There can still be bugs such that you can write a second time much of the time the write once is just a software driver that won't write a second time so if you can write new firmware of your own design you can erase. Even if the media is physically not erasable, you can still write all ones over the top of what is there, corrupting data which is the same result.

Of course finding the bugs in firmware and writing a custom replacement is not trivial. It is conceptually possible though.

The only safe answer is a device in a vault without power. Of course once you retrieve it from the vault you risk whatever erased your data in the first place returning to get this too.

Good luck, you get to decide how paranoid you want go be.

We are talking about object lock as supported by something like Amazon S3 or Backblaze B2. If you find a way to override them, you probably want to apply for a bug bounty, since that'd be a huge security issue.

It works really nicely, I can't even remove my own data with my own credentials. It's really a nice additional security layer.

> If you find a way to override them, you probably want to apply for a bug bounty, since that'd be a huge security issue.

Big security issue, and honest people will just apply for a bug bounty or otherwise responsible disclosure. Most honest people are not actively looking for such bugs though, so evil people are more likely to find them. An evil person is can make even more money from a successful ransom. (there are also honest people looking, but many wrote the code so they may be too close to the problem to see it)