|
|
|
|
|
|
by nathan-io
2567 days ago
|
|
|
Indeed, this was bad. I assume they were trying to extend SSD lifetime by reducing writes. It's fair to note that scrubbing is now the default behavior when a droplet is destroyed, so they did listen to the feedback. https://ideas.digitalocean.com/ideas/DO-I-1947 |
|
|
You do not need to scrub or write anything to not provide user A’s data to user B in a multi-tenant environment. Sparse allocation can easily return nulls to a reader even while the underlying block storage still contains the old data.
They were just incompetent.
On top of all of that, when I pointed out that what they were doing was absolute amateur hour clownshoes, they oscillated between telling me it was a design decision working as intended (and that it was fine for me to publicize it), and that I was an irresponsible discloser by sharing a vulnerability.
Then they made a blog post lying about how they hadn’t leaked data when they had.
Nope.