
Ask HN: Who do you trust most with your data? - plg
1. Apple iCloud Documents<p>2. Dropbox Personal<p>3. Dropbox Business<p>4. Google Drive<p>I have bits and pieces on each service. I’m interested in decluttering. Which should I choose?
======
daniel_iversen
Dropbox and Apple equally. But I work at Dropbox and I know how much effort
goes into trust, security, privacy and compliance. Also for your interest the
underlying infrastructure with its security measures etc is common between
both Personal and Business products (one of the main differences with the
business product is that it allows you to hook into your own enterprise
security related systems such as IdM, DLP/CASB, SIEM, malware scanning etc as
well as control security settings for the whole “team” (mandate 2FA, set
password strength levels and device approvals etc)

~~~
sanbor
> I know how much effort goes into trust, security, privacy and compliance

Yahoo had a security team that was completely bypassed by NSA by installing a
kernel module [1] to get access to emails. With Condi in the board I wouldn't
trust them that much.

[1] [https://www.engadget.com/2016/10/08/reuters-yahoo-email-
scan...](https://www.engadget.com/2016/10/08/reuters-yahoo-email-scanning-
done-using-a-linux-kernel-module/)

~~~
mercer
I find myself inclined to trust Dropbox because they really seem to have their
'shit' together. It's one of the most reliable 'cloud' tools that I've used so
far.

But I share the concern about Condi on the board, and I'm curious if others
can weigh in on how justified that concern is.

Ideally, of course, I'd like to hear someone from Dropbox to say something
about this, but I can understand how they wouldn't touch this topic with a
ten-foot pole.

------
jlgaddis
As long as you encrypt all of your data before uploading it, trust isn't such
a big factor.

~~~
purespark2
Is there any software that can do this in a very user friendly way? Ideally
after entering a key when installing the software, I would never know that
encryption is happening.

~~~
yaseenk
Looks like [https://www.arqbackup.com/](https://www.arqbackup.com/) might meet
your needs. I haven’t used it personally though, my only reservation has been
that it’s not open source.

The unofficial google drive linux CLI supports encryption with custom keys
too.

~~~
patrickdavey
I got burgled back in July and the burglars came somewhat close to getting
everything, fortunately they didn't take my NAS. After discussing with
friends, I did buy Arq and I've been _very_ happy with it.

I then went and bought 1TB of Google Drive and now all my photos and anything
else is backed up onto both Google Drive and my NAS. It's all encrypted so
yeah, should be safe enough. The handy thing about the 1TB Google space is
that it's shared amongst all their products, so, I don't need to think about
running out of Gmail space either.

------
ocdtrekkie
I would point out that right now, you have your data divided across four
different buckets, which means no one provider can completely compromise your
data. Why would you want to end this arrangement?

~~~
Osmium
P(your data compromised) = 1 - P(storage provider never hacked)^(number of
storage providers)

All else equal, using more storage providers _increases_ your risk of
exposure, not decreases it. And for most classes of sensitive data, the loss
of _any_ of that data can still cause problems, e.g. imagine health records...
if only 1/5th of your patient data was hacked, that would still be a very bad
situation (and before anyone asks, yes people use Dropbox for this[1]).

[1]
[https://www.dropbox.com/static/business/resources/getting_st...](https://www.dropbox.com/static/business/resources/getting_started_with_hipaa.pdf)

~~~
ocdtrekkie
I think the issue is that you're assuming storage providers exist that will
never get hacked, or that there's a scenario that entails your data being
stored out on the Internet and not compromised.

I think we are in a "when, not if" world for security compromise.

------
mstaoru
Stopped trusting Dropbox after they were caught mimicking OS X administrator
prompt:
[https://news.ycombinator.com/item?id=12463338](https://news.ycombinator.com/item?id=12463338)
\- no matter how much they talk about good intentions, that shows company core
values to me.

Stopped using and trusting iCloud after Apple was forced to pass it to some
shady Chinese provider in China (I live in China).

I just run a small home DIY NAS with a simple RAID 6 config for Time Machine
and phone backup.

------
zaat
Different people can mean different things when they speak of trust. What kind
of trust are you looking for and what's most important to you? You want your
data to remain highly private? available at all time? versioned forever? You
want the provider to have decent support when you need it?

If you'll define what your requirements and priorities are you it will be
easier to find the service that is best for you.

~~~
plg
I'm mainly interested in:

1\. high availability (can access it using many devices)

2\. security (it's secure against intruders)

3\. privacy (the company who hosts my data won't mine it for their purposes)

------
Rjevski
iCloud, as they mainly make their money from Apple hardware purchases.

------
caio1982
If only I could pay for a service as easy to use as Dropbox but have my
personal data managed by a company such as Apple...

------
newscracker
For the specific services listed in the post, I trust them in the order
listed, but just these — Apple iCloud and Dropbox. I don't like the idea of
Google (or anyone else) scanning my data, even though the security practices
may be good.

I store the really sensitive information encrypted using a volume (which
appears as a file when not mounted and when uploaded) created by Veracrpyt [1]
(a replacement for TrueCrypt). I use a long pass phrase to encrypt this
volume. For slightly less sensitive information, like photos, I store them on
SpiderOak.

I avoid putting sensitive information anywhere unless it's encrypted before
the upload starts (on my end). I also prefer paying for services.

I would strongly recommend using client side encryption, and checking out the
options others have mentioned.

[1]: [https://www.veracrypt.fr](https://www.veracrypt.fr)

------
herhor
I switched to Mega (safer, bigger, e2e encrypted) and never looked back.

------
bobwaycott
I don’t even trust _myself_ with my data. It’s too easy to do something
stupid. How could I possibly trust anyone more than that?

~~~
danso
No one cares more than I do that I not be horribly maimed or obliterated in a
high speed collision, but I trust certain vehicle manufacturers and airlines
more than I do their competitors.

~~~
bobwaycott
You appear to be answering a question of comparative preference, which is
neither direct to my point, nor homologous to the question asked. The trust
one places in a vehicle manufacturer or airline with one’s life is _vastly_
different from the trust one places in a for-profit corporation with one’s
data.

I’ll grant you that I initially read the Ask HN to be a question about
personal/private data, rather than what appears on subsequent reading to be a
more general kind of data storage question. Either way, it’s still a vastly
different level of trust that doesn’t approach the severity of your example
(in my mind).

------
jasonlotito
Dropbox. They are the only ones to not lose my data, randomly share my private
things to the public, or have crappy clients.

~~~
berberous
They did have that pretty terrible bug where you could log-in to anyone's
account with a blank password for a while though...

------
flixic
AFAIK, Apple is the only one storing documents encrypted (with your own keys)
at rest.

------
bo1024
Long term, personal, and/or sizeable data, like my photos: my own hard drives,
backed up every few months.

Stuff I work on daily: sync with a VPS I pay a small monthly fee for, using
version control.

~~~
needcaffeine
What would happen to your personal data if you got burgled?

~~~
bo1024
Good point. One backup is onsite, one is offsite (that one only updated every
few months).

------
blattimwind
None of the above.

------
needcaffeine
I sync my photos, iPhone backups, and documents to iCloud Drive.

My documents folder is backed up by Google Drive.

------
cvaidya1986
Exactly in that order.

------
craftyguy
None of those. I use syncthing.

------
j88439h84
Nextcloud

