[jasonhoch]

Palantir responded in a statement to TheStreet.com: "There was no glitch in the software. Our platform has robust access and security controls. The customer also has rigorous protocols established to protect search warrant returns, which, in this case, the end user did not follow."

Source: https://www.thestreet.com/investing/palantir-shares-data-acc...

[LeifCarrotson]

If you can gain unauthorized access by simply choosing not to follow a protocol that says you don't have access, there aren't really any access controls in the software at all.

[dewey]

It sounds more like the customer should set something to private but chose not to. Just like if you set your S3 bucket to public you wouldn't blame Amazon for not keeping your data private.

[eli]

It's better now, but Amazon absolutely deserves blame for historically making it extremely easy to accidentally make S3 buckets or files within buckets public.

[weird-eye-issue]

I might be in the minority but I never found the old UI to be confusing. Public buckets were never the default and it was pretty clear when you were making the change. It's good they are making it more dummy proof but I'm not sure it is fair to say they deserve blame

As a sidenote I actually find all the new warnings and stuff annoying (but I'm not saying it isn't worth it all things considered). As a developer I'm quite used to having to pay attention to details already - one typo can be disastrous and there might be no warning (you might say but that is what a proper CI process is for and testing but what if that typo is in the CI process or tests?)

[pestaa]

Cutlery manufacturers absolutely deserve blame for historically making it extremely easy to accidentally cut your fingers with their knives.

[omegaworks]

If you sell cutlery without a handle and expect your end users to simply wrap it in a towel before using it maybe you should share some of the blame when your users hurt themselves.

[jsjohnst]

I agree that GP’s analogy didn’t fit, but neither does yours to what AWS did before.

[janto]

This looks more like a mess that would happen if S3 buckets by default were accessible to anyone with an Amazon account. Which would clearly be a colossal mistake made by the platform.

[MonkeyClub]

You're right, it's neither Beretta's nor the NRA's fault if someone shoots someone.

Palantir just made the privacy shotgun, and FBI gave the bullets, but it's the user who pulled the trigger.

[TaupeRanger]

No - the FBI didn't use the access controls correctly, that's the point. If they were used correctly, the unauthorized access wouldn't have happened.

[addingnumbers]

They didn't use the controls at all. To Palantir, inaction or omission indicate there should be zero controls.

[nxpnsv]

This sounds a lot like "you're holding it wrong"...

[71a54xd]

For context: https://www.youtube.com/watch?v=t5n5KlXv0Vo

[adolph]

Reference for the younguns:

https://youtu.be/b9eXYOA8TCk?t=117

[ren_engineer]

sounds more like a feature than a bug, Palantir can blame the FBI, FBI can blame Palantir. FBI really just wants the ability to access data they want

[qeternity]

What do you mean the vault was robbed? We put an "Authorized Personnel Only" sign out front.

[AtlasBarfed]

Built-in bypasses to protections of your freedoms and security theatre that allegedly protects them:

FUNCTIONING AS DESIGNED

Yeah, the headline of the article immediately brought to mind an IT system built by a data-hoovering oversight-averse FBI funded to self-develop a system to protect that data and enforce oversight would not... quite... close the loop.