Google Slips Talk of Online Storage Service

sonsonete writes "Reuters reports that Google is preparing to offer online storage, according to company documents that were mistakenly released on the Web. From the piece: 'The existence of the previously rumored GDrive online storage service surfaced after a blogger discovered apparent notes in a slide presentation by Google executives published on Google's site after its analysts presentation day last Thursday.'"

Concept vs. Reality

[ackthpt]

In principle, not a bad thing, considering Jane & Joe CtrlAltDel don't usually make backups and probably hardly come close to the actual capacity of their hard drives. Not likely to be a realistic consideration for Slashdotters who count their media, development tools, etc in the terabytes, though.

But there's the worry that if Google did this, how long before the Bureau of National Security Over Privacy and All Else presses Google to make content of this online storage available to the FBI? RIAA? MPAA? Cheney Department of Vindictive Leaks?

Google recently squared up against the U.S. Justice Department which has subpoenaed a limited set of data on Google search habits, drawing an outcry from privacy advocates.

It's thought provoking, certainly. Then there's the inevitable:

Google, Inc.
1600 Ampitheatre Parkway
Mountain View, CA 94043

Dear GDrive user, we are very concerned about recent activity with regard to your account. Please verify you User ID at the following link. www.google.com/accounts[links to: update.google-account.info/idpasswdstealer.html]

Remember never to give out your User ID or Password to people you don't know, those who spit while talking, people who do not wash their hands after using the lavatory, wombat ranchers, msn fanboys or anyone with the middle initial of J.

Best regards,
Google Internet Security
Google, Inc.

I'll pass.

It slipped out

[truthsearch]

Let's hope the stuff from your GDrive doesn't end up all over the internet like this presentation!

Encryption

[Neil Watson]

Encrypt your files.

Why give everything to google?

[IntelliAdmin]

The most interesting part of this story is this line: "With infinite storage, we can house all user files, including emails, web history, pictures, bookmarks, etc and make it accessible from anywhere (any device, any platform, etc)," the notes in the original Google presentation state. Chief Executive Eric Schmidt in his presentation made a cryptic comment that one goal of Google was to "store 100 percent" of consumer information." Now, this service might just be vapor. But if it is real. Why would I want to give all my very personal information to a potential advertiser? It makes me cringe all of the suckers out there that will store their private word, excel or other docs and have no idea how insecure it is.

Re:Didn't we have this in 1997?

[hal9000(jr)]

XDrive, Yahoo Briefcase, anybody?

Dude, get on the fan-boi band wagon. It doesn't matter if anything came before. If google does, it will be "better."

Seriously, this might be useful but I would definently want to encrypt that data. It still doesn't obviate the need for local back-ups. My data back-ups are routinely over 4GB is size. No way am I tranporting that up my stinking little DSL connection. But I could see a use for those few must have docs.

Their Objective

[rolfwind]

From the article:

"With infinite storage, we can house all user files, including emails, web history, pictures, bookmarks, etc and make it accessible from anywhere (any device, any platform, etc)," the notes in the original Google presentation state.

Chief Executive Eric Schmidt in his presentation made a cryptic comment that one goal of Google was to "store 100 percent" of consumer information.

What is so damned cryptic about that? This has been google's strategy from the beginning, the more info they have about you, the users - the better they can market to you, the users.

I would be worried, of course, about the obvious bad possibilities that can from from this unprecedented access this gives google to our info. But that discussion has been played out with every google took.

Re:This already exists...

[ZeroExistenZ]

How come I don't trust signing inthere?

scary

[pvt_medic]

any one find the followig line a little scary.

"one goal of Google was to "store 100 percent" of consumer information."

Im sorry there just some of my info I trust to ME, MYSELF, and I.

Re:That's just what we need!

[g0at]

eludes [sic]

Actually, the article suggests just the opposite!

-b

Something just doesn't sit right...

[Kihaji]

Google "accidently" leaked information to the world, so, if they cant keep their own documents secure, why should I trust them with mine?

Re:Why give everything to google?

[Telastyn]

As opposed to trusting all of the intermediaries between you and google? Personally, I trust google to protect my privacy far more than say... Comcast, who has direct unencrypted access to every non-ssl web browsing session, gmail use, or email sent.

Re:That's just what we need!

[fermion]

It's not so much that Google can't keep documents from prying eyes, it is that they are in the bussiness of selling ads, and one way they get people to look at the ads is to actively prying open documents to index and match to advertisers. For istance, Google mail works by matching ads to the content of the mail. Your privacy is not specifically violated, but googles still gets to index your information and match it ads. Also there is no guarantee that personal information or corporate secrets won't someday be revealed.

Likewise, the storage scheme will be the same thing. Google now gets to look at your entire life, and figure out how which of thier clients can help you with your lifestyle. Again, your privacy may no be specifically violated, at least in the near term, but it is still too much of a price for me to pay, when i can get the same thing without the risks for $10 a month.

Re:That's just what we need!

[iamlucky13]

Funny, but also a good point. However, I do have a fair number of relatively low security risk files that it would be handy to access anywhere without carrying them on a flash drive. Flash drives are useable almost everywhere, but not quite, and they can get lost, which makes them as much or more of a security risk as files on a fileserver. I actually save a bunch of miscellaneous bits of information as drafts on my gmail account for convenience, but it would be nice to do so as something other than plain text. I'm pretty sure I'm not alone.

One would also expect that a google online drive would be roughly as secure as their mail account (same username and password, potentially different avenues for hacking, however). Email security is pretty important, so if a person is willing to trust their personal communications to Google, why not a few files? Besides, it's probably a lot more secure than the average user's personal computer.

Re:Why give everything to google?

[TubeSteak]

Even if they do provide encryption, nothing is stopping a 3rd party from writing up their own encryption overlay.

Your encryption + their encryption = fuck the police

Re:Why give everything to google?

[garcia]

Why would I want to give all my very personal information to a potential advertiser? It makes me cringe all of the suckers out there that will store their private word, excel or other docs and have no idea how insecure it is.

Because most people see that getting something "free" in return for giving up their personal information is worth it. Hell, there have been countless "studies" that asked people for their personal identifiable information including mother's maiden name and birthdate with nothing more than a phone call.

Re:GMail is already online storage

[stunt_penguin]

So you think that a random Google employee has access to your inbox do you?

No-one at google reads your, mine or anyone else's email.

They're scanned for keywords by a machine and spat out into your browser. The same goes for your search results, too.

There's a big difference between someone reading your emails like some kind of wartime censor and a script running on a machine that adds contextual information. Do you object to Google adding BR tags to your email where it sees a carriage return tag (or whatever) in an incoming email. Are they 'reading' your mail then?

*walks off mumbling about paranoid americans*

Previous Solutions

[Midnight Thunder]

I have seen a number of companies in the past offer such services and then they either changed so you had to pay for their services or disappeared. Part of the problem was that, while many offered good solutions, they were often plagued by people using them for pr0n or other illigitmate content. This had the effect of using more bandwidth and storage which they could afford.

Another thing is that many of them were purely web based, and did not neccessarily offer anything like WebDAV to make it easier to transfer the files.

This is not to say that Google will go the same way, but that something will have to happen to avoid the same issues.

Re:Encryption

[drgonzo59]

Of course, to NSA/FBI/CIA your encrypted GDrive that holds tax documents and family photos will look like it holds al Qaeda training manuals. So when the CIA takes you to Egypt for some fun interrogation and put a knife to your neck, you'll happily give them your passphrase so they can see what's on your GDrive.

Remember, the idea of a honest executive branch that will got to a court to get a permission to spy on you, or that you will get a speedy trial, or even a lawyer is history. Through fear we have allowed the government to become what it is now, blame the neo-conservatives for that if you want. Watch the "Power Of Nightmares" movie [archive.org], I just saw it two days ago, quite enlightening, not totally objective but nevertheless it was worth my time (3 hours).

Re:Encryption

[gkhan1]

How the hell would they find those letters in an encrypted file? You realise that modern encryption is (practically, if not theoretically) unbreakable, right?

Re:Encryption

[krbvroc1]

I think he means they would apply a 'text' scanner to a 'binary' encrypted document and there are odds that those letters could be found in many binary document. Thereby you might still be 'flagged' coincidentally.

Re:That's just what we need!

[Phishcast]

Someone has to add the obligitory "They can't look at my encrypted files" comment. This is it. I'd be okay with storing data I cared about on a Google server, it's my option to encrypt it.

Re:Encryption

[Kadin2048]

That's not much of a commentary on Google, is it? I mean, if they're willing to take you to Egypt (or wherever) to perform some "rubber hose cryptanalysis," then there's nothing really stopping them from coming in and taking your computer, too. So having your data in encrypted form up on Google's servers really isn't increasing your exposure or risk any.

In fact, if Google encrypted everyone's files when they uploaded them on their GDrive, then it would probably limit your exposure, since then the encryption couldn't be an immediate red-flag. It's easy to single out people who are using encryption and get their passwords through some other means (keysniffing, etc.) when its only a few per thousand or million users, when it becomes universally used then it's much more difficult.

However as other people have pointed out I'm not sure that Google will offer any encryption, not because of government coercion but because it makes the data much harder to index (for advertising and searching purposes) and compress (you don't think that your 325 MB GMail box really takes up 325 MB on disk, do you?).

Re:Google's Plans

[Transdimentia]

Google's job won't be to create this, it already exists (http://www.openafs.org/ [openafs.org]). They will make it fast by meticulously mirroring 100,000,000TB of the worlds data to their innocuous looking cabinent/cellserver on your street corner, and your mom's streetcorner, and GW's streetcorner, etc... and pouring resources into integrating it better.

Re:GMail is already online storage

[Jugalator]

You mean, like no ISP or other webmail service can? No wait...

Re:It slipped out

[ROOK*CA]

Good points, I suspect it a bit different under the hood for single instance attachments in an email system versus single instance mass storage, since from an email standpoint you can always trace back an attachment to the original message (i.e. theres a paret-child relationship), and single instance normally doesn't work if say 2 senders send the same file in 2 original (i.e not forwards or replys) messages (in this case the attachment would be stored twice).

For a mass storage system to do this it seems to me it would have to somehow checksum every file and then compare that checksum to the checksum of every other file stored within the system to determine if it's already got a copy or not, seems to me with a very high volume of transactions this would be a very expensive operation to do versus just allocating enough storage space to store multiple instances. You also might run into problems with encrypted files, since the checksum of an encrypted file could very well match that of a totally different unencrypted file, and thus one or the other would get tossed out in error to keep a single instance on the system.

Re:That's just what we need!

[electroniceric]

My guess is that Google sees document storage as a beachhead for online word processing, etc. Convincing a business to adopt that kind of stuff will be very hard, because they have to change how their processes work. But if you're an indivudal logged into GMail, and you have a Word doc (or even better, a PDF) or some photos you want to edit and send back to someone, and a link saying "Edit this document" comes up, you might well want to do that. And because they're on Google's servers, it doesn't cannibalize their ad-based business model, and better still, it does cannibalize Microsoft's business model. Basically, by starting with documents, they can move piecemeal into application hosting without losing many options. Then if businesses are interested, they sell ad-free versions, hosted or non-hosted.

Re:Didn't we have this in 1997?

[General Wesc]

You're right, Google isn't coming up with an entirely new concept. All they're is doing is building a better mousetrap, and for some strange reason, the world is beating a path to their door. :-)

Re:Encryption

[Traa]

However as other people have pointed out I'm not sure that Google will offer any encryption, not because of government coercion but because it makes the data much harder to index (for advertising and searching purposes) and compress (you don't think that your 325 MB GMail box really takes up 325 MB on disk, do you?).

The solution is right there. Google should want to handle the encryption themselves rather then have the user upload encrypted data because it will allow them to first index your data, then compress it and then encrypt it.

Re:That's just what we need!

[veganboyjosh]

at about the point where you get free email, search, news, pics, video, storage space, etc, no?

Bandwidth is the real issue

[Drestin]

No one seems to have mentioned the problem with adaption of this is the restrictions on upload bandwidth. Even the highest speed home broadband service offer terrible upload speeds. I've got the best Comcast is beta-testing today (16M down/1M up) and it's WAY too slow to be keeping the 600 gigs of stuff on my HDs online. I regularly churn up to 20 gigs in a day. Even the Verizon FoIS is only 2M up at best.

When it takes X long to download that nifty video and then takes 16x as long to mirror it up to your GDrive and all the while your latency is shot to hell and even your Download speed is affected... not worth it. As others have noted: think XDrive or Yahoo Briefcase or other similar functions. Myself, I'm quite happy with the 2Gb SanDisk USB device I keep on my keychain...

AND, of course, there is that pesky privacy issue...

Re:Encryption

[drgonzo59]

In a sense you are saying this:
1) Upload to Google
2) Google indexes it
3) Google compresses it
4) Google encrypts it => Google has the key.

After this is done ask yourself, how is your data now more secure against the government looking at it and against other party looking at it, than if you skipped #4 and didn't encrypt. What happens next is this:

1) FBI/NSA/Whatever1984Agency asks Google for you info
2) Google decrypts it
3) Google hands it over it Uncle Sam
4) You have pictures there of you family at Disney World
5) By accident a large trashcan appears in one of the shots
6) Uncle Sam assumes you are scouting for places to hide a dirty bomb
7) You get arrested and detained for 5 months in some unknown prison

So how about the updated procedure to avoid the unpleasand Uncle Sam encounter:
1) Encrypt using a long passphrase that only you will know
2) Upload
3) End


This would work only if everyone would be doing it. Otherwise, as someone has mentioned above, if you are the only one of 10000 people who encrypts his stuff, you will look suspicious and they'll find a why to get the key from you to look what you got in there.