Cloud Storage Privacy: Who Can Actually See Your Photos

In April 2026, the BBC reported that a former Meta engineer is being investigated for downloading 30,000 private Facebook photos. He was arrested in November 2025. The Metropolitan Police say he designed a program to bypass Meta’s internal security checks.

Meta says it discovered the breach over a year before the news broke, fired him, and referred the matter to law enforcement.

That’s an honest response. The part worth sitting with is earlier. Before any of that happened, an engineer at one of the largest tech companies in the world had enough internal access to build a tool that quietly siphoned 30,000 private photos.

That isn’t an outlier. It’s how most cloud storage is built.

This is the problem we set out to make architecturally impossible at Abrio. How we did it comes later; first, why it keeps happening everywhere else.

Insider access is normalized

Most cloud services give some employees the ability to read user data. Sometimes for support. Sometimes for spam and abuse work. Sometimes for legal compliance. The access is supposed to be controlled by policy, training, and audit logs.

Policy and audit logs don’t prevent access. They hopefully detect misuse after it has already happened.

Some examples that are public record:

• Snapchat (2019). An internal tool called SnapLion, originally built to handle law enforcement requests, was extended to multiple internal teams. Two former employees told Motherboard the tool had been used to spy on users “a few times.” (Vice/Motherboard)
• Google (2010). A site reliability engineer named David Barksdale was fired for accessing the accounts of four minors, including a 15-year-old’s Google Voice logs and contact list. Google said it was the second such firing. A leaked internal document later reported by Vice indicated dozens of employees had been let go for data misuse over the years. (TechCrunch)
• Uber (2014–2016). Employees used a tool called “God View” to track journalists, celebrities, and ex-partners. The New York Attorney General’s office settled with Uber, requiring access limits and multi-factor authentication. (CBS News)
• Meta (2025–2026). The case at the top of this post.

Different companies. Different decades. The same shape: a person with legitimate internal access used it for something they shouldn’t have. The companies caught it, eventually. The people whose photos were viewed mostly never knew.

Why this happens

When a service stores your photos in a way the company can read, “company can read” doesn’t only mean a CEO signing off on a request. It means the systems are built so the data is accessible. From there, the question becomes who, when, and under what controls.

Even strong controls leave a window. Anyone with maintenance access to production systems is, in principle, a person who could read your photos if they decided to break the rules. The only way to close that window is to design the system so nobody inside the company has the keys to begin with.

What “no insider access” actually looks like

Apple offers the cleanest mainstream example. Their Advanced Data Protection setting end-to-end encrypts iCloud Photos. Apple’s own documentation states: “no one else can access your end-to-end encrypted data, not even Apple.” (Apple Support)

That sentence is the bar.

The catch is the default. Advanced Data Protection is opt-in, and adoption estimates put it at fewer than 10% of iCloud users. Without it, Apple holds the keys to your photos like everyone else, and the same insider question applies. Most iCloud users have never turned it on, often because they don’t know it exists.

How Abrio handles this

Abrio is built so we can’t see your photos.

Files are encrypted on your device with keys we don’t have. They reach our servers already encrypted, and they stay that way. There is no internal tool that lets us preview them, no support workflow that surfaces them, no admin panel where someone can search a user’s library. Not because we promise not to look. Because we cannot.

That choice has tradeoffs. We can’t recover your account if you lose your password the way services holding the keys can. We trade some convenience for a property that, to us, matters more: nobody at Abrio gets to do what an engineer at Meta did. We took ourselves out of the loop on purpose.

Encryption claims are easy to make. The harder claim is that the company storing your photos genuinely cannot see them. That’s the one worth checking before you trust anyone with your library.

If a cloud service that designs out the insider question sounds like what you want, join our waitlist.