Slashdot Mirror
Ask Slashdot: With Whom Do You Entrust Your Long Term Data?
jppiiroinen writes: F-Secure, a company based in Finland, has sold its cloud storage business to a U.S. company (Synchronoss Technologies, Inc) speculated to have ties to the NSA. In previous, public announcements, they used arguments equivalent to, "trust us, your data will be safe." Now, it's likely F-Secure simply realized that competing against the big players, such as Google and Dropbox, didn't make much sense.
But it makes me wonder: Whom do you trust with your data? And who really owns it? What about in 3-6 years from now? How should I make sure that I retain access to today's data 20 years from now? Is storing things locally even a reasonable option for most people? I have a lot of floppies and old IDE disks from the 90s around here, but no means to access them, and some of the CDs and DVDs has gone bad as well.
But it makes me wonder: Whom do you trust with your data? And who really owns it? What about in 3-6 years from now? How should I make sure that I retain access to today's data 20 years from now? Is storing things locally even a reasonable option for most people? I have a lot of floppies and old IDE disks from the 90s around here, but no means to access them, and some of the CDs and DVDs has gone bad as well.
Once you give your data to "the cloud" it ceases to be YOUR data.
Now it belongs to whomever owns those servers.
You want to keep it? Then keep it on your own hardware.
So I just remember everything.
"I'd just like to emphasise that taking a million years isn't a metaphor here..." -Rich Bradshaw
oh, and pay taxes on it.
Yes, media goes bad. You can't just leave your data in one place and hope it stays there.
Keep making copies on new media, and use all of the data integrity best practices that make sense for your use case--RAID, ZFS, whatever.
Keep testing your backups and making sure you always have multiple good copies of the data you want to keep.
It may mean a lot of work and some moderate expense, but only you can place a value on your own data.
I leave all my important data with my Attorney. I update it every so often which sometimes involves copying the old stuff to a new drive and adding anything new. My attorney is also a family member so YMMV.
As for my cloud data, I pretty much assume that any smaller company could go bust any day, and the larger ones could quite possibly be doing things with my data that I don't like. I use those services accordingly.
My long-term data is kept on NAS4Free box running ZFS RAID1.
If any piece of hardware fails, I can replace it and be right back in business. Nobody is going to hack into it. If I lose internet connectivity in any way, I still have full access.
on servers in the balkans and eastern Europe.
Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
Wrong question, if it's asking for a storage company that you can trust your data with.
Correct question: which open source encryption software would you trust to encrypt your data /before/ uploading it anywhere. You can upload whereever you want, and redundantly too. All you have to do is store locally is a private key. No different from storing a passport or home or auto title.
Your data is your responsibility. You cannot trust anyone else. If there is a failure, they just point you to the TOS you agreed to. Stop wasting money on "cloud" storage and get two (different brands) of NAS or make two of your own (better). If your data is valuable, then it is worth the expense to protect it.
Trust but verify, and copy. For local archival storage, it's as easy as copying it to a new hard drive ever year or three. That way you don't end up with as much bit rot or incompatible data. It takes less and less (percentage-wise) storage each time the data is copied, because capacity grows so much. The older the data, the smaller it is.
Even the most technically astute among us have lost data to storage format changes over time...
I've moved a lot of stuff forward to modern hard drives, but I'm sure there are some things I missed.
Basically there is no hope, so save what you can, and learn to live with loss.
Really network storage is the best kind of offsite backup but there you simply are going to have to live with the fact that MULTIPLE foreign intelligence agencies will have your data (not just the NSA). Encrypt it to reduce casual prying also from network admins, but just understand everything put on the internet will be seen by someone else.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
"But it makes me wonder: Whom do you trust with your data?"
If they have the only copy of your data, by Murphy's law it will be lost. Keep a backup, the 'cloud' loses data all the time.
If they have an unencrypted copy of your data, by the rule of the internet, it will be made public.
"First they came for the slanderers and i said nothing."
On both counts.
Nobody else has any significant vested interest in preserving my data - at best any business will have to pay me a penalty if they lose it - almost certainly a pittance compared to the personal value of the data, and a tradeoff they will almost certainly make without hesitation if it makes sound business sense. And should they go out of business, well heaven help my data, they certainly won't - the corporation is already sunk, and it's not like any of the individuals have anything to lose. Non-incorporated businesses may have more favorable (to me) liability repercussions, but are also far more vulnerable to disruption and/or collapse due to personal tragedy
As for ownership - as the old truism states, possession is 9/10ths of the law. If I want to retain ownership of data on someone else's hardware I encrypt it securely before I give it to them. Anything less is an invitation to data-mining, at the least.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
Hard disks get bigger.
Store your data on a reliable raid or mirrored array.
Feed it every 1-2 years with fresh, bigger hard disks.
You will never run out of space if you are a normal household.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Know who you can trust?
You, and encryption you implemented ... absolutely nobody else. Period.
And, really, if they break into whatever keeps your private key for your crypto, you can't even trust that.
In an age where spy agencies have decreed they're allowed to do anything, and don't care about jurisdiction ... assume the world is full of malicious actors.
Because it is.
If you're an acquisition by a US company away from having your data be under their jurisdiction, assume they'll get into it even if that involves breaking your country's law.
Lost at C:>. Found at C.
I trust anyone, including iCloud, but then all my data uploaded to a *cloud*, outside of music files, is GPG encrypted with a 4096 key, and that includes the Truecrypt containers I upload and store in the cloud as well, GPG encryption with a large key and super long pass is safe enough for the foreseeable future, at least the next 20 years I hope, and by then I won't care.
Disclaimer - I do keep local copies as well, redundancy is important as who knows when a *cloud* service will go tits-up as they like to say at El Reg...
Did you ever wake up in the morning, with a Zombie Woof behind your eyes? -- FZ
To whom do you entrust your data?
With whom do you trust your data?
Illiterate moron.
If you really want to be able to keep your data that long, you need a serious plan. You need to back up everything to at least two separate devices other than your main storage, and you need to keep at least one of those devices off-site so your data can't be destroyed in a local disaster. You need to test your backups regularly to know if/when your medium is failing.
When a medium fails- or if you think it might be about to fail- get a replacement that uses more modern technology, and make a fresh copy. If you are ever about to replace your computer with a new one that can't read your old backup medium, buy newer media that does work with the new computer and make copies while you can still read the old ones. If you keep doing that regularly, you can always have a good copy that will work with your computer. It's more effort than copying to the cloud and trusting, but it means you're in control of your own data.
The real key is to keep making regular backups and regular tests. If you expect to be able to put something into a box and still use it 20 years later, you're in for an unpleasant surprise. You have to keep copying, testing, and updating your technology in order to have a serious hope of keeping up. If you do that, though, you have a very good chance of keeping access to your data at least as long as you have software that will still read it. I have 20+ year old data at work that I can still access because we've been careful about moving it to new media, and because the company that wrote the software is good about backward compatibility.
There's no point in questioning authority if you aren't going to listen to the answers.
How should I make sure that I retain access to today's data 20 years from now?
I still have my long-term MSDOS backups from 1991. The backup file is a whopping 13MB in size, and that includes the OS, a word processor, a C compiler and my source code.
.
I just made sure that I continually copied forward the backup files I wanted to retain. Each iteration of archival storage increased about ten-fold, so space wasn't a problem.
I think it is more important to have a good archival process in place. To the OP, the error you made was leaving all the data you want on old floppies and IDE drives, etc.. You should have moved that data off to more current media as your processing moved to more current media.
A lot of these issues were painfully learned with mainframes decades ago. The lessons are not changing.
Three individuals:
Me
Myself
and I
EOT
As soon as I finish working on something, I delete it.
Get free satoshi (Bitcoin) and Dogecoins
Jesus. Who else can save ya?
Data isn't property. It cannot be owned. It can, however, be controlled. I suggest you don't let anyone else control your data.
How fucking hard is it?
"Oh I don't deal with floppies no more and the optical discs can't be read!"
So?
Currently it would be hard-drives, even if that mean the new one will be half-filled with the content of your old one (depending on how you do it ..)
How far in the future they will scale or whatever we'll deal with data volumes it's reasonable to keep at home in the future I don't know.
For now it's not harder than getting discs + NAS / whatever yourself.
I got a nice beefy Winchester fire safe from Costco for ~$300 . No state sales tax on it either, I suppose since they want to encourage people to lock up their firearms.
There are much cheaper "plastic water cooler" fire safes available... some even have USB ports on them so you can backup to a big USB disk in them without having to open them.
I still encrypt and backup annually to AWS Glacier ( 42cents per month for 42 GB at the moment, mostly raw camera photo dumps) using the SAGU java client. Also have some online offsite backups of less important stuff from my home dir rsync'd to a HDD I bought for a friend's server.
But as you can see, I'm more worried about losing my data than someone else finding it.
Things nobody has mentioned here for those not using cloud services are losses due to 'acts of God' for want of a better description. In short if you have RAID on your home NAS you're still at risks from fire or floods or even tornadoes. Fire proof safe not much good if it's been torn into the air and basically lost. It's always a good idea to have a remote backup solution be that a host you pay or a trusted friend. I always think it's a good idea to collaborate. You mind your friends data and they mind yours. You both have a vested interest in safeguarding each other's data. Encryption still good of course but geography and mother earth are foolish to ignore.
As many have said, this is a non-problem if you use encryption. A more actual problem is: who do you choose to give your METAdata? If you have Dropbox permanently running on your pc, encrypted or not, they get to know when you are logged on your PC and where you are. Similarly for your mail provider and your instant messaging/VOIP provider. Hell, your NTP server of choice could probably log your location by geolocating your IP address and fingerprinting your NTP request.
My first program:
Hell Segmentation fault
The OP is not considering some easy options for his/her IDE & floppy dilemmas...
IDE - Find a USB-IDE enclosure. Sure, nobody makes them anymore, but there are plenty of used ones out there for 3.5" and 2.5" drives. Spend 5 minutes on Craigslist or eBay.
3 1/2" floppy - Seriously? You can pick up a brand new USB 3.5" floppy drive for US$10 on Amazon (and eligible for Prime).
5 1/4" floppy - This one would take a little more effort--buy a FC5025 card, a used 5.25" drive, an old USB enclosure (with a Molex power connector)--if you don't own a desktop PC, put it all together. Or pay someone to do it...
Windows 3.1x calc: 3.11 - 3.10 = 0.00
Colin Percival at https://www.tarsnap.com/ He knows what he is doing. And my local storage.
How is it that you can't access floppy disks and IDE drives now?
Here:
http://www.newegg.com/Product/...
And here:
http://www.newegg.com/Product/...
Those are from a simple google search, and among the first links returned; you could probably find cheaper deals than those.
We apologize for the inconvenience.
I do not trust any third party storage for my data, short or long term, and especially not cloud providers. It is legally impossible for them to guarantee that it remains safe from spying. Instead, I keep my data stored on my personal servers that live in a place that I physically control.
Why ... me, of course. I don't keep anything of consequence on any cloud-based storage system.
The higher the technology, the sharper that two-edged sword.
When you organize so many bits you are fighting the very nature of the universe.
There is no safe place or method, you just have to keep making copies of everything, multiple zfs NASes in different locations is a start, but you can't trust just that, you have to update storage methods. Make tape and disc copies, have them in HDDs and SSDs, print whatever you can. Hopefully, when you try to access it, the universe will not have ruined one of your copies.
I doubt adding more people, companies and laws to it will be of any help.
> Whom do you trust with your data?
Me.
And who really owns it?
Me.
What about in 3-6 years from now?
Still me.
How should I make sure that I retain access to today's data 20 years from now?
Keep it on a backup. When your primary starts to die, get a new primary. When your backup starts to die, get a new backup.
Is storing things locally even a reasonable option for most people?
Why not?
Also, if you do still have data in floppies (which, why, they were a great transport medium at the time, but never a particularly great long-term storage medium), you could pick up a usb floppy reader for basically nothing. 3-second google found one for 12 bucks, and I'm sure you could find one for cheaper if you spent more than 3 seconds looking.
I keep thinking that the NSA should just open up it's own free public Dropbox/Drive/SkyDrive, so that we can eliminate redundancy.
A file server with a reliable disk subsystem and file system that is maintained well, or a company that probably won't be around any more in 20 years?
thegodmovie.com - watch it
Me and I can be trusted, Myself on the other hand.....
have you seen my sig? there are many others like it but none that are the same
A "Private Cloud" provides the benefits of data security and easy access to your data from any pc, laptop, tablet or smartphone. I use Owncloud Community Edition running on a desktop in my office. There is also an Enterprise Edition for larger organizations. I know exactly where my data resides and I have control over who gets to share it. I tried a number of other tools to give me secure remote access to my data, but none are as simple to setup and operate as OwnCloud.
Most likely only a small portion of your data should be critical to hide from the outside. Let's say text/code documents, some pictures, and perhaps some video or audio clips. If you are using a cloud storage you have to assume your data will be read by the NSA, FBI, Hacker or other governments at some point. So, your goal is to camouflage it so well that their bots, and their analyst discard them as unimportant. Hackers are not a concern, but powerful entities that have the means to analyze your data exhaustively using several powerful tools available to these people. So visually, your data will seem to be a regular fish in a schooling fish for every tool that analyzes it. You will need to mix this data among several chunk of similar files. The smaller size the better. That would mean that your data has been encrypted and then you split it as many iterations and combinations as possible only known to you. You then code your own simple algorithms that will mix this data across several known files(images, videos, dlls, drivers, and so on). That way, a bot will pass it over since all that is reading rises no red flag. An analyst will discard it because the image has no relative meaning to him, and running software that analyzes for known algorithms gives no positive results at all. A hacker will no go as further as a bot or analyst. That way your data can be stored on any cloud service. That however is a complex process that you will have to religiously follow to back it up, and restore it. At least your data will be safe for some decades, as technology improves so will the bots that analyze your data, and at some point they may break it. Hopefully, by that time you will passed away. Unless you are a person of interest for a powerful entity in charge of analyzing this data for hidden information, your data will be most likely safe. As long the hardware you are using has not been compromised, your data will be safe.
I don't trust my data to anybody but myself. I maintain control. I keep all my data moving forward on multiple copies of my latest hardware.
Realize that when you put your data out in the cloud it is subject to both corruption and scrutinization. How do you know you are getting your data back? You don't.
Call me a control freak, please, but at least I have my data. In the cloud you are nothing but a wisp of smoke that dissipates with the whims of the server owners.
My 8TB Raidz2 FreeNAS box obviously.
This is my hard drive. There are many like it, but this one is mine.
My data is my best friend. It is my life. I must master it as I must master my life.
My data, without me, is useless. Without my data, I am useless. I must secure my data true. I must make more secure than my enemy who is trying to steal my data. I must defeat him before he defeats me. I will...
My hard drive and I know that what counts in information warfare is not the scripts we write, the AV packages we deploy, nor the smoke we create with false data. We know that it is the redundancy and security that counts. We will secure and survive...
My hard drive is human, even as I, because it is my life. Thus, I will learn it as a brother. I will learn its weaknesses, its strength, its parts, its accessories, its power connection and its interface. I will keep my data clean and ready, even as I am clean and ready. We will become part of each other. We will...
Before God, I swear this creed. My hard drive and I are the defenders of my data. We are the masters of our enemy. We are the saviors of my life.
So be it, until victory is Liberty's and there is no enemy, but peace!
- Me (from the Rifleman's Creed)
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
"When I need important data, I just steal it from other people."
HA! I just wasted some of your bandwidth with a frivolous sig!
You have no idea who is accessing your data, aspecially the NSA!!!
I keep telling all my clients, "Keep your friends close, your enemies closer, and your data in your pocket!"
Keep it all locally with secure offsite backups. Or at least a colocation backup server.
For data storage, trust no one and especially not yourself. Always keep a local copy, and copies stored by professionals (but more than one because in the long run they will go out of business), and make sure some copies are backups that your computer doesn't have access to so malware can't delete all your copies. This is, assuming your data is worth that much trouble.
For privacy, trust encryption makers rather than any big juicy targets for the NSA/hackers/whoever that are online storage companies. The difference is that encryption gives you a way to secure your data and that is all, whereas online storage companies have your data and are able to give the government access to it if they "ask nicely" and have financial incentives to slack on their data security. And make sure you don't accidentally install malware. Even so, if the NSA wants your data, they will get it -- presumably through a backdoor in your boot loader or operating system or other software, although maybe they'll add that personal touch and install a hardware keylogger.
Of course, you can combine both, by uploading encrypted files to the cloud.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
I don't trust my data with any cloud storage company, because none of them can be trusted.
Most of my data gets backed up to encrypted disks that can be stored off-site.
Data that I need to access remotely, like my phone's calendar and contacts, live on my home server. It runs only the software that it needs, sits behind a firewall, and is updated with security patches regularly. It has a much smaller attack surface than any cloud storage company's data center, and is a much less interesting/valuable target for attackers.
Of course, running a personal server has long been the domain of people who have lots of computer admin knowledge, but that is starting to change. Projects like ownCloud, arkOS, and FreedomBox are working toward making it easy. Low-power server hardware is getting dirt cheap. It might not be long before anyone capable of using a smartphone or game console can set up their own file / calendar / contacts / mail / whatever server for under $100 (including storage).
Whom do I trust? I trust me and only me. any data I value doesn't leave my possession and if stored online is encrypted using a method of my choosing. the data I do store in cloud providers is only data I don't care if someone else manages to get ahold of.
Look, the virtue of the cloud is that you like having easy access to the data. Probably you don't know how to set up or don't like the idea of using a personal FTP server or using the MyCloud system to set up your own cloud storage system.
I get it. However, if you actually want to be secure, then that is the bullet you have to bite.
The NSA is not going to hack 100,000,000 different micro servers especially considering that a lot of them are going to be different. They're all going to be behind different routers, running on different operating systems, and using different hosting packages.
And of course, they're all going to have different passwords even if most of them are "littlekitty35" or something. Simply divesting ourselves of centralized storage makes the NSA's policy of compromising a central data repository and mining it impractical.
If you want help setting up your own personal cloud server... Ask around. many of us know how to do it. Personally, I'm a big fan of just using a cheap as hell Raspberry pi, installing mycloud, etc on it and then just hosting my data off my personal internet connection. That seems quite reasonable to me. I also use an old laptop as a media server in my home. I've found the pi to be too slow to run HD content in many cases and certainly not strong enough to do real time transcoding if I want to share my home media liberary with my phone OVER the internet sort of like youtube... only with my movies, music, etc. I just sit down somewhere with wifi, log my phone into my home system, and I can browse all the content in my home file servers. Pull up a movie or file I want... and either stream it live to my phone at a bitrate my current internet connection can handle... or just download it to the phone.
Self hosting is way better. I can even share my content with friends really easily. I just give them the URL to the content stored on my system. Easy peasy. They can even upload things to my system if I want. It is perfect.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
I trust only myself and it's not easy. Local storage won't survive a fire and remote backup of locally-encrypted data is always a little too painful.
I do see that many of you prefer the idea of having stuff encrypted and stored in many different locations, some on the cloud and some on your own property.
The topic itself might be easy to answer, but I do feel that it is not that simple and there is no single right answer either.
For example, the data (pictures, videos etc) might have value for the younger generation, but if you encrypt it, those will be gone after you are away. I know that that is a far fetched topic, but still valid. I think that one big question is that how do you document all the places where your data is stored an in which format for the younger generation, so that they can access it and know it that it is there.
For the physical devices, like the old disks, the weak point has been the controller boards, and for the floppies, I must have stored them in near speakers etc. CD's and DVD's must have gotten too much UV radiation from the Sun. Once I did try to keep up with the storage media wars, but it was too time consuming and error prone as well. And I did have setup offsite backup, but the upload bandwidth was too narrow to handle the huge data uploads, some days 32-64GB of raw images.
During the years I have been thinking that maybe it would make sense more to develop some kind of software to provide data to paper conversion, such as High Capacity Color Barcodes. Then I could just write a software which would convert the data into raw photo files and then ask the some shop to print them on some real photograph paper. This way the data would be accessible for the next generation and it would be kept private, while the source code and technical papers would be made available as open source. But having something like that might not be doable right now, giving that the resolution which the images can have might not be good enough to store more than few 100kb per image. But it would be good enough for storing some source code. Does this sound like a good idea? As if it does I could start to work on it on GitHub on my spare time.
For this I did do one experiment few years ago, where I was checking how fast I could transfer data using barcodes. I made a software which was synchronizing data between mobile phone and desktop without any cables or wireless connections. It was just using the display and the camera. The funny part for that is that the laptop failed and the data was lost, but the idea was simple and it worked.
But I do thank you for your time and I feel a lot better knowing that I am not the only one puzzled by this long term data storage issue.
I trust myself. Get a plug computer with a few USB3 ports, set up software RAID with external hard drives, and you have a server that can run ownCloud using less power than your desktop when it's off. It's worked for me for years. My family uses ownCloud for shared calendards, uses ownCloud for our contacts, and stores all pictures/music/etc. on ownCloud. Bonus: You can host other websites on there as well (I have a few blogs), keeping even more data to yourself!
Most of the comments are technically correct, but everyone seems to have accepted the elephant in the room: We have no decent archival solution for the digital age. The bookkeeping done by monks 600 years ago can still be read today, as long as you can make out their handwriting. Accounts from 19th century companies were kept in ledgers. Barring fire, flood or other disaster, any ledgers someone thought were were keeping are still legible today. Some readers may recall that UBS got in trouble for trying to destroy bank records from WWII - but those records still existed with no effort whatsoever other than having them stacking in some storage closet for 70 years.
Yet without a serious and sustained effort, digital data self-destructs. No commonly used media has a storage life of more than a few years. We have all accepted this as fact, but it is actually a problem in serious need of a solution. As more and more records are kept online - business records, governmental records, personal records - the danger of serious data loss increases.
Want a recent example? In the US, the IRS lost important emails from personal mail accounts, because they had no archival strategy. If they were lying (which I personally tend to suspect), then it was an entirely plausible lie, which still serves to make the point. Just as with security, archival is an overhead expense that management doesn't really want to spend money on.
Enjoy life! This is not a dress rehearsal.
The thing that worries me the most about storing files in "the cloud" is what will happen when there is a critical mass of people who have GBs of things they want on other people's servers. What a wonderful profit stream to charge people for the transaction of withdrawing a copy of the thing you want, much as the banks do for currency today.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
High capacity USB hard drives are cheap an ubiquitos and USB won't be going away any time in the forseeable future, and can be stored in a bank's safe deposit box, or if you're super-paranoid, sealed in a waterproof/weatherproof container and buried in your backyard or out in the wilderness somewhere. Worry about data not being accessible in 3, 5, 10 years time? Face it: If you're not accessing some files for years and years, then you probably don't need the data anyway. If it's important you'll be accessing it regularly and if you notice any degradation in the storage medium you'll copy it to new media/a new device and destroy the old one anyway. Come on people this isn't difficult! Disregard the 'cloud' and be responsible for your own data.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
I trust all my really important data to God. You can't go bad with this provider.
I did mean you should use a RAID NAS as a backup device. Have you computers back up their data to the RAID NAS.
So when a magnetic drive fails in a computer, you can recover from the NAS. When a NAS drive fails, you can just replace it, because it's a RAID NAS.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Govt can CONFISCATE whether it's public/private/personal Cloud.
Here is the clue http://en.wikipedia.org/wiki/E...
Casteism
There is a startup called Long Access http://www.longaccess.com/ that offers a long-term cloud storage using encrypted data and personal certificates for the encryption. The data stored is AES256 encrypted, and the certificates/keys needed for the decryption are in the user's posession. They recommend the safekeeping of a printout of the certificate that would likely be possible to read in 30 years time.
Take a look at their FAQ for more details.
Disclaimer: I am not affiliated with them, I used to work with one of the founders in the past.