You kids who are too young to remember the cloud hype train - it was AI all over again, but for cloud.
The same common-sense basic reasoning applied which was: “Wait - so someone else has your data?”
Aaaannnd everyone moved there and here we are now.
Third party data centers have been around for a lot longer than the cloud.
“Don’t worry, we encrypt all the data”
“I’ve heard as part of the prism program NSA has the encryption key?”
“I don’t know the answer to that”I wouldn’t dare believe that anything in AWS or Azure or Google Cloud is out of reach for the US agencies unless the end-user has encrypted it with a key that the cloud provider doesn’t have access to.
Some services in Azure, like storage accounts let you encrypt data with your own key in addition to MS’s. But there’s always some level of implicit trust with cloud based services, so y’know
Yes, but the encryption keys are stored in an azure key vault, so Microsoft still has the keys.
There’s no difference whether you use customer managed keys or not, Microsoft always has the keys but customer managed keys are more hassle to give an illusion of security.
Yes there’s other reasons to use them, but not to protect against Microsoft/us gov spying
Which is why companies that are concerned use something like vault do keys via API, and rotate them often instead of default services.
Anyone who cares is perfectly able to encrypt the entire system via third party tools which includes many foss projects.
The default 15 years ago was fuck it. AWS is pretty much the only reason security on the web is as *good as it is. At least Russia and China don’t have free reign over your data 🤷♂️.
You missed their point, or you’re using a different term for “vault”. If you’re talking something like KeyVault, it still exists on Microsoft hardware, which means ultimately they could access it.
The only way they would have a lot of trouble is if you only stored the encrypted blob on their platform and then streamed it to something off platform (AWS, on-premises, etc. ) and decrypted it there so they never had access to the key.
That’s why my data lives on redundant disks in the basement and my remote backup lives in a closet at my parents house. :)
Honestly that is the right answer.
Why would a media manager at MS know about what data is handed off to the NSA?
If the answer was no then I imagine being able to say so would be good for Microsoft in regards to both Public and Legal Affairs, so the fact that he doesn’t know do say something in my opinion.
Knowing what the US is like for gag orders saying no would open a can of shareholder worms they don’t want to touch at any distance.
Uhm yeah this has been true since 2018.
https://en.m.wikipedia.org/wiki/CLOUD_Act Every European company that since then uses American infrastructure is complicit in GDPR-Violations!
This might actually be a big one. If its on record like this it can be used to sue governments into not using their products because its against GDPR.
I wish this had english subtitles.
On record? It’s fricking law: https://de.m.wikipedia.org/wiki/CLOUD_Act and not just since yesterday.
Yes, but there could be ways for Microsoft to avoid this. If they actually end to end encrypted the data then they could only give the authorities worthless data. So in this case its not just a law that may or may not be enacted by companies, its an example of it actually being practically possible or even in use.
“Hey, now we do E2E! No need to worry about where it is, it’s totally opaque except to you! What? You want to review the code? No! Ours is not one of those dangerous FOSS softwares, ours is closed for your security, but you got our word!”
You can enable the auto-translate to any language you want. Enable the Closed Captions (CC) and then click on the cogwheel, Subtitles CC, Auto-Translate, and pick whichever language you want. I tried English and it is a very accurate translation.
EDIT: I would suggest though, that you try to find the original video, because this one, has a lot of editing cuts, which can be simply to create a short version, but it can also be used, for manipulating information. The video appears to be from the official French Senate, so I’m guessing it is accurate, when it comes to information.
Shocked pikachu face
Hahaha…wait, you are serious?
GDPR is a joke at this point. There‘s no fixing that, only Europe completely cutting ties with US would be sufficient. And that‘s something our corrupt loser politicians will never willingly do.
Every Chinese is obligated to spy on behalf of CCP, that’s a law 🤡
