Hacker News new | ask | show | jobs
by asdfasgasdgasdg 1801 days ago
I'm surprised that this stuff is audit only. At my company, at least in the past five years or so, this type of access has been forbidden to almost all employees. You need to request access to these types of systems and provide justification for why you should have it. Access is controlled on a per-system basis -- it's not blanket access. Many of the most sensitive systems have auto-expiring access for humans.

Nowadays we are seeing many systems switch to a regime where you have to get another engineer to sign off on any access to production, and your access is limited to at most 24h. This isn't merely a policy -- it is enforced by technical controls that forbid ordinary human-user access to production. I literally cannot even send an RPC to services I work with that handle private data without getting a colleague to sign off on it.
2 comments
Shish2k 1801 days ago
> I'm surprised that this stuff is audit only

These days things are mostly working the way you describe - I need to request permission to view my own service’s logs, and I’m working in backend infra not going anywhere near user data (logs are like “did we hit any hardware errors when trying to install the OS on this host?”)

link
asdfasgasdgasdg 1801 days ago
Great to hear. I think a lot of big internet companies are moving in this direction, although I don't know if it affects user trust all that much since it isn't publicized. I guess the one thing is that incidents like the one reported here will be avoided in the future, so in ten or twenty years there will have been less reputational damage than in an alternative universe where these controls don't exist.
link
saddlerustle 1801 days ago
How “sensitive” is facebook user data though? All content in a facebook account is already visible to an average of >100 people - their facebook friends.

(Messenger had stronger protections than OP is describing)

link
asdfasgasdgasdg 1801 days ago
Extremely sensitive, by the lights of the organization I work for. The people to whom FB user data is visible are known to the user. Those people have been explicitly authorized by the user to view that data. FB is acting as the user's agent in conveying that data only to authorized recipients, who the user presumably trusts to some degree or another to not further propagate the data. The data is generally not publicly visible, and FB employees are generally not among the list of entities the user intends to convey the data to.
link