Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Cloud: Convenient Until a Stranger Nukes Your Files

Unknown Lamer posted about a year ago | from the just-use-openafs dept.

Cloud 262

jfruh writes "Thanks to a plethora of cloud storage accounts, Dan Tynan thought his days of carrying a thumb drive around with him and worrying about email stripping out his attachments were over. But that was before he discovered that his Box.com account and all the files in it had vanished without a trace. With tech support coming up empty, Tynan had to put on his journalist hat to track down the bizarre sequence of events that ended with his account handed over to another user, who didn't ask for it and didn't even know who Tynan was."

cancel ×

262 comments

Sorry! There are no comments related to the filter you selected.

most transparent administration ever (0, Flamebait)

Anonymous Coward | about a year ago | (#45212499)

"most transparent administration ever"

Just got to love that whole 'transparency' thing.

http://www.inforum.com/event/article/id/416090/

"FARGO – The Obama administration asked North Dakota’s largest health insurer not to publicize how many people have signed up for health insurance through a new online exchange, a company official says."

Of course this is all Boooshes fault, we all know this.

And the media just keeps blowing Obama whenever he asks. No one throws shoes at him or even asks him any questions.

And most of the stupid drones on this super-smart-geek website support this tyranny.

Fucking fools.

Re:most transparent administration ever (0)

Anonymous Coward | about a year ago | (#45212515)

Here, have some transparency [atr.org]

Re:most transparent administration ever (0, Offtopic)

Anonymous Coward | about a year ago | (#45212697)

This government ls lawless and accountable to no one; much like SOA except the government is the only ones with the "legal" right to kill you and have all the "legitimate guns.

But yeah, they are going to solve the healthcare crisis and provide doctors to all who need them, for free no less, tax the rich who aren't paying their fair share, solve global warming and make every person in the world a de-facto United States citizen.

All of this powered of course by Unicorn farts.

Thanks ever so much for forcing this tyranny on what used to be a free country that enjoyed the rule of law, economic prosperity and oh by the way, the greatest healthcare system the planet has ever known.

All that is coming to an end, thanks the libs abd useful idiots who put these statists into office,

Re:most transparent administration ever (-1, Offtopic)

kilfarsnar (561956) | about a year ago | (#45213111)

All that is coming to an end, thanks the libs abd useful idiots who put these statists into office,

Oy, this left vs. right crap. Look, the state serves the interests of Big Money. That is the financial industry, energy extraction, defense contractors, big agriculture, etc. If you focus on left and right, lib and con, you are missing the real action. The government does not operate according to a left or right ideology. It operates under a good-for-business ideology. The rest is just what the Republicans and Democrats serve up to their constituents to fire up the base and scare them about the other team. All that goes out the window once their in office and they're serving their real masters.

Re:most transparent administration ever (-1)

Anonymous Coward | about a year ago | (#45213303)

I agree and I try to avoid the use of the term Lib for that reason, however it is what most people in the US equate to Democrat and it takes more time to explain it to those who do not understand.

There are statists - those who support and believe in the rights of the state and there are conservatives who stand for the rights and liberties of the individual. Note that I do not speak of liberterians as there is a valid and just need for a government to support and preserve the civil society, a government that is well defined and limited in its powers, but it needs to exist nonetheless. The liberterian can easily veer off to the point of anarchy and many of them do.

It is the statist that supports Obama and the radical extremist Democrat party; Obamacare is a perfect example of a naked government power grab, and you can see this by the way the Democrats protect and defend their law like a mother protects its young. Anything so valued by the statist is by definition a bad thing for the individual and for freedom.

I mean how brazen can you be by supressing real information about their healthcare exchanges from the public? Who are the drones who continue to supportt the regime in the face of this blatant tryanny?

It's beyond disgusting what these people are doing to our country and my childrens future. 17 TRILLION DOLLLARS IN DEBT and they are hiding things?

Wake up slashdot socialists.

Re:most transparent administration ever (-1)

Anonymous Coward | about a year ago | (#45212821)

Take your political whining over to yahoo where the rest of the low-IQ folks hang out.

Re:most transparent administration ever (-1)

Anonymous Coward | about a year ago | (#45212935)

No. When the statist steals my money and pisses it away all the time restricting our freedoms and liberties you do not get to tell us to shut up and go away.

YOU shut up and go away.

Re:most transparent administration ever (-1, Redundant)

kaizendojo (956951) | about a year ago | (#45213175)

Actually, thanks to moderation, we can tell whomever we like top STFU and go away.

svn (0, Informative)

Anonymous Coward | about a year ago | (#45212521)

Run it at home, commit/checkout works flawlessly.

Re:svn (0)

Anonymous Coward | about a year ago | (#45212583)

svn isnt terribly efficient for binary large document storage. A simple disk backup system would suffice.

Re:svn (2)

DarkRat (1302849) | about a year ago | (#45212797)

excuse me, are you from the past?

Re:svn (-1)

Anonymous Coward | about a year ago | (#45212945)

Go back to your linux forum of 2005.

The Cloud will save us all! (5, Insightful)

Sarten-X (1102295) | about a year ago | (#45212545)

Cloud services take all of your IT problems, and give them to someone else, period. A cloud is not inherently going to fix your problems, or make them worse, but just delegate them to someone who may or may not be able to handle them better.

Re:The Cloud will save us all! (4, Informative)

TWX (665546) | about a year ago | (#45212617)

Another issue with handing problems to consultants or third-parties, even if those companies have an interest in taking care of your problems, the employees of those companies may not. In short, you call with a problem, and there are layers of management and bureaucracy up your chain of authority and down theirs before the hammer can be brought down on an employee of a different company that fails to do his or her job or to otherwise provide service.

When a person who takes care of your stuff works for your organization, generally there are fewer hoops to jump through to compel that employee to do his or her job, as there's both an ability to personally address that employee, and there's a greater ability to discipline an employee that fails to do one's job.

That having been the stick, there's also the carrot, the employee in one's own company that manages to play Scotty and save the day will receive more recognition from his or her fellow coworkers than the employee of a consulting firm, so the motivation to take care of the assets is also greater with the personal connection to coworkers.

Re:The Cloud will save us all! (0, Insightful)

Anonymous Coward | about a year ago | (#45212679)

Another issue with handing problems to consultants or third-parties, even if those companies have an interest in taking care of your problems, the employees of those companies may not.

But then, the same may be true with employees of your own IT department.

Re:The Cloud will save us all! (1, Insightful)

TWX (665546) | about a year ago | (#45212745)

As I elaborated, you can fire employees that don't do their jobs in your own company easier than you can compel another company to fire their employees.

Re:The Cloud will save us all! (1)

BlackSnake112 (912158) | about a year ago | (#45213099)

Before you sign up read the contract. You may be able to encourage them to drop the hammer on those employees. If not you your lawyer should. That in itself is sad. No one should need a lawyer to get services that they signed up for. In today's world that is often the case.

Re:The Cloud will save us all! (1)

Anonymous Coward | about a year ago | (#45213189)

As I elaborated, you can fire employees that don't do their jobs in your own company easier than you can compel another company to fire their employees.

You clearly haven't worked in large organisations where the business, business IT support and company IT are all different management structures, allegedly working for the same company.

Re:The Cloud will save us all! (1)

Attila Dimedici (1036002) | about a year ago | (#45213319)

Yes, but how much worse is it if you have to go through that on your side and then again on the other company's side?

Re:The Cloud will save us all! (1)

BradMajors (995624) | about a year ago | (#45213285)

Trying to get another company to fire an employee is illegal and can subject you to a lawsuit.

Re:The Cloud will save us all! (3, Insightful)

wbr1 (2538558) | about a year ago | (#45212663)

"Cloud services take all of your IT problems, give them another layer of abstraction and possible complexity, and give them to someone else who may decide not to give a crap about your (or anyone's) problems ever again." - FTFY

For what it's worth, there is some convenience in 'cloud' services. But, if I have the time and the budget it is better to roll your own. Then I can point at the IT people responsible and say fix it or else. If I hand data and servers to someone else to manage, someone who has weaseled every possible loophole into their contract and outsources support for their product to (possibly foreign) call centers that know nothing about the services and follow consistently useless scripts to try to resolve problems, I am asking for trouble.

Re:The Cloud will save us all! (1)

MightyYar (622222) | about a year ago | (#45212739)

TFA is written by an individual who does work on contract - they are going to be outsourcing their IT no matter what. The cloud is perfect for that. Just have some redundancy - for instance, Dropbox plus another versioned backup, either remote or local. On my Windows machine I have Dropbox* running, but then Windows 7 backup also runs every night to a second hard drive and Crashplan keeps versioned files in the "cloud" and on my basement NAS. This is severe overkill, but what the hell, storage is cheap and I setup my backup system without Dropbox in mind. The Macs are similar - Crashplan to the "cloud" and time machine to NAS. At work I only use Windows 7 to the network and Dropbox. No idea why IT doesn't have a real backup policy for desktops, but there you go.

* I keep saying "Dropbox" for brevity. The truth is that I use Google Drive, Dropbox, and even Sparkleshare. It all depends on what I'm doing.

Re:The Cloud will save us all! (2)

jellomizer (103300) | about a year ago | (#45212755)

Cloud services isn't a magic happy pill. But it does make things better over all.
Chances are your local IT guy needs to do a lot of stuff, not just focus on your email server, or file server. The cloud is a good place to handle specialized IT jobs, as you can can get a team of people who can manage your data 24/7 and cheaper too, because they have 10 guys managing 1000 customers.
Things are over all better... However it doesn't take you off the hook.
For one you need to make sure you get the right service for your needs, if you buy the cheapest you often get the poorest service back. If you get the most expensive they may offer too many features that you need and you are spending money on stuff you will never use. Make sure your contracts cover your needs, and still plan a backup plan, as the cloud company may not become palatable to you any more and make sure you are not stuck with them.
 

Re:The Cloud will save us all! (3, Insightful)

Moryath (553296) | about a year ago | (#45212997)

Cloud services take all of your IT problems, and give them to someone else, period. A cloud is not inherently going to fix your problems, or make them worse, but just delegate them to someone who may or may not give a crap.

FTFY.

I don't trust Cloud services with anything, for good reasons:
- Lack of deletion confirmability.
- Lack of security (seriously, Dropbox will accept "1111" as a valid password)
- Lack of confidentiality - law enforcement says "we want to look at user32X's files", Dropbox/Google/etc will cheerfully hand them over without so much as a notification to you. Your account is hacked or your password guessed, poof your files are in the wild. One person misrepresents themselves and the file gets shared out, or some bit is flipped making your files "visible", you get no notification and your files are in the fucking wild.

Local crypto (1)

tepples (727027) | about a year ago | (#45213325)

One could work around these problems by encrypting the files on the local machine before storage to a remote machine. But what new blocking problems does this create?

Moron (5, Insightful)

Anonymous Coward | about a year ago | (#45212551)

FTFA:

* Financial records. I scan all my paychecks and store them (on SkyDrive, not Box.com - fortunately). Our tax form PDFs are all on some cloud storage service, either SkyDrive or Dropbox, as are all our receipts. These would have been in the hands of a total stranger - perfect fodder for identity theft. And if the IRS suddenly decided to audit us? We'd be at their mercy.

* Health records. We scan all our doctors bills and insurance insurance statements and store them in the cloud. So now we're talking about medical identity theft for us and our kids - a situation that's much harder to resolve than standard financial ID theft.

What an idiot.

Re:Moron (1)

fche (36607) | about a year ago | (#45212573)

Indeed. See also http://ascii.textfiles.com/archives/1717 [textfiles.com]

Re:Moron (3, Interesting)

barlevg (2111272) | about a year ago | (#45212709)

I love the concept of being able to access one's files anywhere. But there's no need to do it via "the cloud." All you need is a home machine that can be always on connected to a reliable internet. I realize that ISPs frown upon this sort of thing [slashdot.org] , but until Comcast tells me to stop, this is the best option to give me the functionality of the "cloud" with all the control I want over my own damn content.

Re:Moron (1)

3.5 stripes (578410) | about a year ago | (#45212605)

Maybe a bit further towards the dangerously naive side of the scale, but yeah, that's plenty dumb.

Re:Moron (2)

SJHillman (1966756) | about a year ago | (#45212665)

Any remotely sensitive files I keep in Dropbox, Box, or SkyDrive (I use all three) I encrypt as surely as if it were on a USB drive that I might accidentally drop somewhere. Even if it's just MS Office's built-in encryption or an encrypted zip archive, it's a hell of a lot better than nothing.

Re:Moron (5, Interesting)

OzPeter (195038) | about a year ago | (#45212715)

What an idiot.

His profile at the bottom of the page makes it doubly so:

Author Dan Tynan has been writing about Internet privacy for the last 3,247 years. He wrote a book on the topic
for O'Reilly Media (Computer Privacy Annoyances, now available for only $15.56 at Amazon -- order yours today) and edited a series of articles on Net privacy for PC World that were finalists for a National Magazine Award.

Quoting from the Amazon page for his book:

From the moment you're born, you enter the data stream-from birth certificates to medical records to what you bought on Amazon last week. As your dossier grows, so do the threats, from identity thieves to government snoops to companies who want to sell you something. Computer Privacy Annoyances shows you how to regain control of your life. You'll learn how to keep private information private, stop nosy bosses, get off that incredibly annoying mailing list, and more. Unless you know what data is available about you and how to protect it, you're a sitting duck. Computer Privacy Annoyances is your guide to a safer, saner, and more private life.

Either he doesn't follow his own advice, or his is actually *dumber* than a box of rocks.

Re:Moron (1)

poofmeisterp (650750) | about a year ago | (#45212885)

Honey pot. [wikipedia.org]

Re:Moron (1)

duke_cheetah2003 (862933) | about a year ago | (#45213107)

Author Dan Tynan has been writing about Internet privacy for the last 3,247 years.

Apparently he's a dumb vampire. Still a little unsure about the claim of writing about Internet privacy for longer than the Internet has existed, but..eh, details.

Re:Moron (0)

Anonymous Coward | about a year ago | (#45212717)

Ya, my jaw hit the ground too when I read those lines.
No encryption, no local backups, no nothin'.

No sympathy from me either.

Re:Moron (0)

Anonymous Coward | about a year ago | (#45212873)

My other thought is now he's just begging for abuse as well- he's publicly announced where he keeps his sensitive data.
How long until his accounts are hacked?

Re:Moron (1)

war4peace (1628283) | about a year ago | (#45212809)

Damn it, I was about to say the same thing...

Re: Moron (0)

Anonymous Coward | about a year ago | (#45213271)

Isn't part of their pitch that they take care of the backups for you?

Anyhow, here's how I do it:

Truecrypt container on Dropbox

I link a couple of old machines to the same account and every now and again I fire one of them up

He gave away his login.... (0)

malakai (136531) | about a year ago | (#45212831)

Also, i'm not sure if anyone else picked up on this, but he was giving out his box.com account credentials to clients so they could upload straight to the folder.

I gave them the email addresses of several people with whom I had shared files over the years, thinking maybe the account had been mistakenly assigned to them.

Hrrmm? that's odd. Why would you even think because you sent someone a link to your cloud shared folder that the cloud company would magically given them the account...unless you didn't send them some link....

My lovely and talented wife, with whom I collaborate on stories for Family Circle (where we used Box.com a lot), had apparently invited an employee of this PR firm to upload an image to one of our shared folders last April

Ahh, now this language seems a bit too obtuse. "Invited an employee to upload an image". At first glance, you'd think you send this PR employee a link and they uploaded to your box.com folder. But you can't do that with box.com.... Only way to let someone upload to your folder is via an E-mail ( which won't work for large files ) or the 'upload widget' which you have to host on a website and it's up to you to lock it down ( he didn't use this either ). Failing that, YOU HAVE TO GIVE YOUR ACCOUNT USERNAME/PW TO THE PERSON TO UPLOAD TO YOU.

They probably pulled all the accounts used from an IP range known to be the PR firm, and assumed that's "PR Firms" employees. Since this employee had the username/pw, what else were they to assume.

Not a brilliant move on Box.com's part, but also, a stupid move on this writers part.

Most of these large cloud storage apps make it difficult for someone else to 'contribute' (upload) files. Otherwise they get abused for warez or porn.

Long story short, this guy violated their terms of agreement and gave away his username and password and was amazed when his files disappeared.

If he wasn't a tech writer, they would have written him off and rightly so. If anything, this is "Treat me different, I'm the press" mentality.

Re:He gave away his login.... (5, Informative)

dan tynan (2821675) | about a year ago | (#45212979)

I'm the author of the post. You are completely and utterly wrong, and clearly ignorant about how Box.com works. I invited others to share some, but not all, of my box folders. I can actually control the level of access they have to each. I didn't give them my own login and passwords, they created their own. They didn't have access to my entire Box account, only the folders I chose. I could allow them to simply view files, or to edit and upload. So nobody had my password and login but me and Box. I did not violate anyone's TOS. And if I had not identified myself as a member of the press who was writing a story about this, it is highly unlikely I would have gotten any answers from Box at all. dt

Re:Moron (2)

Dogtanian (588974) | about a year ago | (#45212925)

[stuff ending with] What an idiot.

Well, yeah. Also he said

Me, I will continue to use the cloud, because really, what other choice do I have? Carry a thumb drive with me 24/7? Been there, done that.

And what *was* the problem with that exactly?

I have a Crucial Gizmo Jr. 8GB pen drive that I bought almost 5 years ago. It's about the size of a slightly short stick of chewing gum, and less than twice the thickness (around 2mm). It stays in my wallet all the time.

If I was paranoid about the data on it, I'm sure I could use some form of encryption. Minor inconvenience, sure, but when you're saying "what other choice do I have?" it's not that big a deal.

Re:Moron (1)

Jason Levine (196982) | about a year ago | (#45213115)

I used a thumb drive for awhile and then had some scares where I almost lost it.

I do use a cloud drive now (Google Drive) but Google Drive also automatically backs up the data to each of my computers. (Thumb drives you need to remember to back them up and I'm notoriously bad at that.) If Google were to "accidentally" delete all of my data, I would be fine. I also don't store anything there that would lead to ID theft were it to fall into the wrong hands.

Re:Moron (2, Insightful)

Anonymous Coward | about a year ago | (#45213165)

What completely stuns me and removes any credibility this guy has is his claim to being some sort of "privacy advocate," yet stores his paycheque, tax and health records online.
Not just an idiot. He deserves Fucking Idiot.

I look forward to seeing his tax returns downloadable from Pirate Bay.

Re:Moron (1)

mlts (1038732) | about a year ago | (#45213167)

At least one should use a service like Viivo, just as a minimum, as a secondary layer of protection. The ideal would be to stuff everything in a TrueCrypt volume, or at least PGP/gpg all stashed files.

Without some encryption, a person is one password away from disaster.

Re:Moron (1)

kilfarsnar (561956) | about a year ago | (#45213265)

* Financial records. I scan all my paychecks and store them (on SkyDrive, not Box.com - fortunately). Our tax form PDFs are all on some cloud storage service, either SkyDrive or Dropbox, as are all our receipts. These would have been in the hands of a total stranger - perfect fodder for identity theft.

They were already in the hands of total strangers; he uploaded them to SkyDrive.

I don't mean to say I told you so, but... (0)

Anonymous Coward | about a year ago | (#45212563)

...I informed you thusly.

Complacency (5, Interesting)

cyberpocalypse (2845685) | about a year ago | (#45212567)

Unsure why people are moved to throw their data into the hands of someone (company) that would never treat their data sacred. I don't care what argument you put forth, no one is going to care (security wise) about your data as vigilant as you would (and should). Math wise, the cloud makes no sense to me, even on the free model.

1) wait for you to download your data over the Interwebs (mobile you say... tick tock)
2) There is NO GUARANTEE someone in the company isn't looking at your data or selling it. You're simply trusting they won't

Storage is dirt cheap. 2TB drives are like what 100-200 US per pop give or take. They're compact enough to throw in a messenger bag along with a laptop. Data availability is much faster than downloading it over the wire. Throw on crypto (say Truecrypt) and you have a decent amount of security. Only concern, is your HD goes bad. In either event, another backup 2TB is 100-200. Cloud pay for play? @ 10.00 per month, its STILL the cost if not more than buying your own device.

Re:Complacency (4, Insightful)

SJHillman (1966756) | about a year ago | (#45212687)

I can sum up exactly why people do it in three words: fast, easy, convenient.

Once you start handling it yourself, all three of those are going to take a hit - and for non-technical people, it can be a pretty heavy hit.

Re:Complacency (0)

Anonymous Coward | about a year ago | (#45213191)

It's not that hard. Synology disk stations make it pretty easy. Provides a VPN server if you don't want to open your ports. They've got android apps, I can access everything on my network from my phone. If you want offsite too, buy a second, place it remotely (friends or family), they'll rsync over the internet.

Re:Complacency (3, Insightful)

MightyYar (622222) | about a year ago | (#45212807)

In my neighborhood, we have these house fire things that would totally ruin your day. I pay $1600/year in home owners insurance - an extra $10/month to have all my data at some far-flung location keeps me feeling warm and fuzzy. My house could burn down and I'd have all my data back as fast as they can overnight a hard drive (or I could be cheap and download for a few weeks...).

Re:Complacency (3, Insightful)

bdcrazy (817679) | about a year ago | (#45212817)

They're compact enough to throw in a messenger bag along with a laptop.

And when somebody takes your messenger bag, *poof* there goes your data AND your backup. Happened to my father, he was always backing stuff up. But he put his backup in his laptop bag. His truck was broken into one evening and the laptop bag was stolen. The data on the laptop was worth many multiples of the cost of the laptop. He would have been happier if they left the bag and took the truck! A fairly new truck that was worth less than the data lost.

Why would anyone do that? (0)

Anonymous Coward | about a year ago | (#45212585)

From TFA :
'So the loss of my Box.com folders was not a personal tragedy. (Had I lost my Dropbox account, though, I would have been screwed.)'

Everyone who stores their only copy of important personal/work data, without backups in the cloud deserves everything that happens to him!

Re:Why would anyone do that? (2)

SJHillman (1966756) | about a year ago | (#45212707)

I make sure to include the local Dropbox, Box.net and Skydrive folders in my PC's nightly backups. If you're going to be backing up your computer anyway (as you should be), it's almost no extra effort to include those folders as well.

*sigh* .. "The cloud" doesn't exist (5, Insightful)

OzPeter (195038) | about a year ago | (#45212615)

I can't remember where I first heard this, but the quote is along the lines of:

Whenever you hear a reference to "the cloud", replace it with "someone else's computer" and see how much sense it makes

Once you start doing that it shows you how little control you have over such services and how dependent you are on other parties, especially if you consider them as a panacea to not having to keep your own backups (as the OP seems to have done)

Re:*sigh* .. "The cloud" doesn't exist (2)

neminem (561346) | about a year ago | (#45212721)

I prefer replacing them with "my butt" [github.com] . Which is what I'm doing, already, so this thread is a goldmine. It makes your post nonsense, though - I'm not sure why I would replace your butt with someone else's computer.

Re:*sigh* .. "The cloud" doesn't exist (1)

jbeaupre (752124) | about a year ago | (#45212833)

I've been playing with an alternative cloud server that fixes that. Synology (and probably others) have a cloud service app you can run on your own server. I haven't stored anything critical or confidential on it yet, so I'd be interested in what others think of it.

Benefits:
As much storage as you can cram into the box (Ours is 1 TB).
No monthly fee
Automated scheduled backups to external drive or other server
Seems to work with Win, Mac, Android

Problems:
bandwidth limited to upload/download speeds we pay for
I'm responsible for maintenance
No auto-upload of photos from my phone to server (yet?)
?
?

Re:*sigh* .. "The cloud" doesn't exist (1)

cdrudge (68377) | about a year ago | (#45212887)

Once you start doing that it shows you how little control you have over such services

Then a "cloud" exactly describes what it is. No one controls them except nature. Sometimes they do something useful (rain), sometimes something not useful (damaging storms), sometimes they are there (cloudy day) and sometimes they aren't (sunny day). You can count on them existing somewhere, just maybe not where you want/need them.

Regardless of where you store your information, be it on a desktop in front of you, a server in your company's datacenter (wherever that may be), or some cloud provider, you have to remember what the limitations of doing that may be. If high availability is critical and you absolutely can't live without that information, then only a single location is not the best choice as any one of them could be unavailable. If they need to be secured, then encrypt them before they leave your local control.

Re:*sigh* .. "The cloud" doesn't exist (1)

MightyYar (622222) | about a year ago | (#45212919)

Once you start doing that it shows you how little control you have over such services and how dependent you are on other parties, especially if you consider them as a panacea to not having to keep your own backups (as the OP seems to have done)

While I agree that you need to keep your own backups (even of your Google Docs and Gmail, people!), the only people who have an issue with the "someone else's computer" bit are either edge case users with highly sensitive data or control freaks. There isn't exactly a crises of identity theft via cloud services - I have to conclude that the big names with good reputations are probably doing better at keeping data secure than I would be. Hell, my house has glass on the doors! An alarm system, sure... but that gives someone a solid 10 minutes to grab stuff and flee.

Re:*sigh* .. "The cloud" doesn't exist (0)

Anonymous Coward | about a year ago | (#45213233)

This is why I think that "Cloud Computing" is a misnomer. It should be called "Box Computing" since you are still doing what you did before, just in a different box.

The "cloud" drawn on whiteboards to represent the internet doesn't apply when you are talking to a specific "box" within that "cloud".

Learned to mistrust the cloud with Steam (0, Offtopic)

nitehawk214 (222219) | about a year ago | (#45212619)

Valve's shitty application stopped working, and now I can't install or run any of the games I bought (read: rented) from them. Their techsupport is somewhere between non-existent and not-giving-a-shit. I am even locked out of the non-drm games (most of the ones I have bought), because I cannot download them without the stupid Steam application.

Lots of money flushed down the drain to a company that simply does not care. Never again.

Re:Learned to mistrust the cloud with Steam (2)

just_common_sense (2485226) | about a year ago | (#45212681)

Sounds like a local problem with your computer, and not some issue with the "cloud". What OS are you running?

Re:Learned to mistrust the cloud with Steam (2)

The MAZZTer (911996) | about a year ago | (#45212761)

Yeah Steam is pretty good at running even if you nuke its registry entries (or reinstall Windows) and nuke everything except Steam.exe. It'll redownload all of its missing components and regenerate its registry stuff (though you need to relogin and auth with Steam Guard).

I did have a bit of a hiccup with Steam yesterday when most of their servers seemed to go down for a bit but it was only for like 15 minutes, then they were back up. Though my TF2 hats took a bit longer to come back.

Re:Learned to mistrust the cloud with Steam (0)

Anonymous Coward | about a year ago | (#45212735)

Valve is known for pretty good customer service.... E-mail Gabe Newell, he's well known for responding to people. gaben@valvesoftware.com.

Re:Learned to mistrust the cloud with Steam (1)

omnichad (1198475) | about a year ago | (#45212767)

Seems like a bit of an overreaction if you can just do a fresh OS install, fresh Steam install and get them all back. Have you tried doing a manual uninstall of Steam? They provide instructions right on their web site:
https://support.steampowered.com/kb_article.php?ref=9609-OBMP-2526 [steampowered.com]

Re:Learned to mistrust the cloud with Steam (1)

omnichad (1198475) | about a year ago | (#45212861)

Or worst case, install the Steam app on another computer, sign in, and download your non-DRM games to make a backup. You're not locked out.

Re:Learned to mistrust the cloud with Steam (1)

nitehawk214 (222219) | about a year ago | (#45213045)

Seems like a bit of an overreaction if you can just do a fresh OS install, fresh Steam install and get them all back. Have you tried doing a manual uninstall of Steam? They provide instructions right on their web site:
https://support.steampowered.com/kb_article.php?ref=9609-OBMP-2526 [steampowered.com]

Yes, I have. Everything else about the computer works fine, so why the hell should I reinstall my computer because their app stinks?

I've been using Steam for ~5 years (0)

Anonymous Coward | about a year ago | (#45213247)

Never had any of the problems you've described. 1 anecdote for, 1 anecdote against, guess it's a wash folks ;)

Re:Learned to mistrust the cloud with Steam (1)

omnichad (1198475) | about a year ago | (#45213275)

What are you expecting them to do? Take remote control of your computer (I sure wouldn't allow that)? Or reproduce your exact problem in a lab on your end without knowing what's going wrong (probably impossible)? It could be an interaction with any other application on your system - not just the antivirus. If you've eliminated the app completely and thoroughly and reinstalling it doesn't work, then it has to be an issue with Windows or an issue with the combination of other software on your computer.

But it wouldn't be hard to get non-DRM games back. Install Windows on a second hard drive, install Steam, download DRM-free games and then go back to your old drive.

Don't get me wrong- I sure don't buy anything with DRM that I can't remove or use find a way to use perpetually.

why the hell should I reinstall my computer because their app stinks?

I won't say their program is perfect. But saying that all of your money spent on the games is unrecoverable just because you're not willing to try all of your options seems like a bit much.

Just out of curiosity, are you getting an error message?

Re:Learned to mistrust the cloud with Steam (1)

Anonymous Coward | about a year ago | (#45212801)

Play in offline mode? Oh wait, the Steam application seems to be broken only on your computer, but working for everyone else. Maybe this tells you that Steam is not the problem, you are. Learn to fix your computer. Reinstall Steam. Reinstall all your games (they will still be recognized by Steam - that's one of the good things, you can install/play on any computer, you can only use one machine at a time though). Play, like everyone else. No you'd rather whine like a little bitch.

SubjectsInCommentsAreStupid (2)

lesincompetent (2836253) | about a year ago | (#45212627)

He keeps his work files, financial records, health records in the cloud.
Dear sirs and madams, i refrain from even commenting on that for fear of being downmodded hard, and rightly so.

Re:SubjectsInCommentsAreStupid (1)

couchslug (175151) | about a year ago | (#45212813)

Worse, he kept them unencrypted. I

f the NSA wants your shit it will have it, but that doesn't mean you cannot protect against lesser threats.

No matter how much we remind people of the many tools available, often Free and Open, at their disposal, some folks insist on being stupid and will be LARTed by events.

Re:SubjectsInCommentsAreStupid (2)

MightyYar (622222) | about a year ago | (#45213009)

All of my data is backed up via Crashplan and stored on their servers. Presumably (I'm just blindly trusting them at their word) it is encrypted by a key that they hold but which only my client has the password to. If I were the paranoid sort or had juicier data, I have the option of holding the key myself but that limits the convenience somewhat.

I'd like you to tell me why I should be worried. Remember that the IRS (with over 100,000 employees) has my tax records and my banks and brokerages have all of my other financial records. I submit that the chances of my Crashplan account getting hacked and my identity stolen or my finances stolen are far lower than one of those organizations having a massive data breech which includes my data. I also submit that my home is more likely to be burglarized and the same data carried away in a nice laptop-shaped package. I might be wrong, but I've never seen anything to suggest that there is a scourge of identity theft due to cloud storage. Educate me :)

Re:SubjectsInCommentsAreStupid (0)

Anonymous Coward | about a year ago | (#45213159)

Well,

the data being carried off in a nice laptop shaped package can only happen if it is easily found. While the computer has to be accessible for maintenance, it does not have to be easily accessible or in an obvious location. A network "closet" above your hot-water heater where the only way to open it is with a screw driver is a lot less likely to disappear than say a laptop sitting on a table. Physical security is important, and so is encryption with the ability to wipe the devices remotely.

I have no idea how many people are trying to break into your home, but I would be willing to bet that the number that are trying to hack any of the large cloud services is much higher. If you design your system with physical security in mind, reduce the surface area exposed to an external network and encrypt the devices that the data is stored on then the risks are managed in the best ways possible.

As you change the setup new risks are added, and old risks are removed. Nothing is perfect, but some things are better than others.Security through obscurity should be considered as a part of a holistic approach to data security.

2 things that can mitigate the risk (1)

Isaac-Lew (623) | about a year ago | (#45212657)

  • Encrypt sensitive documents before uploading them.
  • Keep at least one local backup.

Re:2 things that can mitigate the risk (1)

safetyinnumbers (1770570) | about a year ago | (#45212749)

Keep at least one local backup.

And that's actually one big strength of services like Dropbox and Box. To have automatically synced local backups, all you need to do is install the client on more than one computer!

So even if their servers vanish, you're left with multiple local up-to-date copies.

Re:2 things that can mitigate the risk (1)

Lumpy (12016) | about a year ago | (#45213221)

Except I delete files on computer A they get deleted on computer B,C,D,E and F. I suggest you read up on how these work. you need to add a service that replicated the folders to another one that does not have any syncing other than a copy function to the backup folder.

The two commandments of cloud usage (5, Insightful)

Kardos (1348077) | about a year ago | (#45212691)

Cloud storage can not be trusted both in terms of privacy and reliability. So follow these steps and you'll be fine:

1) Thou shalt not store unencrypted files in the cloud
2) Thou shalt have backups of files in the cloud

Does that reduce the convenience of the cloud? Yes. Because that is all that online cloud storage can offer - unreliable privacy invading storage.

This is just (0)

Anonymous Coward | about a year ago | (#45212711)

proof that nobody should commit large amounts of personal data to cloud storage, unless it is encrypted and used as a backup. No system is inherently foolproof, but storing data in a way that you keep in your physical possession is clearly safer.

"The Cloud" is not a Backup (4, Insightful)

AwaxSlashdot (600672) | about a year ago | (#45212729)

For the "someone nuked all my files", this is why you should backup your files (or use a Cloud service with integrated backup/history or better use both).

Remember, a proper Backup uses MULTIPLE Backups and not all from the same service provider.

PS: for the "someone saw all by financial records", you should use an encrypted Cloud service where YOU own the encryption key and where the service provider can NOT help you should you ever lose that key.

Stuff happens (4, Interesting)

swillden (191260) | about a year ago | (#45212733)

This is rather unfortunate for him, of course, particularly if he didn't have a backup anywhere else (duh!), but I'm sure we'll get a lot of slashdotters saying "See, this is why I'll never use the cloud!", and that's silly. Now, there are other valid reasons to avoid cloud storage (e.g. privacy and security, assuming you're not encrypting the data), but reliability really isn't one of them. Thumb drives die, get lost or get damaged, hard drives fail... there is no perfectly-reliable storage medium, but I'll posit that a good cloud storage provider has a much lower failure rate than anything you can manage yourself.

The solution, as always, is backups. Any one storage medium may fail, but the odds of several of them failing simultaneously is very low. Personally, my most important files live on a RAID-6 array with a hot spare on my home file server, and on my laptop's SSD, on my workstation's HD, and on Google Drive. There is a fair amount of low-priority stuff which lives only on Google Drive. It gets automatically synced to multiple machines, but that wouldn't help if someone else got access to my account and deleted my files (of course, I use two-factor auth). It's still better than what I'd do without a cloud service, which is that I'd have those files only on my laptop.

Hmm... It occurs to me that it'd be trivial to write a small script that uses rdiff-backup to copy the contents of my Drive folder to another folder, then run that in a cron job. Then I'd have automatic, persistent synchronization to multiple devices. I think I'll do that right now :-)

Bottom line: This is a sad story, but not a reason to avoid cloud storage. It is a reason to recommend backups. Especially completely automated, effortless backups.

Re:Stuff happens (0)

Anonymous Coward | about a year ago | (#45213295)

RAIDz or go home. How do you know your data hasn't gotten corrupted? RAID5/6 do not protect against corruption.

Delayed garbage can (1)

Sockatume (732728) | about a year ago | (#45212773)

Setting aside the issue of cloud storage, I'd like to point out that any file you don't back up is one you may lose. Leaving the only version on Box is as bad as leaving the only version on your hard drive.

Offline copy, EncryptFS (0)

Anonymous Coward | about a year ago | (#45212785)

Does Box.net not store a complete local mirror? Don't they have backups?

But I keep a personal mirror of my dropbox archive on a desktop at home, but only enable syncing on it once a week to make sure I always have an offline copy. Dropbox also has some revision history...but I don't know how that applies if the file is deleted.

And yea, EncryptFS is your friend with these services. The idea that so many companies are storing sensitive data in the cloud is a bit worrying...

moral of the story (0)

Anonymous Coward | about a year ago | (#45212789)

The moral of the story is simple - do not store work related files _only_ on other people's storage medium, whatever it is.
Being a total moron and having receipts/work-in-progress files/legal documents that you _depend_on only on Cloud-based storage, well.. Murphy's law will apply.
This apart from any privacy issues that I won't go into here..

Bottom line: don't be a moron, store /your/ important files on /your/ devices.

Yes (0)

Anonymous Coward | about a year ago | (#45212829)

The cloud is your fired administrator handling your and thousands of other clients information, while not giving a fuck if a percent you of gets annihilated or not.

Two kinds of people. (1)

wvmarle (1070040) | about a year ago | (#45212865)

As the old saying goes: there are two kinds of people. Those who keep backups, and those who have never lost data. I think this blogger has now moved from the second to the first category.

Convenient?! (0)

Anonymous Coward | about a year ago | (#45212875)

Since when has even convenience ever been one of the attributes of "the cloud?" Maybe it's convenient if you have fast upload speeds. For those of us with ADSL, it will never be convenient, because it would take forever to get my data up there. And even downloading is many orders of magnitude slower than my "slow" WD Green drives.

The cloud is "convenient" for turtles with 1980s-tech computers, maybe. For those of us who use modern hardware but early-21st-century American networks (i.e. not gigabit) it's a fucking joke in terms of convenience.

A Tragedy of errors indeed (2)

TTL0 (546351) | about a year ago | (#45212883)

1) You are sharing a work account with your wife who has her own work universe. So when she is working on an article about the "ultimate cloud deletion tool" you will get dragged into her experience without knowing it.
2) you seem to (in theory) have no problem separating your work files from your professional files.
3) you let strangers (yes they are people you are working with but) access accounts that have files that you need for more than the moment. box.com should be no more than a ftp server for transferring files and you should see that the files are deleted after the other party gets them.
4) you don't seem to have any home backup system even though your livelihood seems to be dependent on the availability of that data, not to mention your personal data. dropbox should be the backup of the backup.
In short you trusted your files to a third party and they failed that trust. the lesson is....

p.s. please post a preview of your next article " my cloud provider sold my data to advertisers without my knowledge"

Re:A Tragedy of errors indeed (1)

Lumpy (12016) | about a year ago | (#45213177)

Most users are that stupid, even when you talk backups to them they are busy listening to the wind whistle through their heads.
Those of us that know better need to make them pay dearly for any recovery efforts. Yes I will try to recover your files, I need $500 in cast to start looking and that does not guarantee anything another $500 to $7500 upon recovery depending on the difficulty and time involved paid before the delivery of the data. Sorry grandma, you dont have cash, you dont get your recipies back...

Why? (0)

Anonymous Coward | about a year ago | (#45212933)

In the age of terabyte drives why turn your valuable data over to others?
My experience is that no matter how you try to secure your data, something will go wrong. I've seen software errors (a lot), media failures, my own screwups (a lot). lack of support for old media by new systems. It's always something.

Truecrypt+Dropbox (2)

sl4shd0rk (755837) | about a year ago | (#45212967)

You should have Truecrypted. Doesn't keep people from hijacking your account but your files are of no use to them.

Pro Tip: Use a different password other than your login password for the encryption.

Re:Truecrypt+Dropbox (1)

kbg (241421) | about a year ago | (#45213063)

Except that NSA can read your Truecrypt files:
http://threatpost.com/truecrypt-audit-could-answer-troubling-questions [threatpost.com]

Re:Truecrypt+Dropbox (1)

Lumpy (12016) | about a year ago | (#45213131)

No they cant. there is some wild speculation out there about it and the nutjobs are trying to whip up fear about it.

No backup infrastructure? (1)

kbg (241421) | about a year ago | (#45213021)

What is the most disturbing part of this story is it seems that box.com doesn't have any major infrastructure for backup of users data. I would have thought that it would be as simple as pressing a button "undelete" for the box.com support people to restore last available data before deletion.

Two adages (2)

ichthus (72442) | about a year ago | (#45213033)

Two adages apply here.

1. Security is inversely proportional to convenience.
2. If you want something done right, you've got to do it yourself.

So, lesson learned: Be your own cloud.

Re:Two adages (1)

Lumpy (12016) | about a year ago | (#45213119)

No, use the cloud for all the free parts, just put your own systems on top of it to protect yourself.

Re: (2)

kurkosdr (2378710) | about a year ago | (#45213067)

Cloud services are the spiritual succesor to the BOFH. All the power, none of the responsibility.

Noobs. (2)

Lumpy (12016) | about a year ago | (#45213113)

I have a malicious and friend delete proof dropbox. I simply have my linux server copy and sync the files. if they all disappear, they all reappear as the server puts them all back. The only way to delete them is to rename then with a special prefix, then the server will actually delete them.

IF you trust the cloud for security or reliability, then you are a fool. Always set up your own systems to automatically back up and manage on top of the cloud service.

ITT (0)

Anonymous Coward | about a year ago | (#45213161)

People commenting without reading the article.

BTSync and SpiderOak (1)

grub (11606) | about a year ago | (#45213201)

I run BitTorrent Sync among several machines and keep backups with SpiderOak. Their zero-knowledge policy lets me sleep well at night.

YARXKCD (1)

Anonymous Coward | about a year ago | (#45213241)

Yet another relevant xkcd: Reverse Identity Theft [xkcd.com]

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?