| > this response by you reads as quite disingenuous It wasn't intended as such, I really meant it. I'd like to get to the bottom of this, understand what this person's true issue with Backblaze is. > these seem like very real reasons to get upset, maybe you "can try to fix" those? What the user is doing is called "Gish gallop". This is a technique where somebody makes a rapid fire list of unrelated half truths or misrepresentations, each of which takes CONSIDERABLY longer to address than to claim. And I've repeated explained why they are invalid, but the user just shows up a day or two later and makes the same exact list of complaints. No edits, no admitting that even one of the complaints is invalid. Gish gallop. This is not the behavior of somebody that is genuinely interested in having Backblaze address or fix that list of issues. There is something else going on, and I personally would like to know what it is. First of all because I'm curious what the issue is, second of all I hope I can fix whatever the real issue is. I'm not going through the whole list because I've done that maybe 10 - 15 times so far? But let's take this one, because it's spectacularly false, this person KNOWS it's false, but this person repeatedly makes the claim over and over again: > Backblaze mislead users about PEK. The decryption key is sent to their server, and so is your password. It is not a zero-knowledge system. They don’t care. Backblaze has 4 security levels, one of which is zero-knowledge, and we ENCOURAGE customers to pick the correct level for themselves. You can read my longer, in-depth answer to this same user just 2 days ago here: https://news.ycombinator.com/item?id=25904473 or you can read my longer, in depth answer 18 days ago here: https://www.reddit.com/r/backblaze/comments/kroqhn/private_e... or you can read my answer TWO YEARS AGO in the link this person supplied you (!!!!) or you can go back to the beginning, 13 years ago, when Backblaze started, where we explained EXACTLY how our encryption worked the same as the Microsoft Encrypted File System ("EFS") here: https://www.backblaze.com/blog/how-to-make-strong-encryption... Now, despite it being a spectacularly false accusation that has been documented and explained so many times in so many forums, this user will undoubtable show up in another couple days and make this claim again. All the user's claims are like this. Obviously something else is going on. I just wish that user would tell me what the real issue is. I can't fix what I don't know about. |
It is exactly what the parent already told you. That’s it. That’s “the real issue”. There is nothing more. Everything I’ve said already is, in fact, what the issue is. Please stop trying to read between the lines.
That you refuse to accept mine and others’ arguments about PEK and ZKE and SSDs is one thing. It’s an entirely different and more alarming thing when you refuse to accept that these issues are the issues and insist on continuing to spin a story about how I must be really angry about something different when other people are telling you it’s not so. I also can’t even imagine how it would’ve seemed like a good idea to fabricate a quote and attribute it to me in the way you just did. You did this on some of your earlier posts, too.
As for me, I don’t use eristic techniques, I don’t tell intentional falsehoods, and I don’t do things as you imply in saying I’ll “show up in another couple days and make this claim again”. Anyone is free to look to my comment history and see that I’ve only made a handful of comments here about Backblaze[0], and in all cases, I try to make sure my comments are fair and well-researched and backed with citations whenever possible.
I understand how this company is like your baby and so it may feel emotionally like I’m trying to kill your baby with criticism, but please understand that that is not my goal. My goal is, and always has been, to keep users secure. If that means I can help a receptive vendor improve their software, excellent. If that means I have to warn users to stay away from a vendor who behaves poorly, that sucks, but I still feel an obligation to do that too. If some of the negative publicity gets a vendor to start doing the right thing, good. That’s the whole reason I have to talk about these things. It certainly doesn’t do me any good otherwise.
[0] https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...