Overly focusing on one attack vector still leaves you vulnerable to many others. System designers need to consider risk:reward and effort:reward for users.
The paper offers an interesting but extreme extension into one aspect of security that users control. That is great to offer an extreme solution for the paranoid. If implemented well, even the less paranoid could use it.
Sadly this solution still offers less security than systems integrated into SSO/OAuth and 2FA.
In the "Communicate Better" section, did the imaginary employee really attach business confidential information in a Boost topic?
i.e. "I've attached a PowerPoint full of sensitive information that I'd love you to read and profide feedback. Soon afterwards I'll be needing job search advice since my employer will fire me for having such terrible judgement."
Sounds like a terrible idea and a poor example of how to use the service. Do they really want to advertise Boost as a service which will provide unapproved consultancy of confidential info?
Boost is 100% confidential. People talk about complex power grabs and political situations all the time. For Boost to work well, people need to be able to trust it with Information thy want confidential.
Are your coaches licensed professional counselors, therapists or psychologists? If not, those conversations are not actually privileged; any disclosure of legally protected information (like a company's sensitive internal documents) would be highly improper.
We're thinking about putting in an NDA-like process that's more formal. People should feel secure that we have their back.
Interestingly enough, "licensed career coaching" is a complete sham. There's no real accreditation or regulatory environment: the largest career coaching programs that bestow certificates are private, for-profit orgs and give out their certs like candy on halloween. It's really sad.
I agree that there's a large amount of information that probably shouldn't be sent to us, but people also need to give us the full context for their personal problem. We don't encourage people to send us information we don't need, and often they can get by with indirect info... "we're raising $8.6m on a $100m valuation" -> "I think we're going through additional funding soon."
It's not called a 'licensed career coach' -- privilege, in this case, is a legal protection that is not afforded to the type of relationships you're talking about. You're putting yourself, and your clients, in a very legally tenuous position.
Talking about complex power grabs and political situation is a bit different than encouraging employees to upload confidential information, which is what I think tIONTamINariciA.
Would you consider adding anything to the UI to discourage your users from those potential lapses in judgement? And if not, what do you do to protect the sensitive information you may find in your hands?
So far we haven't had anyone give us any information that's super juicy, so we're not worried about a built-in UI to discourage it yet.
Once we can expand the team further, hiring a full-time security engineering staff will be a priority. As of now, we have the basics down... full E2E encryption, security access privs, etc.
https://xkcd.com/538/