Slashdot Mirror
Google Plans Service to Store Users' Data Online
achillean wrote this morning with a link to the Wall Street Journal, announcing plans we've all seen coming for a while: an online data storage service from Google. Though the article doesn't come out and call the project 'gDrive' or anything like that, it does indicate the service could be available within the next few months. "Google's push underlines a shift in how businesses and consumers approach computing. They are increasingly using the Web to access applications and files stored in massive computer data centers operated by tech companies such as Salesforce.com Inc., Microsoft Corp. and Google. Such arrangements, made possible by high-speed Internet connections between homes, offices and data centers, aim to ease users' technology headaches and, in some cases, cut their costs."
Once installed, you upload your files by right clicking on them and selecting "I'm feeling lucky".
ccalam - acoustic versions of new songs.
first thing I'm going to put up there is personal information to others. Any bets for how long till they are compromised?
In an age of sealed warrants, if the government even bothers with that, why would anyone put their data out of their sight? When it comes to privacy, I cannot see how the benefits outweigh the risks.
Some people have a way with words, and some people, um, thingy.
Unless Google can lobby Rogers to get rid of its arcane practice of capping usage at 60GB / month for it's standard high speed, me, and around 50% of people in Canada with high speed internet, can not make any real use of this service.
It is pretty sad that a company will give you a nice 6 Mbps link only to cap you at 60 GB, which you could exceed in only 1 day of saturating your link.
I already do this a bit with Amazon's S3 storage system. It is really nice being able to store files anywhere and paying all of $0.03/month for it.
But hey, I'll take free any day.
On a somewhat related note: It would be great if Google bought the LexisNexus people. Having public access to their database would be a great public service.
-nick
Google needs to incorporate encryption with keys totally held and managed by the end user in such a way that even if Google is subpoenaed or shown national security papers, Google would be technically unable to access end-user's data. Another words, at no time should Google have access to any of the user's cleartext nor the user's secret key. Decryption would all be client-side. A subpoena or national security letter would have to go directly to the end user who would then at least know they are being served.
I suggest calling it gPorn, because you know that's what's going to be on there.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Any android device can be a 'dumb' terminal for your data.
Excuse the necessary pedantry, but do you realise that something cannot be a "dumb terminal for data", and that it's quite an insensible way to formulate it regardless of what the term "dumb terminal" actually means? Are you aware of the fact that "dumb terminals" involve remote processing, and not mere access to remote data? I just had to clarify this, as people keep talking about dumb terminals and thin clients as it actually has little to do with the topic at hand.
You just got troll'd!
The RIAA wouldn't need to send the police for your computers since they can subpoena Google to get the evidence that they need. They do that for search queries now. Uploading your personal data gives law enforcement one stop shopping to your information. A "portal" to all of your personal information. How convenient...
--- The revolution will be digitized! - http://www.binrev.com/ ---
As the old saying goes, if you count on crypto to solve all your problems you don't understand crypto and you don't understand your problems.
The point that your data can and will be attacked while it's in plaintext is well taken. A networked machine running a web browser (the Sendmail of the 21st century) is a low security device, even with a good operating system. Google for "Scarfo", the mobster who was using PGP but also had an FBI keylogger on his computer.
As regards AES, though, we've got good reason to think it's resistant to cryptanalysis. The NSA is also in charge of protecting government secrets from foreign snoops and has approved AES for protecting classified data.
The low security of a workstation cuts both ways in an argument about gDrive: because your data is already at risk sitting on your hard drive, storing it encrypted on gDrive might not be any worse.
Security without threat modeling is like bricks without straw. What are we protecting data against? Loss, primarily. I trust Google's backups more than I trust mine (but I'd tell a client to look for a provider willing to sign an SLA). Unauthorized copying by crackers? AES should be an adequate control to cover that risk. Subpoenas? An attorney with two brain cells to rub together will subpoena the decryption keys, so no help from AES there. Vacuum-cleaner style mass government surveillance, looking for keywords like "Tibet" or "Falun Gong"? AES should prevent that. Government criminal investigation? You could (in the US) argue that surrendering the keys would be self-incrimination and end up paying a lawyer lots of money to argue the point for years. Expensive and undependable security, but then in a criminal investigation there's not much security difference between gDrive and your local machine anyway.
If you have security needs you should do an analysis like that last paragraph, only longer. For lots of people encrypted files on gDrive might be just fine.