So, one obvious conceptual flaw in SharePoint has been exploited? Color me surprised (a particularly repulsive variant of chartreuse)…
I have uninstalled and blocked SharePoint on every machine I've had since it was first distributed. At a fundamental level, the SharePoint concept is inconsistent with the concept of "confidential data," and its very existence — very much like the use of the body of e-mails for privileged information — makes a mockery by trusting others whom the person responsible for securing information doesn't know. Effective information security is not an automated afterthought to the convenience of providing "me, too!" comments on badly-conceived marketing documents passed across an organization and to outside "consultants." Even that, however, is better conceived than SharePoint and similar "collaborative editing" systems that also, simultaneously, undermine both declarations concerning the marketing emperor's new clothes and taking responsibility for changes — that is, they foster not collaboration but groupthink. (Lest you think this is an anti-M$ rant, I do the same with all other "collaborative commenting" and "silent document-sharing" systems, such as with PDFs.)
Any resemblance of the preceding to any of the following is somewhat less than coincidental:
- The traditional process of providing law-firm partners commenting ability (even with pen on paper!) on every associate's "preliminary" and "early-draft" work, without regard to either "actual knowledge of context" or "need to know"
- Blanket access to anything by administrative assistants
- The success rate of individuals in recognizing what elements of documents that they are asked to comment upon but are not directly concerned with their daily duties are confidential, even to the minimal extent of "proprietary business information"
- AI Chelsea Manning
Worse, all of that concerns "confidential information." It does not reach the concept of EEFIs (essential elements of friendly information), such as a sudden increase in communications between a corporation and a law firm (or even department thereof) specializing in mergers and acquisitions… or white-collar-crime defense… These are just the easy-to-see examples, too; and the less said about healthcare information, or enablement of ICE raids, the better. The irony that this particular system failure is (more) exploitable when an organization uses its own SharePoint server rather than a "cloud-based system" should cause everyone to question the very concept, but that isn't part of the conversation at all.
"Security, privacy, and respect for others' security and privacy" are inherently not efficient. Get over it — reject the purportedly neutral "efficiency is always good" meme — and pay the f*ck attention, instead of relying upon some programmer who knows nothing of your actual business (or personal concerns) to do it for you.
• • •
Meanwhile, Life continues to get in the way of everything. I'm afraid that Life doesn't make for "efficient sharing," either. So, no further comments about how having a "controlling shareholder individual or small group" for a company with First Amendment issues makes Mr Colbert's impending deplatforming inevitable, beyond my expression of just as much surprise as I did above concerning SharePoint. At least not today.