I have decided to open this thread to make all members aware of the risk of having our files stored on "the cloud". More specifically, I am limiting this thread to privacy concerns as well as inability to access your files a result of government actions.
Handing data off to a public cloud provider poses security and privacy concerns. Breaches across almost every public cloud service continue to be regularly reported. Moreover, Governments (for example via the US Patriot Act) can potentially access your data. Users also run the risk of their files being seized by the Government during criminal investigations of the service provider. The best example is illustrated by the search and seizure of Megaupload in 2012.
As part of a criminal investigation,the government searched seized multiple servers that its target, Megaupload, used to provide files storage and transfer services. As a result, undisputed innocent third parties, lost access to their property, which was housed on those servers. After 5 years those users still have not been able to access their files.
The owner of Megaupload’s physical servers, QTS Trust, Inc. (the successor of Inc.), has renew its request to be relieved of maintaining servers that hold the data that belongs to the innocent customers of Megaupload.
Megaupload, for its part, says it cannot afford to turn the servers back on allow its to retrieve their data because the government controls its financial assets.

In my opinion, the benefits of cloud storage are outweighed by the risk of losing access to your data.

 

I have never understood why anyone would want to upload their personal files onto some unknown server. Cloud might sound like some fluffy safe deposit box but the fact is that you are uploading to servers that are owned by someone else - Google, Amazon or whoever. It should be patently obvious that whoever owns those servers can have access to what you upload or be forced to disclose it by some Government snooper.

I know the selling point is that you can access those files from anywhere via some mobile device but the dangers far outweigh the slight convenience. If you want to back up personal files - and you absolutely should - then an external hard drive does the job perfectly and keeps your data private.

 

Another, more indirect danger of those clouds:
In Germany a father was raided by a german Police task force in the middle of the night, because he uploaded some family photos of his nude baby at the beach to Microsofts cloud service one drive. Under Germany's jurisdiction these private pictures were totally legitimate, but Microsoft reported child porn to FBI, wich conatcted the german federal police. All computers, harsdisks and other electronic equipment was seized. It usually takes months or years to get it all back. If ever.

 

Last edited: Jul 22, 2017

Thanks Tonyg for the info. Very goid information. I looked up the Megaupload case and feel sorry for all the users that after 5 years continue to be deprived of their property.

 

there are couple things to distinguish:
1) access to your files from anywhere
2) throwing your files online "for everyone"
I personally see no sense in third-party cloud storage unless it's used for public sharing of files which can be re-uploaded anytime,
most convenient way to have files accessible from anywhere shall be personal in-house ftp fileserver (mirror-raid backup NAS server) accessible "from outside" via secured vpn, but it would also require moderately good internet connection and static IP address, not a beginner stuff imo so most people will not even consider setting such thing up,
for personal on-the-go filesharing, I would still recommend a decent USB 3.0 SSD flash stick, because it's way more likely to have a USB-compatible device rather than high-speed internet connection - for ex. my 128GB Corsair Voyager GTX can read/write files no less than 150MB/s (read peaking over 400MB/s) which is higher data rate than 1Gbit network could do, considering most places barely reach 10Mbit download and 1Mbit upload, I don't see third-party cloud as a usable option right now at all

 

I've sued it for collaboration efforts, and I used Gobbler, and got burnt on that as there was some dispute with Amazon where they lost everything. At best it would be a 3rd or 4th backup to me, encrypted... but I am not putting up anything that different governmental agencies would give a whup about... if they want to grab some basslines, they can go for it... but I don't trust it for anything other then a tertiary backup.. and it is SloOw...

 

I actually hate the whole term "cloud". It is just a buzz word invented by greedy marketing people at companies like Microsoft and Adobe to force people into using their subscription services and take away any sense of ownership of software by the customer. There is no benefit at all to using anything in the "cloud" and people should rebel against this whole subscription model that companies are forcing on customers before it is too late.

As for cloud storage, aside from the obvious privacy concerns, I don't think the files you upload to cloud storage are even yours anymore. Most companies will state this somewhere in their fine print. Too many file lockers are basically illegal organizations masquerading as legitimate companies also; I would not trust them at all to store any important or sensitive files. If a government shuts them down you lose all your files, and all activity on the confiscated servers may be used as evidence against you if you were doing anything illegal. The lifespan of these companies are usually only a few years before they grow too large and come under the radar of some government and get shut down.

 

^^^ This plus the danger that the "cloud" service owes nothing whatsoever to its users. If they should one day decide, "F**k this. We're pulling out and we're going to put all of our money into goat farming in Mongolia", you're stuffed. Doesn't need to be super spooky spy shit that takes down the server. A negative equity balance sheet report on the CEO's desk will do it just fine.

 

Reason why if anybody ever thinks of uploading a file to a cloud storage server the first step should ALWAYS be to encrypt your data. Aditionally, do the following:

1. Make sure it's clear in your contract that you own your own data. It may seem obvious, but your contract needs to have a clause in it that says you will still have the ability to access your data and transfer it if your cloud provider goes bankrupt. Also, ask for a notice provision which stipulates that your cloud provider must give you a seven day warning before they declare bankruptcy so that you have ample time to get your data off of their servers. And figure out the successor liability—you need to know what happens if your provider is bought out by another company.

2. Your service agreement needs to stipulate how your cloud provider will respond to a subpoena. It should be written into your contract what your service provider will do if they're slapped with a subpoena or a civil discovery request. Under to the Stored Communications Act, as the data owner--which you should be if you followed step one--you legally must be notified any time your data is subpoenad, but have it in writing with your provider just for good measure. This will give you the 10-14 days you need to file a response in court if need be. Some cloud owners, such as Facebook, have a policy of hardly ever disclosing personal information. Check what your potential provider's blanket policy is before you pay them.

3. Your provider needs to make backups of your data and guarantee uptime. Write into the contract how often your provider needs to make backups to your data and to where. It doesn't do you any good if it's on the same server chain in the same warehouse that your primary cloud is stored on. If your provider loses your data, they may be liable for damages, but it doesn't matter: your data is still gone and never coming back. Also, ask your provider to give you guarantees on when your cloud will be available; nothing's worse than having to send everyone home early for the day because the server your cloud is stored on is down for maintenance.

4. Ask for Cyber Risk insurance and look into SSAE16 and SOC2 certification. Not all providers will offer it to you, but ask what their options are in regards to Cyber Risk insurance. It can protect against damages incurred from the inadvertent disclosures and theft of confidential employee or client information. If your cloud provider doesn't have the option for you to opt into it, you can contract your own. SSAE16 and SOC2 are international standards that determine the security, availability, process integrity, privacy, and confidentially of a data server. It's sort of like an audit and a must-have for service-based businesses.

 

Last edited by a moderator: Jul 23, 2017

Well, the same can be said about your ISP. Do you ALWAYS encrypt your data? Yeah, I thought so

You guys also completely forgot the idea of hosting your own cloud, which is what I do. Nice for quick recovery as you have the data locally, but still accessible worldwide

 

As a matter of fact I do and have been doing it for years.

 

I don't trust cloud tech at all. Uploading data on cloud server means:

- You don't know who owns your data
- You don't know if data are yours or not
- You don't know where the server is located
and last but not least
- Which legislation applies in that country?

 

When it comes to analyzing its jurisdictional aspects, cloud computing could not be better named. There is much
cloudy thinking – much shade and little light.

 

Speaking of "cloud" – and this is related - there's the recent alarm about Soundcloud's potentially going out of business. Over the weekend, "someone" downloaded Soundcloud's entire 400TB of content (overwhelmingly, audio files), for the sake of "archiving" the site's content - potentially in order to re-post it all, perhaps on Internet Archive. (That would constitute an unprecedentedly MASSIVE copyright infringement.) This attitude indicates that the public feels entited to free access to music, and that something like Soundcloud's delivery of content is a sort of public service toward a civil right. Although when I had first heard of S/c's possibly shutting-down I had considered deleting my music from it, the news of "someone" (who, exactly? - well, someone with at least 400TB of Google storage and commensurate means) sucking all that music off the Interweb at once in order to possibly re-post it elsewhere spurred me into protecting the sanctity of my intellectual property, but there was another, even greater threat to it. I considered whether the content extant on Soundcloud at the time of its sale to another company (Google, maybe?) might legally be considerable as "assets" transferrable to the new owner of S/c, and thereafter subject to whatever ridiculousness or egregiousness might appear in the revised Terms of Service, including one's not being able to permanently delete one's submitted content, or being forced to grant further rights of usage or ownership to Souncloud's new proprietors. Even though that now Soundcloud has announced that it's "here to stay," I've realized the latent shadiness involved in its very phenomenon. Once your music goes up on the Internet, by at least conceptual extension, it's no longer "yours" anymore - it belongs to collective public experience, to "someone" with eyes on capitalizing on the emotional impact of such a "great loss," and to corporate interests to whom it's all just "content" and "assets."

 

So basically, we can both for see these cloud storage/ file-locker/media-hub/ type sites getting to the point where they try and say the using their services in general is justification for kidnapping data we own. Which if we never uploaded and patronized there sites in the first place, then they wouldn't exist today.

 

Well, it's not only "corporate interests". You uploaded music to a music sharing website and set it as public. Why are you angry at people listening to stuff you shared with them? When you sell a CD, are you concerned about people ripping the CD to audio and keeping 400TB collections of music on their disks? Then why are you selling CDs of your music? Or, why are you sharing your music with people in the first place?

 

you have to be either dumb or a facebook user to not have files on your local, offline pc.

besides, there is no freedom let's be honest. if someone wants to know your stuff or what you do, they can, no matter how much shit you encrypt or how safe you try to be

 

Backtired, this world is full of all of the above. This thread was prompted by what happened to a client of mine recently. I advised him about the cons of having his files on cloud storage but he could not listen...now it is too late. As one of my favorite idioms goes "You can lead a horse to water, but you can't make it drink".

 

At least you'll know where to go for a cashmere jacket!

 

Dude!
You just made my day.