I assume that my data stored online is ...
Displaying poll results.20560 total votes.
Most Votes
- What's the highest dollar price will Bitcoin reach in 2024? Posted on February 28th, 2024 | 8470 votes
- Will ByteDance be forced to divest TikTok Posted on March 20th, 2024 | 6388 votes
Most Comments
- What's the highest dollar price will Bitcoin reach in 2024? Posted on March 20th, 2024 | 68 comments
- Will ByteDance be forced to divest TikTok Posted on March 20th, 2024 | 20 comments
Missing option (Score:5, Funny)
Re:Missing option (Score:5, Insightful)
Re:Missing option (Score:5, Insightful)
Or perhaps "Already public"
Re: (Score:3)
Re: (Score:2)
the Googlement?
Re: (Score:2)
the Googlement?
I'll go for that, It's probably somewhat less evil than regular government.
Re: (Score:2)
Or: Being analyzed by the _______ government.
Your spell checker seems to have a cupertino effect, replacing "United States" with "_______".
Re:Missing option (Score:5, Insightful)
Re: (Score:3)
Re: (Score:2)
I want to mod your post and all the replies to it up.
Missing info (Score:5, Insightful)
Define "Safe".
Re:Missing info (Score:5, Insightful)
That, and Sir Lawrence Olivier's character from Marathon Man .
But, safe from others is not the same as intact, or usable. Data is not safe if it's lost due to hardware failure, user error, or failing to maintain conversion filters or to perform conversions to keep old data readable by new software.
Thing is, I can work to mitigate hardware failure, user error, and even conversion filters or actively converting. I can even keep data on a box that doesn't route to the Internet or in removable or write-once-read-many media, so that it can't be corrupted by outsiders and if offline, can't even be accessed by others.
Obviously data online can be converted, generally, by the cloud provider, and depending on how the cloud is set up, can mitigate user error. But, I don't control how well they do a job of protecting it from outsiders nor do I control when they might decide to orphan that data by dropping that cloud service, which is almost akin to hardware failure.
I do not trust "The Cloud". Not that I trust a lot anywhere anyway, but I do not trust data in the hands of others, and while I know that TONS of my data or data on me is out of my control, I will do what I can to not introduce even more of it.
Re: (Score:3)
Re: (Score:2)
But, safe from others is not the same as intact, or usable. Data is not safe if it's lost due to hardware failure, user error, or failing to maintain conversion filters or to perform conversions to keep old data readable by new software.
What is actually safe if debug features in CPUs provide back doors, or code can install a VM that nothing else sees, or the flash holding firmware for your motherboard, disc, video card, net interface etc is writable because there's no physical switch to disable write access? Malware could kill drives at will.
(Switches polled by software don't count. Wave to your cam now...)
Sci-Fi - cheaper than R&D?
Stop having nightmares at once. Your wireless electric meter uploads them to be built.
G 41D89A CK512AX4C
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
if it is encrypted and you have it cryptographically signed you can be fairly sure that it is not being tampered with unless you are someone interesting enough that a major power government or megacorperation wants spend 10 of millions to decrypt and or find a pgp key collision.
Re: (Score:2)
Great news! My ROT13 encryption saves the day again!
Re: (Score:2)
Re: (Score:2)
Agreed. Much less safe from being viewed by an unwanted 3rd party. Much more safe from being destroyed through fire, tornado, or equipment failure.
Re: (Score:2)
Define "Safe".
if you live in a safe house then you are probably in danger
In which sense? (Score:5, Insightful)
Re:In which sense? (Score:5, Insightful)
Exactly. I'm almost certain that data stored with a service like Amazon S3 is far more "safe" from deletion or corruption than data stored on my local storage at home.
While I doubt that anyone's really mining my particular data, it seems like it'd be more likely to happen on a hosted service than at home.
Of course, I have no problem using the best of both worlds: my backups are encrypted and then stored with an online backup service. I gain protection from snooping and protection from deletion/corruption/destruction of the data in case my house burns down.
Zero control... (Score:5, Insightful)
In 'The Cloud', you have little or no control over where your data is physically stored. Theoretically, your data could end up somewhere where you can legally be forced to provide keys/passwords. Things that seem harmless at home may carry severe penalties elsewhere. It all seems sane & reasonable so far, but there's no guarantee in the future.
Re: (Score:3)
Re: (Score:2)
But if you're not physically there, how will those countries force you to decrypt the data?
They'll grab you out of your plane while you're thinking you're in for a beautiful vacation given the weather and sea temperature..
Re: (Score:2)
Re: (Score:2)
They'll tell your government that they want you extradited. Your government will then arrest you and ship you there.
And just to be sure they'll hire a couple of girls (or boys?) to say you raped them, just in case your government actually has the balls to refuse to extradite you purely for a thought crime.
Re: (Score:2)
I consider that aspect a fact just due to the "so many eggs in one basket" scenario. Hacking a cloud provider and getting access to user directories could be extremely lucrative for a criminal organization. Just a couple Quicken files with stored access to bank servers would go a long way into financing the venture, and there is always data that can be used for blackmail or extortion.
Even if a cloud provider is hacked, it will be highly unlikely for people to hear about the breach unless an employee decid
Re: (Score:2)
Yup--depending on the answer to this question, my answer to the original is either "much more" or "much less".
Of course, I only store stuff online that I'm not particularly concerned about prying eyes (like source code), so in that sense, my data stored online is much safer.
Re: (Score:3)
I picked "slightly safer". It's much safer from accidental deletion or corruption, much less safe from hacking. It's probably slightly safer if anyone really wants to target me specifically (most of my data has no protection if you have physical access to my hardware). But for me, the biggest risk is accidental loss.
Re: (Score:2)
This is mostly a back door test to determine what you're afraid if. If you said more safe, you're afraid to lose your data, if you said less, you're afraid people will get your information and use it against you in some way. Appearantly, most slashdotters arent afraid of losing their files for some reason.
Re: (Score:2)
Truecrypt to the rescue.
Keeps the data from dropbox Eyes, and dropbox keeps it synced on 5 computers for data safety :-)
If the NSA has a copy, good luck cracking it boys, The keycode to the Directors; bathroom is in that file.
Re: (Score:2)
Truecrypt to the rescue.
Keeps the data from dropbox Eyes, and dropbox keeps it synced on 5 computers for data safety :-)
If the NSA has a copy, good luck cracking it boys, The keycode to the Directors; bathroom is in that file.
That's exactly what I do. What's nice is it only uploads part of the encrypted file container that changes from the last checkin. Just got to be sure to uncheck "preserve timestamp" in the Truecrypt settings.
Re:In which sense? (Score:5, Insightful)
Obligatory: http://xkcd.com/538/ [xkcd.com]
Re: (Score:2)
Backups, maybe.
But then, encryption would make their data in the cloud safer again. I choosed much less safe because I simply do not belive cloud service providers have good enough backups*, thus I think the risk of losing my data on the cloud is bigger.
* Cloud service providers have completely new failure modes that they can't protect against. Just keeping an external copy of your data is not enough.
Re: (Score:3)
I trust Dropbox with my school-work because I am vastly more concerned about it not being lost or deleted that someone from my class somehow magically finding my specific account and gaining access to it while I'm in the same class as them (no one else would care about it, and if you went through that level of effort you probably deserve an A in a computer science class anyway).
I trust a TrueCrypt volume on my local computer for Taxes/Financial/Official government paperwork/Anything
Re: (Score:2)
Truecrypt is the option. (Score:4, Insightful)
If storing data off site I think that Truecrypt [truecrypt.org] is the way to go.
That way I can be reasonably sure that my data isn't read by anyone else.
Re: (Score:3, Informative)
Interesting. The biggest problem with TrueCrypt is that you have to upload a single file, and then re-upload that file in its entirety every time you change something. I quickly found that isn't such a nice thing.
Other options include Deja Dup (not that I've experimented with it so much) which uses Duplicity and EncFS (with Cryptkeeper). Wait, that assumes you are using Ubuntu or another Debian derivative, though they'll probably also work on every other Linux system.
Finally, the poll itself. If I backup t
Re: (Score:2)
The biggest problem with TrueCrypt is that you have to upload a single file, and then re-upload that file in its entirety every time you change something.
That depends on how smart your synchronization software is. Encrypted containers only change marginally more on disk than the actual changes. (That is, disk encryption techniques encrypt relatively small blocks so that changes in the middle of the disk do not require re-encrypting subsequent blocks.) Synchronization software that watches what blocks were changed as they're changed (using, say, some kind of driver) can transmit minimal change sets to the server.
A more common approach is to logically divide t
Re:Truecrypt is the option. (Score:5, Interesting)
Not that I'd expect the cloud provider to actively try and break your encryption, I'm talking more about the principle.
Re: (Score:3)
I doubt seeing deltas substantially reduces the cryptographic strength of XTS (which TrueCrypt uses).
What it does do is give an attacker some potentially-useful information about change patterns. (That is, seeing when, which, and how many blocks change at once.) This isn't anything painfully obvious like "if you store a TrueCrypt container on a Dropbox volume, someone will be able to decrypt it". It's a more subtle problem: don't assume that the attacker won't be able to find out what they want just because
Re: (Score:2)
Sounds like the next project for the truecrypt guys...if you have some multiple of the actual storage you need in the cloud you should be able to obfuscate the delta's in such a way that it's not deducible as to what part of the original image your upload is changing, eg if you have storage in the cloud that is 3x as big as your truecrypt volume you have plenty of room to write the changed data somewhere else instead of over the original data, and also upload random data to the unused space etc.
Obviously th
Re: (Score:2)
That it very true, but it would take a large amount of data to do so. This is why all TC algorithms use 128 bit blocksizes or more, so guessing the traffic and the contents is somewhat mitigated.
One practice that might help with this, although it is a bit clunky is to have a TC volume within the TC volume that is moved out, opened, mounted, used, then after it is unmounted, it is moved back to the TC volume that is synced to the cloud provider. That way, the cloud providers sees a large blob being written
Re: (Score:2)
Large containers are basically untenable, but the unencrypted contents of the container will be almost as bad, unless you're making a large container for a small amount of data.
Re: (Score:2)
Other options include Deja Dup (not that I've experimented with it so much) which uses Duplicity and EncFS (with Cryptkeeper). Wait, that assumes you are using Ubuntu or another Debian derivative, though they'll probably also work on every other Linux system.
Actually it's not Ubuntu-only. I used Deja Dup successfully in Fedora 16 and, it actually worked quite smoothly. What I found worrisome though was the custom file format it uses (to make incremental backups and encryption possible, fair enough). If I need to do a restore, I don't want to fight with some exotic formats in the process...
Re: (Score:2)
Interesting. The biggest problem with TrueCrypt is that you have to upload a single file, and then re-upload that file in its entirety every time you change something.
Not true, if you are using Dropbox. Dropbox only checksin parts of the file container that changed. At least, that is my assumption because each update takes only seconds while the initial checkin took a few minutes for a 256MB encrypted file container.
Re:Truecrypt is the option. (Score:5, Interesting)
I use TrueCrypt for offsite data as well, with a couple recommendations:
First, one of the core rules of offsite storage is that one needs to assume that if it is stored offsite, it can be read by anyone, be it someone in a foreign country, an ex who is looking to dig up some dirt, a rival in the chainsaw fencing league looking for a way to get others disqualified, or a law firm looking to start suing people en masse.
By storing something where one has no control over the physical media, one should consider that their TC container, regardless of where it is stored, has people quietly trying to brute force the passphrase 24/7/365. This is definitely an assumption, and it might be on the border of being a tinfoil hat case. However, it can't hurt.
To mitigate this, I recommend two things:
First, use an encryption cascade. No, two 256 algorithms are not going to give a virtual 512 bits. Instead, it will be more like 257 bits of security. However, if one algorithm gets weakened by an attack, the other likely will still have its full 256 bits of strength.
Second, use keyfiles. Just using a keyfile means that an attacker will be unable to brute force a passphrase, period. They will need to figure out what keyfile or keyfiles are in use, then try that in combination with a passphrase.
If someone is concerned more about security of data than recoverability, the keyfile can reside on a USB flash drive. If recoverability is a factor, the keyfile can be stored someplace else, perhaps in a little used E-mail account on an obscure site as a uuencoded message.
Don't just stash data in a TC container and forget about it. Security take some thought even with a top notch program like TC.
Re: (Score:2)
By storing something where one has no control over the physical media, one should consider that their TC container, regardless of where it is stored, has people quietly trying to brute force the passphrase 24/7/365. This is definitely an assumption, and it might be on the border of being a tinfoil hat case.
I'm making the assumption that you are trying to brute force my data right now... and I'm not very happy about it.
However, it can't hurt.
Don't be so sure 1038732, i'm coming to find you and when I find you there's going to be hurting.
Re: (Score:2)
Re: (Score:3)
http://www.privacylover.com/encryption/analysis-is-there-a-backdoor-in-truecrypt-is-truecrypt-a-cia-honeypot/ [privacylover.com]
Re: (Score:2)
Some of that is true.
However, for a lot of people's needs there is an argument that is game theory based that can be used:
1: TC has no backdoors or oddball things in the code. Life goes on.
2: TC has some backdoor (and this is pure conjecture at this point.)
Lets follow the latter idea. TC has a backdoor somewhere by some government group.
1: Someone studying the source code finds it. Game over. TC loses trust, people move to a different program, and the jig is up.
2: Someone is using TC to stash their
Re: (Score:2)
1) nobody studying the source will find it, when they provide binaries built from other source than the released source.
2) while searching for the terrorists, they scan the containers of all people. You do not want to encrypt your stuff, because you're criminal, but because you do not want random people to look at it. Now they are searching through your files, and they look at it, even when they avoid to do something with the information in there to avoid that you notice the monitoring. So you do not win an
Re: (Score:2)
yeah, and to point 1: It is not easily possible to build the binaries the same way. RTFA:
> Very few people compile the Windows binaries from source; it is exceedingly difficult to generate binaries from source that match the binaries provided by Truecrypt (due to compiler options, etc.)
Re: (Score:2)
yeah, and better TC than nothing at all. But the other way round, i prefer to use dm-crypt.
TrueCrypt cannot save you from the real danger (Score:2)
I was a cloud believer.
And then I saw this video.
http://www.youtube.com/watch?v=Xjo7Gh_a07E [youtube.com]
And it opened my eyes. Seriously. The cloud computing risks are too great to comprehend. This guy knows what he is talking about. He is an Ex-IT commissionar in India and a very wise and intelligent man. His in depth knowledge about cloud computing should be dispensed to all of slashdot
Do I care? (Score:3)
I have a list of my DVD collection stored on dropbox, that way if I see something I want on sale I can check and make sure I don't buy the fifth season of Hogan's heroes for a third time.
I doubt that piece of highly personal and revealing information would be useful to anyone if they managed to find it.
Re: (Score:3)
I have a list of my DVD collection stored on dropbox, that way if I see something I want on sale I can check and make sure I don't buy the fifth season of Hogan's heroes for a third time.
Uh, it was the third time last year. Next will be the fourth time.
- Friendly Dropbox+Amazon Snoop.
Re: (Score:2)
With something that trivial, a very simple home server setup would more than suffice. Very little beyond a default Ubuntu Apache install is required.
Re:Do I care? (Score:4, Informative)
With something that trivial, a very simple home server setup would more than suffice. Very little beyond a default Ubuntu Apache install is required.
And some (at least) quasi-static IP address. And at least some rudimentary web coding ability. And a hole in your firewall and/or router's routing rules. And I'm concerned that I probably omitted or misstated something . . .
Re: (Score:2)
Spend my time and effort setting up a server, configuring my firewall, and configuring dyndns, and paying for the electricity to run the server.
OR
Install dropbox, which avoids all of the configuration, integrates perfectly with all my machines and my phone, and doesn't cost me anything.
Re: (Score:2)
Re:Do I care? (Score:5, Funny)
Re: (Score:2)
SCHULTZ!!
Define "safe" (Score:5, Interesting)
There are aspects to "safety."
Redundancy is one aspect. I trust my data online to be adequately backed up and protected from loss in a single accident. Local data, not so much. So online data is safer from *me*.
Privacy is another aspect. With local data, I control who sees it, end of story. Storing it with some third party -- have you actually read the "privacy" policies for Google and iCloud? I'd call them a joke, but "outrage" is a better word. So local data is safer from *them*.
Continuity is another aspect. I'll be able to access my local data unless something happens to destroy it. With online data, I could be locked out tomorrow on whim (or by accident). It's already happened to me with Steam games. Yes, Steam did fix the problem they caused, two days later and with a lot of time on my part. I suppose they consider that "great customer service." So again, local data is safer from *them*.
All in all, I would rather accept the risks I can control than trust a company whom I can't control.
Re: (Score:2)
Agreed, but I'm not confident about even the one thing in the Cloud's "favour".
Data may be backed up, but if it's corrupted (eg: malware on the cloud) then all that's being backed up is garbage. Doesn't matter how many co-location sites it is copied to, it's still dead data. You don't know, cannot know and cannot control what procedures they have in place to guarantee data integrity. You should know, can certainly know and definitely control what procedures YOU put in place.
Agreed, they have the capacity to
Re: (Score:2)
take a look at Amazon's cloud. Single virtual machines in a single site.
If you're storing backups on EC2, you're doing it wrong. Data is saved on S3, which is in fact replicated to more than one machine before it even returns a response to the upload. According the them, it's designed to withstand the simultaneous loss of two copies without affecting the data.
Personally, I use Tarsnap [tarsnap.com], which is based on S3 and offers a nice, tar-like CLI program, full client-side encryption and paying only what you use, down the single byte.
Safe from disappearing? (Score:4, Insightful)
Missing Option: Completely Unsafe (Score:3)
If it's uploaded somewhere, it is publicly available on a single Western Digital MyBook. That is the stance I assume. I assume that whoever is storing that data has no interest in its security, nor any true desire to ensure that it is backed up.
If I am wrong, it is only in my favor.
Encrypted the same way - a nice thing about encfs (Score:2)
One nice thing about encfs (and ecryptfs) --- I only tell the cloud-backup guys to backup the encrypted versions of the files.
Since the encryption is per-file based, incremental backups (rsync) are still largely useful; and I don't have to worry about the backup service safely managing the data.
Different safes (Score:4)
I voted "about the same", because it's a different kind of safe...
My own local data, I know where it is and can get to it rapidly. I know exactly how and IF it is backed up.
But it is imperiled from things like fire, flood or theft.
Remote data is in some sense more ephemeral. You can't really know how well it's backed up, or even quite where it is. The company could fold at any time or the law could seize it (megaupload).
And yet, it's a lot less prone to vanishing due to theft. Most natural disasters are probably not going to destroy it if you go with a larger storage facility that may be replicating data.
Others have commented on "safe" being others visibility into your data, but the only real concern most people should really have is, will I be able to get to my data at all. Most people simply do not have anything worth spending much effort to hide from others. I know I don't (just a handful of passwords and so on).
Re: (Score:2)
Re: (Score:2)
How do you protect your data from banckrupcy of the cloud service provider? Or some government taking the entire thing down because somebody else put one bad document on his area? Or even, how can you be sure they actually do backups?
I keep local backups of the (important part of the) data I put on the cloud. That way I think the data I keep on the cloud is as safe as local, but that is not really
Much less safe (Score:4)
In fact, not only is it already gone, it was never there to begin with.
Missing option: I don't store data online.
Cheers,
Dave
Missing option: (Score:2)
Either public record (i.e., birth date, etc) or non-existent.
Wft is this question? (Score:3)
It makes absolutely no sense... Safe from what standpoint? That Google/Facebook/Amazon/Apple/Dropbox/[whoever] now potentially has access to it? That advertisers can now take advantage of it? That it is more or less encrypted? That hackers now have additional ways to get their hands on it? That it now gets backed up? Safe how exactly?
Safety or Security? (Score:2)
I consider my "cloud-stored" data to be exceptionally safe, in that I will never accidentally lose the data. It's probably backed up much better than my local files, which are haphazardly duplicated across several drives. Stuff "in the cloud" is really only going to disappear if the host goes completely out-of-business, or (hopefully) if I deliberately delete it.
However, I also do not consider any cloud-stored data to be secure. Unless I encrypt it myself, and keep the keys local-only, I consider it publicl
assumptions (Score:2)
Eggs in one basket (Score:2)
Either type of storage has its own risks and benefits. If you want your data to be secure, use both. Then if your data is threatened with one type of risk, the other storage type is likely to be unaffected, making it possible to recover your data. That's what backups are all about.
Define safe? (Score:2)
What means "safe"? Safer from loss, absolutely. Something stored in Google Drive exists in multiple datacenters with redundant backups in multiple geographic locations.
Is it more secure from a privacy stand point? No, by definition more people having it makes it less private. If I really want something to be private I encrypt it before uploading it or don't upload it at all. The majority of my documents aren't worth the trouble however.
That depends on the service (Score:2)
My Gmail etc.? Probably same-same as my local data.
My external hard disk backed up nightly to my ISPs data center where they have tape backups as well? Pretty damn safe.
Of course (Score:2)
Physical control of the media matters a LOT.
About the same because... (Score:2)
That said, the combination of an encrypted home drive with backup (pretty safe from snooping, but still susceptible to fire) and the usual "cloud" backup (pretty safe from fire, but still susceptible to snooping) is a great combination for "not that import
I'm Amazed How Many Orgs Are Using "The Cloud" (Score:3)
I'm amazed how many orgs are willing to go to a cloud solution and trust their private info to another group who is not invested in them at all.
Missing option! (Score:2)
I don't know about you, but my online data is source code to open source software. Google and the NSA are encouraged to read it and use it (if they find it useful).
Safer in the ways I care about (Score:2)
I am lazy, very lazy. I don't backup stuff properly, I keep my hardware longer then I actually should, I take my laptop around with me everywhere
and occasionally leave it in less then secure locations.
So data on my laptop is not very safe.
Privacy, well I have very little data I consider private.
So having my mail, and photos and the code I write all stored in the cloud
makes me safer in the ways I care about. Even if anyone with enough of an interest could get at it.
Uifsf!bsf!cfuufs!uijoht!up!ep!jo!mjgf-!zpv!lopx/// (Score:2)
That was my Facebook status today. Guess which option I voted for.
As Arthur would say... (Score:2)
Not safe at all. One word: (Score:2)
MegaUpload?
hardware safety (Score:2)
i put "much safer".
the computer i generate the most personal data on is an old netbook. it's already lost one drive, has a dodgy power supply and a crack spreading along it's case.
an online service that has the most uptime has a commercial advantage, so these services are rock solid as far as preventing data loss.
company lifetimes are longer than hard disk lifetimes.
of course, i should encrypt everything sensitive before uploading, but i haven't stored anything sensitive yet - mainly recipes and processes
Re: (Score:3)
I can break into your house and access all your data...
Ha! Even I can't do that. I don't even remember where I put some of my hard drives, especially since I moved.
Re: (Score:2)
I can break into your house and access all your data or delete it.
LMAO...no, no you can't. Only someone with a bare bones sense of computer literacy (and not much thought of security) would have their machines, even at home, with sensitive data on them that auto log on. So, there's the first obstacle to that theory. Then there's the fully encrypted volumes that the data resides on. Good luck with that. There's the on-site and off-site backups (yes, at home too). My dad and I ship drives back and forth from our separate locations monthly and keep those drives in safes for
Re: (Score:2)
I re-encrypt all of my ASCII data with ROT13. Twice.
Re:My data is all encrypted in ASCII (Score:5, Funny)
ROT13 isn't secure. That's why I only use a one-time pad for encrypting all my files. In order to reveal as little information about my files as possible, I choose the pad carefully so that it only stores zeroes on the server, and then I keep the pad safe locally.
This also has the advantage that it works without network access; if I need my encrypted files while I'm on the move, I can simply decrypt /dev/null with the appropriate key in order to retrieve my data. Additionally, I require very little space, as I compress all my cloud data down to a single disk block, plus some metadata. I also encrypt this compressed data, just to be safe, by the same method.
Re: (Score:2)
The kind who knows how to use strong encryption, and how to store backup copies locally (or vice versa).
Re: (Score:2)
Re: (Score:2)
That probably wouldn't be good. With ZFS RAIDZ3, he can have 3 drives fail. He has 6 SSDs, which if they are the same brand/model and purchased at the same time, will probably all fail at once.
Re: (Score:2)
Things in my head had the habit of disapearing when I most need them. They are not safe at all.
Re: (Score:3)
Who cares? I don't have secrets...
Anonymous who?