

Bitcasa: Infinite storage brings infinite cost and liability - brandynwhite
http://brandynwhite.com/bitcasa-infinite-storage-brings-infinite-cost

======
waitwhat
The piece would probably have been improved by staying on your initial course
and focusing on Bitcasa's business model, and the impact that certain specific
technical choices have on the running costs.

Instead, after a strong introduction, you switched over to discussing these
"Potential Flaws", which are no different than those facing every cloud
storage vendor. It seems strange to write an attack-piece on this new player,
rather than on the industry as a whole.

1\. Bitcasa can kick/cancel abusive or uneconomic accounts. Preventing them
rejoining is tricky, but no harder for Bitcasa than any other internet service
(from some tiny 10-user internet forum via Dropbox right through to Amazon),
so why single them out?

2\. "any provider of this service _could be_ legally responsible" (my
emphasis) is just weasel words.

3\. Bitcasa can tell whether I have a particular file, but (at least in the
general case) can't tell whether I'm licensed or authorised to have that copy.

4\. See 1.

(Also, the "convergent encryption" link is broken.)

~~~
brandynwhite
1\. The issue isn't that bad guys exist and everyone has to deal with it. The
problem is that for them to deal with it they have to sacrifice their user's
privacy (quotas and stats open clients up to attack). If dropbox does that
they don't subject their user's to any (more) security risks as they don't
make such a strong assertion.

2\. I am not a lawyer, but part of this post is to focus on the viability of
the model. What I hope to come out of this is discussion on ways to reduce the
legal exposure a company has in this privacy-centric model.

3\. That is true but that isn't how copyright lawsuits generally work. For
example, if you own a CD and they get you downloading something from
bittorrent you'd have to argue that point in court. Even if you did nothing
wrong that is more exposure than "client side encryption" would lead most
people to believe.

I agree it is strong, though I wouldn't call it an attack piece. I will gladly
update this as more information surfaces but I believe my assumptions are
plainly explained and are likely to be true. The reason for my focus on them
is they did many things exactly how I would have wanted them to, but it is
dangerous to advertise a certain level of encryption that is generally
understood and then provide something that has a variety of subtle flaws. I'll
add an update to clarify #1 as that is important.

Edit: Convergent encryption link is fixed in the post (thanks for the tip)

~~~
waitwhat
_The problem is that for them to deal with it they have to sacrifice their
user's privacy (quotas and stats open clients up to attack)_

I can't find the section that demonstrates either assertion.

 _if you own a CD and they get you downloading something from bittorrent you'd
have to argue that point in court_

Actually, bittorrent court cases typically focus on the _uploading_ aspect
(remember that on bittorrent, downloaders are also uploaders) at least partly
because it is much easier to prove that someone doesn't have publishing
rights.

It's also not clear if you're aware of the DMCA.

~~~
brandynwhite
Flaw #3 and the 'shortsighted solutions' for #1 address this. Keeping quotas
and logs leaks information about what you are storing. For example, if you
keep statistics on the largest file a user has, then it dramatically reduces
the number of files that the user's "true" file can hide in. This is a class
of "side channel attack" (look that up for more on the subtle issues
introduced).

So uploading was covered in #2 in the post. #3 is the downloading/user
possession aspect. I am familiar with the DMCA which would reduce the scope
the companies liability for #2; however, it does compel them to be compliant
which hurts users (covered in #3) and there a variety of subtle situations
where the DMCA wouldn't help them. Note that google makes copies of your music
(in GMusic) instead of hash matching for similar reasons where Apple secured
an expensive license to do this. Certainly Bitcasa doesn't have any special
deals like that. So yes, to your point the DMCA reduces liability but I
maintain that it is still a potential flaw (which is what the title of that
paragraph is).

~~~
waitwhat
_Keeping quotas and logs leaks information about what you are storing_

Who does it leak information to? how? what information anyway? and why is any
of this a problem?

 _For example, if you keep statistics on the largest file a user has, then it
dramatically reduces the number of files that the user's "true" file can hide
in._

I don't understand what you are saying. Are you claiming that Bitcasa is some
kind of steganographic cloud?

 _and there a variety of subtle situations where the DMCA wouldn't help them_

Like what? Are Bitcasa any more vulnerable than every cloud storage provider
(other than Apple which, as you say, appears to be a special case)?

~~~
brandynwhite
This shows that they have to know who has access to each file, even if they
don't want to. That is a privacy issue that other services are immune to
because they don't actually make the claims that bitcasa does.

~~~
waitwhat
_the claims that bitcasa does_

Where are all these claims listed that you appear to be arguing against? All I
see in their (very limited) marketing materials is a mention of client-side
encryption, which they do indeed seem to implement.

------
Tichy
Just wondering: if I were to use such a service and rely on some client they
provide, I would probably encrypt all my content myself, then give it to the
client. Maybe even install an extra VM just for the purpose, so that the
client can get no access to my "real" system.

~~~
waitwhat
re. the VM idea. Do you have some reason to believe that their client software
is more likely to be malicious than anyone else's?

~~~
Tichy
Not really, but they are in the business of scanning my computer and phoning
home, and they propose some weird cryptography scheme which makes them less
trustworthy somehow (just a feeling). I just want to make sure they don't
store anything on their servers I don't want to give them.

Anyway, I won't implement that plan because I assume it is not in the interest
of that company.

------
xyzzyz
_There is an exciting new company Bitcasa that promises infinite storage for
$10 a month and says your data is encrypted client side._

Isn't it what Backblaze has been offering for a few years now for half that
price? I cannot say I'm particularly excited.

------
JoachimSchipper
Re: 2 ("the rapidest share"): you can simply force clients to upload a file at
least once before being allowed to download it. That is what Dropbox did after
people pointed out this issue.

~~~
brandynwhite
That is true but it changes the user experience and cost model pretty
dramatically. This is designed to save all files including OS, so the de-
duplication that they have would be only useful for storage and not bandwidth.

