Slashdot Mirror

← Back to Stories (view on slashdot.org)

Your Cloud Provider (Probably) Isn't Spying On You

Posted by samzenpus on from the just-because-you're-paranoid-doesn't-mean-they-aren't-after-you dept.

jfruh writes "Last week the CEO ServiceNow made a minor splash by claiming that it was awfully easy for a cloud provider to spy on the data they stored for you or discriminate based on pricing. But while that's possible, in many cases it turns out to be simply not practical enough to be beneficial. Even moves like restoring outages for higher-paying customers first turn out to be more trouble than they're worth."

16 of 85 comments (clear)

  1. encryption by schneidafunk · · Score: 4, Informative

    The solution which is always repeated is to encrypt any sensitive data.

    --
    Some people die at 25 and aren't buried until 75. -Benjamin Franklin
    1. Re:encryption by hawguy · · Score: 4, Insightful

      The solution which is always repeated is to encrypt any sensitive data.

      If you need to actually use your data at some point, the cloud provider could snoop the data from your virtual machine's RAM. And they could probably find the decryption key to your data somewhere in memory too if they looked hard enough.

    2. Re:encryption by Anonymous Coward · · Score: 2, Insightful

      The whole point of cloud computing is the computing part of it. We do not have any practical fully homomorphic encryption system to date. You just can't reasonably perform computation on encrypted data without decrypting it at some stage.

    3. Re:encryption by Anonymous Coward · · Score: 2, Insightful

      Then why would you need a cloud vm in the first place? Then all you need is just a cloud storage.

    4. Re:encryption by hawguy · · Score: 2

      So only decrypt the file locally. Crisis averted.

      Unless you're trying to avoid the problem noted in the articles linked from the summary which was clearly involving a complete cloud infrastructure provider, not a cloud storage provider.

    5. Re:encryption by hawguy · · Score: 2

      That depends on if you're talking about cloud storage or cloud computing.

      Encrypting your data is pointless for cloud computing. You're better off asking whether your data is stored in an encrypted file system of some sort. Encrypting your data for putting onto cloud storage is more practical. Yes, the "client" you install may have the ability to root your computer on command, but you might as well unplug the cable going out to the WAN from your home network if you're that afraid of people getting access to your data.

      Encryption is not pointless even in cloud computing. When I encrypt my data, I know that no matter what bugs or faulty procedures the cloud provider may have (i.e. selling old hardware without erasing the hard drives) that exposes my data to a third party, I know that no one can read my sensitive data. It's just another layer of protection.

  2. Concern isn't the companies position on spying. by Anonymous Coward · · Score: 3, Insightful

    My concern isn't that the company as a policy is spying on me, it's the fear that a disgruntled employee would start copying all of the data for their own use.

    1. Re:Concern isn't the companies position on spying. by SJHillman · · Score: 4, Funny

      I already have all of your porn, but it's nice to know you're thinking of me.

      Sincerely,
      Disgruntled Employee

    2. Re:Concern isn't the companies position on spying. by alen · · Score: 2

      so what kind of cool data do you have that would interest someone?

      back when i was in the army i worked in the command group of a 2 star general. i was in the office down the hall and next to the chief of staff. when they needed computer help i saw their email. it was the most boring crap you can imagine.

  3. Useless data by flyingfsck · · Score: 2

    Data is not the same thing as information.

    --
    Excuse me, but please get off my Pennisetum Clandestinum, eh!
  4. Priorities by marcello_dl · · Score: 2

    Nobody gives a damn about your data, with good statistical confidence.

    OTOH I suspect it is quite important to be able to get your data should the need arise, which is a different concept.
    That's, at least, what I desume from seemingly grossly inefficient developments in IT, e.g. the cloud where your machines are not part of the nodes, or the UI downloaded from the server, instead of having everything available locally and a remote db for syncing data.

    It's a parallel with the development of laws where cronyism replaces democracy. In those system it is not important to put a lot of people in jail, it is vital to make anybody potentially a criminal so you have an excuse to lock people up if the need arises.

    --
    ---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
    1. Re:Priorities by aaaaaaargh! · · Score: 3, Insightful

      Nobody gives a damn about your data, with good statistical confidence.

      I wouldn't be so sure about that. There are tens of thousands of small high-tech companies with trade secrets that the "cloud" providers would like to gain as customers. From source code to email and customer data such companies have all kinds of valuable data. The solution is, of course, not to put any of this data into the cloud except in fully encrypted form for georedundant backups.

  5. Spies in the sky by Wowsers · · Score: 4, Informative

    "Your Cloud Provider (Probably) Isn't Spying On You"......

    But your government probably is.

    --
    Take Nobody's Word For It.
    1. Re:Spies in the sky by jxander · · Score: 3

      The simple fact is : the vast majority of the populace just isn't that interesting.

      Thereby, TFA can easily and honestly say that they're probably not spying on you, because for any given value of "you," it's likely to fall into the uninteresting segment.

      --
      This signature is false.
  6. CSP isn't the problem by pubwvj · · Score: 3, Informative

    The cloud service provider isn't the worry. They couldn't care less. It's the government I'm concerned about. They do care and they have a history of spying and want the right to do so.

    The internet is a postcard. Don't store or transmit anything you don't want seen.

  7. Weighing in by itsphilip · · Score: 2

    Going to keep the identity kinda vague here but I can say that I'm a high-ish level executive for a company that provides cloud services similar to Amazon and I will tell you first hand that we NEVER ever ever would spy or collect data on our customers. It would be a disaster and far more trouble than it's worth. Most mainstream platforms (VMware, OpenStack, whatever you choose) don't even provide facilities for reading on-disk customer data in a true cloud environment easily; I guess if you really wanted to you could start pulling raw blocks off of a SAN and dig around, but it would be a serious pain. Even if it were easy, I can't see a compelling reason to eavesdrop on customers, plus there are likely legal ramifications.