Slashdot Mirror
Google's Gdrive Raises Instant Privacy Concerns
An anonymous reader writes "The rumor mill is already raging over the potential functionality and capacity for Google's online storage service we talked about earlier this week (the company says 'it makes sense' to put all its Web apps under the same umbrella). But Internet rights advocates are now crying foul over liability issues, a probable lack of encryption and a cash-cow model that could scan all your personal data for advertising keywords. From the article: "'Google would be wise to offer users an option to encrypt your information,' says Nimrod Kozlovski, a professor of Internet law at Tel Aviv University. 'It really needs to have really detailed explanations of what the legal expectations are for storing your info.'""
You have the choice to:
Seriously, the issues raised are the same as with the other on-line storage services. And, this move by Google mostly integrates/consolidates what they already offer, albeit with the extension of storing any kind of data. I think it's great, I've started storing much of my data on line in various forums and I love the internet access. At your parents house and need a file? Download from the clouds. Got a special inside track on a new job and they need your resume, quick? From the clouds. Serenity now!
If you've got data you think sensitive, encrypt it, or figure out a different way to store it. Personally, from anecdotal, but plentiful, observation, those who store their data "in"/on the internet:
As for the screaming about Google figuring out a way to make money doing this, hwah? Kind of what running a company is about. And the more money they figure out how to make by ads makes the price point that much less for you and me, or anyone willing to trust Google. For the moment, I am. I'm assuming I'll get enough warning signs to not trust them, I'll move my data elsewhere. For now, good for Google.
This isn't new, just big. And, from a personal standpoint, I hope it's one more ding in Microsoft's armor. The more there are alternatives to data locked up in Microsoft's products, the better chances of real competition, and ultimately progress (finally!) in technology. (sorry, had to dig... this is slashdot, right?)
First off, if you're that concerned about your data being secure, you probably should just store it on a personal webserver and encrypt it yourself.
That being said, I really don't see this as a major concern for Google in relation to the success of Gdrive. A large percentage of people today really don't care about whether or not their personal data is scanned an analyzed, as proven by the information people list on social networking sites like facebook, myspace, livejournal, etc.
So the real question here is whether or not Google (and the small percentage of users that would use encryption) would benefit enough from this feature to offset the time needed to develop it and the hassles that will come along with it. I think that alot of the users wont realize that if Google encrypts their data with the password that the users provide, then there will no longer be that friendly "Forgot your password? Let us reset it for you." button. People will then be constantly complaining that they can no longer access their data if they forgot their password and had it reset (Because the data is encrypted based on their old password obviously). The only way that Google would be able to recover that data for the user is a.) by brute forcing it, or b.) by using precomputed hashes in a rainbow table format (though something tells me that Google is smart enough to use salts and this wouldn't be an option). Realistically, even Google doesn't have the resources to go around brute forcing people's passwords. This means the only real way that Google could encrypt the data would be to store their passwords as plaintext in case the user forgot it, which is really just providing security as the cost of losing alot more security. All in all I don't see the process being beneficial for Google or the users.
Because that's not useful. If they encrypt your data for you, guess what? They have the key! If you want your data safe from them, YOU need to encrypt it. That's just how it works. If you send your data in the clear to someone else and then they encrypt it for you, that means they can get at your data. Same deal is you send them data and the encryption key as well (see AACS). The only way to give it to them, but not let them at it is for you to encrypt it yourself, and to not give them the key. Then and only then can you be assured that while they have a copy, they can't read it.
Seriously people, get Truecrypt, it isn't hard.
At least let Google say something on their plans first...?
...). Software may send usage information to some company's servers. Game companies analyze your system to detect cheats, and could in the process find a lot of other things on it.
Besides, what's so special even if they'd do this? It's the norm to not encrypt mails. It's the norm to not encrypt instant messages on servers on services that provide offline messaging (Messenger, ICQ,
As usual, when this is released, I think *gasp* that the users will just have to decide for themselves if they care for having encryption or not. They'll also be free to encrypt their data. Why the rumor mill? Just chill and take it for what it is, as with any other service. It's not like Google will force you onto it. Then I could see the fearmongering kicking in early be more motivated.
Beware: In C++, your friends can see your privates!
Disclaimer: I don't see myself being an early adopter or anything of this service, but not because of privacy.
cash-cow model that could scan all your personal data for advertising keywords
What, like the "disaster" that Gmail is? I'm all for Internet privacy, but get some perspective. I trust this service in the hands of Google. They've done nothing to shake that trust, and to be frankly I have good faith that they won't. They're a data miner, sure, but they have always done in the least intrusive way as possible. Get this, I even like their ads sometimes! I know, unbelievable right! So thanks for being watchdogs and all, but as of right now, Google has my trust.
I got a catholic block.
#1 - Everything on the internet is not free. Actually, nothing is truly free - there's a cost SOMEWHERE. #2 - You do not have to use G So stop getting your panties in a wad. Just because YOU don't like the idea of it, doesn't mean some of us couldn't care less and like the idea of free storage. Everyone acts like GMail is the only mail system out there or that they are being forced to use it. Don't like the ads? Don't like that Google might read your mail? DON'T USE IT. You have plenty of choices out there - it's not Google's responsiblity to provide you with free anything. Get over yourselves.
It's a free service, some will find it useful, some won't. I mean, what kind of nimrod would expect his data to be 100% perfectly private and encrypted if he's outsourcing his data retention to someone else, and then question the company storing his data for, um, storing his data in the form he transmitted it? I just don't get the OMFGism.
Simple, don't use it. Seriously, google aren't in the business of simply giving stuff away out of the goodness of their hearts. They're giving things away because they think that they can generate revenue. Pretty much the only thing they get for storing your data "for free" is the data itself.
Just like your emails: you pay them by giving data so that they can search it advertise to you. Why would anyone think that they would do anything else with more of your data.
If you are sufficiently naive to think that a company will simply give you free online storage for no benefit to themselves, than I have a bridge to sell you. Lots of traffic, one careful owner...
SJW n. One who posts facts.
This is idiotic. Seriously. The "product" in question is a rumor. No details are confirmed about how it will work, what advertising hooks there will be, what features it will have, or whether it will ever see the light of day. You know what criticizing it at this point makes you? Not an analyst, not an expert, not a technologist. It makes you a guy with a guess and a blog.
My Photography - http://ian-x.com
The Deathlings (comic) - http://thedeathlings.com
You'd have to create a local encrypted "container" (which is a filesystem in itself), fill it with data, and then put it on your gDiskDriveSpaceBox.
It's like storing a safe at the rental storage unit.
Would that be called the "G-Spot"?
I'm not tense. I'm just terribly, terribly, alert.
Truecrypt is a really nice solution, not necessarily to gDrive (although it might be), but to protecting your privacy generally.
But I suggest you get it quickly. I believe that as soon as some "killer" encryption app that is user-friendly(for non-techies) and secure comes along, we will see efforts to outlaw private, personal use of encryption.
There's a guy named Zimmerman who can tell you just how badly the government would like to make it against the law to encrypt data or communications. And the idea that he got in trouble just because foreign countries could get hold of pgp is simply a flimsy excuse. There have already been cases where the personal use of encryption alone has been used as probably cause for the search and seizure of person and property.
Sure, I'm a paranoid, but that doesn't change the fact that the corporate authoritarians who are running our government are engaged in a full-court press to take away our freedom and our privacy. And they are succeeding at an unprecedented rate.
I hope one of you out there comes up with a simple app for encrypting data that works well with gDrive. And thanks, cromar, for the link to Truecrypt. I played with it a while back, but now I see that it's been improved to the point that I'm going to use it on all of my external storage.
You are welcome on my lawn.
I didn't understand how it would be possible for the government to do searches and seizures without a warrant, in lieu of a declared war, or for that matter how, so soon after Viet Nam, a massive mobilization of our troops causing thousands of American lives could be engaged without a formal declaration of war, especially in lieu of the target of that invasion having attacked the US. I didn't understand how it would be possible that we'd fight that war using corporate-led army of private mercenaries who would be above the law of any world nation. I didn't understand how it would be possible for a Presidential election to be decided by a couple of Republican-appointed Supreme Court justices after they forced a state to STOP COUNTING VOTES.
But that's where we are today. Trust me, before a woman or a black man is elected President, personal users of encryption will be considered outlaws. Hell, did you ever think that someone whose grandson used a legally available piece of software for its intended purpose could be considered an outlaw and fined hundreds of thousands of dollars, having had a private squad of thugs raid her house and seize her computer?
I could go on, but it's Friday night and this vodka/cranberry juice is starting to put me into a good mood. It's been a long week and fighting fascism is thirsty work. I pray that a lot more of you highly-skilled, technically savvy, bright people give it a try (fighting fascism, not vodka/cranberry), but until the government seizes your iPods and your Xboxes and your 42" HDTVs it probably won't happen. But then again, with the sources of cheap credit which fuel our consumer economy drying up, it just might. When it does...meet the boys on the battle front.
Peace, citizens.
You are welcome on my lawn.