You wrote: <<You really want social media to have the same type of access to your personal information that banks have? A know your customer type of regulation?>>
Would you support if the data leak fines were similar? I would. To be clear, I am talking about global investment bank-style "know your customer" (KYC). If retail/commercial banks leak customer PI, the fines are _immense_ in 2022. Most of them now have enormous security teams, or they pay AWS/Azure/G to do they same via consulting / cloud fees.
My financial information is much more important to me than social media.
And they don’t pay cloud providers to ensure security. AWS [1] for instance always stresses the “Shared Responsibility Model”. AWS is responsible for security “of the cloud” the customer is responsible for security “in the cloud”.
There is no way in the world that any cloud provider would ever take responsible for customer workloads. If you make your S3 buckets world readable - which is really easy to do. That’s on you.
[1] I work in consulting at AWS, all opinions are my own.
World readable is not the default. You get scary warnings when you do it and you can set it up on the account and the organization level to block it. There is no “click a button to make it world readable”. You have to know the JSON policy.
However, you do not need to use custom policies - it's checkboxes on the S3 bucket creation page. And the wording on them is obtuse AF, and I know what I'm doing with AWS IAM.
Would you support if the data leak fines were similar? I would. To be clear, I am talking about global investment bank-style "know your customer" (KYC). If retail/commercial banks leak customer PI, the fines are _immense_ in 2022. Most of them now have enormous security teams, or they pay AWS/Azure/G to do they same via consulting / cloud fees.