Comment by shadowgovt
18 hours ago
I believe the point of the above comment is "The trust model already trusts the recipient, so nobody cares that the recipient is seeing query params because they trust the recipient to ignore them."
> who knows if that is true? There's no oversight
The oversight is that those companies rely heavily on being trustworthy, and proving untrustworthy would be disastrous for their business models. Companies don't have to care right now because they have reason to believe Google, MS, et. al. aren't sniffing that data. If they came to believe they were?
Google alone is making $43 billion on Cloud and would prefer not to jeopardize that revenue stream.
Facebook for example has been shown in multiple public scandals and lawsuits to be untrustworthy. It is still among the largest social media platforms, and many businesses, for example, reveal large chunks of their marketing strategies to Facebook through its advertising tools.
The reason why this does not result in a significant loss of usage is because trustworthiness-usage is not a linear function or a even a continuous function -- it is a step function. To cause less usage, the loss-of-trust force has to be higher than the networking effect force. Otherwise, behavior does not change.
> If they came to believe they were?
That's what I don't get - security and compliance people are paranoid.
This is the kind of thing they shouldn't be requiring evidence to care about, given the rest of their job is about the "what-ifs". Just seems crazy to me.