Slashdot Mirror
Online Storage With a Twist
mssmss writes "For a long time, I have been looking for a way to securely store my files online without being tied to a single vendor — whose survival my storage depends on. It looks like Wuala has a way to do this, according to this story in the Economist. They use donated disk space of users to scatter your encrypted files over multiple computers."
It's like RAID for online storage.
Sounds great, but what happens when a massive worm outbreak occurs?
I don't know why, but I really don't like the idea. Even on Google Docs I only put up things that I'm perfectly willing to have comprimised. The idea of having an intermediary overseeing any of my data just encourages me to go out and by an external drive or two.
Those who believe the Internet is private,
find their privates are on the Internet.
It's a nice idea for a perfect world, but we don't live in a perfect world therefore I see several potential problems. One is that like with Tor, anyone at the end-point could be monkeying with the system. In this case someone could manage to crack the encryption scheme used, and access people's private data. Another problem I see is that if someone is using a service like this to store copyrighted data (mp3's, DVD rips, etc) then, encrypted or not, innocent disk-space-contributors could be implicated in civil or criminal proceedings. Also, some people have bandwidth caps on their internet connections, and even those who don't aren't necessarily going to be happy with our bandwidth being used; I suppose though that if their client software allows bandwidth limiting then it wouldn't be much of a problem. A question I have about this: is there redundancy? What if all or part of a file you're trying to retrieve is on a remote system that's offline?
"For a long time, I have been looking for a way to securely store my files online without being tied to a single vendor â" whose survival my storage depends on."
And when the master server that knows where all those little pieces are goes down, you are still without your data.
Hmm... sounds good. I'll donate 2TB of space each from multiple computers at different locations and between all of them i'm bound to have two critical pieces of your files, then all i have to do is shut them all down! Muah haha haaaa!
And actually, what would happen if a major disaster shut down all the PC's in a major metropolitan area? Does the service provide enough redundancy that even if everyone in silicon valley went offline, my files would still be safe? I'd rather know where my data is.
Also, slashverteisment? The concept is interesting but the story doesn't bring up the more interesting issue of privacy, it seems like just an ad.
-Taylor
Worldwide Military budgets: $2100 billion. Worldwide Space Exploration budgets: $38 billion. Really, world? Really?
If my system is part of this network, then...
I have a 1KB file that I want to store. So I send it up to the cloud. It gets stored as chunks that take up 6KB...
Now if I participate in the cloud, I need to offer up 6KB of storage.
Hmmm..
RAID6 needs less than 50% redundant drives. This stuff needs 600% redundant storage.
The storage needs don't add up, except in specialzed situations. Let's say I have information I don't want anyone to find if they steal my computer. I put it up there. But if it's so sensitive, do I really want it up on the web?
I see this as being useful for information smuggling. Hide the file in plain sight in little bits. Reassemble when you cross the border (or after the DHS goons leave...)
> I don't think I want to be liable for the data that someone puts on my PC
I don't want random people's data on my disk. Period.
I was a beta tester for Wuala and the lack of access control to my donated disk space was the biggest issue. I talked to their CTO and suggested to have an option of donating the space to specific peers only, which should've not been hard to do given they have the social grouping support in place already. He didn't see an issue with wildcarded access though, so they were not planning (nor in fact did) anything about it.
3.243F6A8885A308D313
Step 1: Joe pervert is busted (legitimately) for kiddie porn. It is determined he stored some of it with this service.
Step 2: Service is subpoenaed, and they give out all the user info for all the places where the bits of the files are stored.
Step 3: Arrest hundreds of people, declare a major kiddie porn ring busted, receive promotion.
Step 4: GOTO Step 1
"As God is my witness, I thought turkeys could fly." A. Carlson
I have more than twice that number of files on my 8 external hard drives.
now we need to go OSS in diesel cars
Yeah, I can see the government not being particularly forgiving if that chunk of data on your harddrive happens to have childporn or something on it. "No, really your honor, it wasn't my data. I was just sharing storage space with people online." Is not going to fly in court.
Or, perhaps having this particular software on your computer could actually create the reasonable doubt you require to protect you? Think about it.
On paper it is mostly a great idea.
We had a paper on some tricks to play in file systems to make it perform better:
http://prisms.cs.umass.edu/mcorner/papers/fast_2007_tfs.pdf
But when you get down to it, churn is your biggest enemy. If you look at the rate at which people join and leave p2p networks, the amount of replication you need to do can use a lot of bandwidth. Every time a user quits (or drive crashes etc.) all of the data they were storing for others must be replicated again. If they aren't available online for a while you have to assume they have left the network and replicate proactively. See the paper for a few sample calculations based on the churn found in systems like kazaa and skype.
-M
The transfer rate of the files seems to be rather limited as well. My upload was at 12 kb/s when I usually have and upload in the 100s of kb/s from this connection.
Why is this thus? What is the reason for this thusness?
I would recommend taking a good look at Tahoe, from allmydata.org. This is an open source project that uses a conceptually similar file dispersal system for backup, but it has been designed and reviewed by expert cryptographers. There is also a commercial version available at allmydata.com which has generously sponsored the open source project. Tahoe is working on Windows, Mac, Linux and other Unix style systems.
Tahoe does have a minimal dependency on a central server to first learn about the peer nodes that hold data, but only for the initial callup - once the client is running, it remembers all the peers it is using. And they are working towards eliminating even this dependency with "gossip" introductions, so if you can connect to any peer you can learn of all the others. Everything is cryptographically protected with encryption and signatures to make it effectively impossible for anyone to see the contents of your files without your permission.
There is no way they can prosecute you for having an encrypted pic of illegal on your PC unless it was yours.
Besides, just drive to a rest stop, spoof your MAC, build an account with fake info and get 1gb free, then upload any illegal stuff you want and they cant trace it back to your PC because you used a rest stop. That's the best way to download music and movies, rest stop torrents, I live close to one and can download movies from the trunk of the better car I leave there. They can trace it as far as a spoofed MAC at the rest stop on a computer dedicated to the downloads with no identifiable information on it.
Don't forget to make Debian packages as well, since a lot of people who would use Ubuntu for distributed storage may prefer the stability of Debian.
Sam ty sig.