
Why I’m Having Second Thoughts About The Wisdom Of The Cloud - edw519
http://techcrunch.com/2011/01/10/why-im-having-second-thoughts-about-the-wisdom-of-the-cloud/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=My+Yahoo
======
ews
Well, there is a different between The Cloud and "A very particular kind of
privately owned Cloud". Cloud storage or services don't mean you have to rely
on private companies to store or syncronize your data. You can run a
substancial set of the same services on your own trusted hardware.

Do you need email ? Do not rely on gmail to store your email or you, use your
own server, IMAP and a webclient such as roundcube when you are on the go.

Do you need calendaring? Use Ical and a webdav server.

Do you need file synchronization? Use rsync over ssh to your home machine
instead of dropbox. (that's exactly what I do to back up my Android phone), do
you want that to be completely automated? Call rsync from a crontab.

My last pictures? a gallery on my home server rather than using flikr or
facebook.

Do you need to be reachable by phone from overseas? That's very tricky, since
you don't control the phone numbering system, but I am doing really well with
my home asterisk server, my android SIP phone and a bunch of SIP providers in
a several countries. When I want to talk something with my tech savvy friends,
I can use Sip 2 Sip directly (not skype).

It's susprising the amount of stuff you can do when you are running your own
services on a trusted environment. Just a ssh + screen session is more than
enough for me to do most of my daily tasks. In case I get increasingly
paranoid of the goverment I could you just ship a box overseas or use a cheap
controled VPS on a different country. I may not have freedom of movement
(since immigration is definitely not a friction-free act), but my data surely
has. I am not saying this is a perfect solution, but definitely it's much
better privacy wise.

The only think I lose with this approach is the 'social' aspect of cloud
services. People's attention span is short enough to force them to go to my
personal services or my blog to check for my personal updates. Facebook
success is that it offers a one single place where you can get a glimpse of
how are your friends and beloved ones doing. That's why It's so important to
invest on open distribution formats (a la RSS) we can trust and control.

~~~
varjag
I think 'cloud' specifically refers to rented 3rd party computing services,
not just any client-server application.

~~~
chopsueyar
Disagree.

------
feral
Retreating from the cloud, and writing down appointments in the book, is the
wrong solution, globally.

The convenience of being able to access the data everywhere is too huge to
sacrifice; this is only going to become more important as people check their
mail from their ever growing number of devices - smartphone, tablet,
home+office PC, to start with.

Instead, we need to make the cloud storage secure. Encrypted end to end
services and protocols, federated encrypted services.

That is, if a sufficient number of users care enough about security to make
security a differentiating feature. Previously, the vast majority of users
haven't expressed a market preference for more secure services - maybe this
will change when as people put more important information (critical business
details) into the cloud.

~~~
motters
Perhaps, but even if your critical business data is encrypted in the cloud the
servers will still be keeping access logs which can be handed over for traffic
analysis. As far as I'm aware this is what's being asked for in the recent
Twitter case.

~~~
mike-cardwell
Maybe they should keep less logs then, or delete them more frequently, or
anonymise those which can be. Or a combination of the three.

DuckDuckGo manages to run a search engine without logging IP addresses or user
agents...

~~~
motters
Indeed, but I imagine that from the service providers perspective there is
currently probably a far greater incentive to keep the logs due to their
commercial value.

~~~
mike-cardwell
I dunno. I think the majority of companies log for the sake of logging. Some
take advantage of this data, but I doubt most do. Instead it just sits there
on a drive waiting to be accidentaly leaked, stolen by employees, stolen by
hackers or subpoenaed by governments, both good and bad.

~~~
motters
Well for companies that are even slightly web-savvy the logs are very useful
because they contain information about who your customers are, when they use
your site, how often, what they're searching for, etc, etc - which can have a
real commercial value.

------
kragen
As usual with issues of civil liberties, Richard Stallman called it a few
years in advance of TechCrunch:
<http://news.cnet.com/8301-1001_3-10054253-92.html>

But his stance on this issue goes back further; in 1999, he decided to publish
this essay I wrote on the GNU web site, which calls out some dangers of
depending on proprietary web services, although not specifically the privacy
risks: <http://www.gnu.org/philosophy/kragen-software.html>

------
jim_h
I found this Defcon 18 talk highly informative about the government and the
internet.

'Your ISP and the Government Best Friends Forever' - Christopher Soghoian
(<http://www.youtube.com/watch?v=jJDCxzKmROY>)

To summarize, it's easier for police/gov to get data. Some companies provide
user information to them without hassle or fee. A single request can list any
number of names. MySpace and ATT love the government and go out of their way
to help.

------
gvb
_Now, with everything in the cloud, the decision whether to hand over my
personal information is almost entirely out of my hands._

Um, no. When you store your data "in the cloud" (in a non-encrypted format),
_you_ have just made the decision to hand over your data to everybody with
access to that data. That is everybody from TLA governmental entities that can
subpoena "the cloud" owners to the janitor that empties the wastebaskets in
the computer room.

------
watty
If you're storing information on the internet (aka buzzword "Cloud"), you're
at higher risk of getting that data stolen or spied on. This isn't new. It is
something to be aware of the more you store online.

~~~
njharman
Is it really easier to crack SSL or break into Google's data centers (or hack
Google's servers) or guess/crack my password or get hired at Google with
intention of espionage/theft than it is to break the ground floor window I'm
sitting next to and carting off my desktop?

Really?

The only thing that might be easier is for Google or the Government (via
subpoena or collaboration) to get access to my data.

~~~
scrod
You're assuming that the people who want access to your data don't already
work at Google:

<http://gawker.com/5637234/>

~~~
scrod
Maybe if you mod down my comments even more this story will cease to be true
as well.

------
motters
I had thought that in trying to get out of the cloud I was behaving in an
oddball and perhaps even Luddite manner, bucking the apparently rising
trendiness of cloud based services. But it's interesting to see that other
people are having similar thoughts about reclaiming ownership of their data.

One possible solution might be encryption in the cloud, so that data is
encrypted and decrypted by the client. Provided that the encryption was strong
enough there would be no technical way that service providers could hand over
data, although they certainly could still hand over access logs for traffic
analysis and I think this is what's being asked for in the Twitter case.

~~~
aik
Encryption in the cloud is exactly what needs to happen. We give up our rights
for convenience. This will continue getting worse until we accomplish
something like that.

I admire Wuala.com for refusing to create a cloud client because of the lack
of security and ownership, regardless of the convenience.

------
elvirs
A few years back one of the ministries in Turkey decides to go completely
digital and use electronic systems instead of paper as much as possible. The
guys scan all the documents copy them to severs, make backups and when
everything was finished they decide to destroy the paper version of the stuff
and you need permission from the minister himself for that. The head of
e-government department walks up to the minister and says 'sir, we made all
the documents digital and we want to throw away the paperback documents' and
the minister says 'that's good, before you throw away make a photocopy of all
documents'.

------
corin_
This may be the short term quick-fix solution, but the real solution is to
campaign to politicians and tech. companies to change the current system.

If twitter managed to keep all the rights they want over our data, while also
being able to prove that, legally, we own the data not them, then they could
respond to subpoena requests with "you need to direct this to the user".
(IANAL, I'm not sure whether to get to that would require a change of law or
just of Twitter policies, or both.)

------
DanielBMarkham
The problem here is that our hidden assumptions about the way things work
don't match up to how they actually work.

It's because we've invented all these new technology concepts. Trying to make
things easy on ourselves, we apply old analogies incorrectly to new
situations. So if I "own" my email at GMail, somehow I feel put upon when
somebody else comes along and reads it.

We have centuries of examples of social norms to call upon when discussing
concrete things like vehicles, houses, or personal effects. So if some
official comes in without notice and takes my personal papers, not only is it
possibly legally wrong, but it's wrong for a good reason and everybody knows
it's wrong simply from using their common sense.

We just naturally assume that these assumptions will hold true with new stuff,
but they don't. Lawyer-types are defining things like electronically consuming
a work of art or reading a book (in ebook format) in ways that don't match up
to normality. The system is working as it has always worked -- government and
special interests see an opportunity and they take it. Nature abhors a vacuum.

So we're either going to need to educate a lot of people on what the new rules
are, change the rules, or stop participating in technology the same way we are
doing now. Otherwise we're going to keep getting results we don't expect, and
it's just going to tick folks off even more.

If you ask me, we're at the point where (at least in the U.S.) new
constitutional amendments need to be considered regarding electronic
anonymity, the relationship of computers to people (it's an extension of their
mind, not a device to play things on), and the right to peaceably engage in
international commerce as individuals without any government observation,
taxation, or interference whatsoever.

I doubt that will happen, though. But it's nice to dream.

~~~
JoeAltmaier
Hm, its not a large jump to anybody but a lawyer to have protection for my
documents NO MATTER WHERE I STORE THEM. A constitutional amendment for that
would muddy up the constitution endlessly "and for electronic documents, and
those in the cloud, and those stored temporarily while being transmitted to
the cloud...".

Or lawyers could stop being semantic nitpickers. Since that will never happen,
I wonder what other options exist?

------
jedsmith
To create and share, anywhere!

