Incredulity on the up
10 February 2017 | 0
There are some muscles that need a good work out to remain flexible enough to meet daily requirements.
Take your incredulity muscle to start with. Not only are we dealing with the daily pronouncements of a certain western world leader, but at home, we are to believe that a cut-and-paste error led to the persecution of a so-called whistleblower.
But more awaits your incredulity muscle, though thankfully, not of this magnitude, but requiring a stretch nonetheless.
“We not only have the inappropriate retention of user data, we also have a situation where a researcher could create an app to find and identify that information!”
It has been reported that a Russian tech firm has found that Apple’s iCloud is storing deleted browsing histories from Safari for up to a year. And the reason for this questionable practice? It is in order that Apple may know what to delete to facilitate the synchronisation of devices.
Now if that does not elicit a knee-jerk-like incredulity muscle twitch of ‘WTAF?’, then perhaps you are already becoming jaded and your incredulity muscles may be getting a bit bandy.
According to the reports, tech firm Elcomsoft discovered via an app it had developed called ‘Phone Breaker’, that Safari users who had deleted their browsing history could expect to find records of this deleted histories stored for up to a year on iCloud.
The boss of the company, Vladimir Katalov explained that the deleted data, stored in a file called ‘Tombstone’, is used by iCloud to synchronise devices, under the supreme irony of being able to authoritatively to tell them the specifics of what to delete from the device.
Katalov speculated that the information may in fact, be stored indefinitely in one form or another.
So, now we not only have the inappropriate retention of user data, we also have a situation where a researcher could create an app to find and identify that information!
This is not the first instance of data being retained in cloud services when users have selected to delete it, but it seems to be symptomatic of a certain attitude when it comes to near unlimited resources.
Back in the day, programmers used to be very frugal in their use of RAM, when it was a scarce and precious resource — recall that famous utterance from on B Gates about no one ever needing more than 640k of the stuff (this very missive is being written on a machine that boasts 8GB of the stuff!).
A further generation found that disk storage fast became a non-worry, as capacities soared and prices plunged. The attitude became store everything, just in case/because you can. This filtered through to back-ups too, as both interconnects and space developed.
As virtualisation too became ubiquitous, the phenomenon of virtual machine (VM) sprawl seemed to replicate the very server sprawl that it was supposed to eradicate.
Now, with the advent of public cloud, in the form of web-scale data centres as well as IaaS and PaaS, it seems to have brought that lazy, inefficient attitude back.
I find it hard to believe that there was not a more elegant and efficient solution to the iCloud device sync issue than storing deleted histories, rather than getting rid of the actual histories and having some abstract there as a master record for synchronisation. This seems like the simplest of solutions, based on the fact that the storage of such Tombstone files costs next to nothing, rather than serving the privacy of the user by creating some kind of abstract of the data.
It smacks not only of laziness due to excess resources, but also of a cavalier attitude to user privacy too that is equally worrying.
Apple has been guilty of such approaches before, as have all of the major social media channels, from Facebook to Ashley Madison.
In the world in which we find ourselves, user rights and respect seem at odds with so much of technology. While business must be allowed to operate without unreasonable constraints, it should also be encouraged to take the active steps to protect users and their data, through efficient resource use, even if that is not strictly necessary for other reasons.
With the advent of the General Data Protection Regulation, as well as the Network and Information Security directive, one wonders if these attitudes will be modified in anyway.
One can only hope.