Google Plans Service to Store Users' Data Online

achillean wrote this morning with a link to the Wall Street Journal, announcing plans we've all seen coming for a while: an online data storage service from Google. Though the article doesn't come out and call the project 'gDrive' or anything like that, it does indicate the service could be available within the next few months. "Google's push underlines a shift in how businesses and consumers approach computing. They are increasingly using the Web to access applications and files stored in massive computer data centers operated by tech companies such as Salesforce.com Inc., Microsoft Corp. and Google. Such arrangements, made possible by high-speed Internet connections between homes, offices and data centers, aim to ease users' technology headaches and, in some cases, cut their costs."

Everything old is new again

[pryoplasm]

a strategy that could accelerate a shift to Web-based computing doesn't this sound just a little bit like a dumb terminal in terms of computing?

Upload

[niceone]

Once installed, you upload your files by right clicking on them and selecting "I'm feeling lucky".

This sounds fun

[DeeQ]

first thing I'm going to put up there is personal information to others. Any bets for how long till they are compromised?

Call Me Paranoid

[cybermage]

In an age of sealed warrants, if the government even bothers with that, why would anyone put their data out of their sight? When it comes to privacy, I cannot see how the benefits outweigh the risks.

Re:Call Me Paranoid

[TimeTraveler1884]

In an age of sealed warrants, if the government even bothers with that, why would anyone put their data out of their sight? When it comes to privacy, I cannot see how the benefits outweigh the risks.

Well see, there is thing called "encryption". If used properly, it can be quite effective in maintaining one's privacy. With Google's track record of protecting user's privacy, I would not be surprised if the service automatically encrypts the data during transit on the desktop and Google does not transmit the keys to their server.

I did not RTFA, so I think it will depend on if they plan to give this service away for free and data mine what you are storing. In any case, if they don't encrypt it, then you are free to encrypt the data yourself beforehand as a user.

Re:Call Me Paranoid

[cybermage]

Well see, there is thing called "encryption".

Okay, some wing-nutty paranoia now. Is there any form of encryption that you believe people like the NSA cannot crack? I suspect stories like "Skype encryption too tough for German police" are a ruse to encourage criminals to use the Skype which is likely easier to track, and certainly less portable, than prepaid cell phones.

Besides, if Google doesn't do the encryption, 99.99% of the data will not be encrypted. That should make the people with something to hide pretty easy to pick out.

Re:Call Me Paranoid

[Anonymous+Brave+Guy]

With Google's track record of protecting user's privacy, I would not be surprised if the service automatically encrypts the data during transit on the desktop and Google does not transmit the keys to their server.

I'm sorry, what track record would that be?

Google are quite possibly the world's leading authority on automated information gathering. After all, their ad-based business model fundamentally relies on being able to target those ads, and the continued success of their primary service, the search engine, depends on how effectively and comprehensively they can process the entire WWW.

As we have seen in the past, with everything from Google Street View to the leaks from a certain other popular search engine to Google Groups archives, vast databases like this will inevitably include information that people might have expected to remain private, and these services can make it accessible (deliberately or otherwise) to the entire world.

Google are a business like any other and, despite all the "do no evil" rhetoric, they will still do whatever they can get away with to make a profit for their shareholders, and they can still be compelled to disclose any information required by law (and laws can change).

Right now, it probably is no exaggeration to say that Google is the single greatest threat to privacy the world has ever seen.

Re:Call Me Paranoid

[fyngyrz]

The algorithm has been extensively critiqued and found to be strong.

...and if the NSA could crack AES-128, what would you expect to hear from them and any security-cleared academics involved? Let me lay it out for you bluntly. They'd say something along the lines of "The algorithm has been extensively critiqued and found to be strong."

Also, there's quite a difference between what Dr. Joe Honest, working on his stipend until 4pm each day with what he, his TA, and his mighty 3 GHz windows or linux machine can do, and an organization that has billions in budget normally, can get more anytime they ask, no difficult goals but breaking encryption and signal intercept, and which has made it a point to hire as many of the best minds in encryption as possible for, oh, say the last fifty years or so. And this in a world where quantum attacks are thought to be only a matter of sufficiently developed technology.

Personally, I think if you depend upon encryption, someone, somewhere, is quite likely to be archiving your data in the clear. Even if the decrypt mechanism "trick" involved was no more complicated than scooping your OTP off your computer without your knowledge. Which we all know cannot happen. (cough.)

If you want security from generic canvasing of your data, put it on a machine that has no network connection, and ensure that said machine has considerable physical security, right up to and including a Faraday cage. It won't stop anyone who physically comes after you, but your data will remain unscanned as long as you remain of no interest to the authorities. Past that point, you could wake up and find your Faraday cage missing, computer and all. :-)

And of course, nothing so quaint as that old-world concept of a "warrant" will impede them.

Re:Call Me Paranoid

[Sancho]

...and if the NSA could crack AES-128, what would you expect to hear from them and any security-cleared academics involved? Let me lay it out for you bluntly. They'd say something along the lines of "The algorithm has been extensively critiqued and found to be strong." Though since the algorithm is public anyone can examine it, including people who are NOT under NDA.

Also, there's quite a difference between what Dr. Joe Honest, working on his stipend until 4pm each day with what he, his TA, and his mighty 3 GHz windows or linux machine can do, and an organization that has billions in budget normally, can get more anytime they ask, no difficult goals but breaking encryption and signal intercept, and which has made it a point to hire as many of the best minds in encryption as possible for, oh, say the last fifty years or so. And this in a world where quantum attacks are thought to be only a matter of sufficiently developed technology. If we're talking about a brute-force, the math is pretty easy to figure out. You decide that you protect your data from X computing power, and you realize that if someone has X^2 computing power, they're going to get your data. Generally speaking, that's the best that you can do.

If we're talking about flaws in the algorithm that allow someone with a "secret key" to decrypt the data, then we're talking about a whole level of conspiracy and obfuscation. I don't put it past the government to do this, but at the same time, this is a harder thing to do when the algorithms are publicly available. You can bet that other governments with big budgets want to break AES, too. So if the NSA approved it for US government use, they probably believe it to be secure.

Others have pointed out non-computational attacks on cryptography, such as keyloggers or interrogation. I don't think that these are good arguments against the use of cryptography in general--realistically, they're good arguments against ever making hard copies of extremely sensitive data in the first place.

I don't particularly want my government to have a profile on me. It's not that I have anything to hide, it's just that I value privacy. If I store data online, and the government makes a deal with Google to let them profile everyone's data, encryption will allow me to limit the profile a bit. If they can break the encryption, then I'm still not in a terrible situation. But if they really wanted my data, they'd get it, through subpoena or interrogation or some other method, so realistically, I'm just protecting against sweeps and the corporation itself reading my data. As long as a person understands all of this, it's really no big deal.

Useless to me w/Rogers

[brunes69]

Unless Google can lobby Rogers to get rid of its arcane practice of capping usage at 60GB / month for it's standard high speed, me, and around 50% of people in Canada with high speed internet, can not make any real use of this service.

It is pretty sad that a company will give you a nice 6 Mbps link only to cap you at 60 GB, which you could exceed in only 1 day of saturating your link.

Re:Useless to me w/Rogers

[chrish]

Not to mention the standard North American practise of providing terrible up-stream speeds on cable and DSL lines. It'd take ages to upload 5GB (or whatever GMail's current limit is) of data.

I'm too impatient to back up 5GB of data over my 100Mbit LAN, I'm not doing it at "up to" 800kbits/sec.

Re:Useless to me w/Rogers

[krayfx]

i still find that reasonable than the joke of a broadband offered by BSNL/ India. We have a 2 Mbps link with a cap of 400MB datacap, and if you exceed the base limit - you are charged 25 cents an MB! and rack up 15-20 dollars suppose you download the ubuntu ISO. Of course, the package is very cheap at 6 dollars.

512 kbps unlimited bandwidth goes for 50 dollars and 256 kbps for abt $25. i know, kinda sucks, but its getting better all the time. a few years back, many villages that did not see any kind of connectivity are now plugged, 256/ 512 kbps - which is good. Metropolitans have Wimax with similar schemes (256/ 512, and similar pricing).

possibilities

[rgiskard01]

As a recent convert to google apps, this is very interesting. I have/still have all the concerns about my privacy, but the offering was too tempting to pass up. Of course I use the Firefox Customize Google add on, but also don't really put anything sensitive up there. If they build it right, it could be very nice. I've tried all the online backup apps, and outside of Mozy, don't really like any that much. But I'm now all Linux, so Mozy is no longer an option. Anything that competes with Microsoft is a good thing!

Amazon S3

[NickCatal]

I already do this a bit with Amazon's S3 storage system. It is really nice being able to store files anywhere and paying all of $0.03/month for it.

But hey, I'll take free any day.

On a somewhat related note: It would be great if Google bought the LexisNexus people. Having public access to their database would be a great public service.

Re:Amazon S3

[NickCatal]

rsync doesn't work with S3, but s3sync does

Re:Amazon S3

[Jon_S]

If you check the linux forums for Jungle Disk, there are lots of people having problems with the rsync over an S3 bucket mounted through WebDAV. The problem seems to be in the webdav implementation, but its a problem nonetheless.

But I hadn't found that s3sync before. That sounds like it would do the trick. Thanks Nick for the tip.

Now my only problem would be the lousy 256 kbps or whatever uplink I get with my Verizon DSL. I wouldn't mind the slow uplink but saturating the uplink also saturates the downlink (1.5 Mbps). I could never figure that out. Sure, go ahead and discourage P2P with slow uplinks, but why does that have to make the connection almost unusable to the rest of the family surfing the net or me listening to streaming radio? I actually don't do P2P, but do a lot of cartography and am always uploading large image and/or PDF files to webservers.

User-centric Encryption needed

[mwilliamson]

Google needs to incorporate encryption with keys totally held and managed by the end user in such a way that even if Google is subpoenaed or shown national security papers, Google would be technically unable to access end-user's data. Another words, at no time should Google have access to any of the user's cleartext nor the user's secret key. Decryption would all be client-side. A subpoena or national security letter would have to go directly to the end user who would then at least know they are being served.

Re:User-centric Encryption needed

[BlueParrot]

Technically they don't actually need to implement any form of encryption other than SSL for the transfer. There's already plenty of tools arround for users to encrypt their files, and truecrypt can even create an entire filesystem inside a single encrypted file. Thus all google really needs to do is to not prevent users from uploading files they have encrypted themselves. The client-side tools already exist, no need to reinvent the wheel.

Re:User-centric Encryption needed

[Zarhan]

Not gonna happen.

Their business is advertising.

So, they will be reading through your documents so they can put up some ads when you are browsing your files online. Putting your home finance excel sheet to gDrive? Be prepared to see TaxPlanner ads on the sidebar. Putting your holiday photos to gDrive for backup purposes? They'll probably go through the EXIF data and send you ads about latest Canon products (or whatever your camera model is).

Re:User-centric Encryption needed

[Anonymous+Brave+Guy]

Not gonna happen. Their business is advertising.

Sorry, I've posted in this thread already so I can't mod you up. But your post is right on the money. All these people talking about encryption are forgetting that storing the data in an independently encrypted way simply isn't in Google's interests. And if people start encrypting everything themselves, as any smart user of the service clearly would if they used it at all, then Google will either find ways to link those users to other services so they can guess which profitable ads to include, or they will simply cancel the service if it isn't making money and isn't leading to something else they do making money.

Re:User-centric Encryption needed

[jfuredy]

Sorry, I've posted in this thread already so I can't mod you up. But your post is right on the money. All these people talking about encryption are forgetting that storing the data in an independently encrypted way simply isn't in Google's interests. And if people start encrypting everything themselves, as any smart user of the service clearly would if they used it at all, then Google will either find ways to link those users to other services so they can guess which profitable ads to include, or they will simply cancel the service if it isn't making money and isn't leading to something else they do making money.

It may be true that Google wants to be able to read your data to serve ads, but the real question is, how many people would actually use it on all of their data? And will Google go out of their way to prevent encrypted data uploads for the small percentage of intelligent and vocal users who want encryption? My bet is that they don't provide encryption, but that they don't prevent it either.

Encryption method?

[BlueParrot]

What kind of encryption would you use for this?

The most secure would be to store a single large archive of all your files encrypted with a strong cipher, but that has the disadvantage that you have to download it all to decipher it.

Alternatively you could encrypt each file separately, which would speed up access considerably, but also leak more information about what you are storing (i.e many small files vs one big one ).

I guess if the data is sensitive enough to require the former type of encryption you shouldn't transmit it over insecure connections to begin with...

A very old idea

[Rob+T+Firefly]

This shouldn't be a surprise to anyone. It's Google, and it's one of the oldest ideas on the Internet which they haven't yet done; before the dot-com bubble burst there were at least half a dozen sites that claimed to provide an online "drive" of sorts - X-drive and E-drive are ones that come to mind, I think they advertised on the radio. Going further back, I remember using an online storage service on CompuServe in 1995 or so.

TrueCrypt support would be tasty!

[Jugalator]

Hmm, if Google's encryption plans are lacking, how about a mountable GDrive in TrueCrypt, popping up as a partition with the traditional encryption methods of TrueCrypt? :-D

:-------D

OK, so that was last part was really unnecessary, but still...!

Re:Filesystem over IMAP.

[i.r.id10t]

Already done - http://richard.jones.name/google-hacks/gmail-filesystem/gmail-filesystem.html

Name Suggestion

[HangingChad]

I suggest calling it gPorn, because you know that's what's going to be on there.

Re:android

[4D6963]

Any android device can be a 'dumb' terminal for your data.

Excuse the necessary pedantry, but do you realise that something cannot be a "dumb terminal for data", and that it's quite an insensible way to formulate it regardless of what the term "dumb terminal" actually means? Are you aware of the fact that "dumb terminals" involve remote processing, and not mere access to remote data? I just had to clarify this, as people keep talking about dumb terminals and thin clients as it actually has little to do with the topic at hand.

Re:Recomendation to dissidents

[StankDawg]

The RIAA wouldn't need to send the police for your computers since they can subpoena Google to get the evidence that they need. They do that for search queries now. Uploading your personal data gives law enforcement one stop shopping to your information. A "portal" to all of your personal information. How convenient...

Already Done it;s called Amazon S3

[bangzilla]

Amazon has been doing this for ages - very well I might add. What does Google bring to the party. Advertising? Big whoop. I like the privacy of my data. I don't want Google scanning my data as it scans my email. That's taking things just too far. What next? Google coming around to my house to check my desk draws.....?

Re:Already Done it;s called Amazon S3

[yoduh]

While I love S3, its not for the common person. If Google used an S3-style system as a good backbone and added a few very usable features it would be an improvement. I like the power of writing my own scripts and controlling what I send to S3, but I'd like to have more power to see what is in my buckets. I can do list command, but I'd like to know sizes and dates and to be able to query that information easily. Even just view it in a web control panel just to grab a small file from it.

AES security and crypto in general

[Beryllium+Sphere(tm)]

As the old saying goes, if you count on crypto to solve all your problems you don't understand crypto and you don't understand your problems.

The point that your data can and will be attacked while it's in plaintext is well taken. A networked machine running a web browser (the Sendmail of the 21st century) is a low security device, even with a good operating system. Google for "Scarfo", the mobster who was using PGP but also had an FBI keylogger on his computer.

As regards AES, though, we've got good reason to think it's resistant to cryptanalysis. The NSA is also in charge of protecting government secrets from foreign snoops and has approved AES for protecting classified data.

The low security of a workstation cuts both ways in an argument about gDrive: because your data is already at risk sitting on your hard drive, storing it encrypted on gDrive might not be any worse.

Security without threat modeling is like bricks without straw. What are we protecting data against? Loss, primarily. I trust Google's backups more than I trust mine (but I'd tell a client to look for a provider willing to sign an SLA). Unauthorized copying by crackers? AES should be an adequate control to cover that risk. Subpoenas? An attorney with two brain cells to rub together will subpoena the decryption keys, so no help from AES there. Vacuum-cleaner style mass government surveillance, looking for keywords like "Tibet" or "Falun Gong"? AES should prevent that. Government criminal investigation? You could (in the US) argue that surrendering the keys would be self-incrimination and end up paying a lawyer lots of money to argue the point for years. Expensive and undependable security, but then in a criminal investigation there's not much security difference between gDrive and your local machine anyway.

If you have security needs you should do an analysis like that last paragraph, only longer. For lots of people encrypted files on gDrive might be just fine.

Re:Recomendation to dissidents

[TheRaven64]

Do you really think Google has enough computing power to crack 128-bit AES? To crack a symmetric cypher, on average, you need to search half of the key space. That means you'd need to search 2^127 keys. My 2GHz Core 2 Duo can (according to openssl speed aes) do about 40,000 1024 byte blocks per second. In one year, it could do 1.3x10^12. If you had a compute cluster composed entirely of machines of this speed, it would need a shade under 1.3×10^26 machines to be able to crack a single AES-encrypted message in a year (on average).

To put this in perspective, Apple sold 1.6x10^6 computers in the first quarter of this year[1]. You would need to buy every single computer Apple made for 4x10^19 years. If we assume Apple sells approximately 5% of all computers, you would need to buy every computer made (assuming constant production) for 10^18 years.

To put that even more in perspective (10^18 is still a bit big for my brain), the age of the universe is estimated to be just under 1.4x10^10 years. If, for every year that the universe has been around so far, you bought as many computers as could have been made if production had begun at the current rate at the start of the universe and continued until now, then you would have slightly more CPU power than you need to crack 128-bit AES. Oh, and trying all of the possible keys is only half the problem; you also need to recognise when you've decrypted it.

Of course, if you're really paranoid, you can use 256-bit AES (the time to crack it doubles for every extra bit of key length).

[1] I tried to find numbers for Intel and Dell, but could only find revenue and profit numbers, not sales.