Slashdot Mirror
Online Storage With a Twist
mssmss writes "For a long time, I have been looking for a way to securely store my files online without being tied to a single vendor — whose survival my storage depends on. It looks like Wuala has a way to do this, according to this story in the Economist. They use donated disk space of users to scatter your encrypted files over multiple computers."
It's like RAID for online storage.
Sounds great, but what happens when a massive worm outbreak occurs?
I don't think I want to be liable for the data that someone puts on my PC should the encryption ever be broken.
"So long and thanks for all the fish."
I don't know why, but I really don't like the idea. Even on Google Docs I only put up things that I'm perfectly willing to have comprimised. The idea of having an intermediary overseeing any of my data just encourages me to go out and by an external drive or two.
Those who believe the Internet is private,
find their privates are on the Internet.
What happens if several of those computers go offline? Do you lose part of your files?
http://slashdot.org/comments.pl?sid=957645&cid=24930055
I think this would be great for setting up an automated backup system.
It's a nice idea for a perfect world, but we don't live in a perfect world therefore I see several potential problems. One is that like with Tor, anyone at the end-point could be monkeying with the system. In this case someone could manage to crack the encryption scheme used, and access people's private data. Another problem I see is that if someone is using a service like this to store copyrighted data (mp3's, DVD rips, etc) then, encrypted or not, innocent disk-space-contributors could be implicated in civil or criminal proceedings. Also, some people have bandwidth caps on their internet connections, and even those who don't aren't necessarily going to be happy with our bandwidth being used; I suppose though that if their client software allows bandwidth limiting then it wouldn't be much of a problem. A question I have about this: is there redundancy? What if all or part of a file you're trying to retrieve is on a remote system that's offline?
"For a long time, I have been looking for a way to securely store my files online without being tied to a single vendor â" whose survival my storage depends on."
And when the master server that knows where all those little pieces are goes down, you are still without your data.
Hmm... sounds good. I'll donate 2TB of space each from multiple computers at different locations and between all of them i'm bound to have two critical pieces of your files, then all i have to do is shut them all down! Muah haha haaaa!
And actually, what would happen if a major disaster shut down all the PC's in a major metropolitan area? Does the service provide enough redundancy that even if everyone in silicon valley went offline, my files would still be safe? I'd rather know where my data is.
Also, slashverteisment? The concept is interesting but the story doesn't bring up the more interesting issue of privacy, it seems like just an ad.
-Taylor
Worldwide Military budgets: $2100 billion. Worldwide Space Exploration budgets: $38 billion. Really, world? Really?
*drinks /. Kool-Aid*
What if the FBI/NSA sets up a few computers on this network and just idly waits until something that interests them shows up on their storage space...
If you hate the bloat known as Java as much as I do, and how the JRE loads (chokes) with out asking, don't visit the website.
is who is going to just donate their hard drive space for no reason?
I like the idea in theory. P2P storage, very nice.
Except that it relies on sucking up somebody else's bandwidth, which may or may not be saturated as they are torrenting pr0n and/or playing WoW.
And it relies on hard drives that will sometimes unexpectedly get wiped from time to time, completely without notice and beyond my control or knowledge.
And except that someday, inevitably, somebody will break the encryption and will have access to pieces of my stuff.
And except that isn't this pretty much what Freenet already does is?
I'll stick with a nice RAID5, thanks.
So they use Bittorrent?
I dont know if I would be comfortable with encrypted bits and pieces of my important file(s) spread over how many computers. Especially if some creative soul figured out how to crack or break the encryption scheme(s) used.
Even though you don't want to tie yourself to a single vendor, that's still exactly what you're doing.
Just ask yourself: If Wuala goes under, how will you get your data back?
It doesn't sound like their client application does all the distribution itself, but rather everything is funneled to and from a central server that tracks the scattered data and makes sure enough mirrors are maintained for reliability.
=Smidge=
Put the files on two different vendors, get an external hard drive at home too, and you're set. I'd trust vendors to be much better at both storing your data reliably and keeping it private than some random crowd of people who may choose to uninstall the program after a few months.
If my system is part of this network, then...
I have a 1KB file that I want to store. So I send it up to the cloud. It gets stored as chunks that take up 6KB...
Now if I participate in the cloud, I need to offer up 6KB of storage.
Hmmm..
RAID6 needs less than 50% redundant drives. This stuff needs 600% redundant storage.
The storage needs don't add up, except in specialzed situations. Let's say I have information I don't want anyone to find if they steal my computer. I put it up there. But if it's so sensitive, do I really want it up on the web?
I see this as being useful for information smuggling. Hide the file in plain sight in little bits. Reassemble when you cross the border (or after the DHS goons leave...)
> I don't think I want to be liable for the data that someone puts on my PC
I don't want random people's data on my disk. Period.
I was a beta tester for Wuala and the lack of access control to my donated disk space was the biggest issue. I talked to their CTO and suggested to have an option of donating the space to specific peers only, which should've not been hard to do given they have the social grouping support in place already. He didn't see an issue with wildcarded access though, so they were not planning (nor in fact did) anything about it.
3.243F6A8885A308D313
Encrypted distributed donated storage sounds a lot like Freenet. :)
p2p is only used for illegal stuff! This should be outlawed, immediately.
I've been using windows live mesh (www.mesh.com) to achieve this. I have my work machine and my home machine setup to synchronise files. This way I always have two copies of the files on two machines, with a third copy stored online. My wedding photos might actually be safe now.
Spam
Step 1: Joe pervert is busted (legitimately) for kiddie porn. It is determined he stored some of it with this service.
Step 2: Service is subpoenaed, and they give out all the user info for all the places where the bits of the files are stored.
Step 3: Arrest hundreds of people, declare a major kiddie porn ring busted, receive promotion.
Step 4: GOTO Step 1
"As God is my witness, I thought turkeys could fly." A. Carlson
I have more than twice that number of files on my 8 external hard drives.
now we need to go OSS in diesel cars
You know how one way to stop feeling the hurt of a stubbed toe is to get a bigger hurt?
Google for goatse.cx ....
Infuriate left and right
Open up a Gmail, Yahoo and Hotmail account and cc them all on an email with your files compressed/encrypted as an attachment.
Nice idea, but no thanks now that my use is capped thanks to comcast.
---- Booth was a patriot ----
And wouldn't kiddie pron collectors love this technology?
You could say the same about almost every technology. Full disk encryption, digital cameras, the entire internet itself, all this makes the life of a child pornographer that much easier. Focus on the good uses of a technology, and let law enforcement do its job if someone misuses it.
Give me Classic Slashdot or give me death!
I have a home business. So, for safety, I always keep one copy of my data at work and one at the office.
Oh wait.
So we have to protect the children and outlaw this service? Is that what you're trying to say?
Isn't that the reason big ISPs dropped USENET down to The Big 8?
THINK OF THE CHILDREN!
Posts not to be taken literally. Almost everything is sarcasm.
What a great way to go over your 250GB monthly limit from Comcast.
and are in ANY business that stores information about employees or insurance filing information, this is a non-starter. HIPPA The Health Information Privacy and Protection Act simply will NOT permit it in all probability for reasons of accessibility, for one thing.
If ONE provider's storage system goes down, is stolen or compromised, YOU are toast as YOU have no control over the physical-layer of security as required under the regulations of the Act.
Nice idea, but for really sensitive information, this could get you fined, get any licenses in the financial or medical fields revoked and could even get you prison time should ANYTHING at all go wrong.
Nope. Not a winner at all for really sensitive data.
For all the downsides already listed, isn't this idea exactly the same as FreeNet? You'll have someone else's sicko illicit p0rn on your system, while someone else is trying to crack the encryption protecting your bank records. All until the indexing scheme breaks, in which case nobody can retrieve their files.
[
You people do realize we need to start with the toaster if we really want to do something about the kiddy porn problem. After all, studies have shown that many child pornographers start their day with a piece of toast for breakfast. Why should corporations be providing child pornographers with equipment that helps them exploit children in this manner?!
On paper it is mostly a great idea.
We had a paper on some tricks to play in file systems to make it perform better:
http://prisms.cs.umass.edu/mcorner/papers/fast_2007_tfs.pdf
But when you get down to it, churn is your biggest enemy. If you look at the rate at which people join and leave p2p networks, the amount of replication you need to do can use a lot of bandwidth. Every time a user quits (or drive crashes etc.) all of the data they were storing for others must be replicated again. If they aren't available online for a while you have to assume they have left the network and replicate proactively. See the paper for a few sample calculations based on the churn found in systems like kazaa and skype.
-M
CrashPlan is a really nice option IMO. You can backup your stuff to multiple friends' computers, and the files are of course encrypted (Blowfish, I think) before they're transferred over the network. You pay for a license but your friends don't, which is nice. Very affordable, too.
Freenet has been doing this for years. Basically all it is is a distributed, encrypted filesystem with some HTTP front end.
That's a ridiculous oversimplification, but that's how it works to the user.
The transfer rate of the files seems to be rather limited as well. My upload was at 12 kb/s when I usually have and upload in the 100s of kb/s from this connection.
Why is this thus? What is the reason for this thusness?
After using the service for the last hour, I have to say this is a great place to share music, violating copyright and "illegally" downloading tons of material.
Kiddie porn is one concern, but the RIAA will shut this down before the slow bureaucratic police.
Bit Torrent Scenario -> 1. File 86 % complete and no other seeders. Stuck for 5 days ! Dang !
Wuala Scenario -> 1. Stored Large File.
2. Want to download file.
3. File 86 % complete and no other seeders. Stuck for 5 days ! Dang !
Possible ?
If the data is scattered among many computers, it won't do you any good (or get you any excitement) to store a few blocks of porn. At best you get a few pixels, and you probably won't even know WHICH pixels they are supposed to be, seeing that they are supposed to be encrypted.
Next time, pick something like "Will-trade-blocks-for-food" or something like that.
until I turn my PC off/my hard drive dies/I don't want to be part of it anymore and somebody loses all his stuff.
Bad luck.
Every Slashdotter would agree that if its on the internet, it belongs to everyone. Digital rights management software and systems to secure personal files ie property is EVIL and there is no acceptable application of such technology.
Because they break the files into 100 pieces the pieces on any given computer would not be usable to recreate the original file. Sure, you could break the encryption and have...1/100th of a file.
Obviously if they are storing files on your HDD than theres a huge security risk. But the algorithm used splits the file into many pieces. If they only store on piece of a file on your HDD and scatter the others among other computers that makes things much more difficult for hackers.
That's what The Freenet Project was being used for when last I bothered to look. I'm told that it's changed somewhat since then, but who knows.
"The urge to save humanity is almost always a false front for the urge to rule." --H.L. Mencken
while someone else is trying to crack the encryption protecting your bank records.
What, with a couple of percent of each file? And not "bytes 300 to 1900", but a couple of percent of a polynomial function describing all the bytes in the file.
You should all install OpenGoo !!
I prefer my online storage on ice, not with a twist.
lol: You see no door there!
I would recommend taking a good look at Tahoe, from allmydata.org. This is an open source project that uses a conceptually similar file dispersal system for backup, but it has been designed and reviewed by expert cryptographers. There is also a commercial version available at allmydata.com which has generously sponsored the open source project. Tahoe is working on Windows, Mac, Linux and other Unix style systems.
Tahoe does have a minimal dependency on a central server to first learn about the peer nodes that hold data, but only for the initial callup - once the client is running, it remembers all the peers it is using. And they are working towards eliminating even this dependency with "gossip" introductions, so if you can connect to any peer you can learn of all the others. Everything is cryptographically protected with encryption and signatures to make it effectively impossible for anyone to see the contents of your files without your permission.
Just the perfect thing to store my collection of M. Night Shyamalan DVDs...
"Waste not one watt!" - CZ
I email copies of everything to multiple free on-line email accounts at AOL, Gmail, Hotmail, Yahoo!, and Juno.
Without the passphrase to the 9162 Kb encryption key I used, good luck doing anything with them!
OK, I'm lying. Really I just write everything to hard disks and then I delete anything I haven't used in a decade whenever I rebuild the server.
Don't several Trojans do this already? Seriously, they want people to offer anonymous access to their machines' drives for data storage, without even having any control over the data? They want people with purpose-built *desktop* operating systems, such as one popular one not really designed for multiple users, to volunteer to do this? Is this a social engineering attack? (Yes, I did RTFA. It reads like an advertisement, with no consideration to the security concerns the person whose drive is being used for storage may have.) A bunch of Windows machines effectively allowing anonymous accounts sounds like a wet dream for script kiddies.
Oh man, I wish the world had more people with your mentality. (IE: Don't pretend to be the highway patrol and pull in front of that speeder, get out of the way and let the patrol make their own money.) I'm being serious here. People don't know enough about how other people live in order to make life decisions for them. The same goes for government oversight of my life (you know... things like health care)
Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
Restricting the groups doesn't do much, because they will continue to spam other groups. There's just no stopping Usenet, and frankly no reason to do so in the first place. It is one of the last vestiges of the early internet still kicking around.
-Billco, Fnarg.com
Sounds like it's a CODA file system with encryption & less robustness (single master server)
There is a war going on for your mind.
I don't really want to go to jail for something I didn't do and for something that someone else did do. Most police and court systems don't care about your excuses, they only care about what you can prove. You could find yourself enjoying morning water boarding down in Guantanamo Bay before you can explain it wasn't you who stored the terror plot on your hard drive it was Al Queda using a distributed hard drive storage service.
...but it certainly is done. The projects I've found that do much the same thing are NOT being run by kids in their basement, but serious, large-scale research centers that need to do wide-area RAID.
dCache
iRods
OPeNDAP
PVFS
TPIE
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
The only disk space I would be comfortable donating to this would be on a Truecrypted drive, so even if someone cracks their protection, it's secondarily protected by mine. If the cops seize my drive, they find nothing.
I piss off bigots.
What the hell is up with people wanting to 'securely' store their personal/corporate/political plans to take over the world on someone else's machine? If you don't control the hardware you're storing things on, it's, by definition, not secure.
So we're all supposed to live like 6th century monks because people like you are afraid of their government and therefore won't embrace anything new because of this notion that anything and everything will land you in Gitmo. It is this type of mentality that certain people in power want you to have. They tell you, your rights are null and void because this is a post 9/11 world. They tell you that any new and cool concept that doesn't give control to one exploitable entity is a slippery slope to $insert_fear_here. Go ahead keep up with your mentality and we will all be living in caves in no time.
This seems like it could be a good concept over a private network. At my company we encourage the users to use network drives for storing files, but, of course, all of the desktops have 80+G drives of which only about 10G are used. If something like this could be set up on the network as a distributed file system with some redundancy and encryption. It would create something like 70G * 2000Machines = 140TBytes of network storage.
Does something like that exists?
--
JimFive
Please stop using the word theory when you mean hypothesis.
If you don't want to get tied down to a single vendor (in case they go belly up) or a single backup application (in case it fails miserably due to a bug), another option (other than betting on a P2P solution that may not be around in 12 months anyhow) is to back up your data to 2 vendors. Yes, it's roughly twice as expensive. But you can't say it's your life blood (your survival depends on it, right?) and then take the cheapest way out. Not a perfect solution, but spending $50 a year to backup to one vendor, and doubling that to $100 to back up to two... doesn't seem so expensive.
Before that, come on! Another GUI, another annoying interface to manage your files. I would like to choose my own tools to connect to the remote system. And the amount of bells and whistles in the program is just, honestly, too much. :) )
They could provide FTP (or even better, SFTP).
But if they provide some kind of API, Manent (http://trac.manent-backup.com) might be an interesting application to make use of it (yes, yes, I'm the author
Love how people take a generic tool, useful to all areas, and reject them because one of the potential uses happens to be child pornography, terrorism, abortion, or whatever socially unacceptable behaviour is around in that particular moment. What will be next? Medicine because it will let live sick kiddie pron collectors?
I agree that are tools for which most if not all uses are negative (guns?). But for this particular one, the potential good uses are too broad to just deny the entire idea. And privacy will demand that noone should be able to see whats there except the owner.
About speed, i suppose that it will depend of what will be the main use of it. But the biggest speed hit (and limit) will be the originator of the info, not the whole internet (is not like i.e. video streaming, that have a lot of viewers)
The article references using large, complex polynomial equations to "describe" the file. I'm gathering that they then distribute the 100 coefficients for each polynomial around the net, and that's part of what makes it so secure.
Then on their site, I see a lot of talk about encryption prior to being uploaded (which I would think isn't necessary since they're only distributing coefficients), and there's no mention of polynomials at all.
So what exactly are they doing? The article really makes me wonder about the applicability of the polynomial approach to more general data compression, for example.
Also, distributing coefficients also should (IMHO) neatly address the "you've got a snippet of kiddie porn on your computer" concerns, since you don't -- you just have long, essentially random, numbers that aren't themselves part of *anything*. (that is, any given 128-byte chunk of a JPEG will probably look pretty random, but it might still be possible to reconstruct a part of an image, but it sounds like that's not the case here. maybe.)
Or was that whole bit about polynomials and points on a line and such just mumbo-jumbo?
Just get a flash card embedded in your arm, in case you like to stroll around naked.
I've found Adrive.com works well. 50GBs for free. Plus I don't know how I feel about storing other peoples files on my computer.
Can I bum a sig?
First, all the encryption is local so this isn't "crackable". If you forget your password there's no way to access your data. Nobody, not even Wuala's devs know your pass.
Second, when you upload a file it goes first to their servers and then it is spread across the P2P network. The network is used as a way to save traffic from the central server and to increase download speed. So your files are safe, unless the P2P network and the Wuala servers crash irrecoverably.
Third, I can understand that you don't want people's fragments on your computer (even though they are meaningless bytes because nobody but the owner can acess them), but you don't have to trade your disk space! You only do this if you need more space. You can also buy space.
A LAN implementation of this has been suggested several times but it is not possible yet since, right now, Wuala's servers are very important in the whole process.
You've never heard of anyone going to so much trouble just to get a few free movies.
In contrast, you have heard of people (who did not go to so much trouble) being successfully sued by the RIAA/MPAA, right?
There's a moral there.
Has anyone got it to work with 64-bit java?
FTA: "Yet there have to be enough copies to ensure that there is at least one available most of the time." Shouldn't they be disguising "most of the time" with *cough* tags.
Looks fun and all, but it's proprietary, so what's the use? It's probably full of FBI back doors, or at the very least, marketing dept. back doors. Even without evilness on their part, do you really trust their precompiled java binary to encrypt your data in a way you can't inspect, or can't verify with people who know more about crypto? If you really need something like this, go with what others have posted, and try http://allmydata.org/trac/tahoe
I just have a computer sitting on my network at home with a domain name as a server for my stuff. Of course it's not offsite so if my house burns down or is robbed I am screwed, but my stuff is on the cloud so I can access it where ever I am. Plus it makes a nifty web server for my blog. www.ccdcweb.com :D
Some how I don't think this is quite what he had in mind though...
"Most if not all uses are negative (Guns?)"
I know this is not a popular topic around here, but firearms are not negative in most instances. They are negative in a small percentage of uses. And those uses are similar to Child Porn. I won't bring up hunting because it is a topic that many disagree with, but firearms are a primarily defensive tool in the hands of everyday people. Yes, they are used by bad people, but so are many other things. Like Computers, like alcohol, like cars, like knives, like many many other things. The criminal will be a criminal, no matter what tools are available.
I know from personal experience, I was working late, came home to find my wife being attacked in our own kitchen, the 4 inch gash in her arm that came from one of our cheap steak knives, her clothes ripped off and a man kicking her while trying to unzip his pants. He came at me when I walked in the door. I pulled a gun (Conceal and Carry) and shot.
I later found out that the man had 15 years martial arts training, I would not have stood a chance. I made the right choice. I saved my wife from rape and got her medical help quickly (the doctors said if someone had not quickly cared for that wound she most likely would have bleed to death) and prevented myself from injury or death myself.
Without that tool, which is all that a firearm really is, I would not have been able to defend myself. When calling 911, it took the police 8 minutes to get the the house, and another 6 before they had sufficient backup to enter the house by the towns policies (Armed occupants or assailant).
The best part of the story: The guy who did this was a new hire police officer in a town 20 miles away. Still in training for the department for another week. Evidence later linked him to two other attacks, this would have been the most successful.
My wife hated guns, irrationally so, and had been trying to put her foot down and demand that they be removed from the house before she would allow us to have children. Living through a real war in your own country convinced her of that. It was a major argument between us for many years. She does not like them any more then she used to, but after that she did decide to take training classes herself and dropped the "get them out" demand.
I post anonymously because this is a personal story, but one that people should think about.
I built something like this for my own usage, and I'm unsure about all the people who are yelling about how the other server owners could be implicated for illegal data stored on their systems: it's all in how the program implements its algorithm.
What I did, to sum up a lot of stuff, was wrote a program that'd take each individual byte from the input stream and split it into a bunch of output streams -- like 20, as I recall, each one bit wide. (Each bit stored in two streams, plus several parity bits.) Then those 20 resultant files got stored on a bunch of online storage places as data in jpegs(*) or whatever.
It worked, it was tedious to use, blah blah blah. But the thing is: any of the individual sites where a chunk of this data was stored didn't have anything useful. There is no meaningful definition for a series of bits stripped sequentially out of another file: it's junk, if that's all you have. I can't claim that police would be *unable* to charge you for having secret bomb-making data on your hard drive, but it would be very difficult to support that argument when what you have is completely illegible. I used to listen to numbers stations when I was a kid, but that hardly makes me liable for the actions of people who are using those numbers for espionage.
(*) If you build a program to parse the data in jpg's, it's an easy matter to add a data stream into the color data rather than just into the metadata. You have what approximates a one-time pad: a stream of data (the picture) and another stream of data (the message) which are both close to random. Then you put the original picture somewhere else, and the recipient acquires both and strips out the message. Problem is you have to control the jpeg conversion process, you can't use flickr or the like, who do their own conversions. So it's not really super-useful. But you can't visually see the difference between the original picture and one that's had one bit added into each RGB value, especially if you do something like alternate adding or subtracting the bitstream, which itself has an average value of 0.5, so the pics come out looking no different. It was fun to write.
Nostalgia's not what it used to be.