Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google's Gdrive Raises Instant Privacy Concerns

Zonk posted more than 6 years ago | from the yes-encryption-encryption-is-good dept.

Google 197

An anonymous reader writes "The rumor mill is already raging over the potential functionality and capacity for Google's online storage service we talked about earlier this week (the company says 'it makes sense' to put all its Web apps under the same umbrella). But Internet rights advocates are now crying foul over liability issues, a probable lack of encryption and a cash-cow model that could scan all your personal data for advertising keywords. From the article: "'Google would be wise to offer users an option to encrypt your information,' says Nimrod Kozlovski, a professor of Internet law at Tel Aviv University. 'It really needs to have really detailed explanations of what the legal expectations are for storing your info.'""

Sorry! There are no comments related to the filter you selected.

you have the choice (5, Insightful)

yagu (721525) | more than 6 years ago | (#21536145)

You have the choice to:

  • Not use the google service
  • encrypt your data you choose to store online with them
  • use some other service

Seriously, the issues raised are the same as with the other on-line storage services. And, this move by Google mostly integrates/consolidates what they already offer, albeit with the extension of storing any kind of data. I think it's great, I've started storing much of my data on line in various forums and I love the internet access. At your parents house and need a file? Download from the clouds. Got a special inside track on a new job and they need your resume, quick? From the clouds. Serenity now!

If you've got data you think sensitive, encrypt it, or figure out a different way to store it. Personally, from anecdotal, but plentiful, observation, those who store their data "in"/on the internet:

  • are far less likely to lose data
  • have much more universal access to their data
  • will probably spend less overall (no upgrades to disk drives) to store their data
  • and bother me far less with support issues

As for the screaming about Google figuring out a way to make money doing this, hwah? Kind of what running a company is about. And the more money they figure out how to make by ads makes the price point that much less for you and me, or anyone willing to trust Google. For the moment, I am. I'm assuming I'll get enough warning signs to not trust them, I'll move my data elsewhere. For now, good for Google.

This isn't new, just big. And, from a personal standpoint, I hope it's one more ding in Microsoft's armor. The more there are alternatives to data locked up in Microsoft's products, the better chances of real competition, and ultimately progress (finally!) in technology. (sorry, had to dig... this is slashdot, right?)

Re:you have the choice (1)

ByOhTek (1181381) | more than 6 years ago | (#21536243)

You make a lot of good points, but remember - the guy who the quoted from a lot of the complaints... is a nimrod.

Bad humor aside, you are right. It's not like anyone is being force to use it - it's not like anything is being changed and there are exising users - this is a new product and everything is out in the open. Like anything else network related: if it's important, don't put it on the web like a dummy.

Re:you have the choice (1)

davester666 (731373) | more than 6 years ago | (#21537619)

Yes. Basically, the article seems to read "the sky is falling because the exact same issues that apply to storing your email on Google's servers also apply to storing your document's on Google's servers".

For Encryption... (3, Informative)

epiphani (254981) | more than 6 years ago | (#21536361)

Use truecrypt. Open, GPL, quick and easy.

Re:For Encryption... (3, Informative)

cromar (1103585) | more than 6 years ago | (#21536669)

For the lazy [truecrypt.org] :)

Looks pretty cool, but I am guessing that it couldn't be used in conjunction with gDisk. Also, "only" Windows and Linux are supported.

Re:For Encryption... (4, Informative)

Mazin07 (999269) | more than 6 years ago | (#21536729)

You'd have to create a local encrypted "container" (which is a filesystem in itself), fill it with data, and then put it on your gDiskDriveSpaceBox.

It's like storing a safe at the rental storage unit.

Re:For Encryption... (1)

Random Destruction (866027) | more than 6 years ago | (#21537295)

There are programs that encrypt individual files a la truecrypt too. I don't recall which off the top of my head, but I had one set up for online data storage. The big benefit of this method is when you update one file, you upload one file, rather than your whole encrypted volume. The one I used even encrypted the file names, so you couldn't guess what they were other than by size.

Re:For Encryption... (1)

The MAZZTer (911996) | more than 6 years ago | (#21537387)

A safe that you would have to physically and completely remove and take all the way home before you could open it to add or remove anything, and then take it all the way back to commit your changes.

Re:For Encryption... (0)

Anonymous Coward | more than 6 years ago | (#21537609)

I'm not very familiar with the behind-the-scenes design of TrueCrypt, so I have to ask, in order to change, say, one file, does TrueCrypt have to re-encrypt the entire volume? It would seem like if you were creating an encrypted filesystem, you would have some sort of block-level encryption scheme. That is, when you wanted to re-encrypt a single file, you would only have to re-encypt the changed blocks of data for that file, and re-write just the blocks of the single file which changed, and possibly re-encrypt and re-write inodes/FAT or other filesystem data blocks.

It doesn't seem like you'd have to download the *entire* file and re-upload the *entire* file. But, again, I don't really know how either gDrive or TrueCrypt work. It may be that TrueCrypt can do block-level changes, but maybe gDrive, behind the scenes, downloads the whole file, makes the change, and re-uploads the entire file, instead of just a list of changed/appended/truncated blocks?

Re:For Encryption... (4, Informative)

PopeRatzo (965947) | more than 6 years ago | (#21537399)

Truecrypt is a really nice solution, not necessarily to gDrive (although it might be), but to protecting your privacy generally.

But I suggest you get it quickly. I believe that as soon as some "killer" encryption app that is user-friendly(for non-techies) and secure comes along, we will see efforts to outlaw private, personal use of encryption.

There's a guy named Zimmerman who can tell you just how badly the government would like to make it against the law to encrypt data or communications. And the idea that he got in trouble just because foreign countries could get hold of pgp is simply a flimsy excuse. There have already been cases where the personal use of encryption alone has been used as probably cause for the search and seizure of person and property.

Sure, I'm a paranoid, but that doesn't change the fact that the corporate authoritarians who are running our government are engaged in a full-court press to take away our freedom and our privacy. And they are succeeding at an unprecedented rate.

I hope one of you out there comes up with a simple app for encrypting data that works well with gDrive. And thanks, cromar, for the link to Truecrypt. I played with it a while back, but now I see that it's been improved to the point that I'm going to use it on all of my external storage.

Re:For Encryption... (1)

jawtheshark (198669) | more than 6 years ago | (#21537083)

Except Truecrypt ain't GPL [truecrypt.org] ... Otherwhise I'd be able to get it with an apt-get. I can't...

I do use Truecrypt on Windows, but I know it's limited to mainly Windows. The Linux support is nice, but it doesn't even have all features.

Re:For Encryption... (0)

Anonymous Coward | more than 6 years ago | (#21537429)

Not all GPL projects have Debian package maintainers, thus those packages will not be available through apt.. FYI, TrueCrypt is OpenSource but I didn't see a license listed on their SourceForge site.

Re:For Encryption... (1)

jawtheshark (198669) | more than 6 years ago | (#21537465)

I linked to the damned license, you dolt! It isn't GPL and you can bet that a very popular application would get a Debian package maintainer. Heck, I'd volunteer if it were GPL.

Re:you have the choice (2, Informative)

skeeto (1138903) | more than 6 years ago | (#21536415)

encrypt your data you choose to store online with them

I can think of at least one interesting way to set this up using FUSE [sourceforge.net] . Once this service becomes available, someone writes a FUSE filesystem for it. Then you use encfs [sourceforge.net] to mount an encrypted filesystem on top of the mounted gdrive. Viola! Mount a gdrive locally and hide its contents from Google too.

Re:you have the choice (1)

SpaceWanderer (1181589) | more than 6 years ago | (#21536895)

Is this do-able? How easy would it be for somebody to set this up who doesn't know anything about encryption

Re:you have the choice (1)

MarsDefenseMinister (738128) | more than 6 years ago | (#21537135)

encfs is a piece of cake. If you can use the mount command, you can use the encfs command.

Re:you have the choice (2, Informative)

skeeto (1138903) | more than 6 years ago | (#21537223)

EncFS does all the work for you. You can either go with the default settings or you can choose "paranoid mode" and it cranks everything to the max. Example,

$ encfs /tmp/enc /tmp/raw

Creating new encrypted volume.
Please choose from one of the following options:
enter "x" for expert configuration mode,
enter "p" for pre-configured paranoia mode,
anything else, or an empty line will select standard mode.
?>

Standard configuration selected.

Configuration finished. The filesystem to be created has
the following properties:
Filesystem cipher: "ssl/blowfish", version 2:1:1
Filename encoding: "nameio/block", version 3:0:1
Key Size: 160 bits
Block Size: 512 bytes
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.

Now you will need to enter a password for your filesystem.
You will need to remember this password, as there is absolutely
no recovery mechanism. However, the password can be changed
later using encfsctl.

New Encfs Password:
Verify Encfs Password:

Just had to hit enter, then make up a password.

Re:you have the choice (1)

lazlo (15906) | more than 6 years ago | (#21536553)

One other point: What this Nimrod is suggesting is that you can't trust Google to respect the privacy of your data, but that you can trust them to encrypt it for you. I don't quite see how that works...

Re:you have the choice (1)

omeomi (675045) | more than 6 years ago | (#21537483)

One other point: What this Nimrod is suggesting is that you can't trust Google to respect the privacy of your data, but that you can trust them to encrypt it for you. I don't quite see how that works...

Well, the first implies trusting the company and its policies. The second implies trusting the company _and_ any employee who has access to the data. At least if it's encrypted before being written to disk, there's probably a few less people who have access to the unencrypted data. I still wouldn't store anything sensitive on it that I hadn't encrypted myself. Frankly, I just store files on my Linux box, and SCP into it if I need a file...

Re:you have the choice (0, Offtopic)

Lord Aurora (969557) | more than 6 years ago | (#21536725)

AHHHH MICROSOFT rabble rabble rabble /rant

Re:you have the choice (0)

Anonymous Coward | more than 6 years ago | (#21536753)

You have the choice to:

        * Not use the google service
        * encrypt your data you choose to store online with them
        * use some other service

Seriously, the issues raised are the same as with the other on-line storage services.


Um, yeah. That doesn't mean that those issues shouldn't be raised to make dumb people aware of them.

Encryption as a double edged sword (5, Informative)

pwnies (1034518) | more than 6 years ago | (#21536157)

First off, if you're that concerned about your data being secure, you probably should just store it on a personal webserver and encrypt it yourself.
That being said, I really don't see this as a major concern for Google in relation to the success of Gdrive. A large percentage of people today really don't care about whether or not their personal data is scanned an analyzed, as proven by the information people list on social networking sites like facebook, myspace, livejournal, etc.
So the real question here is whether or not Google (and the small percentage of users that would use encryption) would benefit enough from this feature to offset the time needed to develop it and the hassles that will come along with it. I think that alot of the users wont realize that if Google encrypts their data with the password that the users provide, then there will no longer be that friendly "Forgot your password? Let us reset it for you." button. People will then be constantly complaining that they can no longer access their data if they forgot their password and had it reset (Because the data is encrypted based on their old password obviously). The only way that Google would be able to recover that data for the user is a.) by brute forcing it, or b.) by using precomputed hashes in a rainbow table format (though something tells me that Google is smart enough to use salts and this wouldn't be an option). Realistically, even Google doesn't have the resources to go around brute forcing people's passwords. This means the only real way that Google could encrypt the data would be to store their passwords as plaintext in case the user forgot it, which is really just providing security as the cost of losing alot more security. All in all I don't see the process being beneficial for Google or the users.

Re:Encryption as a double edged sword (0)

_14k4 (5085) | more than 6 years ago | (#21536311)

I think that alot of the users wont realize that if Google encrypts their data with the password that the users provide, then there will no longer be that friendly "Forgot your password? Let us reset it for you." button. ...why would the button go away? Why can't the security questions, mother's maiden name, and whatnot be answered just like they are today? Because now there are file up there on the Google servers? If your security questions are as crappy as your passwords... you probably won't forget your password.

Re:Encryption as a double edged sword (1)

Asgard (60200) | more than 6 years ago | (#21536431)

If the contents are encrypted then Google can't have the password (or else it is useless), so there is no way for them to provide you with your password. The best they can do is wipe your drive and give you a clean slate.

Re:Encryption as a double edged sword (1)

_14k4 (5085) | more than 6 years ago | (#21536763)

...you are making the assumption that the gdrive would have a different password, no?

How is gdrive any different than the current docs.google.com with a different API tacked on?

Re:Encryption as a double edged sword (4, Informative)

nahdude812 (88157) | more than 6 years ago | (#21536851)

The idea behind encryption is that even Google shouldn't be able to read your data. If Google holds both the encrypted data and the key, then it is barely different from having it stored unencrypted, but you get to keep your "Forgot the password to my data" option. If Google can't read your data (as is being suggested in the article), then it also can't give you access to it when you forget.

Re:Encryption as a double edged sword (1)

_14k4 (5085) | more than 6 years ago | (#21537095)

Ahh, gotcha. I was figured I'd just create a truecrypt volume/file up there, and go with that. ;)

Re:Encryption as a double edged sword (1)

BUTT-H34D (840273) | more than 6 years ago | (#21537153)

Encrypt all you pr0n, huh huh, I mean important data with a key that google holds. But encrypt that key with another one, that you email to yourself in hotmail. Dumbasses.

*snerk* (0, Offtopic)

bladesjester (774793) | more than 6 years ago | (#21536197)

I have no plans to use gdrive or google apps for the reason outlined as well as others.

However, I have to ask...

Am I the only one who got a chuckle out of the professor's name? Nimrod

Re:*snerk* (1, Informative)

Anonymous Coward | more than 6 years ago | (#21536341)

I'm not sure where Nimrod got such a bad rap -- as king of Assyria he was anything but a dork.

And his surname is KosloWski, not KosloVski, as it is in the fine summary.

Re:*snerk* (1)

themushroom (197365) | more than 6 years ago | (#21536485)

Only a Nimrod (Kozlovski) would risk all their data like that. :)

and Workman (0, Offtopic)

rueger (210566) | more than 6 years ago | (#21536641)

Aficionados of Appalachian culture will surely know the name Nimrod Workman [wikipedia.org] , who made a name for himself as a folksinger after retiring from a life as a Kentucky coal miner.

Check out Appalshop [appalshop.org] for recordings and a film about Nimrod. [appalshop.org]

Re:*snerk* (1, Offtopic)

mrmagos (783752) | more than 6 years ago | (#21536941)

Am I the only one who got a chuckle out of the professor's name? Nimrod

What's so bad about being a hunter?

Re:*snerk* (1)

Culture20 (968837) | more than 6 years ago | (#21537183)

Genesis 10:8 Cush was the [father/ancestor] of Nimrod, who grew to be a mighty warrior on the earth.

Re:*snerk* (0)

Anonymous Coward | more than 6 years ago | (#21537593)

Strong Bad TGS:10 Corn is no place for a mighty warrior.

but what (2, Insightful)

old and new again (985238) | more than 6 years ago | (#21536223)

if i don't care about the privacy of the data i'm uploading, what if i upload random pron and i just want the space (i f i have something private, ill pay for my own hosting and encrypt ot my way, not google's way

Nimrod Kozlovski (0)

Anonymous Coward | more than 6 years ago | (#21536249)

And I thought I had it bad growing up!

Re:Nimrod Kozlovski (3, Funny)

sm62704 (957197) | more than 6 years ago | (#21537691)

Well hell, with a name like "Anonymous Coward" I can see why you would get picked on. My name got its share of yuks, especially since I wore coke bottle glasses* "Oh, mcgrew, you've done it again!"

But I really felt sorry for another kid in class, Charlie Salmon.

-mcgrew

* Coke bottles used to be made of very thick glass back before the stone age. Mr. Magoo was a nearaly blind cartoon character who was too vain to wear his glasses and unwittingly did good in every episode. Yes, I'm a geezer. I see they brought Charlie Tuna back.

No, Google does NOT need to use encryption (5, Informative)

Sycraft-fu (314770) | more than 6 years ago | (#21536255)

Because that's not useful. If they encrypt your data for you, guess what? They have the key! If you want your data safe from them, YOU need to encrypt it. That's just how it works. If you send your data in the clear to someone else and then they encrypt it for you, that means they can get at your data. Same deal is you send them data and the encryption key as well (see AACS). The only way to give it to them, but not let them at it is for you to encrypt it yourself, and to not give them the key. Then and only then can you be assured that while they have a copy, they can't read it.

Seriously people, get Truecrypt, it isn't hard.

Re:No, Google does NOT need to use encryption (1)

barzok (26681) | more than 6 years ago | (#21536375)

Seriously people, get Truecrypt, it isn't hard.
Unless you're a Mac user. No TrueCrypt there (yet). Have to use other methods.

Moron (0)

Anonymous Coward | more than 6 years ago | (#21537389)

That's what you get for being stupid enough for getting an Abble Mak

Wrong. (1)

l4m3z0r (799504) | more than 6 years ago | (#21536537)

If they encrypt your data for you, guess what? They have the key! If you want your data safe from them, YOU need to encrypt it.

This is patently wrong. Why can't I supply them with a public key that they use to encrypt, but I never reveal my private key thats used to decrypt the data. I mean honestly this is what public key encryption was invented for.

That said they dont need the key as you gave them the DATA to encrypt in the first place. So you'd have to trust them that once they encrypt it they throw away that data stream. But this is not a problem of key distribution as we have already solved that.

Re:Wrong. (2, Informative)

Paul Rose (771894) | more than 6 years ago | (#21536633)

Maybe I'm just completely mising your point, but:

This is patently wrong. Why can't I supply them with a public key that they use to encrypt,

Because if they are doing the encryption then they have the plaintext.

They store two copies, the text that they encrypt and allow you to read, and the plaintext that they mine for info.

Re:Wrong. (1)

Professor_UNIX (867045) | more than 6 years ago | (#21536795)

Why do you assume they would have the plaintext? Look at Mozy for an example of what the parent commenter was talking about. You can either use their key to encrypt your data, in which case they can also decrypt it without you needing a separate key, or you can use your own encryption key and the software encrypts the data which it before it sends it to Mozy's servers. Why can't Google do the same thing?

Re:Wrong. (1)

Paul Rose (771894) | more than 6 years ago | (#21536985)

Because the parent to my post says that "they" encrypt the data.
Maybe we just disagree about the meaning of "you" and "they" in this context.
If "you" use their software to encrypt your data before uploading it then I say that "you" are encrypting it.
That is fine so long as you trust the encryption software (perhaps you inspected the source, etc.).

Because in that case you gave them the plain text (0)

Sycraft-fu (314770) | more than 6 years ago | (#21536739)

The only way encryption keeps someone out is if they never get the plain text, and never get the key. If I give you a disc and say "Here, encrypt this with my key, then burn it," you can read the data before you do so. There's nothing I can do to stop you. Likewise, if I give you encrypted data, and give you the key but say "don't use this" you can look at my data because you have the key (this is what HD-DVD and Blu-Ray do). The only way to keep someone out is for them to have nothing but the cypher text. So if I give you an encrypted disc and no key and say "Keep this safe for me," then you can't read it.

Encryption isn't a magic wand you wave and make everything safe with. It is a system of mathematics that has some very real constraints on its use. If someone has the clear text at any time, or the decryption key at any time, you are implicitly trusting them with that data.

Re:Because in that case you gave them the plain te (1)

Ephemeriis (315124) | more than 6 years ago | (#21537005)

If someone has the clear text at any time, or the decryption key at any time, you are implicitly trusting them with that data.
Exactly. If you're already trusting Google to do the encryption or hang on to the key or whatever...then why bother having them encrypt it in the first place? Your privacy has already been compromised and you're already relying on Google to do what they claim they're going to do. If you are genuinely concerned about about your security/privacy then you aren't going to want to rely on Google for any of it - encrypt your own files, with whatever software you trust, and then upload them.

Re:Because in that case you gave them the plain te (0)

Anonymous Coward | more than 6 years ago | (#21537345)

Way to point out exactly what the poster was saying. The GGP said that you can't let google encrypt it because they have the key. That is stupid. The key allotment isn't the problem. If it was just a matter of them having the key you could do public/private keys, but as you and he were saying, they have the original data and don't need to decrypt it.

Re:No, Google does NOT need to use encryption (1)

The MAZZTer (911996) | more than 6 years ago | (#21537463)

They can still implement encryption that allows the user to provide a key... but I suppose there is no way to guarantee the key isn't saved somewhere, other than Google's word.

That's precisely it (1)

Sycraft-fu (314770) | more than 6 years ago | (#21537659)

You either trust them or you don't. If you do, then what is the encryption supposed to buy you? You trust them right? If you don't, well then why would you trust their software to encrypt it, but not send the key?

Jesus Christ (5, Insightful)

Jugalator (259273) | more than 6 years ago | (#21536257)

At least let Google say something on their plans first...?

Besides, what's so special even if they'd do this? It's the norm to not encrypt mails. It's the norm to not encrypt instant messages on servers on services that provide offline messaging (Messenger, ICQ, ...). Software may send usage information to some company's servers. Game companies analyze your system to detect cheats, and could in the process find a lot of other things on it.

As usual, when this is released, I think *gasp* that the users will just have to decide for themselves if they care for having encryption or not. They'll also be free to encrypt their data. Why the rumor mill? Just chill and take it for what it is, as with any other service. It's not like Google will force you onto it. Then I could see the fearmongering kicking in early be more motivated.

Time for a change. (-1, Flamebait)

Erris (531066) | more than 6 years ago | (#21536865)

Besides, what's so special even if they'd do this? It's the norm to not encrypt mails. It's the norm to not encrypt instant messages on servers on services that provide offline messaging (Messenger, ICQ, ...). Software may send usage information to some company's servers. Game companies analyze your system to detect cheats, and could in the process find a lot of other things on it.

There's a problem with the way things have been done, that's why we are having this discussion. Yes, there's a large component of FUDGoogle to this and that's silly because Google has been one of the least invasive and coercive companies. Using Google to store files you encrypt is a nice way to use a public resource for private sharing. The other options are things like M$'s Live Desktop Rape Service and the calender/address/note system offered by the likes of ATT.

Email and other communications should be encrypted. Business, political opposition and personal dignity all depend on privacy. There's nothing special about any of this.

Re:Time for a change. (1)

dedazo (737510) | more than 6 years ago | (#21537045)

Google has been one of the least invasive and coercive companies.

The recent barrage of articles concerning privacy and Google would lead me to believe you don't read Slashdot, but I know that's probably not the case, so we must assume that you're just...

M$'s Live Desktop Rape Service

... bashing Microsoft, as usual.

Email and other communications should be encrypted.

And you didn't even RTFA.

Re:Time for a change. (0)

Anonymous Coward | more than 6 years ago | (#21537453)

M$'s Live Desktop Rape Service

What?

Re:Time for a change. (1)

Joe U (443617) | more than 6 years ago | (#21537545)

There's a problem with the way things have been done, that's why we are having this discussion.

Actually, Twitter, this is more of a 'I have not personally seen or used your service, and you have not published detailed specs, so I will write some suggestions on how to fix the problems you have'

The other options are things like M$'s Live Desktop Rape Service

Yeah, you don't have too much free time on your hands. Tell your mom to stop sending the sugary snacks to your apartment over the garage, they're getting you too worked up.

I trust Google as of now... (5, Interesting)

explosivejared (1186049) | more than 6 years ago | (#21536271)

Disclaimer: I don't see myself being an early adopter or anything of this service, but not because of privacy.

cash-cow model that could scan all your personal data for advertising keywords

What, like the "disaster" that Gmail is? I'm all for Internet privacy, but get some perspective. I trust this service in the hands of Google. They've done nothing to shake that trust, and to be frankly I have good faith that they won't. They're a data miner, sure, but they have always done in the least intrusive way as possible. Get this, I even like their ads sometimes! I know, unbelievable right! So thanks for being watchdogs and all, but as of right now, Google has my trust.

Re:I trust Google as of now... (5, Insightful)

Jugalator (259273) | more than 6 years ago | (#21536411)

Agreed -- Google hasn't done anything evil about their information other than by machine analyzing the data to provide relevant ads. I think the reason is simple enough... Even if they were evil enough to do anything more, they ought to have the brains to understand how damaging that would be to their brand when it's the god damn core of their business model. Managing information. I mean, I can't even see how Google would even want to do this even from a business perspective. It would just take them to be discovered having done something fishy once and they could risk losing a lot of their reputation.

Re:I trust Google as of now... (0)

Anonymous Coward | more than 6 years ago | (#21536609)

Agreed -- Google hasn't done anything evil about their information other than by machine analyzing the data to provide relevant ads
... that you are aware of. It would be foolish to think that the CIA, FBI, NSA, Mossad, or whatever spy agency that you can think of has not placed operatives inside of Google as confidential informants. All of that personal information is like candy to them.

Re:I trust Google as of now... (1)

MightyYar (622222) | more than 6 years ago | (#21537001)

CIA, FBI, NSA, Mossad, or whatever spy agency
I'll have to remember to encrypt my emails the next time I plan an overthrow of the US and Israeli governments. Thanks!

Gadzooks, where do you people come from? Email is sent in plaintext from server-to-server. If you are sending something that you don't want others to read, reconsider your choice of email or encrypt the data. Maybe terrorists are so stupid that they send each other plain-text emails like, "Hey Ahmed, lets blow up that pizza place next week!", but I doubt it.

Re:I trust Google as of now... (1)

a whoabot (706122) | more than 6 years ago | (#21537327)

First they fear the CIA and Mossad, then it's the Freemasons, Rotarians, and Lionists. No joke, it's in the Hamas covenant.

Re:I trust Google as of now... (1)

fmobus (831767) | more than 6 years ago | (#21537119)

Yeah, and for some reason that could never happen in other e-mail services. Never!!

If you want failproof privacy, roll your own encryption. Period.

relevant ads for essentially random/encrypted data (1)

StandardDeviant (122674) | more than 6 years ago | (#21537213)

Cool, I might be able to find some new powernoise musicians that way! :D Merzbow has reminded me at times of what it must sound like to pipe a tarball into /dev/dsp.

(My gdrive would probably contain one large encrypted file. Tar + gpg + free offsite backup, sounds like a win to me.)

Re:I trust Google as of now... (1)

apt142 (574425) | more than 6 years ago | (#21537309)

The other situation that I would be concerned with is not so much that Google would want to read and/or misuse my data but rather that the RIAA/MPAA, or some other untrustworthy entity would want to. In the case that the government on behalf of an entity or itself would attempt to compel Google to give up those files, I would like to feel that they aren't handed over on a whim.

Google was the only major search engine that denied the government a copy of their search results about a year ago. They were willing to back that up with lawyers as well. If you feel that you can trust them to do that again and again, I think it makes a case for storing as much as you can on Google's Gdrive.

Re:I trust Google as of now... (2, Insightful)

vux984 (928602) | more than 6 years ago | (#21537181)

They've done nothing to shake that trust, and to be frankly I have good faith that they won't.

Pretty much anyone who has ever dated has been in this situation. And yet the world is littered with broken hearts, cheating/backstabbing boyfriends/girlfriends, bitter breakups, and vicious divorce proceedings. I'm not saying one shouldn't trust people, but your a complete idiot if you think you can't get brutally hurt. At least with love the risk is worth it... what does google give you? Free webmail? Some online storage? Yeah. That's worth handing over my private life for. I can get a service like that for pennies a month. My private life is worth more than that. Is yours really that worthless?

They're a data miner, sure, but they have always done in the least intrusive way as possible.

Ah, so as long as you don't realize it, or even know about it, then its ok.

So thanks for being watchdogs and all, but as of right now, Google has my trust.

If you ever stop trusting them they still have everything you ever gave them, and more.

Your email, your conversations, your documents, your address, the business you associate with, the people you associate with, your friends, your family, the stocks you track, your political leanings, and much much more.

Some us are thinking ahead so that hopefully people like you don't get raped by the future. Your privacy is important, its a shame you value it so poorly.

gdrive? (-1, Offtopic)

Connie_Lingus (317691) | more than 6 years ago | (#21536273)

i got dibs on the ../pr0n directory

Re:gdrive? (4, Funny)

The Angry Mick (632931) | more than 6 years ago | (#21536871)

i got dibs on the ../pr0n directory

Would that be called the "G-Spot"?

Not News... (0)

Anonymous Coward | more than 6 years ago | (#21536293)

At least for long. This is just like all the concerns over gmail. It will all pass.

I am so tired of hearing about this. (5, Insightful)

Evil Kerek (1196573) | more than 6 years ago | (#21536297)

#1 - Everything on the internet is not free. Actually, nothing is truly free - there's a cost SOMEWHERE. #2 - You do not have to use G So stop getting your panties in a wad. Just because YOU don't like the idea of it, doesn't mean some of us couldn't care less and like the idea of free storage. Everyone acts like GMail is the only mail system out there or that they are being forced to use it. Don't like the ads? Don't like that Google might read your mail? DON'T USE IT. You have plenty of choices out there - it's not Google's responsiblity to provide you with free anything. Get over yourselves.

I do not get it (2, Insightful)

bogaboga (793279) | more than 6 years ago | (#21536373)

When it comes to GDrive, I wonder whether anyone is being forced to use it. I doubt this is the case. If this is not the case, why not just avoid it? Shhesh?

Trust the large corporation (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21536393)

They offer free dinner, they listen to hip music, and they like Macs. Even if they are now of the same size and controlled by the same market forces as evil corporations, they're good. They even say they'll do no evil. Trust them. Trust them with your data. Trust them with your money. You are getting very sleepy. You will soon be completely asleep. Just keep going to your job, spending too much money on things you don't need, and making other people vast fortunes they will use to keep you locked outside their compounds when the air, water and land become too toxic to live on. Sleep. Sleep forever.

Re:Trust the large corporation (1, Funny)

Anonymous Coward | more than 6 years ago | (#21536789)

Holy fuck. How did you afford the tinfoil for a hat THAT big?

Re:Trust the large corporation (2, Insightful)

m4ximusprim3 (619388) | more than 6 years ago | (#21537445)

zzzz..*snort* roomba!...zzzzzzzzz *dreams of capresso* Back OT: I don't trust them as far as I can throw them. But, that doesn't mean it's not a useful service and that I won't use it. I'll just stash my bank records somewhere else. See? simple!

Can't say I'm concerned (5, Insightful)

Yalius (1024919) | more than 6 years ago | (#21536401)

It's a free service, some will find it useful, some won't. I mean, what kind of nimrod would expect his data to be 100% perfectly private and encrypted if he's outsourcing his data retention to someone else, and then question the company storing his data for, um, storing his data in the form he transmitted it? I just don't get the OMFGism.

"Internet rights advocates are now crying foul" (4, Insightful)

serviscope_minor (664417) | more than 6 years ago | (#21536429)

Simple, don't use it. Seriously, google aren't in the business of simply giving stuff away out of the goodness of their hearts. They're giving things away because they think that they can generate revenue. Pretty much the only thing they get for storing your data "for free" is the data itself.

Just like your emails: you pay them by giving data so that they can search it advertise to you. Why would anyone think that they would do anything else with more of your data.

If you are sufficiently naive to think that a company will simply give you free online storage for no benefit to themselves, than I have a bridge to sell you. Lots of traffic, one careful owner...

Re:"Internet rights advocates are now crying foul" (0)

Anonymous Coward | more than 6 years ago | (#21537073)

"google aren't?"
Perhaps I underestimated the power of Google. Not only is it powerful; now it's plural.

Re:"Internet rights advocates are now crying foul" (0)

Anonymous Coward | more than 6 years ago | (#21537377)

http://alt-usage-english.org/excerpts/fxcompan.html [alt-usage-english.org]

Use of a plural verb after a singular noun denoting a group of
persons (known as a noun of multitude) is commoner in the U.K. than
in the U.S. Fowler wrote: "The Cabinet is divided is better,
because in the order of thought a whole must precede division; and
The Cabinet are agreed is better, because it takes two or more
to agree."

Oooh, is there a sale? (1, Funny)

Anonymous Coward | more than 6 years ago | (#21536439)

Oooh, is there a sale on tinfoil these days?

Why use it? (1)

east coast (590680) | more than 6 years ago | (#21536491)

If you got data that is so sensitive that you're worried about Google processing it for some kind of ad targeting purpose you should be worried enough to spend a few bucks and get a webhost for your data. You can get a webhost with a couple of gigs of storage and more transfer for ~10 bucks a month. What's the issue?

That's a real name? (1)

xgr3gx (1068984) | more than 6 years ago | (#21536511)

Is that guy's name really Nimrod?
I've always heard it used as an insult, example "You're such a nimrod".
Well, I am a dumb American, so I guess that's par for the course :). Oh any why do you need online storage? Use SSH/SFTP and you're all set.
I guess that only works for all us geeks who leave our machines on 24/7, or run our own servers.
Ah, the poor non-techy people.

Re:That's a real name? (2, Informative)

waztub (1166611) | more than 6 years ago | (#21536653)

Actually, Nimrod is a fairly common Israeli name. It's from the Bible.

Re:That's a real name? (1)

xgr3gx (1068984) | more than 6 years ago | (#21536785)

I never knew...thanks! I've been enlightened.

Re:That's a real name? (1)

rkanodia (211354) | more than 6 years ago | (#21537409)

In the Bible, Nimrod is described as a mighty hunter. The name acquired its newer meaning thanks to Bugs Bunny, who used to refer to Elmer Fudd as a 'poor little Nimrod'.

The Cost of Using GDrive (1)

aquatone282 (905179) | more than 6 years ago | (#21536519)

The cost of using GDrive is allowing Google to mine the information you store with them so they can refine the type of advertising they present to you on the other services they provide for "free."

Looks like our pr0n collections will have to stay hidden on our hard drives unless we don't mind receiving ads for hot singles waiting to meet us NOW everytime we check our gmail accounts. . .

Re:The Cost of Using GDrive (1)

dedazo (737510) | more than 6 years ago | (#21537075)

I don't understand why Google doesn't let me *pay* for their services and applications? I know you can pay for extra storage on GMail, but why don't they have a way for me to give them $50 a year or whatever and not have them scan my everythings and show me ads?

I spend that much any given weekday having dinner with two friends, I'll gladly pay for GMail and Docs and everything else. Just give me a good SLA with no legal bullshit and it's on.

Too Late (1)

gbr (31010) | more than 6 years ago | (#21536547)

Really, it's far too late to be concerned about it. If Google already has your email, and your documents via Google Docs or Writely services, then they have too much already.

This is Madness. This is Slashdot. (5, Insightful)

njfuzzy (734116) | more than 6 years ago | (#21536663)

This is idiotic. Seriously. The "product" in question is a rumor. No details are confirmed about how it will work, what advertising hooks there will be, what features it will have, or whether it will ever see the light of day. You know what criticizing it at this point makes you? Not an analyst, not an expert, not a technologist. It makes you a guy with a guess and a blog.

My concern here is not my usage.... (1)

Churla (936633) | more than 6 years ago | (#21536667)

I know to avoid things if it involves giving private information to Google. "Do no evil" motto or not they have already shown they can and will bend to the right political pressure (i.e. China), or the right financial pressure (i.e. focused ad targeting).

My concern is how many people will blindly use it who don't know better. How many of those people will be ones I have to deal with? How much information about me will they be storing on G that I won't have control over? What happens when the government gets power happy again and decides that since it's stored on a public server they should have transparent access to it?

TANSTAAFL...

Re:My concern here is not my usage.... (1)

jeiler (1106393) | more than 6 years ago | (#21536833)

My concern is how many people will blindly use it who don't know better. How many of those people will be ones I have to deal with? How much information about me will they be storing on G that I won't have control over? What happens when the government gets power happy again and decides that since it's stored on a public server they should have transparent access to it?

And again ... this differs from email how? We face this situation every single day, but I don't see anyone freaking when they get an email unless it's from some "foreign dignitary" with a Nigerian bank account.

Common Sense lacking? (1)

Bryansix (761547) | more than 6 years ago | (#21536693)

How do any of these concerns also not apply to GMAIL. In fact there are software packages you can use to turn your gmail account into a "G Drive" already and utilize those 5+ Gigs for file storage.

Hmm.. (3, Funny)

Selfbain (624722) | more than 6 years ago | (#21536749)

Do they write these articles from scratch or do they have a program that just generates them from a template whenever Google makes an announcement?

Want another M$? (3, Interesting)

jhRisk (1055806) | more than 6 years ago | (#21536769)

Granted Google has not yet shown us they're capacity for evil (tm) the way M$ has over the years but give them a chance... they're still young. Bottom line is that the same arguments I've seen here for why it's not a big deal (ex. do this, do that or don't use them) are the very ones used for why M$'s monopoly is not so bad (ex. use Linux, do this, do that) Problem is M$'s stanglehold at this time makes those options less "adaptable" for the masses. If we knew then what we know now we would have prevent M$ from even getting there.

But Google can do no evil, right, therefore despite this company being at that very point where we can do something before the ignorant masses consume their products in such quantities to the point where, like M$, change is difficult, we shouldn't worry about the same thing happening here, right? Yeah... right. Unfortunatley I see another monopoly coming but this time on personal information products which may not restrict our freedom of choice in the same sense as the M$ one does (eg. our ability to choose alternate technologies) but will be so valuable and so entrenched in everything that it'll be just as difficult to move away from.

We realistically could see most people, companies and even the governments depending on Google the way we did on Blackberries. It took the RIM injunction scare of 2006 to open some eyes up since even emergency services were depending on Blackberries (sigh.) Think beyond this on Google product, their 700MHz band bidding and every isolated move they've made in the past 5 years or so. Look at all of it holistically and as much as I like them and their products I don't like where it potentially leaves us in the future.

Re:Want another M$? (1)

msuarezalvarez (667058) | more than 6 years ago | (#21537063)

Granted Google has not yet shown us they're capacity for evil [...]

Indeed, there are no flashy Evil Capable on google's pages. MS's marketeers are clearly way ahead of them!

Do we need legislation? (1)

rueger (210566) | more than 6 years ago | (#21536817)

Many valid points are made here, not the least of which is that sensitive information should secured locally, not via some free web service. And of course, Google does tell you what they will and will not do with your data, as do most places like Facebook etc.

What I'm interested to watch is how legislation, or even case law evolves as more and more information moves on-line. Will lawmakers force on-line services to encrypt customer data, or to meet minimum levels of security? Will servcies like Google find themselves liable for large settlements if a user's data is lost of their account hacked? It would seem that lawsuits are inevitable.

If there are legal minimums for data protection and encryption for web based services, what happens to the millions of small sites, forums, and blogs that offer users the choice of logging in to post messages, or of accessing other services on-line? Will they disappear? Will sites under a certain size be exempted?

OT: WTF is up with their "printer friendly" page? (0, Offtopic)

noidentity (188756) | more than 6 years ago | (#21536877)

Here's the supposed printer-friendly page: http://www.popularmechanics.com/technology/industry/4234444.html?do=print [popularmechanics.com]

That's not printer-friendly, and only partly reader-friendly! (OK, so I gave away the real reason I'm using the printer-friendly page)

Just remember (1)

SCHecklerX (229973) | more than 6 years ago | (#21537125)

Part of a good security strategy is to have off-site backups of important data. So, it is better to put stuff on Google's servers than it is to risk losing it when your system crashes, don't you think? For sensitive information, encrypt before storing (or store it on google as a truecrypt volume? I haven't used the gdrive thing, but if it can be mounted, then this seems the optimal solution).

I have a Chinese friend with Yahoo Mail... (1)

ZombieRoboNinja (905329) | more than 6 years ago | (#21537145)

She's studying in the US, but most of her family is back in China, and she uses her Yahoo mail account to communicate with them.

She does this knowing full well that Yahoo is reading her mail and will rat her family out to the government if she says anything that smells like dissidence. She told me she always tries to be careful how she words things, just in case. But she doesn't bother encrypting things or switch email addresses, because she's NOT a political dissident, and she has "nothing to hide." To me, the whole thing seemed terribly Orwellian. Watch what you say, Big Brother is listening.

Hey, wasn't there a case where some foreign branch of Google did the same thing a few days ago, turning data over to the government without even a warrant?

Hey, don't WE have a horrifically intrusive federal government that thinks nothing of trying to push corporations into illegally revealing sensitive information?

Personally, I use gMail, because I too have "nothing to hide" - no weird political affiliations, etc. But I wonder how long before I start to subconsciously self-censor what I write people, just to be sure.

"But if you want to keep your secrets, don't use Google/encrypt your communications!" I hear the cry. This is of course true; if my friend and I WERE political activists, we'd probably both be taking a lot more steps to secure ourselves. But we're not, and it's honestly not practical to start sending out public keys to everyone who wants to chat with us via email. So in comes the self-censorship, which IMO has a far more damaging chilling effect on political dialogue than may be immediately evident.

how could Google encrypt? (2, Insightful)

eean (177028) | more than 6 years ago | (#21537179)

Whats the point of having Google encrypt and decrypt your info? They'll have to turn it over, decrypted, if served with papers. And wouldn't release it otherwise.

Encryption has to happen client-side.

These "privacy advocates" have no business (3, Insightful)

IGnatius T Foobar (4328) | more than 6 years ago | (#21537243)

I don't know who these supposed "privacy advocates" are, but as far as I'm concerned they can go f**k themselves. If they don't trust their data on Google's servers, then don't use the service. END OF DISCUSSION.

eCryptfs (3, Informative)

omnirealm (244599) | more than 6 years ago | (#21537435)

When Google provides a Linux filesystem (either native or via FUSE), people can use eCryptfs [sf.net] to prevent Google from reading the contents of their files. eCryptfs stacks on top of other filesystems and encrypts the data.

Is every file sensitive? (1)

Xzarakizraiia (751181) | more than 6 years ago | (#21537557)

I don't really see the issue here- as long as users can determine which of their files get uploaded to it and which don't (and I can't imagine anything other than that being the case), what is the problem? I have plenty of data that isn't sensitive in the least. My data that is sensitive isn't going on Gdrive (or .Mac, or any other server that I do not control). Maybe everyone else doesn't have as much random, unimportant junk as I do...
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?