Ask Slashdot: With Whom Do You Entrust Your Long Term Data?

← Back to Stories (view on slashdot.org)

Ask Slashdot: With Whom Do You Entrust Your Long Term Data?

Posted by Soulskill on Friday February 6, 2015 @08:17AM from the in-cloud-we-trust dept.

jppiiroinen writes: F-Secure, a company based in Finland, has sold its cloud storage business to a U.S. company (Synchronoss Technologies, Inc) speculated to have ties to the NSA. In previous, public announcements, they used arguments equivalent to, "trust us, your data will be safe." Now, it's likely F-Secure simply realized that competing against the big players, such as Google and Dropbox, didn't make much sense.

But it makes me wonder: Whom do you trust with your data? And who really owns it? What about in 3-6 years from now? How should I make sure that I retain access to today's data 20 years from now? Is storing things locally even a reasonable option for most people? I have a lot of floppies and old IDE disks from the 90s around here, but no means to access them, and some of the CDs and DVDs has gone bad as well.

26 of 178 comments (clear)

Min score:

Reason:

Sort:

Same answer every time. by khasim · 2015-02-06 08:21 · Score: 5, Insightful

Once you give your data to "the cloud" it ceases to be YOUR data.
Now it belongs to whomever owns those servers.
You want to keep it? Then keep it on your own hardware.
1. Re:Same answer every time. by Anonymous Coward · 2015-02-06 08:35 · Score: 5, Insightful
  
  This should be the only answer and this thread should be immediately be marked as "closed"
  The person who asked the question doesn't understand how computing works.
2. Re:Same answer every time. by everett · 2015-02-06 08:39 · Score: 4, Insightful
  
  Encrypt your own data, store it where ever and hope it's not valuable enough for someone to bother cracking it.
  
  --
  Sig withheld to protect the innocent.
3. Re:Same answer every time. by CaptainDork · 2015-02-06 08:42 · Score: 2
  
  Or ... a person who doesn't understand how computers work could ask a question and get answer ... just not from you.
  My answer is to store data both locally and in the cloud.
  
  --
  It little behooves the best of us to comment on the rest of us.
4. Re:Same answer every time. by StormReaver · 2015-02-06 08:49 · Score: 4, Informative
  
  Once you give your data to "the cloud" it ceases to be YOUR data.
  It boggles my mind that people still haven't caught on to this. I'm going to expand on your message just a little bit:
  Once you give your data to "the cloud", it becomes the property of government snooping agencies. It doesn't even matter if you're in a country that doesn't actively snoop (if you believe that such a thing exists anymore). Companies change hands, and they do so across political boundaries. Companies cannot be trusted with your data. Period.
  Hopefully, this little incident opens some eyes.
5. Re:Same answer every time. by lgw · 2015-02-06 08:51 · Score: 3, Informative
  
  Once you give your data to "the cloud" it ceases to be YOUR data.
  Now it belongs to whomever owns those servers.
  You want to keep it? Then keep it on your own hardware.
  "The cloud" is just too fuzzy a term. I have no problem with cloud-based file storage services, but I'd never put, say, my personal photos on an online photo-sharing service, or any other content-aware cloudy-thing.
  My own hardware? That's silly. From Snowden we know the NSA can access files on my home server just as easily as they can on a cloud-based file server. If they take an interest in you, pretty much the only defense is a latop that you built before they took an interest in you and that you keep locked in a safe at all times when not using (I believe Bruce Schneier does this). But anything less than that, if they like you then you have a keylogger already, sorry.
  All we can realistically hope to put our trust in is encryption. Even that's not easy (but if TrueCrypt passes it's audit, it's good enough for me). An encrypted archive is just as safe "in the cloud" as it is on a home file server.
  Want to backup your data long-term and can't afford LTO tapes in a box out of state? Make one (encrypted) copy locally, but not in your house and not powered. Store another (encrypted) copy in the free files hosts if its small, or Amazon Glacier if you can't fit in the various free options.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
6. Re:Same answer every time. by geekmux · 2015-02-06 09:02 · Score: 3, Insightful
  
  "You want to keep it? Then keep it on your own hardware."
  Exactly.
  A.
  When every piece of marketing-subsidized hardware in the future looks and smells like today's whored-out smartphones, attempting to secure said hardware will be rather difficult, or impossible.
  Point is, you won't be able to ensure you "keep" your data anywhere, much like a smartphone today. Unless you're going to enjoy maintaining that offline system locked in a vault powered off 99% of the time. Doesn't smell very useful.
7. Re:Same answer every time. by ShanghaiBill · 2015-02-06 09:24 · Score: 4, Insightful
  
  The person who asked the question doesn't understand how computing works.
  ... and the person that thinks there is only one answer probably doesn't understand how encryption works. You can put data in "the cloud" and still keep it private.
8. Re:Same answer every time. by tattood · 2015-02-06 09:35 · Score: 2
  
  The person who asked the question doesn't understand how computing works.
  ... and the person that thinks there is only one answer probably doesn't understand how encryption works. You can put data in "the cloud" and still keep it private.
  Exactly. I use Dropbox to sync data between PCs, and I use a TrueCrypt vault (maybe should be changed since TC went away) that I can open from any of the PCs.
  
  --
  WTB [sig], PST!!!
9. Re:Same answer every time. by JohnFen · 2015-02-06 09:43 · Score: 2
  
  "The cloud" is just too fuzzy a term. I have no problem with cloud-based file storage services, but I'd never put, say, my personal photos on an online photo-sharing service, or any other content-aware cloudy-thing.
  "The cloud" is just the hip new marketing-speak for "centralized server". In this context, it's not too fuzzy at all. Your file storage service is no safer from spying than content-aware services.
  My own hardware? That's silly. From Snowden we know the NSA can access files on my home server just as easily as they can on a cloud-based file server.
  We don't know that at all, because it's not true unless you haven't set up your own server correctly or you don't have the correct security measures in place. Yes, a determined attacker (NSA or otherwise) can find a way into your servers, but it's' much more difficult for the government than cloud services, because they will have to bring their NSL or search warrant to your house or actually engage in hacking.
10. Re:Same answer every time. by geekmux · 2015-02-06 22:41 · Score: 2
  
  Unless you're going to enjoy maintaining that offline system locked in a vault powered off 99% of the time.
  Funny you should say that. I have an old Mac Mini with a bunch of external drives hooked up to it. Every other week it turns itself on, plays the Imperial March from Star Wars and runs a Carbon Copy Cloner incremental duplication of the files from my server. It emails me when it's done so I can turn it off, as there are multiple jobs and I can't tell which one will finish last. When it's done I turn off the mini and it sits there another two weeks. Every so often (when I think of it) I sync up to an old Drobo as well then unplug it. This means that yes, I do in fact have an offline system powered off 99% of the time. Sadly I do not have a vault but otherwise I have three copies of (almost) all my data at any given time.
  Well, this is...rather inspiring.
  I currently run a Mac Mini, but I will keep this in mind for a future project. Thanks!
  My current project is tackling this issue from the other side, by culling my data down to what is essential. I mean hell, I was staring at 300 CDs and DVDs in my closet burned of various backups over the years. Grabbed 10 - 15 discs a day and tackled it. Got through it all, now I'm culling down the RAID array.
  When we're carrying around 100TB pocket-sized SSDs in 10 years, I know this effort won't mean much, but it's more for my data inheritors. Kinda knew what anyone else was going to do staring at 300 discs; not go through any effort and trash them.
I don't trust anyone by magsol · 2015-02-06 08:21 · Score: 4, Funny

So I just remember everything.

--
"I'd just like to emphasise that taking a million years isn't a metaphor here..." -Rich Bradshaw
you can own it if you can defend it by turkeydance · 2015-02-06 08:23 · Score: 2

oh, and pay taxes on it.
I keep all my important data by mandark1967 · 2015-02-06 08:24 · Score: 2

on servers in the balkans and eastern Europe.

--
Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
Wrong question by crazyvas · 2015-02-06 08:25 · Score: 4, Insightful

Wrong question, if it's asking for a storage company that you can trust your data with.
Correct question: which open source encryption software would you trust to encrypt your data /before/ uploading it anywhere. You can upload whereever you want, and redundantly too. All you have to do is store locally is a private key. No different from storing a passport or home or auto title.
1. Re:Wrong question by kdawgud · 2015-02-06 08:51 · Score: 2
  
  Duplicity has worked well for me in the past on my linux server.
  http://duplicity.nongnu.org/
Very Telling by SuperKendall · 2015-02-06 08:27 · Score: 2

Even the most technically astute among us have lost data to storage format changes over time...
I've moved a lot of stuff forward to modern hard drives, but I'm sure there are some things I missed.
Basically there is no hope, so save what you can, and learn to live with loss.
Really network storage is the best kind of offsite backup but there you simply are going to have to live with the fact that MULTIPLE foreign intelligence agencies will have your data (not just the NSA). Encrypt it to reduce casual prying also from network admins, but just understand everything put on the internet will be seen by someone else.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Myself. by Immerman · 2015-02-06 08:28 · Score: 4, Interesting

On both counts.
Nobody else has any significant vested interest in preserving my data - at best any business will have to pay me a penalty if they lose it - almost certainly a pittance compared to the personal value of the data, and a tradeoff they will almost certainly make without hesitation if it makes sound business sense. And should they go out of business, well heaven help my data, they certainly won't - the corporation is already sunk, and it's not like any of the individuals have anything to lose. Non-incorporated businesses may have more favorable (to me) liability repercussions, but are also far more vulnerable to disruption and/or collapse due to personal tragedy
As for ownership - as the old truism states, possession is 9/10ths of the law. If I want to retain ownership of data on someone else's hardware I encrypt it securely before I give it to them. Anything less is an invitation to data-mining, at the least.

--
--- Most topics have many sides worth arguing, allow me to take one opposite you.
Hard disks get bigger. by TechyImmigrant · 2015-02-06 08:29 · Score: 4, Interesting

Hard disks get bigger.
Store your data on a reliable raid or mirrored array.
Feed it every 1-2 years with fresh, bigger hard disks.
You will never run out of space if you are a normal household.

--
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Absolutely nobody ... by gstoddart · 2015-02-06 08:31 · Score: 2, Insightful

But it makes me wonder: Whom do you trust with your data?
Know who you can trust?
You, and encryption you implemented ... absolutely nobody else. Period.
And, really, if they break into whatever keeps your private key for your crypto, you can't even trust that.
In an age where spy agencies have decreed they're allowed to do anything, and don't care about jurisdiction ... assume the world is full of malicious actors.
Because it is.
If you're an acquisition by a US company away from having your data be under their jurisdiction, assume they'll get into it even if that involves breaking your country's law.

--
Lost at C:>. Found at C.
Anyone by al0ha · 2015-02-06 08:31 · Score: 2

I trust anyone, including iCloud, but then all my data uploaded to a *cloud*, outside of music files, is GPG encrypted with a 4096 key, and that includes the Truecrypt containers I upload and store in the cloud as well, GPG encryption with a large key and super long pass is safe enough for the foreseeable future, at least the next 20 years I hope, and by then I won't care.

Disclaimer - I do keep local copies as well, redundancy is important as who knows when a *cloud* service will go tits-up as they like to say at El Reg...

--
Did you ever wake up in the morning, with a Zombie Woof behind your eyes? -- FZ
Argh pick one: by Anonymous Coward · 2015-02-06 08:42 · Score: 2, Informative

To whom do you entrust your data?
With whom do you trust your data?
Illiterate moron.
How by rgmoore · 2015-02-06 08:44 · Score: 4, Informative

How should I make sure that I retain access to today's data 20 years from now?
If you really want to be able to keep your data that long, you need a serious plan. You need to back up everything to at least two separate devices other than your main storage, and you need to keep at least one of those devices off-site so your data can't be destroyed in a local disaster. You need to test your backups regularly to know if/when your medium is failing.
When a medium fails- or if you think it might be about to fail- get a replacement that uses more modern technology, and make a fresh copy. If you are ever about to replace your computer with a new one that can't read your old backup medium, buy newer media that does work with the new computer and make copies while you can still read the old ones. If you keep doing that regularly, you can always have a good copy that will work with your computer. It's more effort than copying to the cloud and trusting, but it means you're in control of your own data.
The real key is to keep making regular backups and regular tests. If you expect to be able to put something into a box and still use it 20 years later, you're in for an unpleasant surprise. You have to keep copying, testing, and updating your technology in order to have a serious hope of keeping up. If you do that, though, you have a very good chance of keeping access to your data at least as long as you have software that will still read it. I have 20+ year old data at work that I can still access because we've been careful about moving it to new media, and because the company that wrote the software is good about backward compatibility.

--
There's no point in questioning authority if you aren't going to listen to the answers.
Long term storage: process is more important by QuietLagoon · 2015-02-06 08:45 · Score: 4, Insightful

How should I make sure that I retain access to today's data 20 years from now?
I still have my long-term MSDOS backups from 1991. The backup file is a whopping 13MB in size, and that includes the OS, a word processor, a C compiler and my source code.
.
I just made sure that I continually copied forward the backup files I wanted to retain. Each iteration of archival storage increased about ten-fold, so space wasn't a problem.
I think it is more important to have a good archival process in place. To the OP, the error you made was leaving all the data you want on old floppies and IDE drives, etc.. You should have moved that data off to more current media as your processing moved to more current media.
Offside storage by spectrum- · 2015-02-06 09:12 · Score: 2

Things nobody has mentioned here for those not using cloud services are losses due to 'acts of God' for want of a better description. In short if you have RAID on your home NAS you're still at risks from fire or floods or even tornadoes. Fire proof safe not much good if it's been torn into the air and basically lost. It's always a good idea to have a remote backup solution be that a host you pay or a trusted friend. I always think it's a good idea to collaborate. You mind your friends data and they mind yours. You both have a vested interest in safeguarding each other's data. Encryption still good of course but geography and mother earth are foolish to ignore.
With whom do you entrust your METAdata? by fph+il+quozientatore · 2015-02-06 09:12 · Score: 2

As many have said, this is a non-problem if you use encryption. A more actual problem is: who do you choose to give your METAdata? If you have Dropbox permanently running on your pc, encrypted or not, they get to know when you are logged on your PC and where you are. Similarly for your mail provider and your instant messaging/VOIP provider. Hell, your NTP server of choice could probably log your location by geolocating your IP address and fingerprinting your NTP request.

--
My first program:
Hell Segmentation fault