×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Plans Service to Store Users' Data Online

Zonk posted more than 6 years ago | from the could-have-used-this-two-weeks-ago dept.

Google 155

achillean wrote this morning with a link to the Wall Street Journal, announcing plans we've all seen coming for a while: an online data storage service from Google. Though the article doesn't come out and call the project 'gDrive' or anything like that, it does indicate the service could be available within the next few months. "Google's push underlines a shift in how businesses and consumers approach computing. They are increasingly using the Web to access applications and files stored in massive computer data centers operated by tech companies such as Salesforce.com Inc., Microsoft Corp. and Google. Such arrangements, made possible by high-speed Internet connections between homes, offices and data centers, aim to ease users' technology headaches and, in some cases, cut their costs."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

155 comments

Recomendation to dissidents (0)

Anonymous Coward | more than 6 years ago | (#21491277)

Don't store your personal stuff up there. Just don't do it.

Re:Recomendation to dissidents (0)

Anonymous Coward | more than 6 years ago | (#21491375)

Oh noes, I can't sleep, Googlebot will get me.

Re:Recomendation to dissidents (1)

utopianfiat (774016) | more than 6 years ago | (#21493387)

second dupe.
and it's already been done- 1GB of storage on Gmail? This is why Zonk is unchecked in my "show stories from" dialog.

Re:Recomendation to dissidents (1)

TobyRush (957946) | more than 6 years ago | (#21491691)

If Google is intending this service for online storage of personal information, I don't think it's going to succeed... people use Facebook for that sort of thing.

Re:Recomendation to dissidents (1)

pipatron (966506) | more than 6 years ago | (#21491779)

On the contrary.

I've long been planning to put my most personal and important data on Google's servers, using the already existing gmailfs. Using good encryption, of course, which you really should use on local storage as well, if there's even a slight chance that it might get physically stolen.

Using this would give me a very cheap (actually free) off-site backup, so I know I can still retrieve my stuff even if my house burns down, or if RIAA sends the police to get my computers...

Re:Recomendation to dissidents (3, Interesting)

StankDawg (62183) | more than 6 years ago | (#21492389)

The RIAA wouldn't need to send the police for your computers since they can subpoena Google to get the evidence that they need. They do that for search queries now. Uploading your personal data gives law enforcement one stop shopping to your information. A "portal" to all of your personal information. How convenient...

Re:Recomendation to dissidents (1)

TheRaven64 (641858) | more than 6 years ago | (#21493437)

Which is why the grandparent mentioned strong encryption. How they get the data is irrelevant; they still need to get the keys from you, either via installing spyware or using something like RIPA to make you tell them.

Everything old is new again (2, Insightful)

pryoplasm (809342) | more than 6 years ago | (#21491295)

a strategy that could accelerate a shift to Web-based computing doesn't this sound just a little bit like a dumb terminal in terms of computing?

Re:Everything old is new again (1)

ByOhTek (1181381) | more than 6 years ago | (#21491391)

if by "a little bit" you mean "a whole lot", yeah, it does.

There's nothing wrong with a computer as a graphical dumb terminal - if it does what the user needs it to do. There are plenty of users who would be fine with this, and for whom it would work quite well. Cheaper computers with the desired functionality? Nothing wrong with that.

Re:Everything old is new again (1)

smitty_one_each (243267) | more than 6 years ago | (#21491541)

The substantial difference between what Google is up to and previous dumb terminal applications is one of scope.
If the possible participants/locations for working on stuff is wherever there is reasonable internet bandwidth, then some interesting use-cases crop up:
  • Keeping a TODO list as a google document that you can see both at home and at work, blowing by the limitations of Exchange server configurations and mixing personal/work stuff
  • Collaborating on a school project. Tried this actually, and the limitation proved more to be the inability of the classmates to think outside of .ppt boxes than what could be done with Google docs. This was before Google's presentation tool, but, again, the constraints are as frequently the people as the tools.
Sure, the usual cautions about sensitive information apply. But then, aren't we placing a lot of silent trust in Mr. Softy? One wonders if some hidden assertions might not be poorly founded here...

Re:Everything old is new again (1)

ByOhTek (1181381) | more than 6 years ago | (#21491591)

Quite true, but a lot of people don't have things they consider critical on their computers.

Personally, I wouldn't use it (or would at least keep a backup of anything I don't want to loose), but there are a lot of people who wouldn't care if someone else looked at their data. Data corruption/loss would be a problem though.

Less Risk (1)

EgoWumpus (638704) | more than 6 years ago | (#21493915)

Data corruption/loss would be a problem though.

Less so, I think, than if you're asked to keep track of your own stuff. Businesses drop big bucks on making sure they have backups of all computer files because the average person simply cannot be relied upon to do it themselves, accurately and regularly.

Re:Everything old is new again (1)

ChrisA90278 (905188) | more than 6 years ago | (#21494059)

"...doesn't this sound just a little bit like a dumb terminal in terms of computing?"

No. I'd call it "Smart Termional". A dumb terminal is simply a display device, smart terminal can run programs and interact with the user. It makes great sense to keep a word processing document on a server. It is small and only takes a few seconds to move the document to whatever "smart terminal" the user is logged into. If you have ever used one of those systems where your desktop follows your log in it is great. Log into in computer in the building and my desktop and all my data is right there where I left it. Wouldn't it be great if I could do that on any computer world wide? I can't do that with large data sets like the video I'm editing or even my iTunes library but smaller documents and email yes.

Upload (5, Funny)

niceone (992278) | more than 6 years ago | (#21491307)

Once installed, you upload your files by right clicking on them and selecting "I'm feeling lucky".

This sounds fun (3, Funny)

DeeQ (1194763) | more than 6 years ago | (#21491331)

first thing I'm going to put up there is personal information to others. Any bets for how long till they are compromised?

Re:This sounds fun (0)

Anonymous Coward | more than 6 years ago | (#21491475)

I won't bet until you tell me your password. Once you do that, I will give you my bet (which will probably be on the order of how fast I can type).

Seriously, how long before compromise?

It is going to depend on the strength of your password and the strength of Google's security and policies and procedures. Can some admin at Google expose your data? You bet. Is their security now a concern for you? Yep. If your password is your parents' address and your wife's name is your data safe? Nope.

Re:This sounds fun - Killing Off Identity Theft ! (2, Interesting)

thosf (981274) | more than 6 years ago | (#21494437)

Besides having google list paid advertising messages with the data, I think your suggestion (with a twist) has Excellent merit.

Here's what we should all do. Post phony-balony (fictional) data so it can be harvested and merged with the existing data that compromises the identity theft databases.

After several months, the database will be all but USELESS because they won't know what data is valid and what data is false.

No one will want to buy identity data if it contains so much false information, that it becomes useless. It actually becomes DANGEROUS to the purchaser because there's significantly reduced payoff - while it increases the perpetrator's exposure to risk of detection and prosecution.

Every place you visit on the web should be an opportunity to "salt" it with fiction. I recommend that you forward this idea to everyone you know to rapidly make this happen.

I am starting this initiative here and now by posting my (false) data:

Robert DeScully
6733 Orion Ct. Apt-B
Ann Arbor, MI 48109
Occupation: IRS Auditor
Annual Income: $187,200
Soc. Sec. No.: 853-98-1294

To paraphrase mayor Daly, "Post soon and post often" (he actually said, "Vote soon and vote often.")

Call Me Paranoid (4, Insightful)

cybermage (112274) | more than 6 years ago | (#21491349)

In an age of sealed warrants, if the government even bothers with that, why would anyone put their data out of their sight? When it comes to privacy, I cannot see how the benefits outweigh the risks.

Re:Call Me Paranoid (2, Insightful)

TimeTraveler1884 (832874) | more than 6 years ago | (#21491439)

In an age of sealed warrants, if the government even bothers with that, why would anyone put their data out of their sight? When it comes to privacy, I cannot see how the benefits outweigh the risks.
Well see, there is thing called "encryption". If used properly, it can be quite effective in maintaining one's privacy. With Google's track record of protecting user's privacy, I would not be surprised if the service automatically encrypts the data during transit on the desktop and Google does not transmit the keys to their server.

I did not RTFA, so I think it will depend on if they plan to give this service away for free and data mine what you are storing. In any case, if they don't encrypt it, then you are free to encrypt the data yourself beforehand as a user.

Re:Call Me Paranoid (2, Interesting)

cybermage (112274) | more than 6 years ago | (#21491913)

Well see, there is thing called "encryption".

Okay, some wing-nutty paranoia now. Is there any form of encryption that you believe people like the NSA cannot crack? I suspect stories like "Skype encryption too tough for German police" [zdnetasia.com] are a ruse to encourage criminals to use the Skype which is likely easier to track, and certainly less portable, than prepaid cell phones.

Besides, if Google doesn't do the encryption, 99.99% of the data will not be encrypted. That should make the people with something to hide pretty easy to pick out.

Re:Call Me Paranoid (1)

mwilliamson (672411) | more than 6 years ago | (#21492091)

>Is there any form of encryption that you believe people like the NSA cannot crack? Yes, the NSA cannot crack one time pad encryption (OTP), nor will the every be able to. Provided you generate your OTP keys using a pure random number generator (not pseudo-random...so software-based is out of the question), this system is uncrackable. An associate of mine created such a pure random number generator based on radioactive decay. Provided you don't loose (or ever loose) your keys and have a secure way to exchange your keys beforehand, OTP works.

Re:Call Me Paranoid (1)

TheRaven64 (641858) | more than 6 years ago | (#21493499)

To be secure, a one time pad needs to be bigger than the data it is encrypting (you need one page per symbol, and the size of each page needs to be big enough to represent each symbol). This makes it pretty useless for storing data on someone else's server, since you need to securely and safely store more data locally and so could just store your data, rather than your key.

Re:Call Me Paranoid (1)

pyite (140350) | more than 6 years ago | (#21492165)

Is there any form of encryption that you believe people like the NSA cannot crack?

Yes. I find it highly unlikely that the NSA can crack AES-128 and beyond. The algorithm has been extensively critiqued and found to be strong. And 128 bits and above is beyond the ability of a brute force attack.

Well, you're not totally paranoid. (1)

raidfibre (1181749) | more than 6 years ago | (#21492863)

I'd be highly surprised if they could even decrypt triple-DES easily. (for very difficult values of easily).

DES is singly the most researched encryption algorithm, and as such it shouldn't be written off yet, but I'd say it could be trusted in the form of triple DES.

You make a good point that anything over 128 bits is uncrackable by brute force methods. There are other ways of reducing the effective number of bits, however; these are generally purely academic in nature (differential, linear cryptanalysis). And of course there's always the fact that at some point the data will be unencrypted in order to be useful, which brings about my favorite form of cryptanalysis: the "rubber hose" method. (credits to Bruce Schneier)

Torture is the easiest form of cryptanalysis by far. Thugs are cheaper than PhDs.

- MK

Re:Call Me Paranoid (2, Interesting)

fyngyrz (762201) | more than 6 years ago | (#21493209)

The algorithm has been extensively critiqued and found to be strong.

...and if the NSA could crack AES-128, what would you expect to hear from them and any security-cleared academics involved? Let me lay it out for you bluntly. They'd say something along the lines of "The algorithm has been extensively critiqued and found to be strong."

Also, there's quite a difference between what Dr. Joe Honest, working on his stipend until 4pm each day with what he, his TA, and his mighty 3 GHz windows or linux machine can do, and an organization that has billions in budget normally, can get more anytime they ask, no difficult goals but breaking encryption and signal intercept, and which has made it a point to hire as many of the best minds in encryption as possible for, oh, say the last fifty years or so. And this in a world where quantum attacks are thought to be only a matter of sufficiently developed technology.

Personally, I think if you depend upon encryption, someone, somewhere, is quite likely to be archiving your data in the clear. Even if the decrypt mechanism "trick" involved was no more complicated than scooping your OTP off your computer without your knowledge. Which we all know cannot happen. (cough.)

If you want security from generic canvasing of your data, put it on a machine that has no network connection, and ensure that said machine has considerable physical security, right up to and including a Faraday cage [wikipedia.org] . It won't stop anyone who physically comes after you, but your data will remain unscanned as long as you remain of no interest to the authorities. Past that point, you could wake up and find your Faraday cage missing, computer and all. :-)

And of course, nothing so quaint as that old-world concept of a "warrant" will impede them.

AES security and crypto in general (3, Informative)

Beryllium Sphere(tm) (193358) | more than 6 years ago | (#21494299)

As the old saying goes, if you count on crypto to solve all your problems you don't understand crypto and you don't understand your problems.

The point that your data can and will be attacked while it's in plaintext is well taken. A networked machine running a web browser (the Sendmail of the 21st century) is a low security device, even with a good operating system. Google for "Scarfo", the mobster who was using PGP but also had an FBI keylogger on his computer.

As regards AES, though, we've got good reason to think it's resistant to cryptanalysis. The NSA is also in charge of protecting government secrets from foreign snoops and has approved AES for protecting classified data.

The low security of a workstation cuts both ways in an argument about gDrive: because your data is already at risk sitting on your hard drive, storing it encrypted on gDrive might not be any worse.

Security without threat modeling is like bricks without straw. What are we protecting data against? Loss, primarily. I trust Google's backups more than I trust mine (but I'd tell a client to look for a provider willing to sign an SLA). Unauthorized copying by crackers? AES should be an adequate control to cover that risk. Subpoenas? An attorney with two brain cells to rub together will subpoena the decryption keys, so no help from AES there. Vacuum-cleaner style mass government surveillance, looking for keywords like "Tibet" or "Falun Gong"? AES should prevent that. Government criminal investigation? You could (in the US) argue that surrendering the keys would be self-incrimination and end up paying a lawyer lots of money to argue the point for years. Expensive and undependable security, but then in a criminal investigation there's not much security difference between gDrive and your local machine anyway.

If you have security needs you should do an analysis like that last paragraph, only longer. For lots of people encrypted files on gDrive might be just fine.

Re:Call Me Paranoid (1)

Stooshie (993666) | more than 6 years ago | (#21491977)

... I would not be surprised if the service automatically encrypts the data during transit on the desktop ...

That technique is already used on a site called www.passpack.com [passpack.com] . You log in using your account and the site downloads a password protected zip file to your browser. You then type in a second password to unzip the file you can then edit the data/files. when you are finished the file is zipped (password protected) and re-uploaded to the server.

This means the file on the server is protected (128 bit I think) and even if someone hacked the server and found your account on the database they would find it extremely difficult, if not impossible, to access your file. Even an insider to the site would have the same problem.

Re:Call Me Paranoid (2, Insightful)

Anonymous Brave Guy (457657) | more than 6 years ago | (#21492029)

With Google's track record of protecting user's privacy, I would not be surprised if the service automatically encrypts the data during transit on the desktop and Google does not transmit the keys to their server.

I'm sorry, what track record would that be?

Google are quite possibly the world's leading authority on automated information gathering. After all, their ad-based business model fundamentally relies on being able to target those ads, and the continued success of their primary service, the search engine, depends on how effectively and comprehensively they can process the entire WWW.

As we have seen in the past, with everything from Google Street View to the leaks from a certain other popular search engine to Google Groups archives, vast databases like this will inevitably include information that people might have expected to remain private, and these services can make it accessible (deliberately or otherwise) to the entire world.

Google are a business like any other and, despite all the "do no evil" rhetoric, they will still do whatever they can get away with to make a profit for their shareholders, and they can still be compelled to disclose any information required by law (and laws can change).

Right now, it probably is no exaggeration to say that Google is the single greatest threat to privacy the world has ever seen.

Re:Call Me Paranoid (1)

TimeTraveler1884 (832874) | more than 6 years ago | (#21492489)

I'm sorry, what track record would that be?
For one, there is refusing demands for search data. [washingtonpost.com]

As we have seen in the past, with everything from Google Street View...
I don't agree with this, but the Google Street View is in general a continuing debate. I am speaking specifically of data that you submit to Google willingly. Not data captured by Google through your public exposure. Google does not break in to your home and take "Google Cribs View" panoramas of your home interior and publish them online.

...this will inevitably include information that people might have expected to remain private...
In the information age, perhaps people's expectations need to change? It needs to be realised what you really do in public is not local but global.

Google are a business like any other and, despite all the "do no evil" rhetoric, they will still do whatever they can get away with to make a profit for their shareholders, and they can still be compelled to disclose any information required by law (and laws can change).
While I don't think it is quite as cuthroat as you make it out to be, I generally agree. The only person that has your best interests in mind is you. So you should take precautions: don't allow truly private data online and if you do, encrypt it or accept the risk. When people start stealing that data, which Google does not do, then I'll break out the pitchforks and torches.

Privacy must be defended (1)

Anonymous Brave Guy (457657) | more than 6 years ago | (#21494101)

In the information age, perhaps people's expectations need to change? It needs to be realised what you really do in public is not local but global.

Alternatively, maybe we should introduce legal safeguards that apply to data, taking into account the much greater storage, data mining and communication facilities available today? Just because we can do something, does not mean we should, particularly where "we" means governments, businesses or other groups with disproportionate resources rather than private individuals.

In fact, I would argue that to some extent this is inevitable. Everyone does things in "public" (which apparently includes people observing things inside your home from outside, for the purposes of this debate) that might be embarrassing as a minimum, or potentially even dangerous. It needn't even be what you were actually doing or some item you actually possessed; anything you could be misconstrued as doing or appear to possess counts, too.

Have you ever left a credit card statement on a desk visible from a window? Mistyped a password in a clear text field and then immediately deleted it? Followed a link from a normally reliable web site and found the content that appeared on your screen was not what you expected? Said something in your home that might be misunderstood if taken out of context? Had a visitor who looks a bit like someone who's been in the news recently? Of course you have, many times, and so has everyone else.

If we go down the path of saying everything that ever happens that is observable even momentarily from a public location may be permanently recorded and searchable by absolutely anyone, then privacy will be dead and we will have killed it. Humanity has evolved to respect privacy for a variety of good reasons, and the consequences of breaches in privacy can be life-changing or worse. If the highly resourced Big Guy gets to do whatever he likes in terms of invading the Little Guy's life (as long as it's done from a public place, naturally) then we're basically condemning anyone to suffer arbitrary, unaccountable damage if anyone else doesn't like them, and that is not a healthy path to tread.

that is what a warrant canary is for. My storage. (1)

enselsharon (968932) | more than 6 years ago | (#21492571)

... provider publishes a weekly statement indicating that no warrants (secret or otherwise) have been served on the hardware/premises, etc.

You can see it here:

http://www.rsync.net/resources/notices/canary.txt [rsync.net]

As for offsite backups in general, I trumpet this service as loudly and as often as I can - it surprises me that the FOSS (and privacy/crypto) communities do not talk more about rsync.net - they do things the right way.

You won't ever be able to pick up the phone and talk to someone at google, and you certainly won't have a totally open, standards-based filesystem.

Underground storage (1)

InvisblePinkUnicorn (1126837) | more than 6 years ago | (#21491357)

Methinks this trend will create a network of vast underground datacenters so large that archaeologists of the distant future will be left wondering whether we were created by metallic silicon creatures.

Re:Underground storage (1)

Khuffie (818093) | more than 6 years ago | (#21491511)

And when they discover how to extract that information from the datacenters...will be distracted by the vast amounts of pr0n.

Forever in Beta (1, Funny)

Anonymous Coward | more than 6 years ago | (#21491369)

Though the article doesn't come out and call the project 'gDrive' or anything like that...

Ofcourse, it'll be gDrive Beta.

Filesystem over IMAP. (1)

dannycim (442761) | more than 6 years ago | (#21491371)

Fudge, I had just started to write a virtual filesystem driver using IMAP as a back-end. (Not fast, but gmail's 5.2G is free.)

Oh well, I'll put it on the back-burner until I hear more.

Careful - Amazon has a patent. (0)

Anonymous Coward | more than 6 years ago | (#21491467)

They developed that just after one-click.

Useless to me w/Rogers (3, Interesting)

brunes69 (86786) | more than 6 years ago | (#21491393)

Unless Google can lobby Rogers to get rid of its arcane practice of capping usage at 60GB / month for it's standard high speed, me, and around 50% of people in Canada with high speed internet, can not make any real use of this service.

It is pretty sad that a company will give you a nice 6 Mbps link only to cap you at 60 GB, which you could exceed in only 1 day of saturating your link.

Re:Useless to me w/Rogers (2, Insightful)

chrish (4714) | more than 6 years ago | (#21491719)

Not to mention the standard North American practise of providing terrible up-stream speeds on cable and DSL lines. It'd take ages to upload 5GB (or whatever GMail's current limit is) of data.

I'm too impatient to back up 5GB of data over my 100Mbit LAN, I'm not doing it at "up to" 800kbits/sec.

Amusing... (-1, Troll)

DaedalusHKX (660194) | more than 6 years ago | (#21492379)

I am very patient with that... know why? I bring something from the ancient times with me.

They used to call it a book, very amazing stuff these books, they could display their information and maintain storage even during magnetic interference or EMP blasts, though still quite vulnerable to heat and acid based attacks.

Re:Useless to me w/Rogers (1)

empaler (130732) | more than 6 years ago | (#21494097)

I love my capless 10/10 pipe. M4 ph4t p1p3, as I call it. I could have a 20/20, but that'd just seem so wasteful.

possibilities (2, Insightful)

rgiskard01 (1117515) | more than 6 years ago | (#21491403)

As a recent convert to google apps, this is very interesting. I have/still have all the concerns about my privacy, but the offering was too tempting to pass up. Of course I use the Firefox Customize Google add on, but also don't really put anything sensitive up there. If they build it right, it could be very nice. I've tried all the online backup apps, and outside of Mozy, don't really like any that much. But I'm now all Linux, so Mozy is no longer an option. Anything that competes with Microsoft is a good thing!

Re:possibilities (1)

gbjbaanb (229885) | more than 6 years ago | (#21491605)

FTA:

The Mountain View, Calif., company plans to provide some free storage, with additional storage allotments available for a fee
Sounds exactly like Mozy [mozy.com] , but with mozy you can excrypt everything with your own key, makes uploading no different but you have to decrypt any restored files yourself. Somehow I cannot see Google doing this as they'll want to use their technology to keep a single copy of a file on their servers if several people upload the same one.

I'm not sure how they'll manage to slip adverts in either, maybe you'll only be able to access file restores with a web UI?

So, all in all, Mozy is better. Now we all need to go tell them we want a Linux client to go with the Windows and Mac ones and not to take the piss with the alternative they light-heartedly suggest [mozy.com] : "Run a cron job of rsync, gzip and mcrypt piped over ssh to your friend's server over his DSL line."

OT: Mozy is a great choice, if it works (1)

IsThisNickTaken (555227) | more than 6 years ago | (#21492683)

Just wondering if you've had success with Mozy. I have been using the OS X beta of Mozy's backup tool and have not been able to create a successful backup. I keep getting connection lost error messages when it tries to upload my 2 GB VMware virtual disks.

Probabilities (1)

Anonymous Brave Guy (457657) | more than 6 years ago | (#21492113)

I have/still have all the concerns about my privacy, but the offering was too tempting to pass up.

And that is why things in today's database-driven, surveillance-obsessed society are going to get very much worse before they get better.

It's quite sad that even after the big leak here in the UK last week, things have gone quiet on the political front and there isn't a sustained media attack on our underpowered privacy and data protection laws.

Re:Probabilities (1)

rgiskard01 (1117515) | more than 6 years ago | (#21492665)

True.

But there are things we can do in the meantime to limit our footprint and protect ourselves while taking advantage of some of the benefits services like Google offer. Granted it is a trade-off, but one can limit their exposure if they want to.

And things will get better. History shows things move in a pendulum. Civil liberties have been under attack in the past, and when things moved to far in one direction, events happened to turn the tide in the other direction. We will see the same thing here, and I think we are already. Unfortunately, we have gotten lazy. But if you look closely, I think you'll see the pendulum is slowing and civil liberties and privacy concerns will be protected to a greater degree in the near future.

At a minimum, a new Administration will be a breath of fresh air in this regard.

Thin client (1)

mrbill1234 (715607) | more than 6 years ago | (#21491437)

Thin client computing is on its way back - like it or not.

Though nothing new, this is a great idea who's time has finally come - particularly for people with mobile devices connected to wifi hotspots - both of which Google has been investing in.

Re:Thin client (1)

Anonymous Brave Guy (457657) | more than 6 years ago | (#21492211)

Thin client computing is on its way back - like it or not.

Why? What advantage does using all these on-line services actually offer me as the end user? How is this service better than my own hard drive (or having a remotely accessible server set up at home that I control)? How are Internet-based applications from the likes of Google or Salesforce.com better than installing software locally in any technical way?

All these services are basically just playing on the convenience of using a remote service, and that in turn is only relevant because of the absurdly awkward installation and maintenance processes people expect for desktop software. There is absolutely no technical reason these things have to happen, it's merely momentum in the marketplace.

Meanwhile, there are fundamental security, reliability and performance dangers associated with using any off-site service with an external provider. It all seems cute until your (or their) network connection drops out, or the service provider finds they're not making enough money and shuts the service down (which you can't do anything about with free services, since the provider is under no obligation to you), or the database leaks and compromises your personal information, or your costs for bandwidth and access to the services start to rise.

After the first few nasty accidents, I think people will have a very different view of these "convenient" external service providers, and I for one wouldn't bet on a thin client future just yet.

Re:Thin client (1)

mrbill1234 (715607) | more than 6 years ago | (#21492423)

1) Most people don't have the technical savvy or the desire to setup a remotely accessible server, let alone have the headache of backing it up and keeping it operating.

2) This is not a technical issue, but rather one of convenience. You can iron your own shirts too - and loads of people do, but loads of people pay someone else to do their ironing too. I'm not saying that Thin Clients will take over, but they will have a fair share of the market.

3) Yes there are risks with an online provider, but hey, there are risks with running your own setup too. Each individual or business will have to weigh those risks and the costs of running and maintaining each one and decide which to use.

To be honest for the majority of people, most of what they do on a PC _could_ be done via a browser interface. I'm not talking about power users or gamers - I mean most regular people. E-mail, web, standard office apps, and the odd specialist application.

Re:Thin client (1)

igb (28052) | more than 6 years ago | (#21493259)

What advantage does using all these on-line services actually offer me as the end user?
If you do all your computing in your proverbial mother's proverbial basement, and that basement happens to be a disused Minuteman silo, then what you say is true. But just as I want to be able to access my home directory whichever of my employer's offices I'm in, and I've been in them on three continents, I'd quite like to be able to have my private (home home?) directory available wherever I am. And my email. And my contacts. And my calendar. And (personally) I'll trade access to it on the rare occasions the big data centre goes out for not having to do backups and figure out the replication strategy. Do I care if I can't access photographs of my holiday last year for twelve hours? No. Their loss, though, as my home disk crashes is king of bad.

Now I can lash some of that together with Google Apps and/or .Mac and/or Amazon S3, and indeed I have done that. I have a private WebDAV server in a data centre which I back up to S3, and I mount that WebDav'd directory on each of the machines I use (your company security policy may, and probably does,. vary). I run an IMAP server on it, a Squirelmail interface for when I need it, and I outsource the calendaring to Google. But it's a bunch of hacks. Back to Mac or whatever it's called is sort of tempting, but is a bit Mac-specific and will probably struggle over ADSL upstream bandwidth from home.

If there were a service which provided a desktop, accessible from a web page in the manner of Citrix Remote Access Gateway, from a thin client which contained no state, a large market of people who need computing but don't need games would be prime targets.

Amazon S3 (3, Interesting)

NickCatal (865805) | more than 6 years ago | (#21491459)

I already do this a bit with Amazon's S3 storage system. It is really nice being able to store files anywhere and paying all of $0.03/month for it.

But hey, I'll take free any day.

On a somewhat related note: It would be great if Google bought the LexisNexus people. Having public access to their database would be a great public service.

Re:Amazon S3 - really good (1)

Mopatop (690958) | more than 6 years ago | (#21493819)

I've spent the day implementing off-site backup with S3, and let me just say: It's freakin' awesome. If I had a reasonable upload, my MP3 collection would be on there. £15/month for 120G is easily worth it, and it's already on a RAID1 array.

I'd probably contemplate suicide if I lost it.

Re:Amazon S3 (1)

Jon_S (15368) | more than 6 years ago | (#21493899)

But will gFiles (or whatever) work with rsync. No rsync with S3 is what is holding me back from that.

Re:Amazon S3 (1)

caluml (551744) | more than 6 years ago | (#21494631)

I wrote a little version of something like this. Java + Fuse = mountable filesystem that is accessed via a process. Copying files to it encrypted, uploaded it, and made a note of it in a SQL table. Listing was SELECT filename FROM files;, and you could copy the files back from it. Worked fine.

User-centric Encryption needed (5, Insightful)

mwilliamson (672411) | more than 6 years ago | (#21491483)

Google needs to incorporate encryption with keys totally held and managed by the end user in such a way that even if Google is subpoenaed or shown national security papers, Google would be technically unable to access end-user's data. Another words, at no time should Google have access to any of the user's cleartext nor the user's secret key. Decryption would all be client-side. A subpoena or national security letter would have to go directly to the end user who would then at least know they are being served.

Re:User-centric Encryption needed (2, Informative)

BlueParrot (965239) | more than 6 years ago | (#21491535)

Technically they don't actually need to implement any form of encryption other than SSL for the transfer. There's already plenty of tools arround for users to encrypt their files, and truecrypt can even create an entire filesystem inside a single encrypted file. Thus all google really needs to do is to not prevent users from uploading files they have encrypted themselves. The client-side tools already exist, no need to reinvent the wheel.

Re:User-centric Encryption needed (0)

Anonymous Coward | more than 6 years ago | (#21491917)

Could Truecrypt's security become compromised if file access patterns could be observed at the filesystem level?

Re:User-centric Encryption needed (1)

Fleet Admiral (1020072) | more than 6 years ago | (#21492115)

They might be able to detect where the normal and hidden partitions are located on the disk by looking at read/write patterns, but I don't believe this would enable them to break the cypher

Re:User-centric Encryption needed (1)

mwilliamson (672411) | more than 6 years ago | (#21492189)

good point...this would be useful in finding the "container within the container" technique used in truecrypt. The national security letter would be written in such a way that the drives themselves would be monitored at a low enough level to confirm the probable hidden container. Of course, with GFS spread across multiple drive arrays connected to multiple servers connected to multiple data centers residing in multiple countries, it would be a real bitch to implement.

Re:User-centric Encryption needed (4, Insightful)

Zarhan (415465) | more than 6 years ago | (#21491575)

Not gonna happen.

Their business is advertising.

So, they will be reading through your documents so they can put up some ads when you are browsing your files online. Putting your home finance excel sheet to gDrive? Be prepared to see TaxPlanner ads on the sidebar. Putting your holiday photos to gDrive for backup purposes? They'll probably go through the EXIF data and send you ads about latest Canon products (or whatever your camera model is).

Re:User-centric Encryption needed (2, Insightful)

Anonymous Brave Guy (457657) | more than 6 years ago | (#21492313)

Not gonna happen. Their business is advertising.

Sorry, I've posted in this thread already so I can't mod you up. But your post is right on the money. All these people talking about encryption are forgetting that storing the data in an independently encrypted way simply isn't in Google's interests. And if people start encrypting everything themselves, as any smart user of the service clearly would if they used it at all, then Google will either find ways to link those users to other services so they can guess which profitable ads to include, or they will simply cancel the service if it isn't making money and isn't leading to something else they do making money.

Re:User-centric Encryption needed (2, Insightful)

jfuredy (967953) | more than 6 years ago | (#21494077)

Sorry, I've posted in this thread already so I can't mod you up. But your post is right on the money. All these people talking about encryption are forgetting that storing the data in an independently encrypted way simply isn't in Google's interests. And if people start encrypting everything themselves, as any smart user of the service clearly would if they used it at all, then Google will either find ways to link those users to other services so they can guess which profitable ads to include, or they will simply cancel the service if it isn't making money and isn't leading to something else they do making money.

It may be true that Google wants to be able to read your data to serve ads, but the real question is, how many people would actually use it on all of their data? And will Google go out of their way to prevent encrypted data uploads for the small percentage of intelligent and vocal users who want encryption? My bet is that they don't provide encryption, but that they don't prevent it either.

Re:User-centric Encryption needed (0)

Anonymous Coward | more than 6 years ago | (#21492587)

Hate to throw cold water on this, I think you have the right idea. But I once worked for a project that tried to implement just such a scheme and it had serious problems. The number of customers who didn't understand the system was large, even though it's remarkably simple. You end up with a great number of support calls saying "I lost my keys, please can YOU unencrypt the data". Further, in many juristictions, if you become involved with encrypting/decrypting users data then you become a target for legal actions to force you to break your contract with the user. To that extent, the laws of many countries are now inconsistent with themselves.

The most workable system is simply one that transparrently stores data, while a third party upload application does the transcryption. The owners of the storage system gain a great deal by encouraging their users to encrypt. If all data stored on the system is encrypted from its source then the storage system owners *cannot* comply (technically or legally) with any attempt to search, mine or divulge their users property.

Re:User-centric Encryption needed (1)

crt (44106) | more than 6 years ago | (#21493001)

That's what makes a solution like Amazon S3 [amazon.com] with Jungle Disk [jungledisk.com] appealing - your data is encrypted transparently before it leaves your machine with a personal, private key, and no one (Amazon included) can access it.

It's doubtful that Google or most other online storage provides will offer that however - they want to tie your data to their applications (e.g. edit your documents online, share your files through their web site) - and that just doesn't work if they can't read your encryption.

Encryption method? (2, Interesting)

BlueParrot (965239) | more than 6 years ago | (#21491493)

What kind of encryption would you use for this?

The most secure would be to store a single large archive of all your files encrypted with a strong cipher, but that has the disadvantage that you have to download it all to decipher it.

Alternatively you could encrypt each file separately, which would speed up access considerably, but also leak more information about what you are storing (i.e many small files vs one big one ).

I guess if the data is sensitive enough to require the former type of encryption you shouldn't transmit it over insecure connections to begin with...

Re:Encryption method? (1)

mwilliamson (672411) | more than 6 years ago | (#21491619)

There is no need to decrypt the entire file to be able to use it. You can design a file system so that only the blocks needed are decrypted and you can basically use the file system just like a live file system with the crypto layer keeping it all very much transparent. Using Google's online file storage in such a way that you could mount it like a drive, then sticking a truecrypt [truecrypt.org] container in it would give the desired effect of my previous post.

Re:Encryption method? (1)

roggg (1184871) | more than 6 years ago | (#21491791)

If data is sensitive enough, people won't outsource the storage to large, publicly accessible data centers. But for the mass market, I don't see a big problem. I already have my resume, household bills spreadsheet, and Christmas shopping list (not to mention all my mail for the past year) stored with google. I don't care about privacy for this data. I'm not up enough on home network security to do a better job protecting it than google, and quite frankly, the convenience of "access from anywhere", and publish/collaborate features outweigh any concerns I might have. In short, I am an average low-end user. I could see a market for isolated and encrypted corporate data stores, but that would be a different beast.

Re:Encryption method? (1)

Poromenos1 (830658) | more than 6 years ago | (#21491933)

Personally, I'd use the OSS gDrive file manager that will be developed, which will in all probability GPG encrypt each file before uploading and decrypt after downloading, rather transparently. It might even go one step further and assign random filenames to the files while keeping an encrypted lookup table to the original filenames so it can display them to you.

Re:Encryption method? - the answer is duplicity (1)

enselsharon (968932) | more than 6 years ago | (#21492633)

duplicity:

http://duplicity.nongnu.org/ [nongnu.org]

is a mash-up of (lib)rsync, tar, and GPG. Plaintext, normal filesystem on your end, and a big bunch of gibberish tarfiles on the remote end.

The remote end can be anything - it just needs to be accessible via plain-old scp/sftp (or ftp).

A new version of duplicity was just released and because of a bounty and ongoing funding provided by rsync.net:

http://www.rsync.net/resources/notices/2007cb.html [rsync.net]

there is a permanent maintainer dedicated to the project now. I don't use it for all of my data, because one of the main selling points of rsync.net was the ability to just connect and browse with any old sftp/scp based client - and that won't work if the files are all gibberish tarballs, but for my "important" data, I do use duplicity and point it at a special directory.

Re:Encryption method? (1)

MoralHazard (447833) | more than 6 years ago | (#21494753)

Or, you could use per-block encryption to allow random seeking on file access operations, with block granularity. You might think that block granularity isn't true random access, but it's what hard drives do (you have to read/write from the drive in terms of 512-byte sectors, not individual bytes).

This method has a side effect of reducing the amount of side-channel information that a server-side spook-installed tap can gather. He'll see your access patterns, in terms of whether you're reading and writing small or large chunks, whether your access is largely contigous or not, etc. But he doesn't know which block belongs to which file, so this information is of limited usefullness to him, aggravated by the amount of fragmentation in the "partition".

Actually, you could implement a model of this right now: export an iSCSI volume on the "server" side, and mount it on a Linux client that supports some kind of block-level encryption. This doesn't guarantee the data integrity against third-party tampering, so you'd probably want to add IPSEC IKE to the connection, too, which is minimally performance-impacting.

A very old idea (2, Informative)

Rob T Firefly (844560) | more than 6 years ago | (#21491523)

This shouldn't be a surprise to anyone. It's Google, and it's one of the oldest ideas on the Internet which they haven't yet done; before the dot-com bubble burst there were at least half a dozen sites that claimed to provide an online "drive" of sorts - X-drive and E-drive are ones that come to mind, I think they advertised on the radio. Going further back, I remember using an online storage service on CompuServe in 1995 or so.

storage g-spot (0)

Anonymous Coward | more than 6 years ago | (#21491527)

is the name of the service

Microsoft's Dream (0)

Anonymous Coward | more than 6 years ago | (#21491533)

This is essentially Microsoft's dream world.

Don't pay for a computer, let Microsoft 'give' you one. (for a low monthly fee)

Don't need a harddrive, let Microsoft store your data for you. (for a low monthly fee)

Don't buy applications, let Microsoft 'provide' them to you, on-demand. (for a low per-usage fee)

'Mainframe' computing is coming back. Be prepared to pay for cpu-cycles again. Don't worry, they will handle it just like the cell-phone model. Pay a low monthly fee, and then get nickled and dimed for all the extra 'little things' you have to add to make the service worthwhile.

Just don't expect any security, reliability, and oversight, those are just annoyances, consumers shouldn't worry about that stuff.

It's just like paypal, that wants to act like a bank, without any regulation, insurance, oversight, etc.

Don't worry your pretty little heads over this, Corporations always know what's best for us.

TrueCrypt support would be tasty! (2, Interesting)

Jugalator (259273) | more than 6 years ago | (#21491581)

Hmm, if Google's encryption plans are lacking, how about a mountable GDrive in TrueCrypt, popping up as a partition with the traditional encryption methods of TrueCrypt? :-D

:-------D

OK, so that was last part was really unnecessary, but still...!

So not smart. (1)

deepershade (994429) | more than 6 years ago | (#21491847)

I really hope I'm not the only one that doesn't believe it's too smart a move for anyone to store all their data in a place that they can't physically access.

Re: So not smart. (1)

th3rtythr33 (1191409) | more than 6 years ago | (#21494067)

It may not be a great place for your sensitive data, or for a single copy of data - but it might be a great place for every undergraduate college student in the world to back up their homework. That way, when limewire unleashes its viruses they don't have to beg for mercy from their die hard instructors.

Isn't this taking a step back? (1)

whowe82 (996252) | more than 6 years ago | (#21491865)

I love Google, don't get me wrong, but isn't this a step back? Privacy would be another concern. I think I'll just keep sticking my data on my home Terabyte NAS so I can keep it semi private.

android (1)

jwegy (775655) | more than 6 years ago | (#21491987)

I imagine this will be a big part of the android platform. Any android device can be a 'dumb' terminal for your data. Let's just hope it's encrypted for the sake of the people that will inevitably place sensitive data on their 'g-drive' via their phones.

Re:android (3, Insightful)

4D6963 (933028) | more than 6 years ago | (#21492325)

Any android device can be a 'dumb' terminal for your data.

Excuse the necessary pedantry, but do you realise that something cannot be a "dumb terminal for data", and that it's quite an insensible way to formulate it regardless of what the term "dumb terminal" actually means? Are you aware of the fact that "dumb terminals" involve remote processing, and not mere access to remote data? I just had to clarify this, as people keep talking about dumb terminals and thin clients as it actually has little to do with the topic at hand.

Re:android (1)

jwegy (775655) | more than 6 years ago | (#21492877)

Yes, I'm quite aware of what constitutes a dumb terminal, such as my VT 420 which is a dumb terminal depending on your pedantic threshold ;-).
Regardless, I did put the term in quotation marks which is common syntax to show disagreement with the way the word is being used.
I was simply eluding to the fact this may play a role in their android platform for mobile phones. In that context, thin client is a more appropriate term(hence the quotes for dumb terminal). This is especially true if you couple a web application(or web service) accessed from the phone with their online storage.

So how is mass remote sata storage (1)

future assassin (639396) | more than 6 years ago | (#21492039)

any easier and safer then buying and external HD for $120 or less and sticking it into your USB port? I'd trust a corporation with my own data as much as I'd trust a crack head to hold my ball of coke while I tie my shoes.

Some say well you can access your data anywhere! What data? Your financial data? Health Data? I sure as hell wouldn't trust anyone but the party thats needs that data with keeping it private/safe. If its online its gonna get snooped on eventually.

The new P2G2P (1)

Thanshin (1188877) | more than 6 years ago | (#21492107)

So anyone will be able to take the latest movie, upload it to a google account, and give the password in a forum.

It's like P2P but Google pays the uploading bandwidth!

You could even use the movie name for the account:

0000000000-MoviesAhoy-TheMatrix
0000000001-MoviesAhoy-Slashdot, the movie
0000000002-MoviesAhoy-Pr0n (1) ...
0003814661-MoviesAhoy-Pr0n (3814660)

I don't get it (1)

jav1231 (539129) | more than 6 years ago | (#21492171)

Haven't we the public shown that we don't want our data online this way? And they pursue it anyway. You hear all of these reports about Google becoming the next Microsoft. This sounds very Microsoftish.

Re:I don't get it (1)

LWATCDR (28044) | more than 6 years ago | (#21494289)

Flicker, YouTube, Gmail, Hotmail, Yahoo briefcase....
The public has show that it loves putting its data on the internet.
Hack I use gmail/yahoo mail for backups. I just email files that I want to backup from my gmail account to my yahoo account. Instant redundant off site backups.

Re:I don't get it (1)

CdBee (742846) | more than 6 years ago | (#21494561)

Speak for yourself

Web apps like google docs and gmail are great as now I can have all my wordprocessing and spreadsheets accessible from any compliant computer, and from my laptop and desktop without sync issues. Nothing confidential goes into it, but for everything I'm not sensitive about its fantastic

Likewise online storage. I'll use it to back up any files i wouldnt care if the word saw, like my old holiday photos, my mp3s, maybe some downloaded video if usage allowances permit. Presently my photo album and my self-made videos (phone-cam stuff) are all in S3 as I can't really replace my memories if I lose them, and onsite backup isn't reliable enough (think fire, drive lifespans, DVD-R lifespan, etc).

I used to run an SFTP server on my main machine so I could access my stuff while away. No need any longer.

already working great (0)

Anonymous Coward | more than 6 years ago | (#21492307)

They are increasingly using the Web to access applications and files stored in massive computer data centers operated by tech companies such as Salesforce.com Inc., Microsoft Corp. and Google. Such arrangements, made possible by high-speed Internet connections between homes, offices and data centers, aim to ease users' technology headaches and, in some cases, cut their costs."
Why yes, I personally access all my music, movies, tv shows, applications and porn from a massive computer data center called bittorent and have found it to reduce drastically my costs !

Already Done it;s called Amazon S3 (2, Interesting)

bangzilla (534214) | more than 6 years ago | (#21492561)

Amazon has been doing this for ages - very well I might add. What does Google bring to the party. Advertising? Big whoop. I like the privacy of my data. I don't want Google scanning my data as it scans my email. That's taking things just too far. What next? Google coming around to my house to check my desk draws.....?

Re:Already Done it;s called Amazon S3 (2, Interesting)

yoduh (548937) | more than 6 years ago | (#21492975)

While I love S3, its not for the common person. If Google used an S3-style system as a good backbone and added a few very usable features it would be an improvement. I like the power of writing my own scripts and controlling what I send to S3, but I'd like to have more power to see what is in my buckets. I can do list command, but I'd like to know sizes and dates and to be able to query that information easily. Even just view it in a web control panel just to grab a small file from it.

Web based applications (1)

wilsonthecat (1043880) | more than 6 years ago | (#21493075)

Google's push underlines a shift in how businesses and consumers approach computing. They are increasingly using the Web to access applications and files stored in massive computer data centers operated by tech companies such as Salesforce.com Inc., Microsoft Corp. and Google

We've been hearing this prediction for 5 years now and it annoys me when someone makes it. Yes for for small businesses and home users, using online word processors, spreadsheets etc. makes sense as you don't have to worry about backup and you can share them. For medium sized businesses upwards it makes no sense at all. If your internet connection is lost, your business is screwed. For law firms for example, this can cost millions per day or even hour. There's also the usual issues about privacy and storage with 3rd parties.

Your position on this belies your experience (1)

gregory311 (1020261) | more than 6 years ago | (#21494823)

Ever notice how the techies almost always rail against remote storage while the normal computer users think it is a great idea ?

What is really interesting is that Google could, in theory, link duplicate files. For example if 10,000 people have the Will Farrel "SNL/Blue Oyster Cult" video in their storage area, Google could soft link to just one copy and break the link if one particular user ever edited it.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...