Before anyone asks: the cold path is long-term logging and storage, as opposed to the hot path, i.e. real-time telemetry. (Or at least that's what we called them at the last CloudCo I worked at).
Generally, you try to keep PII (personally identifiable information) and other stuff out of the cold path, but the data still has to be somewhere, right? So there's the hot path.
The overall effect is that stuff that is only logged 'on the hot path' gets effectively forgotten after a while, so you don't have to worry about the management and stewardship of that data.
But you could, for example, force a compromised system to log PII (incl GPS coordinates, radiotelemetry, accelerometer) to the cold path and then come back and get it later.
For bonus points, do stego so it looks innocent.
That is one of the scenarios I'm worried is playing out over there. One of many worries, to be honest, but this one just seems like the kind of breach we'd find out about years later, if at all, under the new regime.
Meanwhile, people in this or that far-off place just... disappear.
Generally, you try to keep PII (personally identifiable information) and other stuff out of the cold path, but the data still has to be somewhere, right? So there's the hot path.
The overall effect is that stuff that is only logged 'on the hot path' gets effectively forgotten after a while, so you don't have to worry about the management and stewardship of that data.
But you could, for example, force a compromised system to log PII (incl GPS coordinates, radiotelemetry, accelerometer) to the cold path and then come back and get it later.
For bonus points, do stego so it looks innocent.
That is one of the scenarios I'm worried is playing out over there. One of many worries, to be honest, but this one just seems like the kind of breach we'd find out about years later, if at all, under the new regime.
Meanwhile, people in this or that far-off place just... disappear.