You are viewing a single comment's thread from:
RE: Stale Account Info Due to Caching Error
They indicated in this post that they do not like to give out real-time updates until they know what is going on, as it may provide information to a potential attacker. It seems better for them to make sure everything is safe before they tell the world that there is a problem.
That's fair enough, but letting people know they are aware there are issues helps to quell the panic.
I was thinking of something like this https://status.dropbox.com/
Same thing though. “We are aware of issues” = notifying the world there are issues, which could draw attention to something that would not be good to communicate until the situation is under control.
I think it's obvious there are issues when the site shows old data or nothing at all. As it gets bigger and there's serious money at stake there could be a lot of upset people out there who want reassurance. I don't expect them to announce security vulnerabilities unless they have already dealt with them.
Attackers are not necessarily going to be using the website 24/7, but posting an announcement to a place that is specifically for announcing outages is something that may give an attacker an alert.
I fully understand the seriousness, and the amount of money at stake. If you read that post I shared, they gave their policy on this type of thing. What you (and other users) want to happen in order to feel more safe is actually something that would make you less safe. Given the seriousness of what is at stake, not communicating anything until the situation is under control makes a lot of sense.
What you're saying makes a lot of sense, @timcliff. Thank you for your helpful explanation.
Thanks Terry :)