this post was submitted on 13 May 2026
68 points (98.6% liked)

Privacy

5647 readers
188 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be civil and no prejudice
  2. Don't promote big-tech software
  3. No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
  4. No reposting of news that was already posted
  5. No crypto, blockchain, NFTs
  6. No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 2 years ago
MODERATORS
otter@lemmy.ca
shaytan@lemmy.dbzer0.com
68
Canvas Just Sent a Dangerous Message to Hackers: Crime Pays If You Do It Right (www.pcmag.com)
submitted 1 day ago by sanitation@lemmy.today to c/privacy@lemmy.dbzer0.com
17 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] scrubbles@poptalk.scrubbles.tech 29 points 1 day ago (3 children)

Damn, this is a big one. I've been watching since it started, and I hope it sends shockwaves through the SaaS model. Institutions learned overnight how by trusting one single private company that they were all screwed over, and probably made them even a bigger target. Hopefully they start re-evaluating.

Having worked ed-tech for a while, I'm not surprised. Blackboard, Canvas, all hot garbage. There's a real need there, if someone can do a simple selfhosted (by the university) version with oauth/SSO to campus networks that lets them control their data? It'd be a no brainer, I think most campus IT networks would prefer that.

[–] jaybone@lemmy.zip 3 points 16 hours ago

I have no idea how those looked on the backend or from the IT admin perspective. But the regular user experience was completely awful. It wouldn’t surprise me if the whole thing was complete shit.

[–] Telorand@reddthat.com 8 points 1 day ago (4 children)

I was thinking about this exact problem, and I came up with a similar idea. There could be a parent company developing the core software and maybe even providing installation and setup services, but each campus ultimately maintains their own self-hosted, zero-trust instance. Each campus would be downstream implementations of the parent software and would only update or talk to other instances as needed.

Given how campuses operate, it seems like they would be great candidates for an optionally federated platform like that.

[–] frongt@lemmy.zip 11 points 1 day ago

So just traditional software?

[–] scrubbles@poptalk.scrubbles.tech 7 points 1 day ago

Ha, think you just discovered the standard model from the 2000s!

But I agree.

[–] tristynalxander@mander.xyz 4 points 23 hours ago* (last edited 23 hours ago)

So just, Software as a Product (SaaP)?

[–] Onomatopoeia@lemmy.cafe 3 points 1 day ago

The problem is CapEx vs OpEx.

[–] dohpaz42@lemmy.world 6 points 1 day ago (1 children)

My university used to only self host. Now they’re ditching self-hosting for cloud-based SaaS. 🤷‍♂️

[–] Onomatopoeia@lemmy.cafe 3 points 1 day ago (1 children)

It's because doi g things on site requires CapEx, which then increases your tax liability.

By going SaaS, you offload the entirety of risk.

The problem is the morons who sign these contracts are fucking clueless about ensuring the liability is strong.

[–] scrubbles@poptalk.scrubbles.tech 5 points 1 day ago

Important to define risk because a lot of software people here(me included) will immediately think "what do you mean their data was hacked". However from a legal standpoint they get to point the finger at Canvas.