Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Cloud: Convenient Until a Stranger Nukes Your Files

Posted by ryuzaki0 on from the just-use-openafs dept.

jfruh writes "Thanks to a plethora of cloud storage accounts, Dan Tynan thought his days of carrying a thumb drive around with him and worrying about email stripping out his attachments were over. But that was before he discovered that his Box.com account and all the files in it had vanished without a trace. With tech support coming up empty, Tynan had to put on his journalist hat to track down the bizarre sequence of events that ended with his account handed over to another user, who didn't ask for it and didn't even know who Tynan was."

22 of 262 comments (clear)

  1. The Cloud will save us all! by Sarten-X · · Score: 5, Insightful

    Cloud services take all of your IT problems, and give them to someone else, period. A cloud is not inherently going to fix your problems, or make them worse, but just delegate them to someone who may or may not be able to handle them better.

    --
    You do not have a moral or legal right to do absolutely anything you want.
    1. Re:The Cloud will save us all! by TWX · · Score: 4, Informative

      Another issue with handing problems to consultants or third-parties, even if those companies have an interest in taking care of your problems, the employees of those companies may not. In short, you call with a problem, and there are layers of management and bureaucracy up your chain of authority and down theirs before the hammer can be brought down on an employee of a different company that fails to do his or her job or to otherwise provide service.

      When a person who takes care of your stuff works for your organization, generally there are fewer hoops to jump through to compel that employee to do his or her job, as there's both an ability to personally address that employee, and there's a greater ability to discipline an employee that fails to do one's job.

      That having been the stick, there's also the carrot, the employee in one's own company that manages to play Scotty and save the day will receive more recognition from his or her fellow coworkers than the employee of a consulting firm, so the motivation to take care of the assets is also greater with the personal connection to coworkers.

      --
      Do not look into laser with remaining eye.
    2. Re:The Cloud will save us all! by wbr1 · · Score: 3, Insightful

      "Cloud services take all of your IT problems, give them another layer of abstraction and possible complexity, and give them to someone else who may decide not to give a crap about your (or anyone's) problems ever again." - FTFY

      For what it's worth, there is some convenience in 'cloud' services. But, if I have the time and the budget it is better to roll your own. Then I can point at the IT people responsible and say fix it or else. If I hand data and servers to someone else to manage, someone who has weaseled every possible loophole into their contract and outsources support for their product to (possibly foreign) call centers that know nothing about the services and follow consistently useless scripts to try to resolve problems, I am asking for trouble.

      --
      Silence is a state of mime.
    3. Re:The Cloud will save us all! by Moryath · · Score: 3, Insightful

      Cloud services take all of your IT problems, and give them to someone else, period. A cloud is not inherently going to fix your problems, or make them worse, but just delegate them to someone who may or may not give a crap.

      FTFY.

      I don't trust Cloud services with anything, for good reasons:
      - Lack of deletion confirmability.
      - Lack of security (seriously, Dropbox will accept "1111" as a valid password)
      - Lack of confidentiality - law enforcement says "we want to look at user32X's files", Dropbox/Google/etc will cheerfully hand them over without so much as a notification to you. Your account is hacked or your password guessed, poof your files are in the wild. One person misrepresents themselves and the file gets shared out, or some bit is flipped making your files "visible", you get no notification and your files are in the fucking wild.

    4. Re:The Cloud will save us all! by TangoMargarine · · Score: 3

      After reading the article (WTF, right?), I was somewhat amused by the shock and dismay he displayed that some random person could have accessed all his files (including tax and medical records in a different account). . . . Dude, it's the Cloud.

      --
      Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
  2. Moron by Anonymous Coward · · Score: 5, Insightful

    FTFA:

    * Financial records. I scan all my paychecks and store them (on SkyDrive, not Box.com - fortunately). Our tax form PDFs are all on some cloud storage service, either SkyDrive or Dropbox, as are all our receipts. These would have been in the hands of a total stranger - perfect fodder for identity theft. And if the IRS suddenly decided to audit us? We'd be at their mercy.

    * Health records. We scan all our doctors bills and insurance insurance statements and store them in the cloud. So now we're talking about medical identity theft for us and our kids - a situation that's much harder to resolve than standard financial ID theft.

    What an idiot.

    1. Re:Moron by barlevg · · Score: 3, Interesting

      I love the concept of being able to access one's files anywhere. But there's no need to do it via "the cloud." All you need is a home machine that can be always on connected to a reliable internet. I realize that ISPs frown upon this sort of thing, but until Comcast tells me to stop, this is the best option to give me the functionality of the "cloud" with all the control I want over my own damn content.

    2. Re:Moron by OzPeter · · Score: 5, Interesting

      What an idiot.

      His profile at the bottom of the page makes it doubly so:

      Author Dan Tynan has been writing about Internet privacy for the last 3,247 years. He wrote a book on the topic
      for O'Reilly Media (Computer Privacy Annoyances, now available for only $15.56 at Amazon -- order yours today) and edited a series of articles on Net privacy for PC World that were finalists for a National Magazine Award.

      Quoting from the Amazon page for his book:

      From the moment you're born, you enter the data stream-from birth certificates to medical records to what you bought on Amazon last week. As your dossier grows, so do the threats, from identity thieves to government snoops to companies who want to sell you something. Computer Privacy Annoyances shows you how to regain control of your life. You'll learn how to keep private information private, stop nosy bosses, get off that incredibly annoying mailing list, and more. Unless you know what data is available about you and how to protect it, you're a sitting duck. Computer Privacy Annoyances is your guide to a safer, saner, and more private life.

      Either he doesn't follow his own advice, or his is actually *dumber* than a box of rocks.

      --
      I am Slashdot. Are you Slashdot as well?
  3. Complacency by cyberpocalypse · · Score: 5, Interesting

    Unsure why people are moved to throw their data into the hands of someone (company) that would never treat their data sacred. I don't care what argument you put forth, no one is going to care (security wise) about your data as vigilant as you would (and should). Math wise, the cloud makes no sense to me, even on the free model.

    1) wait for you to download your data over the Interwebs (mobile you say... tick tock)
    2) There is NO GUARANTEE someone in the company isn't looking at your data or selling it. You're simply trusting they won't

    Storage is dirt cheap. 2TB drives are like what 100-200 US per pop give or take. They're compact enough to throw in a messenger bag along with a laptop. Data availability is much faster than downloading it over the wire. Throw on crypto (say Truecrypt) and you have a decent amount of security. Only concern, is your HD goes bad. In either event, another backup 2TB is 100-200. Cloud pay for play? @ 10.00 per month, its STILL the cost if not more than buying your own device.

    1. Re:Complacency by SJHillman · · Score: 4, Insightful

      I can sum up exactly why people do it in three words: fast, easy, convenient.

      Once you start handling it yourself, all three of those are going to take a hit - and for non-technical people, it can be a pretty heavy hit.

    2. Re:Complacency by MightyYar · · Score: 3, Insightful

      In my neighborhood, we have these house fire things that would totally ruin your day. I pay $1600/year in home owners insurance - an extra $10/month to have all my data at some far-flung location keeps me feeling warm and fuzzy. My house could burn down and I'd have all my data back as fast as they can overnight a hard drive (or I could be cheap and download for a few weeks...).

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
    3. Re:Complacency by bdcrazy · · Score: 3, Insightful

      They're compact enough to throw in a messenger bag along with a laptop.

      And when somebody takes your messenger bag, *poof* there goes your data AND your backup. Happened to my father, he was always backing stuff up. But he put his backup in his laptop bag. His truck was broken into one evening and the laptop bag was stolen. The data on the laptop was worth many multiples of the cost of the laptop. He would have been happier if they left the bag and took the truck! A fairly new truck that was worth less than the data lost.

      --
      Tonights forecast: Dark. Continued dark throughout most of the evening, with some widely-scattered light towards morning
    4. Re:Complacency by akozakie · · Score: 5, Funny

      Exactly. In fact, I like to think about the popularity of the cloud as anything other than a low-security file sharing platform in terms of five words:

      It's a matter of being Fast, Easy, Convenient, Accessible & Low-cost.

      Making it F.E.C.A.L. matter.

  4. *sigh* .. "The cloud" doesn't exist by OzPeter · · Score: 5, Insightful

    I can't remember where I first heard this, but the quote is along the lines of:

    Whenever you hear a reference to "the cloud", replace it with "someone else's computer" and see how much sense it makes

    Once you start doing that it shows you how little control you have over such services and how dependent you are on other parties, especially if you consider them as a panacea to not having to keep your own backups (as the OP seems to have done)

    --
    I am Slashdot. Are you Slashdot as well?
  5. The two commandments of cloud usage by Kardos · · Score: 5, Insightful

    Cloud storage can not be trusted both in terms of privacy and reliability. So follow these steps and you'll be fine:

    1) Thou shalt not store unencrypted files in the cloud
    2) Thou shalt have backups of files in the cloud

    Does that reduce the convenience of the cloud? Yes. Because that is all that online cloud storage can offer - unreliable privacy invading storage.

  6. "The Cloud" is not a Backup by AwaxSlashdot · · Score: 4, Insightful

    For the "someone nuked all my files", this is why you should backup your files (or use a Cloud service with integrated backup/history or better use both).

    Remember, a proper Backup uses MULTIPLE Backups and not all from the same service provider.

    PS: for the "someone saw all by financial records", you should use an encrypted Cloud service where YOU own the encryption key and where the service provider can NOT help you should you ever lose that key.

    --
    Sig (appended to the end of comments you post, 120 chars)
  7. Stuff happens by swillden · · Score: 4, Interesting

    This is rather unfortunate for him, of course, particularly if he didn't have a backup anywhere else (duh!), but I'm sure we'll get a lot of slashdotters saying "See, this is why I'll never use the cloud!", and that's silly. Now, there are other valid reasons to avoid cloud storage (e.g. privacy and security, assuming you're not encrypting the data), but reliability really isn't one of them. Thumb drives die, get lost or get damaged, hard drives fail... there is no perfectly-reliable storage medium, but I'll posit that a good cloud storage provider has a much lower failure rate than anything you can manage yourself.

    The solution, as always, is backups. Any one storage medium may fail, but the odds of several of them failing simultaneously is very low. Personally, my most important files live on a RAID-6 array with a hot spare on my home file server, and on my laptop's SSD, on my workstation's HD, and on Google Drive. There is a fair amount of low-priority stuff which lives only on Google Drive. It gets automatically synced to multiple machines, but that wouldn't help if someone else got access to my account and deleted my files (of course, I use two-factor auth). It's still better than what I'd do without a cloud service, which is that I'd have those files only on my laptop.

    Hmm... It occurs to me that it'd be trivial to write a small script that uses rdiff-backup to copy the contents of my Drive folder to another folder, then run that in a cron job. Then I'd have automatic, persistent synchronization to multiple devices. I think I'll do that right now :-)

    Bottom line: This is a sad story, but not a reason to avoid cloud storage. It is a reason to recommend backups. Especially completely automated, effortless backups.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  8. Re:He gave away his login.... by tynanwrites · · Score: 5, Informative

    I'm the author of the post. You are completely and utterly wrong, and clearly ignorant about how Box.com works. I invited others to share some, but not all, of my box folders. I can actually control the level of access they have to each. I didn't give them my own login and passwords, they created their own. They didn't have access to my entire Box account, only the folders I chose. I could allow them to simply view files, or to edit and upload. So nobody had my password and login but me and Box. I did not violate anyone's TOS. And if I had not identified myself as a member of the press who was writing a story about this, it is highly unlikely I would have gotten any answers from Box at all. dt

  9. Cue the Nelson "Ha-Ha" picture here... by Anonymous Coward · · Score: 3, Insightful

    Cue the Nelson "Ha-Ha" picture here...

    As a CISSP with 25+ years in the IT industry, I can wholeheartedly advise that anyone who stores their mission-critical data in anyone's "cloud" without local backup copies that are positively under your control, and a "Plan B" ready to access that backup data... then that person is a complete retard (and you should pronounce that as "REE-tard" for the proper level of dramatic emphasis).

    Oh, and BTW... if you think your confidential data is secure from anyone else's eye while "encrypted in the cloud", you're doubly retarded.

  10. Re:He gave away his login.... by Shrubbman · · Score: 3, Funny

    I think you're puttin a little too much stock in one's /. UID length

  11. Re:He gave away his login.... by Registered+Coward+v2 · · Score: 5, Insightful

    What I find interesting is that you appear not to have backed up the files elsewhere. While I appreciate the convenience cloud storage offers I also make sure all my files are backed up on some other media so if the cloud goes poof at least I don't lose anything. In your example, you were fortunate it was am administrative error and not box.com simply going out of business overnight. Had that happened, you might never get your files back or even worse someone would have a HD full of you data bought at a bankruptcy auction; which as a second point makes me wonder why you would store such sensitive information as pay checks / tax forms / etc. anywhere nut media you have physical control of to ensure it's security.

    On a side note, it is interesting the difference in response you get when you say "I am writing an article..." vs "I need help..."

    --
    I'm a consultant - I convert gibberish into cash-flow.
  12. Re:He gave away his login.... by s.petry · · Score: 3, Insightful

    I agree with your premise that the person you responded to does not know how the service works. It is possible to share files with other customers without giving away personal data. I toyed with SecuriSync and it does similar sharing but requires that the recipient has an account in order to touch "shared" data.

    With that out in the open, let me explain why on /. you will receive much venom. You don't have to listen, of course, but as a writer I think you understand the value in knowing your audience.

    /. is not like other sites. There are numerous experts in numerous technical fields on this site. It's a stomping ground for an experts to provide opinions in their area of expertise without a "Company Slogan" involved. It also has subjects more political in nature where those same strong opinions abound. While there are a few kids, sock puppets, shills, etc... the majority of the audience here is intelligent. They notice spelling and grammar errors, they recognize common fallacies, and look for details beyond just the articles submitted. Submitters are inspected and critiqued right down to the ads on the page the article appears in. Slashdot is a unique environment, the audience is very detail oriented.

    Your "about the author" makes claims that you probably intended as humor, but comes off as being egocentric or arrogant. On a site full of Computer Scientists who have been telling people of the dangers of "The Cloud" since the time it was called "Grid", the article and self description appear to be hypocritical and contradictory. If "Dan Tynan has been writing about Internet privacy for the last 3,247" was a true statement how could they not know about the dangers of "The Cloud"? Has Dan ignored the "experts" during his three thousand years of writing and only knows the corporate spin?

    An omission of data is very important to the Slashdot crowd, at least as important as what you submit. Again, I mention that the crows is very detail oriented. You may be encrypting data, but that was not mentioned in the article. If you didn't mention it, it never happened.

    I think the article itself backs the claim that experts have been giving for years. "Don't trust Cloud!". That said, the article poses no question as to whether or not that statement is correct. The article does not back the expert opinion in any way. The article appears to be a well articulated rant against box.com. Warranted or not, it's bound to receive lots of venomous comments from people on Slashdot.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.