today the word has lost its currency. Data leaks were once scandalous but we long passed the point when weekly and then daily major breaches lost the interest of the media. By definition, news has to be something new. Otherwise it's "Oh-Dearism". Again, company X installing malware and spying on you is hardly raising eyebrows. People are coming to expect it.

I'm not making a point of moral outrage, or even passing much by way of judgement here. It's just what's happening. But the essential "criminality" of big-tech (if only in spirit not letter) does have profound implications for the future of digital technology, and we should not ignore it. The possibility that the main players have been silently compromising rented VMs for reasons other than mandated law-enforcement should not be lightly dismissed.

I'm curious to know what you think the mechanism/psychology is at play in the "people not caring", other than the fatigue factor I mentioned.

[vachina]

China did not shrug and forced the development of local equivalents like a little more than a decade ago.

And theyre now still painted as the bad guy for "censoring".

[suzakus]

Censoring and forcing local equivalents is a false equivalence.

The censoring makes the western internet quite hard to use without vpns (or last time I was there, Google Fi seemed to not have to go through the firewall and routed the traffic through Europe somehow?)