[dev1ycan]

It's weird as fuck how people working in these fields have unrestricted access to peoples private information, be it videos, pictures or worse.

[pixl97]

"Private" doesn't mean what you think it means.

Pretty much all these sites can view every bit of content you submit to them for moderation purposes. Many of them state your data can teach learning models.

If you really want it private, you don't want it on the cloud/social media sites.

[mitchdoogle]

People know what "private" means. If a company calls something private, but it isn't, then they're the ones who need to reconsider what it means, and call their service something else.

[pixl97]

>People know what "private" means.

A general rule is people don't know shit when it comes to legal definitions. When you have a video it's private to you. When you give that video to a friend it's 'private' between both of you. And when you put a private video on youtube it's 'private' between you and the conglomerate entity of hundreds of thousands of people and all their contractors called Google.

Now the contractor did break the rule and shared it, but your idea of private as no one will see it is the broken expectation.

[randomdata]

Yes, indeed, people do know that when I say "I have some private information to share with you", it means I am going to let another party in on the secret.

[whimsicalism]

no company is going to let you upload/host child porn, so yeah you should assume everything is moderatable

[alickz]

is there any legal obligation in the US that would require YouTube to be able to view all videos uploaded, regardless of privacy?

[pixl97]

"Hosting" child pornography for example. The law doesn't say "Oh, it's a private video, that's perfectly fine then".

>regardless of privacy

Maybe you should read the TOS before you use services, you don't have any of that.

[realsarm]

YouTube has separate unlisted and private options for videos

[criddell]

Are you suggesting that there is an option that blocks YouTube admins from viewing the video?

If it isn't end-to-end encrypted, then the platform operator has access.

[coldpie]

Articles like this and the endless stream of hacks & leaks are important reminders that there is no such thing as computer security. If your data is on a networked computer, you should consider it semi-public.

[px43]

> no such thing as computer security

There absolutely is for anyone who cares to use it. That sort of defeatist mindset is super counterproductive, and ends up putting more people in harm's way.

We're talking about people choosing to upload unencrypted content to a cloud service that is obviously publicly available. The security/privacy properties of this action I think should be obvious even to less technical users.

[coldpie]

Yeah, man. These are all the end users' fault: https://en.wikipedia.org/wiki/List_of_data_breaches Totally.

[px43]

Sysadmins are also people. Also I've been pushing for informative security scoring for publicly used services for over a decade. If you're in the field, it's pretty obvious which services are at high risk of being breached, but that really should be something more accessible to the general public, like FDA letter grading for restaurants.

[coldpie]

So between these two comments:

> There absolutely is for anyone who cares to use it

> Sysadmins are also people.

is it your contention that the sysadmins at those organizations don't care about computer security? Or that users are responsible for knowing whether their organizations' sysadmins care about computer security?

[metadaemon]

Despite the laws in place I've seen questionable stuff over the course of my career.