Jump to content

Recommended Posts

Posted

I understand (and am not surprised by) the paranoia out there (especially with TVM's), but with seven billion people out there the amount of data generated every day is huge and I am not worried about the NSA or whoever - mainly because I am a pretty boring and law abiding person.

I'm using cloud services and as well, I'm not too concerned which authorities might see the stuff I have there. If I put a bit more secret stuff to the cloud I encrypt it with my own keys.

The other side of the coin is. If I don't care what I put to the cloud, can I be trusted? If someone sends me his or her idea of new innovation or some other secrets, should they trust the people who are careless with the data?

What if the data is also accessible to the Chinese or Indian government agencies? Would that change the attitude what is been put to the cloud?

Then again the home and company computers are also vulnerable. There are plenty of viruses which might, while running on host computer, could search the files for the keywords and then send the files to whoever is collecting the data.

Posted

Automated Cloud Backup

iDrive is a good option - I got 150GB for about $30 per year - It syncs all my specified folders in the cloud every night for me - works great if you have a good unlimited broadband package like 3BB or True Online.

File Sharing & Cloud Backup

I use Dropbox to share with specific people or groups (One Drive is a clear attempt by MS to compete with Dropbox however even though I have Office 365 I am sticking with dropbox as I now have tonnes of bonus fee space from referrals)

Problem is that you need to put stuff in there manually.

Local Backup

Also, if you're looking for a local backup solution - Mac OS Time Machine has been around for a while - Also Windows 8 finally has an equivalent called File History which I use to sync my folders to my external hdd every 15 minutes

Posted

We want it atvthis stage for homeschool work backup only.....maybe photos later.....this is in addition to it all saved on laptops and ehd's.

Posted

Re this sharing or syncing stuff......if we have 3 laptops and a tablet operating.......the laptops are win 8, tablet samsung galaxy, if files on one laptop are saved to the cloud...I presume the other devices can access them no problem...but can you set it up so it can be auto saved to another laptop without having to do it manually...I want what he saves each day to be also saved on my devices....

Posted

Re this sharing or syncing stuff......if we have 3 laptops and a tablet operating.......the laptops are win 8, tablet samsung galaxy, if files on one laptop are saved to the cloud...I presume the other devices can access them no problem...but can you set it up so it can be auto saved to another laptop without having to do it manually...I want what he saves each day to be also saved on my devices....

YES, if all computers and devices are correctly installed with the necessary apps, and they are switched on for a significant amount of time that allowing upload and download synchronisation. then updating the files from one-to-many should be processed automatically.

if this is your prime concern, then you may do some homework on the cross-platform compatibility of the system and the apps.

Posted (edited)

So much useful information in this thread. I'm reminded of the parable of the pillow in which the gossip is advised by the sage to open a pillow and release the feathers into the wind...then told to go and try to gather them all up. It seems that in both cases: the "Cloud" and the pillow feathers, once it's out there, it's out there for good.

For me, not that big a deal. I'm old and my revolutionary, stone throwing days are well behind me but I would still hate to be presented with a detailed and precisely indexed book of my life laying out everything I had ever said or written.

I worry that young people are now laying the foundation for just that, leaving easily accessed digital trails that can come back and devastate both their personal and professional lives at some future point. Even now, prospective employers look closely at applicants social media history...there are more than a few stories of people who have lost some opportunity because of an earlier online indiscretion.

The casual convenience of the cloud, quietly and in the background syncing everything a person does on all their devices, all the time, makes it all seem very harmless. Most of us lead lives of little interest to the CIA, FBI and NSA...though maybe a little more so to the IRS. Those aren't the potential snoopers I'm concerned about; rather it's the people who may want to undermine your life in some way...a competitive colleague at work, a pissed-off former relationship or somebody trying to get at your money; anybody who knows how to access data about you...and you can believe that the more the cloud grows, the greater the number and quality of tools available to access other peoples data will grow as well.

The "Cloud" has the potential to be the greatest Trojan Horse of all time. If you are a younger person, I suggest you think about what you are doing and keep some control...don't auto-sync your entire life.

Edited by dddave
  • Like 1
Posted

If there are concerns with long term costs and privacy, then you should consider purchasing your own personal cloud storage device. I use a Western Digital wireless network device with 6TB of storage. This device allows remote log-in and you can open stored files and watch movies from your hotel room, for example. Here is a link to the device: http://www.wdc.com/en/products/personalcloud/consumer/

I also have an Apple Time Capsule/Air Port/Time Machine device. It allows you to maintain continuous backup and storage of 3TB of data wirelessly. You can find them for sale around 5,000 - 10,000 Baht.

Posted

If there are concerns with long term costs and privacy, then you should consider purchasing your own personal cloud storage device. I use a Western Digital wireless network device with 6TB of storage. This device allows remote log-in and you can open stored files and watch movies from your hotel room, for example. Here is a link to the device: http://www.wdc.com/en/products/personalcloud/consumer/

I also have an Apple Time Capsule/Air Port/Time Machine device. It allows you to maintain continuous backup and storage of 3TB of data wirelessly. You can find them for sale around 5,000 - 10,000 Baht.

how much does that cost...overkill for us, but just wondering

Posted

If you only have 1 device, then the cloud is not that useful.

If you have a desktop pc, laptop, tablet, mobile phone etc. And want to be able to access your data on all, you either need to carry around a USB drive with everything in it, or use the cloud.

If your files are super top secret, then the physical security of USB is probably the go. But, I prefer the convenience of being able to access the files from any device.

If hackers want to look at my reports and spreadsheets, I think they'll fund them pretty boring. Most of it gets emailed around to different people anyway, which is a lot less secure.

I would agree with this. For me I can pull up stuff on my galaxy note wherever I am (hospital, office, etc) and it has saved a lot of time.

I understand (and am not surprised by) the paranoia out there (especially with TVM's), but with seven billion people out there the amount of data generated every day is huge and I am not worried about the NSA or whoever - mainly because I am a pretty boring and law abiding person.

On a side note, I found it very interesting to see that when the NSA went to build their internal cloud service, they did not tap big blue IBM, but went with amazon instead. Maybe I'm just getting old and the younger guys could see this coming, but I sure was taken back (especially since I'd been holding some IBM stock)

http://techcrunch.com/2013/10/07/amazon-web-services-wins-again-in-battle-to-build-the-cia-and-nsa-cloud/

Read this article about Skype after Microsoft bought it, they gave full acess to NSA, CIA, FBI etc. and some rumour says to KGB also all these services like Facebook,Skype, Cloud systems etc. They acting like whores who pay the most getting the service. This having nothing to do with paranoia unfortunately is this reality. This is in general not a new phaenomen. Long before internet existed CIA made industiaal spionage

Posted

If you only have 1 device, then the cloud is not that useful.

If you have a desktop pc, laptop, tablet, mobile phone etc. And want to be able to access your data on all, you either need to carry around a USB drive with everything in it, or use the cloud.

If your files are super top secret, then the physical security of USB is probably the go. But, I prefer the convenience of being able to access the files from any device.

If hackers want to look at my reports and spreadsheets, I think they'll fund them pretty boring. Most of it gets emailed around to different people anyway, which is a lot less secure.

I would agree with this. For me I can pull up stuff on my galaxy note wherever I am (hospital, office, etc) and it has saved a lot of time.

I understand (and am not surprised by) the paranoia out there (especially with TVM's), but with seven billion people out there the amount of data generated every day is huge and I am not worried about the NSA or whoever - mainly because I am a pretty boring and law abiding person.

On a side note, I found it very interesting to see that when the NSA went to build their internal cloud service, they did not tap big blue IBM, but went with amazon instead. Maybe I'm just getting old and the younger guys could see this coming, but I sure was taken back (especially since I'd been holding some IBM stock)

http://techcrunch.com/2013/10/07/amazon-web-services-wins-again-in-battle-to-build-the-cia-and-nsa-cloud/

Read this article about Skype after Microsoft bought it, they gave full acess to NSA, CIA, FBI etc. and some rumour says to KGB also all these services like Facebook,Skype, Cloud systems etc. They acting like whores who pay the most getting the service. This having nothing to do with paranoia unfortunately is this reality. This is in general not a new phaenomen. Long before internet existed CIA made industiaal spionage

My reference to paranoia is not in the sense of questioning whether or not the technology exists - of course it does and as someone else mentioned they can even plant virus or access home devices if they desire. I referring to the paranoia that makes one think they would be a person of interest to the likes of these agencies. I know I'm not.

Another poster did point out a more realistic concern by way of cyber bullies or vendictive acquaintances. This I would agree with especially since most crimes against you are committed by people you know or their friends.

Posted

I have used DROPBOX for about a couple of years now - during this time it hasn't skipped a beat, and works seamlessly across all the business PC/MAC platforms and SAMSUNG/IPHONE smart phones we use.

Install and integration was smooth and easy across all platforms.

I used the free version originally for personal cloud storage, and to check the system out - my storage was quickly increased to 80Gbyte(free) through friends, colleagues and students referral whenever I shared files with them (you get another 1 Gbyte free for each person you introduce.)

Recently I upgraded it to a 'paid-for' 100 Gbyte account, which DROPBOX upgraded again free of charge to over 1,000Gbyte/1Tbyte of file storage with and additional file 'Pro' handling/sharing utilities for the cost of 3 Heinekens on 'Walking-Street' a month.

We now use this for business backup of our entire paperwork and technical data systems. Encryption, storage type and size have no limitations within your account size. We also have our business web site backed up to the same cloud account via a WORDPRESS add-on called WP2D

Info and pricing at www.dropbox.com

'Not bad at all and does everything we want to do' smile.png

Never ever use DROPBOX as a company... Period. Do not use it private if you have anything you do not want to share with the world.

Not long time ago a research team got all their researched data published by another research team in another country, and the only way they could have got it was through DropBox. They knew it was their data because if you redo the research the data can never be exact the same.

As a Company located in Thailand you should use services like CAT IRIS cloud instead.

Posted

to my post above:

All over the world mainly in Europe and gave it to companies who was involved into government orders.

If the european companies came to issue their invention in USA, then small things was changed and the big US company claimed it as their patent.

The most of the small companies had not the money to fight against in any US court.

http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data

http://www.ciachef.edu/skype-cia/

http://www.godlikeproductions.com/forum1/message425699/pg1

http://www.gamespot.com/forums/games-discussion-1000000/microsoft-secretly-gave-the-nsa-cia-fbi-access-to--29420064/

http://www.cia-news.com/tag/skype/

http://www.storyleak.com/how-microsoft-helped-nsa-cia-fbi-spy-on-you/

This have nothing to do with paranoia, this is unfortunately reality.

I have nothing to hide a all, but I don't like that anybody having access to my private things.

Who still continue to use cloud systems have to live with the ramifications. "Som nam na"

Cape diem. wai2.gif

Posted

So much useful information in this thread. I'm reminded of the parable of the pillow in which the gossip is advised by the sage to open a pillow and release the feathers into the wind...then told to go and try to gather them all up. It seems that in both cases: the "Cloud" and the pillow feathers, once it's out there, it's out there for good.

For me, not that big a deal. I'm old and my revolutionary, stone throwing days are well behind me but I would still hate to be presented with a detailed and precisely indexed book of my life laying out everything I had ever said or written.

I worry that young people are now laying the foundation for just that, leaving easily accessed digital trails that can come back and devastate both their personal and professional lives at some future point. Even now, prospective employers look closely at applicants social media history...there are more than a few stories of people who have lost some opportunity because of an earlier online indiscretion.

The casual convenience of the cloud, quietly and in the background syncing everything a person does on all their devices, all the time, makes it all seem very harmless. Most of us lead lives of little interest to the CIA, FBI and NSA...though maybe a little more so to the IRS. Those aren't the potential snoopers I'm concerned about; rather it's the people who may want to undermine your life in some way...a competitive colleague at work, a pissed-off former relationship or somebody trying to get at your money; anybody who knows how to access data about you...and you can believe that the more the cloud grows, the greater the number and quality of tools available to access other peoples data will grow as well.

The "Cloud" has the potential to be the greatest Trojan Horse of all time. If you are a younger person, I suggest you think about what you are doing and keep some control...don't auto-sync your entire life.

I like your post and agree 100% to many ppl publish private things without to using their brain first.

Posted (edited)

To those who think encryption is a method to safely secure your data on a cloud:

IMHO: You couldn't be more wrong. It is simple logic to deduce that any agency that decides to look at everyone's data will be attracted to those who feel the need to make their data more secure. Therefore the tighter the encryption the MORE likely you and your data will be looked at.

FYI: I encrypt nothing. I zip nothing. So a cursory or 'quick' scan to see what I am trying to hide finds nothing.

Not that I have anything to hide but... I have download a bunch of porn from various sites. Far more than I could ever look at. And we all know that stuff is often mislabeled. I have downloaded mainstream movies, like Superman 3, and found it to be porn (and, occasionally the reverse). I am a heterosexual male and, from time to time, have found homosexual gay porn in the stuff I have downloaded - as well as child pornography - neither of which I wanted. When I find unwanted clips I delete them but I have tens, if not hundreds, of thousands of porn clips that I have not seen. I would not be surprised if some of those clips where illegal. So... I certainly would never park them on a cloud!

I would like to point out that I went to the University of Waterloo (Ontario, Canada) in the 80's studying computer science and spent my life as a computer consultant. The last decade of which was spend as a Data Consultant specializing in data security (including being the Data Administrator for the Credit Reference Association of Australia).

It is my learned opinion that there is NO SUCH THING as data security when someone is willing to spend whatever time and money is required to hack or crack your system. Data security comes from securing your data in such a way that it is cost-prohibitive for anyone to hack or crack your system! (also constant vigilance and as much track-ability as possible for all data access)

Since the NSA has unlimited resources I would suggest that the more trouble you go to to hide something the more trouble they will go to to find out what you are trying to hide AND the more likely it is for them to prosecute even the smallest infractions!

So... the best solution is to keep anything sensitive, like your revolutionary manifesto, the book you are writing about espionage or your porn collection, stored offline. Put that stuff on an external hard drive and only plug it in when you need it. And for the most security you can reasonably obtain: turn off your internet while it is connected (physically unplug your modem, router or hub).

Lastly, for those who think they have nothing to hide: People are harassed and even imprisoned for being 'suspected' terrorists. Anyone belonging to any group is considered guilty by association. Human rights groups, religious groups, etc. are all on the NSA's list of terrorist groups, which include Christians, Jews, Muslims, all 'service' clubs (like Lions, Kiwanis, Rotary... even the Loyal Order of the Water Buffalo!)... so if you think 'they' have NO reason to look at YOU then you should rethink that conclusion.

Edited by RecklessRon
  • Like 1
Posted

To those who think encryption is a method to safely secure your data on a cloud:

IMHO: You couldn't be more wrong. It is simple logic to deduce that any agency that decides to look at everyone's data will be attracted to those who feel the need to make their data more secure. Therefore the tighter the encryption the MORE likely you and your data will be looked at.

FYI: I encrypt nothing. I zip nothing. So a cursory or 'quick' scan to see what I am trying to hide finds nothing.

Not that I have anything to hide but... I have download a bunch of porn from various sites. Far more than I could ever look at. And we all know that stuff is often mislabeled. I have downloaded mainstream movies, like Superman 3, and found it to be porn (and, occasionally the reverse). I am a heterosexual male and, from time to time, have found homosexual gay porn in the stuff I have downloaded - as well as child pornography - neither of which I wanted. When I find unwanted clips I delete them but I have tens, if not hundreds, of thousands of porn clips that I have not seen. I would not be surprised if some of those clips where illegal. So... I certainly would never park them on a cloud!

I would like to point out that I went to the University of Waterloo (Ontario, Canada) in the 80's studying computer science and spent my life as a computer consultant. The last decade of which was spend as a Data Consultant specializing in data security (including being the Data Administrator for the Credit Reference Association of Australia).

It is my learned opinion that there is NO SUCH THING as data security when someone is willing to spend whatever time and money is required to hack or crack your system. Data security comes from securing your data in such a way that it is cost-prohibitive for anyone to hack or crack your system! (also constant vigilance and as much track-ability as possible for all data access)

Since the NSA has unlimited resources I would suggest that the more trouble you go to to hide something the more trouble they will go to to find out what you are trying to hide AND the more likely it is for them to prosecute even the smallest infractions!

So... the best solution is to keep anything sensitive, like your revolutionary manifesto, the book you are writing about espionage or your porn collection, stored offline. Put that stuff on an external hard drive and only plug it in when you need it. And for the most security you can reasonably obtain: turn off your internet while it is connected (physically unplug your modem, router or hub).

Lastly, for those who think they have nothing to hide: People are harassed and even imprisoned for being 'suspected' terrorists. Anyone belonging to any group is considered guilty by association. Human rights groups, religious groups, etc. are all on the NSA's list of terrorist groups, which include Christians, Jews, Muslims, all 'service' clubs (like Lions, Kiwanis, Rotary... even the Loyal Order of the Water Buffalo!)... so if you think 'they' have NO reason to look at YOU then you should rethink that conclusion.

Lets not forget about the ThaiVisa members list. I'm sure that puts all of us square in the crosshairs of the NSA, CIA, KGB etc... thumbsup.gif

Posted

I understand (and am not surprised by) the paranoia out there (especially with TVM's), but with seven billion people out there the amount of data generated every day is huge and I am not worried about the NSA or whoever - mainly because I am a pretty boring and law abiding person.

Having a massive amount of data, and examining it to extract 'useful' info, is the sort of thing an info-science grad student would do for their thesis, and you can be sure there is commercial research being done as well.

You don't have to do anything, all it takes is one a-hole to take an interest in you. Maybe the ex-wife's new husband perceives you as a looming threat and starts making phone calls to the authorities telling of heinous activities that you commit in Thailand, etc. In these times of heightened paranoia you never can tell how far they may take it.

It's sort of like being arrested: anything out there can be used against you, no matter how benign it really is. Eg, someone finds a pic of you holding your kid and reposts it with some text implying it is not your child and you do unspeakable things with it.

There was something a few weeks ago where a woman posted pics of her kids on Facebook, then some other woman copied the pics and posted them on her page, claiming they were really her kids and she was going to get them back -- it was revealed that this was not the first time she (the 2nd woman) had done this, the article I read even had a name for this sort of thing, that's how often it happens.

Posted

To those who think encryption is a method to safely secure your data on a cloud:

IMHO: You couldn't be more wrong. It is simple logic to deduce that any agency that decides to look at everyone's data will be attracted to those who feel the need to make their data more secure. Therefore the tighter the encryption the MORE likely you and your data will be looked at.

FYI: I encrypt nothing. I zip nothing. So a cursory or 'quick' scan to see what I am trying to hide finds nothing.

Not that I have anything to hide but... I have download a bunch of porn from various sites. Far more than I could ever look at. And we all know that stuff is often mislabeled. I have downloaded mainstream movies, like Superman 3, and found it to be porn (and, occasionally the reverse). I am a heterosexual male and, from time to time, have found homosexual gay porn in the stuff I have downloaded - as well as child pornography - neither of which I wanted. When I find unwanted clips I delete them but I have tens, if not hundreds, of thousands of porn clips that I have not seen. I would not be surprised if some of those clips where illegal. So... I certainly would never park them on a cloud!

I would like to point out that I went to the University of Waterloo (Ontario, Canada) in the 80's studying computer science and spent my life as a computer consultant. The last decade of which was spend as a Data Consultant specializing in data security (including being the Data Administrator for the Credit Reference Association of Australia).

It is my learned opinion that there is NO SUCH THING as data security when someone is willing to spend whatever time and money is required to hack or crack your system. Data security comes from securing your data in such a way that it is cost-prohibitive for anyone to hack or crack your system! (also constant vigilance and as much track-ability as possible for all data access)

Since the NSA has unlimited resources I would suggest that the more trouble you go to to hide something the more trouble they will go to to find out what you are trying to hide AND the more likely it is for them to prosecute even the smallest infractions!

So... the best solution is to keep anything sensitive, like your revolutionary manifesto, the book you are writing about espionage or your porn collection, stored offline. Put that stuff on an external hard drive and only plug it in when you need it. And for the most security you can reasonably obtain: turn off your internet while it is connected (physically unplug your modem, router or hub).

Lastly, for those who think they have nothing to hide: People are harassed and even imprisoned for being 'suspected' terrorists. Anyone belonging to any group is considered guilty by association. Human rights groups, religious groups, etc. are all on the NSA's list of terrorist groups, which include Christians, Jews, Muslims, all 'service' clubs (like Lions, Kiwanis, Rotary... even the Loyal Order of the Water Buffalo!)... so if you think 'they' have NO reason to look at YOU then you should rethink that conclusion.

Encryption is indeed one way to securely store data in the cloud. If you don't have anything to hide, why don't you make copies of your passport, driver's license, credit cards, etc, and upload them here? If you're storing sensitive things like that in the cloud and not taking appropriate steps to protect it then you're doing it wrong. Protect yourself, it's the responsible thing to do and the government doesn't think you're a criminal (or worse) for doing so. In fact, the less identity theft, forgeries, etc, the better.

Why do you think that encrypting your data automatically makes you more susceptible to surveillance by a government agency? Do you think the cops find it suspicious that you have top of the line locks on your doors and lock them at night? By the very same logic one could argue that if you lock your doors at night you must have something to hide. So please explain this "simple logic" to me if you don't mind.

Do you have any idea how expensive it is (time and money) to break strong encryption? Any agency that becomes interested in your data will attempt other means to investigate you before attempting to crack your encryption. It's not like you can throw money and resources at everything and have it done faster -- if that was the case then nine women could have a baby in a month. So you want encryption that both costs too much and takes too long to crack.

I suggest you worry less about your elected government spying on you and focus more on protecting yourself from professional criminals and possibly foreign adversaries depending on what you do. Actually, the first person you should protect yourself from is you yourself. It's mind-boggling that a person that claims to have a background in data security indiscriminately downloads highly illegal content from dubious sources and stores them without further inspection. Also, depending on the technical aspect of how you download this stuff (e.g. torrents) you may actually be inadvertently supporting the distribution of this despicable content. As for your conspiracy theories, please be careful wearing such a big tinfoil hat in the sun -- it may fry your brain.

  • Like 1
Posted (edited)

It is very hard to sift through ALL the data EVERYONE has.

It is very easy to scan through all that data looking only for encrypted and zip files.

That gives them a small subset of people to look deeper into.

And the more impressive the 'lock' the more 'thieves' are likely to want to break in!

BTW: It is not MY elected government!

AND: It is child's play for the NSA to crack your encryption unless you are using your own custom software to do the encryption, which can be illegal in many cases especially if the data travels across national borders.

Edited by RecklessRon
Posted

It is very hard to sift through ALL the data EVERYONE has.

It is very easy to scan through all that data looking only for encrypted and zip files.

That gives them a small subset of people to look deeper into.

And the more impressive the 'lock' the more 'thieves' are likely to want to break in!

BTW: It is not MY elected government!

AND: It is child's play for the NSA to crack your encryption unless you are using your own custom software to do the encryption, which can be illegal in many cases especially if the data travels across national borders.

I don't know what you mean by "sift through", but if you mean searching for strings, patterns, etc, then that's algorithmically cheap and easy to parallelize. Encoded data (e.g. pictures, audio, videos, etc) is harder, but if you know what you're looking (e.g. meta-data, signatures, patterns) for then it's a lot cheaper. Meta-data is easier since it's usually structured. I guess you meant all the data that the attacker "has on you", not necessarily what the target itself has access to.

Basing targeting on the detection of encrypted data would yield too many false positives to be reliable and thus you incur a very high resource and opportunity cost. Also, where do you draw the line? One encrypted file or many? In addition the target could employ techniques like steganography to avoid attention and the dragnet. So all in all, it's too unreliable of a strategy to be effective in terms of cost/benefit.

Your assertion that better locks attract more thieves is the same as saying that alarms attract thieves. It's simply false -- they're deterrents. Better locks and alarms increase the effort and risk to a thief, and thus the relative cost/risk/benefit of selecting a less protected target is often a better proposition. If you're being targeted it's for other reasons. It's the same with computer attacks. To hammer the point home: a modern luxury sedan (e.g. BMW, Audi, Mercedes) is well protected (e.g. alarm, remote ignition blocking, tracking devices, etc), yet you have vintage cars worth many times that but with none of the protection mechanisms. Which one do you think would be a more interesting target in terms of effort/risk/value -- highly protected, medium value car or unprotected very high value car?

What's your government? Don't be surprised to learn that all governments spy and/or surveil. If they didn't they wouldn't be doing their job. Do some go way overboard and abuse their power? Yes, absolutely, without a doubt.

Cracking encryption is still subject to the laws of physics, the current state of the art in computer science, mathematics, cryptography, and everything else that relates to this kind of activity -- no matter who you are. Sure, if you have all the computing power in the world you might be able to knock a couple of thousand years off the time it takes to crack something. Big deal. And you're wrong about custom encryption -- it's actually a very bad idea to attempt to create your own "custom" encryption. The most secure alternatives are the ones that have been developed in public under full disclosure, e.g. peer review, public algorithms, etc, and which have stood the test of time.

Posted

I understand (and am not surprised by) the paranoia out there (especially with TVM's), but with seven billion people out there the amount of data generated every day is huge and I am not worried about the NSA or whoever - mainly because I am a pretty boring and law abiding person.

Having a massive amount of data, and examining it to extract 'useful' info, is the sort of thing an info-science grad student would do for their thesis, and you can be sure there is commercial research being done as well.

You don't have to do anything, all it takes is one a-hole to take an interest in you. Maybe the ex-wife's new husband perceives you as a looming threat and starts making phone calls to the authorities telling of heinous activities that you commit in Thailand, etc. In these times of heightened paranoia you never can tell how far they may take it.

It's sort of like being arrested: anything out there can be used against you, no matter how benign it really is. Eg, someone finds a pic of you holding your kid and reposts it with some text implying it is not your child and you do unspeakable things with it.

There was something a few weeks ago where a woman posted pics of her kids on Facebook, then some other woman copied the pics and posted them on her page, claiming they were really her kids and she was going to get them back -- it was revealed that this was not the first time she (the 2nd woman) had done this, the article I read even had a name for this sort of thing, that's how often it happens.

I've agreed that your close network (friends; exes, coworkers) are legitimate risks. However if you are not a business owner or Eric Snowden type just a regular Joe Blow; then it is highly unlikely that the big agencies will ever be interested in you. If they are well there is very very little you can do to stop them if anything at all. They will already have access to all of your bank, online activities, medical etc. So why would I be worried about these agencies when I realistically can't do anything to stop them.

It certainly didn't slow the NSA from getting to Merkel's records.

  • Like 1
Posted

IMHO: It is irresponsible to advice anyone to encrypt data placed on a cloud to make it more secure. DO NOT place sensitive data on the cloud in any way, shape or form. You are exponentially increasing the likelihood of it being hacked. And I do not agree that it is more secure encrypted on a cloud than not encrypted on a cloud. Non-hackers won't be able to get to your cloud and hackers will be targeting encrypted files.

  • Like 1
Posted (edited)

IMHO: It is irresponsible to advice anyone to encrypt data placed on a cloud to make it more secure. DO NOT place sensitive data on the cloud in any way, shape or form. You are exponentially increasing the likelihood of it being hacked. And I do not agree that it is more secure encrypted on a cloud than not encrypted on a cloud. Non-hackers won't be able to get to your cloud and hackers will be targeting encrypted files.

I'm not sure if you're obligated by your username to write nonsense like this or if it's an attempt at sarcasm, but let me try to take you seriously anyway.

Data that is encrypted is by definition more secure as it is encrypted and unreadable for anyone not having the decryption keys or who are through other means able to crack the encryption. The question is not whether encrypted data is more secure, but how much more secure. If you're using proper encryption then your data is secure for all practical intents and purposes. If your feared enemy is something like a foreign state (e.g. for reasons of industrial espionage, human rights violations, etc) with significant resources at its disposal, you may need to reevaluate and possibly strengthen your protection.

If I encrypt a piece of data (e.g. a document, a message, whatever) properly, I can give that encrypted data to anyone. It's safe because the encrypted data is meaningless and useless without being able to decrypt it through normal means (i.e. having the keys) or through unintended means (e.g. brute force, social engineering, threats, violence, etc).

In addition, if I take my encrypted file and place it on Dropbox or Google Drive or any other cloud provider, a user would have to authenticate before being able to access the raw file. At the very least they'd have to enter a username and password, but two-factor authentication (e.g. username/password plus a one-time code, commonly used in online banking) is much better. A hacker would have to bypass this before getting access to the encrypted file, which again is useless.

Also, it's not like the content of your Dropbox or Drive is published to the world. There's no way for a "hacker" to go look for people who have encrypted files on their storage and thus "hackers" can't target you based on knowledge of you having encrypted files. You're more likely to get compromised through normal activities on your computer (e.g. browsing, zero day exploits, visitors, keyloggers, etc).

<removed insult>

Edited by Tywais
Removed insult
Posted

Lets not forget about the ThaiVisa members list. I'm sure that puts all of us square in the crosshairs of the NSA, CIA, KGB etc... thumbsup.gif

More likely the AARP...

  • Like 2
Posted

Generally, folks who specialize in backup strategies advise that to be secure, ideally, you want to have THREE copies of anything important to you.

1. the original copy

2. a back up copy on-site

3. a back up copy stored physically off-site or in the cloud.

Disk drives fail. Homes get broken into and have floods, fires, etc. Cloud storage sites get hacked and/or may go out of business.

IMHO, if you're only keeping multiple copies of something at your home or work only, you're data is not safe and secure. Because anything stored only in one place is subject to loss through various means.

Also these days, the data that takes up the largest amount of space for the average user is likely music and video files. I store copies of my music and video files in various cloud services, but those aren't my only backup copies of those. Even though I don't share any of those files (they're accessible only to me), I've never quite gotten to trust the big cloud services when it comes to music and video content, given the history of copyright issues, especially in the U.S.

  • Like 1
Posted

Also these days, the data that takes up the largest amount of space for the average user is likely music and video files. I store copies of my music and video files in various cloud services, but those aren't my only backup copies of those. Even though I don't share any of those files (they're accessible only to me), I've never quite gotten to trust the big cloud services when it comes to music and video content, given the history of copyright issues, especially in the U.S.

If you encrypt what you want to store prior to transmitting it you don't have to trust anyone but yourself. You can do this using software from a vendor you trust (e.g. Backblaze -- see below) or rolling your own by combining open source encryption, compression and file transfer tools and a cloud service like Dropbox or Google Drive. Depending on the size of your data this can even be free.

Backblaze has solved the problem of easily and securely backing up to the cloud. See https://www.backblaze.com/backup-encryption.html for more information, but here's an excerpt from that page regarding protecting your private key using a passphrase: "This passphrase is your responsibility to remember and safeguard. This is important: if you forget or lose this passphrase there is no way that anyone, including Backblaze, can decrypt, and thus restore, your data." To be clear, the private key is stored securely in the datacenter for ease of use, but if you're uncomfortable with this you can encrypt the key with a passphrase that is not stored. Personally I would use the passphrase since a provider could be legally forced to comply with an order from a third party. Again, if you don't trust anyone at all, encrypt everything yourself and just transfer it securely, keeping all keys and passphrases safe by whatever means you're comfortable with.

In terms of infrastructure we're talking about redundant storage mirrored across geographically dispersed datacenters. It's a very good solution for both sensitive and critical data.

Posted

I never took to this cloud concept. My attitude has been that once you put something out there it is out of your hands, no way to control where it is going to end up. But finding out that the cloud provider is reviewing and censoring the files, well, that is above and beyond acceptability.

bah.gif

So don't accept the user agreement. :)

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...