Forgot your password?

I assume that my data stored online is ...

Displaying poll results.
Much less safe than that stored locally
  11443 votes / 55%
Slightly less safe than that stored locally
  3158 votes / 15%
About as safe as that stored locally
  1967 votes / 9%
Slightly safer than that stored locally
  1458 votes / 7%
Much safer than that stored locally
  1170 votes / 5%
Who cares? It's all encrypted the same way ...
  1363 votes / 6%
20559 total votes.
[ Voting Booth | Other Polls | Back Home ]
  • Don't complain about lack of options. You've got to pick a few when you do multiple choice. Those are the breaks.
  • Feel free to suggest poll ideas if you're feeling creative. I'd strongly suggest reading the past polls first.
  • This whole thing is wildly inaccurate. Rounding errors, ballot stuffers, dynamic IPs, firewalls. If you're using these numbers to do anything important, you're insane.
This discussion has been archived. No new comments can be posted.

I assume that my data stored online is ...

Comments Filter:
  • by NoNonAlphaCharsHere (2201864) on Tuesday June 05, 2012 @01:16PM (#40221615)
    Being sifted carefully by Googlebots.
  • Missing info (Score:5, Insightful)

    by Anonymous Coward on Tuesday June 05, 2012 @01:26PM (#40221755)

    Define "Safe".

    • Re:Missing info (Score:5, Insightful)

      by TWX (665546) on Tuesday June 05, 2012 @03:50PM (#40223975)
      That's what came to mind for me too.

      That, and Sir Lawrence Olivier's character from Marathon Man .

      But, safe from others is not the same as intact, or usable. Data is not safe if it's lost due to hardware failure, user error, or failing to maintain conversion filters or to perform conversions to keep old data readable by new software.

      Thing is, I can work to mitigate hardware failure, user error, and even conversion filters or actively converting. I can even keep data on a box that doesn't route to the Internet or in removable or write-once-read-many media, so that it can't be corrupted by outsiders and if offline, can't even be accessed by others.

      Obviously data online can be converted, generally, by the cloud provider, and depending on how the cloud is set up, can mitigate user error. But, I don't control how well they do a job of protecting it from outsiders nor do I control when they might decide to orphan that data by dropping that cloud service, which is almost akin to hardware failure.

      I do not trust "The Cloud". Not that I trust a lot anywhere anyway, but I do not trust data in the hands of others, and while I know that TONS of my data or data on me is out of my control, I will do what I can to not introduce even more of it.
      • by GIL_Dude (850471)
        Exactly. I did not even answer the question since I don't know what they mean by safe. Is it safe from a hard drive failure? Is it safe from "teh evil people" that apparently want all my data? Which? Because in terms of "is it safer than local storage as far as hard drive failure", it is an "it depends". My important stuff is on my server. That backs up at night to external drives and also to a second internal drive. Pretty damn safe from a hard drive failure. But, not safe at all from theft as a thief woul
      • by camperslo (704715)

        But, safe from others is not the same as intact, or usable. Data is not safe if it's lost due to hardware failure, user error, or failing to maintain conversion filters or to perform conversions to keep old data readable by new software.

        What is actually safe if debug features in CPUs provide back doors, or code can install a VM that nothing else sees, or the flash holding firmware for your motherboard, disc, video card, net interface etc is writable because there's no physical switch to disable write access? Malware could kill drives at will.
        (Switches polled by software don't count. Wave to your cam now...)

        Sci-Fi - cheaper than R&D?
        Stop having nightmares at once. Your wireless electric meter uploads them to be built.

        G 41D89A CK512AX4C

    • Yep, on one hand it is possibly less safe in the case of third-party users reading it. On the other hand, it's probably safer than most of my data in the event of fire, flood, hardware malfunctions, etc. To be honest, I've switched mostly to online backups because hardware failures are too common. Flash memory is mostly safe, but beyond 16 GB, it starts to get expensive. External HDDs have the same problems as internal HDDs, with moving parts they fail. And even then, I can't plug my external HDD to my phon
    • by dingen (958134)
      It's more safe because if my house/office burns down, it will survive the disaster. It's less safe because the notion that other people aren't viewing or changing files is based on assumption. That's why I voted "about the same". It's a different kind of safe.
      • if it is encrypted and you have it cryptographically signed you can be fairly sure that it is not being tampered with unless you are someone interesting enough that a major power government or megacorperation wants spend 10 of millions to decrypt and or find a pgp key collision.

    • Agreed. Much less safe from being viewed by an unwanted 3rd party. Much more safe from being destroyed through fire, tornado, or equipment failure.

    • by Chrisq (894406)

      Define "Safe".

      if you live in a safe house then you are probably in danger

  • In which sense? (Score:5, Insightful)

    by fph il quozientatore (971015) on Tuesday June 05, 2012 @01:27PM (#40221769) Homepage
    "safe" from deletion, or "safe" from Google's (or NSA's) prying eyes?
    • Re:In which sense? (Score:5, Insightful)

      by heypete (60671) <pete@heypete.com> on Tuesday June 05, 2012 @01:33PM (#40221873) Homepage

      Exactly. I'm almost certain that data stored with a service like Amazon S3 is far more "safe" from deletion or corruption than data stored on my local storage at home.

      While I doubt that anyone's really mining my particular data, it seems like it'd be more likely to happen on a hosted service than at home.

      Of course, I have no problem using the best of both worlds: my backups are encrypted and then stored with an online backup service. I gain protection from snooping and protection from deletion/corruption/destruction of the data in case my house burns down.

      • Zero control... (Score:5, Insightful)

        by linatux (63153) on Tuesday June 05, 2012 @08:39PM (#40227553)

        In 'The Cloud', you have little or no control over where your data is physically stored. Theoretically, your data could end up somewhere where you can legally be forced to provide keys/passwords. Things that seem harmless at home may carry severe penalties elsewhere. It all seems sane & reasonable so far, but there's no guarantee in the future.

        • by imroy (755)
          But if you're not physically there, how will those countries force you to decrypt the data?
          • by Pieroxy (222434)

            But if you're not physically there, how will those countries force you to decrypt the data?

            They'll grab you out of your plane while you're thinking you're in for a beautiful vacation given the weather and sea temperature..

          • by Armakuni (1091299)
            They'll tell your government that they want you extradited. Your government will then arrest you and ship you there.
            • by jamesh (87723)

              They'll tell your government that they want you extradited. Your government will then arrest you and ship you there.

              And just to be sure they'll hire a couple of girls (or boys?) to say you raped them, just in case your government actually has the balls to refuse to extradite you purely for a thought crime.

    • by Xtifr (1323)

      Yup--depending on the answer to this question, my answer to the original is either "much more" or "much less".

      Of course, I only store stuff online that I'm not particularly concerned about prying eyes (like source code), so in that sense, my data stored online is much safer.

      • by reason (39714)

        I picked "slightly safer". It's much safer from accidental deletion or corruption, much less safe from hacking. It's probably slightly safer if anyone really wants to target me specifically (most of my data has no protection if you have physical access to my hardware). But for me, the biggest risk is accidental loss.

    • by mosb1000 (710161)

      This is mostly a back door test to determine what you're afraid if. If you said more safe, you're afraid to lose your data, if you said less, you're afraid people will get your information and use it against you in some way. Appearantly, most slashdotters arent afraid of losing their files for some reason.

      • by Lumpy (12016)

        Truecrypt to the rescue.

        Keeps the data from dropbox Eyes, and dropbox keeps it synced on 5 computers for data safety :-)

        If the NSA has a copy, good luck cracking it boys, The keycode to the Directors; bathroom is in that file.

      • Appearantly, most slashdotters arent afraid of losing their files for some reason.

        Backups, maybe.

        But then, encryption would make their data in the cloud safer again. I choosed much less safe because I simply do not belive cloud service providers have good enough backups*, thus I think the risk of losing my data on the cloud is bigger.

        * Cloud service providers have completely new failure modes that they can't protect against. Just keeping an external copy of your data is not enough.

    • Yeah, I felt split too.

      I trust Dropbox with my school-work because I am vastly more concerned about it not being lost or deleted that someone from my class somehow magically finding my specific account and gaining access to it while I'm in the same class as them (no one else would care about it, and if you went through that level of effort you probably deserve an A in a computer science class anyway).

      I trust a TrueCrypt volume on my local computer for Taxes/Financial/Official government paperwork/Anything
  • by Z00L00K (682162) on Tuesday June 05, 2012 @01:28PM (#40221785) Homepage

    If storing data off site I think that Truecrypt [truecrypt.org] is the way to go.

    That way I can be reasonably sure that my data isn't read by anyone else.

    • Re: (Score:3, Informative)

      Interesting. The biggest problem with TrueCrypt is that you have to upload a single file, and then re-upload that file in its entirety every time you change something. I quickly found that isn't such a nice thing.

      Other options include Deja Dup (not that I've experimented with it so much) which uses Duplicity and EncFS (with Cryptkeeper). Wait, that assumes you are using Ubuntu or another Debian derivative, though they'll probably also work on every other Linux system.

      Finally, the poll itself. If I backup t

      • by blueg3 (192743)

        The biggest problem with TrueCrypt is that you have to upload a single file, and then re-upload that file in its entirety every time you change something.

        That depends on how smart your synchronization software is. Encrypted containers only change marginally more on disk than the actual changes. (That is, disk encryption techniques encrypt relatively small blocks so that changes in the middle of the disk do not require re-encrypting subsequent blocks.) Synchronization software that watches what blocks were changed as they're changed (using, say, some kind of driver) can transmit minimal change sets to the server.

        A more common approach is to logically divide t

        • by CSMoran (1577071) on Tuesday June 05, 2012 @03:04PM (#40223217) Journal
          Doesn't TrueCrypt specifically warn you about the fact that storing multiple deltas progressively eats into the safety margin? My understanding was that any kind of incremental backup or delta-wise version control makes it easier to crack the encryption on the volume.

          Not that I'd expect the cloud provider to actively try and break your encryption, I'm talking more about the principle.
          • by blueg3 (192743)

            I doubt seeing deltas substantially reduces the cryptographic strength of XTS (which TrueCrypt uses).

            What it does do is give an attacker some potentially-useful information about change patterns. (That is, seeing when, which, and how many blocks change at once.) This isn't anything painfully obvious like "if you store a TrueCrypt container on a Dropbox volume, someone will be able to decrypt it". It's a more subtle problem: don't assume that the attacker won't be able to find out what they want just because

            • by jamesh (87723)

              Sounds like the next project for the truecrypt guys...if you have some multiple of the actual storage you need in the cloud you should be able to obfuscate the delta's in such a way that it's not deducible as to what part of the original image your upload is changing, eg if you have storage in the cloud that is 3x as big as your truecrypt volume you have plenty of room to write the changed data somewhere else instead of over the original data, and also upload random data to the unused space etc.

              Obviously th

          • by mlts (1038732) *

            That it very true, but it would take a large amount of data to do so. This is why all TC algorithms use 128 bit blocksizes or more, so guessing the traffic and the contents is somewhat mitigated.

            One practice that might help with this, although it is a bit clunky is to have a TC volume within the TC volume that is moved out, opened, mounted, used, then after it is unmounted, it is moved back to the TC volume that is synced to the cloud provider. That way, the cloud providers sees a large blob being written

      • Other options include Deja Dup (not that I've experimented with it so much) which uses Duplicity and EncFS (with Cryptkeeper). Wait, that assumes you are using Ubuntu or another Debian derivative, though they'll probably also work on every other Linux system.

        Actually it's not Ubuntu-only. I used Deja Dup successfully in Fedora 16 and, it actually worked quite smoothly. What I found worrisome though was the custom file format it uses (to make incremental backups and encryption possible, fair enough). If I need to do a restore, I don't want to fight with some exotic formats in the process...

      • Interesting. The biggest problem with TrueCrypt is that you have to upload a single file, and then re-upload that file in its entirety every time you change something.

        Not true, if you are using Dropbox. Dropbox only checksin parts of the file container that changed. At least, that is my assumption because each update takes only seconds while the initial checkin took a few minutes for a 256MB encrypted file container.

    • by mlts (1038732) on Tuesday June 05, 2012 @02:20PM (#40222545)

      I use TrueCrypt for offsite data as well, with a couple recommendations:

      First, one of the core rules of offsite storage is that one needs to assume that if it is stored offsite, it can be read by anyone, be it someone in a foreign country, an ex who is looking to dig up some dirt, a rival in the chainsaw fencing league looking for a way to get others disqualified, or a law firm looking to start suing people en masse.

      By storing something where one has no control over the physical media, one should consider that their TC container, regardless of where it is stored, has people quietly trying to brute force the passphrase 24/7/365. This is definitely an assumption, and it might be on the border of being a tinfoil hat case. However, it can't hurt.

      To mitigate this, I recommend two things:

      First, use an encryption cascade. No, two 256 algorithms are not going to give a virtual 512 bits. Instead, it will be more like 257 bits of security. However, if one algorithm gets weakened by an attack, the other likely will still have its full 256 bits of strength.

      Second, use keyfiles. Just using a keyfile means that an attacker will be unable to brute force a passphrase, period. They will need to figure out what keyfile or keyfiles are in use, then try that in combination with a passphrase.

      If someone is concerned more about security of data than recoverability, the keyfile can reside on a USB flash drive. If recoverability is a factor, the keyfile can be stored someplace else, perhaps in a little used E-mail account on an obscure site as a uuencoded message.

      Don't just stash data in a TC container and forget about it. Security take some thought even with a top notch program like TC.

      • by jamesh (87723)

        By storing something where one has no control over the physical media, one should consider that their TC container, regardless of where it is stored, has people quietly trying to brute force the passphrase 24/7/365. This is definitely an assumption, and it might be on the border of being a tinfoil hat case.

        I'm making the assumption that you are trying to brute force my data right now... and I'm not very happy about it.

        However, it can't hurt.

        Don't be so sure 1038732, i'm coming to find you and when I find you there's going to be hurting.

      • by mlts (1038732) *

        Some of that is true.

        However, for a lot of people's needs there is an argument that is game theory based that can be used:

        1: TC has no backdoors or oddball things in the code. Life goes on.

        2: TC has some backdoor (and this is pure conjecture at this point.)

        Lets follow the latter idea. TC has a backdoor somewhere by some government group.

        1: Someone studying the source code finds it. Game over. TC loses trust, people move to a different program, and the jig is up.

        2: Someone is using TC to stash their

        • by allo (1728082)

          1) nobody studying the source will find it, when they provide binaries built from other source than the released source.

          2) while searching for the terrorists, they scan the containers of all people. You do not want to encrypt your stuff, because you're criminal, but because you do not want random people to look at it. Now they are searching through your files, and they look at it, even when they avoid to do something with the information in there to avoid that you notice the monitoring. So you do not win an

    • I was a cloud believer.
      And then I saw this video.
      http://www.youtube.com/watch?v=Xjo7Gh_a07E [youtube.com]

      And it opened my eyes. Seriously. The cloud computing risks are too great to comprehend. This guy knows what he is talking about. He is an Ex-IT commissionar in India and a very wise and intelligent man. His in depth knowledge about cloud computing should be dispensed to all of slashdot

  • by Capt.DrumkenBum (1173011) on Tuesday June 05, 2012 @01:29PM (#40221811)
    I have a dropbox account, I rarely use it. I keep a few documents on it for my own reference. I just don't put anything important online.
    I have a list of my DVD collection stored on dropbox, that way if I see something I want on sale I can check and make sure I don't buy the fifth season of Hogan's heroes for a third time.
    I doubt that piece of highly personal and revealing information would be useful to anyone if they managed to find it.
    • I have a list of my DVD collection stored on dropbox, that way if I see something I want on sale I can check and make sure I don't buy the fifth season of Hogan's heroes for a third time.

      Uh, it was the third time last year. Next will be the fourth time.
      - Friendly Dropbox+Amazon Snoop.

      • by jedidiah (1196)

        With something that trivial, a very simple home server setup would more than suffice. Very little beyond a default Ubuntu Apache install is required.

        • Re:Do I care? (Score:4, Informative)

          by Rob the Bold (788862) on Tuesday June 05, 2012 @04:05PM (#40224251)

          With something that trivial, a very simple home server setup would more than suffice. Very little beyond a default Ubuntu Apache install is required.

          And some (at least) quasi-static IP address. And at least some rudimentary web coding ability. And a hole in your firewall and/or router's routing rules. And I'm concerned that I probably omitted or misstated something . . .

        • Which is the stupid idea?
          Spend my time and effort setting up a server, configuring my firewall, and configuring dyndns, and paying for the electricity to run the server.
          OR
          Install dropbox, which avoids all of the configuration, integrates perfectly with all my machines and my phone, and doesn't cost me anything.
      • by Capt.DrumkenBum (1173011) on Tuesday June 05, 2012 @04:27PM (#40224565)
        Quit editing my DVD list you bastard!!!!!!
    • by DaveM753 (844913)
      > "...buy the fifth season of Hogan's heroes for a third time."

      SCHULTZ!!
  • Define "safe" (Score:5, Interesting)

    by SirGarlon (845873) on Tuesday June 05, 2012 @01:32PM (#40221859)

    There are aspects to "safety."

    Redundancy is one aspect. I trust my data online to be adequately backed up and protected from loss in a single accident. Local data, not so much. So online data is safer from *me*.

    Privacy is another aspect. With local data, I control who sees it, end of story. Storing it with some third party -- have you actually read the "privacy" policies for Google and iCloud? I'd call them a joke, but "outrage" is a better word. So local data is safer from *them*.

    Continuity is another aspect. I'll be able to access my local data unless something happens to destroy it. With online data, I could be locked out tomorrow on whim (or by accident). It's already happened to me with Steam games. Yes, Steam did fix the problem they caused, two days later and with a lot of time on my part. I suppose they consider that "great customer service." So again, local data is safer from *them*.

    All in all, I would rather accept the risks I can control than trust a company whom I can't control.

    • by jd (1658)

      Agreed, but I'm not confident about even the one thing in the Cloud's "favour".

      Data may be backed up, but if it's corrupted (eg: malware on the cloud) then all that's being backed up is garbage. Doesn't matter how many co-location sites it is copied to, it's still dead data. You don't know, cannot know and cannot control what procedures they have in place to guarantee data integrity. You should know, can certainly know and definitely control what procedures YOU put in place.

      Agreed, they have the capacity to

      • take a look at Amazon's cloud. Single virtual machines in a single site.

        If you're storing backups on EC2, you're doing it wrong. Data is saved on S3, which is in fact replicated to more than one machine before it even returns a response to the upload. According the them, it's designed to withstand the simultaneous loss of two copies without affecting the data.

        Personally, I use Tarsnap [tarsnap.com], which is based on S3 and offers a nice, tar-like CLI program, full client-side encryption and paying only what you use, down the single byte.

  • by SuperCharlie (1068072) on Tuesday June 05, 2012 @01:47PM (#40222091)
    Ask Megaupload about that one.
  • If it's uploaded somewhere, it is publicly available on a single Western Digital MyBook. That is the stance I assume. I assume that whoever is storing that data has no interest in its security, nor any true desire to ensure that it is backed up.

    If I am wrong, it is only in my favor.

  • One nice thing about encfs (and ecryptfs) --- I only tell the cloud-backup guys to backup the encrypted versions of the files.

    Since the encryption is per-file based, incremental backups (rsync) are still largely useful; and I don't have to worry about the backup service safely managing the data.

  • by SuperKendall (25149) on Tuesday June 05, 2012 @03:54PM (#40224063)

    I voted "about the same", because it's a different kind of safe...

    My own local data, I know where it is and can get to it rapidly. I know exactly how and IF it is backed up.

    But it is imperiled from things like fire, flood or theft.

    Remote data is in some sense more ephemeral. You can't really know how well it's backed up, or even quite where it is. The company could fold at any time or the law could seize it (megaupload).

    And yet, it's a lot less prone to vanishing due to theft. Most natural disasters are probably not going to destroy it if you go with a larger storage facility that may be replicating data.

    Others have commented on "safe" being others visibility into your data, but the only real concern most people should really have is, will I be able to get to my data at all. Most people simply do not have anything worth spending much effort to hide from others. I know I don't (just a handful of passwords and so on).

  • By "safe" I think of "How likely is my data to be lost or destroyed?", in which case I answered "about as safe", but that's because my personal data is on a computer that is backed up nightly to another computer that has a RAID5 with a spare.

    It looks like most people are answering the question as though it meant "How likely is your data to be stolen by other people?", which I would have phrased as "How secure is your data?", in which case my data online is likely much less secure than my local data.

    • By "safe" I think of "How likely is my data to be lost or destroyed?", in which case I answered "about as safe"

      How do you protect your data from banckrupcy of the cloud service provider? Or some government taking the entire thing down because somebody else put one bad document on his area? Or even, how can you be sure they actually do backups?

      I keep local backups of the (important part of the) data I put on the cloud. That way I think the data I keep on the cloud is as safe as local, but that is not really

  • by DaveAtFraud (460127) on Tuesday June 05, 2012 @04:19PM (#40224431) Homepage Journal

    In fact, not only is it already gone, it was never there to begin with.

    Missing option: I don't store data online.

    Cheers,
    Dave

  • Either public record (i.e., birth date, etc) or non-existent.

  • by Kergan (780543) on Tuesday June 05, 2012 @07:15PM (#40226741)

    It makes absolutely no sense... Safe from what standpoint? That Google/Facebook/Amazon/Apple/Dropbox/[whoever] now potentially has access to it? That advertisers can now take advantage of it? That it is more or less encrypted? That hackers now have additional ways to get their hands on it? That it now gets backed up? Safe how exactly?

  • I consider my "cloud-stored" data to be exceptionally safe, in that I will never accidentally lose the data. It's probably backed up much better than my local files, which are haphazardly duplicated across several drives. Stuff "in the cloud" is really only going to disappear if the host goes completely out-of-business, or (hopefully) if I deliberately delete it.

    However, I also do not consider any cloud-stored data to be secure. Unless I encrypt it myself, and keep the keys local-only, I consider it publicl

  • Safe = integrity. I'm sure my data is on redundant hardware and secure. However, who knows how many other people/agencies have access to it.
  • Either type of storage has its own risks and benefits. If you want your data to be secure, use both. Then if your data is threatened with one type of risk, the other storage type is likely to be unaffected, making it possible to recover your data. That's what backups are all about.

  • What means "safe"? Safer from loss, absolutely. Something stored in Google Drive exists in multiple datacenters with redundant backups in multiple geographic locations.

    Is it more secure from a privacy stand point? No, by definition more people having it makes it less private. If I really want something to be private I encrypt it before uploading it or don't upload it at all. The majority of my documents aren't worth the trouble however.

  • My Gmail etc.? Probably same-same as my local data.

    My external hard disk backed up nightly to my ISPs data center where they have tape backups as well? Pretty damn safe.

  • Physical control of the media matters a LOT.

  • my data is much more safe from accidental loss (I assume Google's backups are far better than my own) but much less safe from snooping eyes (I assume Google's backups are freely visible by almost anybody who wants to look at them). Thus, about the same.

    That said, the combination of an encrypted home drive with backup (pretty safe from snooping, but still susceptible to fire) and the usual "cloud" backup (pretty safe from fire, but still susceptible to snooping) is a great combination for "not that import
  • by assertation (1255714) on Wednesday June 06, 2012 @09:05AM (#40231165)

    I'm amazed how many orgs are willing to go to a cloud solution and trust their private info to another group who is not invested in them at all.

  • I don't know about you, but my online data is source code to open source software. Google and the NSA are encouraged to read it and use it (if they find it useful).

  • I am lazy, very lazy. I don't backup stuff properly, I keep my hardware longer then I actually should, I take my laptop around with me everywhere
    and occasionally leave it in less then secure locations.
    So data on my laptop is not very safe.
    Privacy, well I have very little data I consider private.
    So having my mail, and photos and the code I write all stored in the cloud
    makes me safer in the ways I care about. Even if anyone with enough of an interest could get at it.

  • That was my Facebook status today. Guess which option I voted for.

  • ...this is obviously some strange usage of the word "safe" that I wasn't previously aware of.
  • i put "much safer".

    the computer i generate the most personal data on is an old netbook. it's already lost one drive, has a dodgy power supply and a crack spreading along it's case.

    an online service that has the most uptime has a commercial advantage, so these services are rock solid as far as preventing data loss.

    company lifetimes are longer than hard disk lifetimes.

    of course, i should encrypt everything sensitive before uploading, but i haven't stored anything sensitive yet - mainly recipes and processes

The shortest distance between two points is under construction. -- Noelie Alito

 



Forgot your password?
Working...