Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Your Cloud Provider (Probably) Isn't Spying On You

samzenpus posted about a year and a half ago | from the just-because-you're-paranoid-doesn't-mean-they-aren't-after-you dept.

Cloud 85

jfruh writes "Last week the CEO ServiceNow made a minor splash by claiming that it was awfully easy for a cloud provider to spy on the data they stored for you or discriminate based on pricing. But while that's possible, in many cases it turns out to be simply not practical enough to be beneficial. Even moves like restoring outages for higher-paying customers first turn out to be more trouble than they're worth."

Sorry! There are no comments related to the filter you selected.

encryption (4, Informative)

schneidafunk (795759) | about a year and a half ago | (#42715749)

The solution which is always repeated is to encrypt any sensitive data.

Re:encryption (4, Insightful)

hawguy (1600213) | about a year and a half ago | (#42715805)

The solution which is always repeated is to encrypt any sensitive data.

If you need to actually use your data at some point, the cloud provider could snoop the data from your virtual machine's RAM. And they could probably find the decryption key to your data somewhere in memory too if they looked hard enough.

Re:encryption (0)

Anonymous Coward | about a year and a half ago | (#42716071)

That is why you would not decrypt the actual data on a cloud vm, but rather upload and download encrypted data and decrypt it only locally. This would be separate from any encryption used in running the server, and the server would have no access to the encrypted data (if a virtual server is even involved - the cloud provider in this case might only be storing data that is already encrypted before uploading).

Re:encryption (2, Insightful)

Anonymous Coward | about a year and a half ago | (#42716189)

Then why would you need a cloud vm in the first place? Then all you need is just a cloud storage.

Re:encryption (1)

ScienceofSpock (637158) | about a year and a half ago | (#42717417)

Am I missing something? I don't see VM mentioned in the article at all, just cloud, which to me just means storage.

Re:encryption (1)

Wovel (964431) | about a year and a half ago | (#42717467)

Since Service Now is a cloud hosted Application, so the just storage concept does not work well in this context.

Re:encryption (1)

ScienceofSpock (637158) | about a year and a half ago | (#42717747)

Ah gotcha, thanks for the clarification.

Re:encryption (1)

hawguy (1600213) | about a year and a half ago | (#42717749)

Am I missing something? I don't see VM mentioned in the article at all, just cloud, which to me just means storage.

It's because you skipped over the words you didn't understand... from the first article:

Assuming that your business is using infrastructure-as-a-service (IaaS), the cloud knows: where, when and how often your users connect;

...

If you’re using platform-as-a-service (PaaS), your cloud provider could know: the number of payments that you process

You can look up IaaS and PaaS here: http://en.wikipedia.org/wiki/Cloud_computing [wikipedia.org]

Re:encryption (0)

Anonymous Coward | about a year and a half ago | (#42717885)

Am I missing something? I don't see VM mentioned in the article at all, just cloud, which to me just means storage.

No, you're not missing anything.

This is all pretty common and obvious stuff to anyone that has ever stored anything, from simple account information up to business critical data and applications, locally or remotely.

Hosted applications are storing data in a way the application can work with. That means some employee, somewhere in that company, could probably get at that data. If you're using a storage service, the same is true unless you're storing encrypted data there.

And in all cases, the first time it gets out that one of those companies did that, the guilty company would get a black eye so bad they may never recover. So yes, someone at Salesforce or Amazon can probably get at your data. No, they almost certainly would not. And if they had to for some reason, it's very unlikely they'd do anything evil with it.

So you consider the content you're putting offsite, how it gets there, how it's stored, the type of the service you're using, and your alternative options, like any professional would. That's part of your risk assessment.

This isn't a new thing. You've always had to consider this stuff.

Re:encryption (1)

Anonymous Coward | about a year and a half ago | (#42716149)

There has actually been research to do data processing on encrypted data. Basically the idea has been to convert data in some other form that has the same properties as the original data for the operations that need to be calculated in the cloud.

Obviously this approach has several limitations but perhaps for most common uses such methods can be found.

Re:encryption (1)

dalias (1978986) | about a year and a half ago | (#42717375)

The class of computations for which this is possible is fairly worthless. It's not presently possible for anything with actual loops and flow control, and even if it were, timing vulnerabilities would leak tons of information.

Re:encryption (0)

Anonymous Coward | about a year and a half ago | (#42716327)

So only decrypt the file locally. Crisis averted.

Re:encryption (2)

hawguy (1600213) | about a year and a half ago | (#42717815)

So only decrypt the file locally. Crisis averted.

Unless you're trying to avoid the problem noted in the articles linked from the summary which was clearly involving a complete cloud infrastructure provider, not a cloud storage provider.

Re:encryption (1)

steelfood (895457) | about a year and a half ago | (#42716711)

That depends on if you're talking about cloud storage or cloud computing.

Encrypting your data is pointless for cloud computing. You're better off asking whether your data is stored in an encrypted file system of some sort. Encrypting your data for putting onto cloud storage is more practical. Yes, the "client" you install may have the ability to root your computer on command, but you might as well unplug the cable going out to the WAN from your home network if you're that afraid of people getting access to your data.

Re:encryption (2)

hawguy (1600213) | about a year and a half ago | (#42717875)

That depends on if you're talking about cloud storage or cloud computing.

Encrypting your data is pointless for cloud computing. You're better off asking whether your data is stored in an encrypted file system of some sort. Encrypting your data for putting onto cloud storage is more practical. Yes, the "client" you install may have the ability to root your computer on command, but you might as well unplug the cable going out to the WAN from your home network if you're that afraid of people getting access to your data.

Encryption is not pointless even in cloud computing. When I encrypt my data, I know that no matter what bugs or faulty procedures the cloud provider may have (i.e. selling old hardware without erasing the hard drives) that exposes my data to a third party, I know that no one can read my sensitive data. It's just another layer of protection.

Re:encryption (1)

ArsonSmith (13997) | about a year and a half ago | (#42722851)

except of course for that vmswap file that you have no control over (IE.. not the system swap partitions or page file, but the one the Hypervisor uses.)

Re:encryption (0)

Anonymous Coward | about a year and a half ago | (#42718259)

Encrypting your data is pointless for cloud computing

Not with homomorphic encryption or haystacking.

Re:encryption (1)

Tony Isaac (1301187) | about a year and a half ago | (#42718155)

Cloud providers won't go to these extremes because they are expensive. They are looking for low hanging fruit, not trying to pick apart your life like a CIA target. Besides, people are all too willing to leave things unencrypted, they don't need to bother with the 1% of users who encrypt their data.

Encryption works for the same reason that image sharing sites add watermarks to their photos. A watermark won't stop a determined abuser, but it will stop other sites from doing wholesale copies of all their images. The same economics are at play here.

Re:encryption (0)

Anonymous Coward | about a year and a half ago | (#42722467)

Encryption is not the answer. The answer is to just say NO! to so called "cloud services"!!

Re:encryption (2, Insightful)

Anonymous Coward | about a year and a half ago | (#42715833)

The whole point of cloud computing is the computing part of it. We do not have any practical fully homomorphic encryption system to date. You just can't reasonably perform computation on encrypted data without decrypting it at some stage.

Re:encryption (0)

Anonymous Coward | about a year and a half ago | (#42716063)

I don't use any cloud computing. Only cloud storage.

Re:encryption (1)

boulat (216724) | about a year and a half ago | (#42716033)

An encrypted filesystem with block striped volumes across multiple different providers would be a pretty good protection. Even if they had your key, they only had a partial block of data which is impossible to reconstruct without all of the blocks.

Re:encryption (0)

Anonymous Coward | about a year and a half ago | (#42716219)

What about performance of the proposed solution?
How to ensure the security of the decrypted data in RAM?

Re:encryption (1)

Githaron (2462596) | about a year and a half ago | (#42716261)

Interesting. Has anyone written software to do this?

Re:encryption (1)

boulat (216724) | about a year and a half ago | (#42716463)

Yes. GlusterFS with HekaFS.

Re:encryption (1)

TechyImmigrant (175943) | about a year and a half ago | (#42719669)

Yes. GlusterFS with HekaFS.

Tahoe-LAFS FTW!

FTW is an anagram of WTF. Coincidence? I don't think so.

Re:encryption (1)

ph0ust (2422716) | about a year and a half ago | (#42717129)

The solution might also be to have your own cloud instead of using a public cloud. Personal clouds seem to be growing in number over the last year. None are perfect yet, but I've used younity for a while and find that it is far and away my favorite option. The beta has expanded fast and features are added every month or two. The benefit is I have *all* my files accessible via my mobile devices, but no one else has any access to my data (it isn't stored online). And it's free to boot.

Re:encryption (1)

daem0n1x (748565) | about a year and a half ago | (#42718091)

And store the key securely in the cloud, of course.

Re:encryption (1)

mpe (36238) | about a year and a half ago | (#42718251)

The solution which is always repeated is to encrypt any sensitive data.

Actually you'd be better off encrypting ALL your data. Encrypting only some of it can give Eve all sorts of clues, even being able to guess part of the plaintext in some cases.

Re:encryption (1)

kiosjahu (2826723) | about a year and a half ago | (#42719301)

http://www.cloud65.com/ [cloud65.com] If you think Jessica`s story is good..., 1 week ago my girlfriend's half brother basically brought home $4552 putting in a twelve hour week from there apartment and the're co-worker's ex-wife`s neighbour has done this for 9-months and brought home over $4552 part time on there pc. applie the guide available at this link...

Re:encryption (1)

jellomizer (103300) | about a year and a half ago | (#42719699)

And possibly messing up any advantages that the service offers you.

Unless you are just using them for storage then you are not really need a cloud service, just an offsite storage.

Concern isn't the companies position on spying. (3, Insightful)

Anonymous Coward | about a year and a half ago | (#42715783)

My concern isn't that the company as a policy is spying on me, it's the fear that a disgruntled employee would start copying all of the data for their own use.

Re:Concern isn't the companies position on spying. (4, Funny)

SJHillman (1966756) | about a year and a half ago | (#42716019)

I already have all of your porn, but it's nice to know you're thinking of me.

Sincerely,
Disgruntled Employee

Re:Concern isn't the companies position on spying. (0)

Anonymous Coward | about a year and a half ago | (#42716761)

who would upload porn to the a cloud provider? Doesn't bittorrent work well enough?

Re:Concern isn't the companies position on spying. (0)

Anonymous Coward | about a year and a half ago | (#42721343)

With porn bit torrent is the cloud.

Re:Concern isn't the companies position on spying. (2)

alen (225700) | about a year and a half ago | (#42716363)

so what kind of cool data do you have that would interest someone?

back when i was in the army i worked in the command group of a 2 star general. i was in the office down the hall and next to the chief of staff. when they needed computer help i saw their email. it was the most boring crap you can imagine.

Re:Concern isn't the companies position on spying. (0)

Anonymous Coward | about a year and a half ago | (#42716617)

It's not the data that I think is dangerous to be stolen, it's the data that I had no idea was important.

Why bother using ssl on facebook, email, or any other "social" site? I mean who would be interested in that?

Everything should be encrypted as a basic practice because 1, it's free to do, and 2, you have no idea what will make your life hell when it's compromised.

Password recovery (1)

tepples (727027) | about a year and a half ago | (#42716919)

Why bother using ssl on facebook, email, or any other "social" site? I mean who would be interested in that?

IMAP and webmail connections are probably the first thing I'd encrypt in transit because it's commonly used by web sites as a password recovery mechanism.

Re:Concern isn't the companies position on spying. (1)

JaredOfEuropa (526365) | about a year and a half ago | (#42716629)

If you work for a large or high-profile corporation (or you manage their cloud data), there are people who will pay you good money for a simple list of employees, email addresses, their position and perhaps their pay grade. Won't make you rich but it'll sure be a nice addition to your retirement fund. Enough to tempt some sysadmins with privileged access (as has happened in the past). And I am sure the contents of some mails from the CFO can be put to profitable use.

Re:Concern isn't the companies position on spying. (1)

JamesTRexx (675890) | about a year and a half ago | (#42716889)

This has happened at the previous company I worked for, although luckily not at our IT department during my time there.
But during that time there have been several employees from other companies we supported who moved to the competition with data in their pocket.

Re:Concern isn't the companies position on spying. (0)

Anonymous Coward | about a year and a half ago | (#42716639)

so what kind of cool data do you have that would interest someone?

back when i was in the army i worked in the command group of a 2 star general. i was in the office down the hall and next to the chief of staff. when they needed computer help i saw their email. it was the most boring crap you can imagine.

Bad move. Off to Guantanamo you go...

Re:Concern isn't the companies position on spying. (1)

rtfa-troll (1340807) | about a year and a half ago | (#42722915)

back when i was in the army i worked in the command group of a 2 star general. i was in the office down the hall and next to the chief of staff. when they needed computer help i saw their email. it was the most boring crap you can imagine.

And that is the secret. How many Slashdotters do you think will go to join the army cybercorps now they know this?

Re:Concern isn't the companies position on spying. (0)

Anonymous Coward | about a year and a half ago | (#42716603)

I work with people who program cloud storage software (like DropBox). They're a bunch of cool guys and girls and they make it a point of not looking around anyone's files. It's that simple. I asked them if they look through people's files and they said that it would be immoral. I don't know about the managers, but the devs DON'T WANT to look.

Re:Concern isn't the companies position on spying. (0)

Anonymous Coward | about a year and a half ago | (#42716677)

you mean you asked someone if they engaged in immoral behavior, and they sad no .... I'm shocked.

automation and statisitics (0)

Anonymous Coward | about a year and a half ago | (#42717179)

You may be dull; but you might also be classified by inferences; which are even worse when done by a machine (either in how wrong they are or how scary accurate and fast.)

You might like the same movies as pedophiles and that may be in their criteria so then you are labeled a potential pedophile and you don't even know it (because telling you would make you harder to catch...) You could end up flagged by authorities; although, I'd prefer that over the mindless racial, clothing, car stereotypes the police use now. Body language is different; however, being somebody with unusual body language always confuses the cop and can have bad results.

Employers hiring HR services using next-gen software will quite likely not know WHY the software said to not hire you - for legal reasons (privacy, proprietary data disclosure etc.) the software won't tell the HR drone exactly WHY and HOW it decided you were going to be a bad employee.

Others do that too (0)

fluffythedestroyer (2586259) | about a year and a half ago | (#42715813)

Insurance companies does that and you don't see anyone creating a riot or bitch about it. People lived with it unfortunately. Lots of other company have that capability too. Any company who has info on you could look at it... whats the news here ??? really. this is really stupid and old news. This shouldn't be here...

Re:Others do that too (0)

Mike Frett (2811077) | about a year and a half ago | (#42716137)

They do more than look, I have personally witnessed them collecting 'samples' to be analyzed on some cases. Then when the person comes in they are turned down because they found Cancer and other things. Now, how they know a person has Cancer or other Disease even after the clients own doctors didn't find anything; that's another story entirely. It goes beyond privacy and into the downright weird category.

Useless data (2)

flyingfsck (986395) | about a year and a half ago | (#42715991)

Data is not the same thing as information.

Not Competent Enough... (0)

Anonymous Coward | about a year and a half ago | (#42716011)

TL;DR -- Your cloud provider is not competent enough to spy on you.

if your istupid and iKnow it clap your hands (1)

CHRONOSS2008 (1226498) | about a year and a half ago | (#42716049)

if your istupid and iKnow it
if your istupid and iKnow it and you really want to iShow it
if your istupid and iKnow it clap your hands

Priorities (2)

marcello_dl (667940) | about a year and a half ago | (#42716171)

Nobody gives a damn about your data, with good statistical confidence.

OTOH I suspect it is quite important to be able to get your data should the need arise, which is a different concept.
That's, at least, what I desume from seemingly grossly inefficient developments in IT, e.g. the cloud where your machines are not part of the nodes, or the UI downloaded from the server, instead of having everything available locally and a remote db for syncing data.

It's a parallel with the development of laws where cronyism replaces democracy. In those system it is not important to put a lot of people in jail, it is vital to make anybody potentially a criminal so you have an excuse to lock people up if the need arises.

Re:Priorities (3, Insightful)

aaaaaaargh! (1150173) | about a year and a half ago | (#42716337)

Nobody gives a damn about your data, with good statistical confidence.

I wouldn't be so sure about that. There are tens of thousands of small high-tech companies with trade secrets that the "cloud" providers would like to gain as customers. From source code to email and customer data such companies have all kinds of valuable data. The solution is, of course, not to put any of this data into the cloud except in fully encrypted form for georedundant backups.

Re:Priorities (1)

Anonymous Coward | about a year and a half ago | (#42716667)

Wow, no that's simply not true as a broad, blanket statement. I currently work for a company where we have at least one competitor that actively tries to steal our customer lists, with some success (and has lead to successful lawsuits). Attempts have ranged from scraping websites to actually physically stealing backup tapes or paper records.

Now we're in a small enough industry that I very much doubt that information in the cloud would change the risk vector, but these things do happen depending on the industry and specific companies involved.

thats the half of it (1)

Anonymous Coward | about a year and a half ago | (#42716255)

While spying/corporate espionage from a cloud supplier is a concern, the bigger concern is the US gov who have proved time and time again that if your data is in their jurisdiction they can look/take all they like and with the provisions in the "patriot" act they don't even need a warrant or tell anybody they looked at it.

say no to the cloud, and moreso if the data or supplier is based in the USA

Re:thats the half of it (1)

RoknrolZombie (2504888) | about a year and a half ago | (#42717045)

This. They might not be able to do it right now (maybe), but you can bet your ass that some department somewhere is working on it. Legally or illegally, they will have access whether you like it or not.

Re:thats the half of it (0)

Anonymous Coward | about a year and a half ago | (#42717581)

This is true, and as the leaked cables have shown clearly, the US government isn't past playing quick and dirty when it comes performing industrial espionage on behalf of U.S. native companies. e.g. The cable acknowledging half the Nigerian government had been infiltrated by agents working for Shell Oil. (at a time when local environmental protesters were murdered by militia hired by that same government.)

Spies in the sky (4, Informative)

Wowsers (1151731) | about a year and a half ago | (#42716259)

"Your Cloud Provider (Probably) Isn't Spying On You"......

But your government probably is.

Re:Spies in the sky (3)

jxander (2605655) | about a year and a half ago | (#42716775)

The simple fact is : the vast majority of the populace just isn't that interesting.

Thereby, TFA can easily and honestly say that they're probably not spying on you, because for any given value of "you," it's likely to fall into the uninteresting segment.

Re:Spies in the sky (1)

davester666 (731373) | about a year and a half ago | (#42717607)

Yes, it's true. They aren't specifically spying on "you". They are spying on EVERYONE. There is a reason why the NSA has direct interconnects with all the major ISPs. They find some group of keywords passing through, trace the connection back to your home, then they go through everything you have "just in case".

Re:Spies in the sky (1)

c0d3g33k (102699) | about a year and a half ago | (#42717821)

It's what happens if you somehow become interesting that matters. Involved in an accident with a powerful official or wealthy person? The ability to examine your supposedly private information for some leverage against you would be useful. Decide to participate in an "Occupy" event? Your dossier will be much easier to fill with easy access to all your "private" information. It's not that hard to come up with realistic scenarios in which an "uninteresting" person could be put at risk by unfettered access to private information.

Re:Spies in the sky (1)

ArsonSmith (13997) | about a year and a half ago | (#42722865)

exactly, as i point out to the people holding out on Facebook accounts due to eavesdropping, first I show that they pretty much are already there, plus I also point out that they are now the short list of people to be spied upon.

Re:Spies in the sky (1)

mpe (36238) | about a year and a half ago | (#42718287)

"Your Cloud Provider (Probably) Isn't Spying On You"......
But your government probably is.


Quite possible several foreign governments. Either because your government trusts them or the CP is happy for them to do so. Especially if the CP is a transnational corporation...

Spideroak (1)

richtopia (924742) | about a year and a half ago | (#42716293)

I use Spideroak, and their business model is based on privacy and they try to support open source when viable. When most cloud providers are similar, this is the featureset that sways my choice.

Depends on how much you trust unverified claims (1)

c0d3g33k (102699) | about a year and a half ago | (#42717511)

The problem with any cloud provider is that you have to trust that their claims about privacy are true without any verifiable evidence that they are in fact true.

Startpage and Duck Duck Go *claim* searches are private, but there is no actual evidence this is true. Believe so at your own peril.

Likewise, Spideroak's claim that they can't even look at your data themselves is comforting, but still just a claim. It may be true and they may believe it to be true (their site is very convincing), but without an audit of their methods, source code, architecture etc., it could just as easily be a lie.

At the end of the day, what they are selling you is a fantasy that may give you some peace of mind, not actual security. Maybe these providers give you legal recourse you don't get with others - IANAL. If the claims are false, you're just as compromised as you would have been with a "less secure" provider, whether you have grounds for legal action or not.

That's pretty shaky ground to stand on.

In the end, the only approach that offers even a chance of real security is to encrypt your data yourself without any 3rd party involvement. Realistically that means placing your trust in software others built for you (if the tool is provided as a binary) or source code others wrote for you (if you didn't write it yourself), which isn't that great either, but still much better than the fantasy offered by trusting in unsubstantiated claims.

where is the money? (1)

alen (225700) | about a year and a half ago | (#42716307)

why pay people over $100,000 per employee per year when accounting for taxes and benefits to spy on data? if dropbox were to spy on your data how would they use it to make more money?

Re:where is the money? (0)

Anonymous Coward | about a year and a half ago | (#42716725)

You're assuming they're spying on the data for their own reasons, and not because their government wants them to.

Re:where is the money? (1)

TheCarp (96830) | about a year and a half ago | (#42716857)

Its like casinos and poker dealers. Could a morally bankrupt poker room have mechanic dealers working with professional players to cheat people? Sure they could... but they are making so much money playing it straight that it doesn't make sense. If you can pay the dealers an hourly rate and let them keep tips, and make money hand over fist, why risk that in a scheme that requires you to pay them, and some other people, a lot more?

I think this analogy is apt because it shows the real problem isn't the casino, who is getting paid, its the dealers on their own. Your cloud provider likely is not spying on you, but, his employees or people who have broken into his internals might be. Just like the casino probably isn't running a ring of mechanic dealers....but that doesn't mean there isn't one operating under their nose.

That is always what seems to be missing in these talks. Yes, your cloud provider, be it drop box, google, or whoever probably doens't give a flying fuck about spying on data.... but,.... they are a great target themselves for people who do want to snoop on sombodies data, or troll for people to snoop on.

maybe not cloud provider (0)

Anonymous Coward | about a year and a half ago | (#42716429)

Your cloud provider may not be snooping, but your ISP, if its AT&T, probably is.

Duh (0)

Anonymous Coward | about a year and a half ago | (#42716493)

Yes, if you use someone else's CPU, that person can spy on all your computations. If your data is proprietary, you need to keep it on your own servers, and use strong encryption for data in-transit.

CSP isn't the problem (3, Informative)

pubwvj (1045960) | about a year and a half ago | (#42716735)

The cloud service provider isn't the worry. They couldn't care less. It's the government I'm concerned about. They do care and they have a history of spying and want the right to do so.

The internet is a postcard. Don't store or transmit anything you don't want seen.

Re:CSP isn't the problem (0)

Anonymous Coward | about a year and a half ago | (#42720001)

My cloud provider, will they be there next week? That is what I am more worried about. Also when they inevitably go out of business who ends up with my data? As not all of them will be shredding HDs (more likely a lot auction for hardware).

I could care less if they spy on me. I have legal ways to take care of that little problem. It is long term reliability I am more worried about. Companies come and go and so do 'services'. The using other peoples servers to hold my data is relatively new thing. So make sure you have backups...

... for now (1)

houghi (78078) | about a year and a half ago | (#42716789)

Sure, they do not see any advantage now. That does not mean they never will.
And when they do (perhaps in 10 years) it will be too late to take away your data at that moment. They already have it.

Weighing in (2)

itsphilip (934602) | about a year and a half ago | (#42717103)

Going to keep the identity kinda vague here but I can say that I'm a high-ish level executive for a company that provides cloud services similar to Amazon and I will tell you first hand that we NEVER ever ever would spy or collect data on our customers. It would be a disaster and far more trouble than it's worth. Most mainstream platforms (VMware, OpenStack, whatever you choose) don't even provide facilities for reading on-disk customer data in a true cloud environment easily; I guess if you really wanted to you could start pulling raw blocks off of a SAN and dig around, but it would be a serious pain. Even if it were easy, I can't see a compelling reason to eavesdrop on customers, plus there are likely legal ramifications.

Re:Weighing in (1)

dstyle5 (702493) | about a year and a half ago | (#42717553)

What about government access to on-disk data? Given how they are trying to pry into as much as they can these days them having easy access to a "terror suspect's" data wouldn't surprise me. I guess they could just put the Carnivore servers in the ISPs that feed the cloud data centers.

Does not pass the sniff test (0)

Anonymous Coward | about a year and a half ago | (#42717105)

Can someone explain to me why the data extraction happening under The Patriot Act is never revealed in leaks, while if AWS or others snoop on my data, it would pose such a great risk that they would never do it?

The Patriot Act means that all the systems are in place for snooping, and even the veil of secrecy can be reused for snooping.

This story does not pass my sniff test.

Other things which are probably true (1)

Sloppy (14984) | about a year and a half ago | (#42717141)

Humans working in government are probably not listening to your unencrypted phone calls or reading your unencryped emails.

If you forgot to lock your front door this morning, a burglar is probably not taking advantage of the situation.

Even if you skip your dog's rabies vaccinations, it probably won't get rabies.

If you drive home drunk tonight, you will probably arrive safely, and without hurting anyone else or facing serious criminal consequences.

North Korea probably doesn't intend to nuke anyone.

If you run with scissors, you probably won't trip and accidentally stab yourself.

Fully Homomrphic Encryption (0)

Anonymous Coward | about a year and a half ago | (#42717531)

Fully homomorphic encryption solves this problem, its q shame that IBM is keeping the tech locked away instead of open sourcing it...

Re:Fully Homoerotic Erection?!? (0)

Anonymous Coward | about a year and a half ago | (#42718361)

Woah...talk about a bad misreading of a comment subject.

ROI vs ROR (1)

IonOtter (629215) | about a year and a half ago | (#42718237)

Rate of Investment vs Rate of Return.

Going through all the trouble to spy on Joe Pimpleface Teenager: ROI > ROR.

Going through all the trouble to spy on a user whose browsing profile and typing habits match Julian Assange or Frank Whizbang, Stock Investor of the Year: ROR > ROI.

By an order of magnitude.

So technically, yes, cloud providers probably aren't spying on 90% of the users.

But if I know I'm one of those 10% of extraordinarily high-interest persons? I'd call it a given that you're being spied upon. No matter how much it costs.

Economics are subject ot change (0)

Anonymous Coward | about a year and a half ago | (#42718555)

If the only reason that we shouldn't be worried about cloud providers snooping on client data is because it's not economically beneficial for them to do so, then we should absolutely be worried about them doing so. Economics change.

Only if they're into advertising (1)

thetoadwarrior (1268702) | about a year and a half ago | (#42718559)

Do I believe rackspace spies on me? No

Do I believe Google does? Of course. In fact they're pretty open about a lot of snooping and they try pushing real name policies and other shit to make it easier to shill crap on the web. Why would I not believe they're not snooping on me every single chance they get?

Your Cloud Provider (Probably) Isn't Spying On You (1)

Culture20 (968837) | about a year and a half ago | (#42718923)

<grandmavoice>Oh, good. I always knew he was such a nice man</grandmavoice>

Consider the source (0)

Anonymous Coward | about a year and a half ago | (#42720405)

This is just a cry for attention, in the form of FUD, from a small, strugling cloud service provider.

Last word of title cut off... (0)

Anonymous Coward | about a year and a half ago | (#42721805)

Title should be: Your Cloud Provider (Probably) Isn't Spying On You Yet

That's how the internet works. (1)

amballs (2827593) | about a year and a half ago | (#42726571)

Hey, that's the Internet! Everybody spies on you here. If the big companies like Verizon sell your info [jammer-store.com] to ad makers and other third parties, so what can be done with a small ones?
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?