In recent years, we've collectively moved practically everything to "the cloud." Whether it's our digital photographs, banking details, or proprietary company information, we trust it all to a handful of tech giants that promise airtight security and seamless access. It sounds efficient, but it started to feel like putting all our eggs in a fragile glass basket long before we reached this point.

The Modern Gods

When Amazon Web Services (AWS) or Microsoft Azure falter, the consequences ripple outward with force. These disruptions can halt entire business ecosystems, from small e-commerce sites to multinational supply chains. According to Cybersecurity News, AWS alone powers millions of virtual environments, and a single breach exposes countless users to potential data theft or manipulation.

The reach of giants such as AWS, Azure, and Google Cloud is almost unfathomable; they practically own the infrastructure that defines our digital world. According to data from CRN and Canalys, as of the third quarter of 2024, these three providers accounted for approximately 68% of the $84 billion cloud market. AWS leads with 31% market share, followed by Azure at 20%, and Google Cloud at 13%.

AWS, Microsoft, and Google are deeply embedded in everything from streaming services to government data systems, which means any disruption in their services can have widespread and immediate repercussions for businesses, governments, and individuals globally. Their market share and depth of integration show a digital infrastructure that's concentrated in a small number of hands, giving these corporations unprecedented power over global online operations.

The 2021 Microsoft Exchange Server breach is an example of what happens when a centralised system is compromised. Hackers exploited vulnerabilities in Microsoft's own server software to infiltrate email accounts, accessing communications and deploying malware. According to the CSIS Cyber Incidents report, this breach was one of many similar incidents, pointing out the danger in concentrating so much power and data in a few private companies.

More recently, the CrowdStrike outage left thousands of businesses and government agencies vulnerable to cyberattacks. Companies and institutions that relied on CrowdStrike not only lost immediate access to their cybersecurity tools but also faced significant risks to their data and systems, emphasising how deeply interconnected and precarious the digital ecosystem has become.

The incentive to consolidate power and data into a few hands is simple: control over infrastructure equals control over profit. But there's an unsettling irony here. These corporations market themselves as enablers of modern life, providers of essential "free" services, yet every interaction with them extracts our data, translating our lives themselves into the product and profit.

The result is a digital oligarchy where companies like Amazon and Microsoft play god over the networks that sustain everything from education to healthcare. As we've seen with incidents like the Capital One data breach, where a flaw in Capital One's AWS configuration exposed the personal data of over 100 million people, these corporations hold massive repositories of sensitive information with limited accountability. Users have less and less choice but to trust them, and the consequences of misplaced trust fall hardest on those without resources or alternatives.

This isn't a neutral progression of technology; it's an explicit restructuring of class in the digital age. The digital landlords—Amazon, Microsoft, Google—control the servers, the software, and increasingly, the regulations around their use. They amass wealth and power by monetising every click, every query, every transaction. Meanwhile, users—most of us—are trapped in a tenant relationship with these "modern gods," paying rent with our data. In exchange, we receive access, but not ownership, security, but not privacy.

Weaponised Convenience

The draw of code packages is all about efficiency. After all, why reinvent the wheel when a package can automate repetitive tasks like fetching data, managing credentials, or orchestrating complex web services? For us developers, these packages can seem like a godsend, freeing up time for genuine innovation. But the convenience they offer can be a Trojan horse, a hidden liability just waiting to compromise our systems.

I remember leading my team at a previous job, sitting down with them to discuss the risks of npm packages. I'd encourage them to check the fundamentals before adding anything new—how many people are currently using it, what kind of dependencies it brings in, and whether it's really necessary to integrate. It became our mini-protocol. Whenever the CTO would ask if we were affected by the latest npm package scare, I could answer with confidence, "No, we aren't." That quiet reassurance, a knowing glance exchanged with a coworker across the room, was a small win in the uphill battle of dependency management. We'd avoided the latest bullet, but the war was far from over.

Take, for instance, the Python package that slipped through the cracks and was exposed by SC World. Downloaded over 37,000 times, this package harvested AWS credentials from thousands of users. It's an example of how we can open doors to data theft and vulnerabilities that no one anticipates. The assumption is simple: if thousands are using it, it must be safe. But as many of us have seen firsthand, the reality is often quite different.

Then there's the notorious Log4Shell vulnerability which left millions of servers exposed to remote code execution. Companies around the world scrambled to patch this issue, a crisis that showed just how dependent our systems are on even the smallest pieces of open-source code. Meanwhile, the Codecov breach, where attackers exploited a minor vulnerability in a code coverage tool, allowed them to quietly exfiltrate credentials from CI/CD environments.

Efficiency, as enticing as it is, has become the digital age's Pandora's box. Every time we use a package to save time, we risk opening our systems to unknown exploits. The convenience may feel like a victory, but it comes at the potential cost of control and security. And in this world, every download, every update, may be a gamble we can't always afford to take—reminding us that we have to approach things differently.

Even Our History Isn't Safe

It's also tempting to think that digitising archives will preserve history for future generations, but recent hacks challenge that assumption. The Internet Archive hack revealed vulnerabilities in one of the world's largest collections of digital knowledge. We've entrusted the preservation of knowledge to digital gatekeepers who, despite good intentions, can't always prevent data from being tampered with or erased.

ZDNet's report on Docker Hub showed a breach that affected about 190,000 users, Docker Hub's compromised credentials exposed usernames and hashed passwords. With data breach databases like Breachsense regularly reporting such incidents, it's clear that even our most trusted repositories are at risk, prompting us to reconsider the security of our digital archives.

The Human Cost

The consequences of cloud insecurity ripple far beyond tech, affecting the stability of our lives, work, and privacy. The growing presence of covert surveillance tools has made our everyday devices potential gateways for exploitation. Take the OMG Elite Cable, reviewed by The Verge. A seemingly ordinary USB charging cable, it's embedded with malware that can track keystrokes or access devices remotely, revealing how easily a common accessory can double as a weapon. This isn't hypothetical; it's an unsettling reality where our most innocuous interactions—charging a phone, connecting a laptop—can expose us to surveillance and security breaches.

Then there's the WiFi Coconut which targets devices that auto-join public networks, intercepting data as users connect in cafes, airports, and public spaces. This kind of "public attack" isn't only targeted at high-profile individuals; it can affect anyone who casually connects to Wi-Fi, making it a ubiquitous, invisible threat for everyone from casual users to digital workers reliant on remote connections. The exposure risk is widespread and constantly growing.

NFC and RFID have become common for payments, building access, and keyless car entries. Meanwhile, the Chameleon Mini can intercept NFC and RFID data, allowing unauthorised access to locked devices and keyless entry systems. From office access to car locks, this vulnerability impacts not just information but physical security. As this technology proliferates, it blurs the line between digital and physical intrusion, turning convenient access points into security loopholes.

The biggest data breaches and leaks highlights that in 2022 alone, over 500 million personal records were exposed compromising everything from health data to financial records. According to a joint FBI and CISA advisory, healthcare facilities are increasingly targeted by ransomware attacks, forcing emergency rooms to turn away critical patients and delay life-saving procedures.

The education sector faces equally disturbing challenges. A comprehensive GAO Report documents an alarming rise in attacks on K-12 schools, where stolen student data and disrupted learning environments have become commonplace. These attacks exploit the digital infrastructure we've built around our children's education, creating long-lasting impacts on student privacy.

The line between convenience and catastrophe grows increasingly thin. Yet these aren't merely numbers; they represent real people: patients waiting for critical care, students whose personal information is now in unknown hands, and families whose lives have been upended by digital breaches.

Re-Engineering Trust and Dependence

This all raises a fundamental question: how do we balance convenience with real security and privacy? It's not enough to hope that tech giants will act ethically. We need accountability and regulations that keep pace with technological advances. While open-source software, when carefully audited, can help, it's not a silver bullet.

For every new technology promising efficiency, an equally sophisticated threat lies in wait. Nevertheless, we need to prioritise user security and privacy, which requires transparency from tech giants, policies promoting ethical practices, and a generation of developers focused on resilience and trustworthiness over mere innovation.

As we become increasingly dependent on the cloud, it's worth asking if we've set ourselves up for a future where a handful of corporations hold the kind of power that will ultimately ruin us. They control not just what we see but what we know, and ultimately, who gets access to the resources needed to participate fully in society.