I offboarded myself from all of Google's services a while ago, but I also think "cloud" is dead, at least in the cases where the cloud service holds the encryption keys on my behalf. I don't trust, and never will trust, any company to hold on to my data without either selling it to a third party or accidentally leaking it.
The only question is, is your cloud provider less likely to make mistakes with your data than you are?
For most people, the answer is going to be orders of magnitude less likely.
No, the second question, which is a multiplier of the first, is how catastrophic the mistakes can be. Google _can_ accidentally do much worse things with your data, but it probably much less likely to make mistakes with it in the first place.
If the cloud provider screws up, then the worst case is that my video goes viral and lives on the internet forever.
It isn't hard to imagine some troll finding he got some embarrassing video via takeout and putting it up on reddit for everyone to see.
So this is not a differentiator between storing your own data in the cloud and locally.
Most people don’t want to lose their stuff because they forget a password. That’s why unencrypted data and password resets are a thing.
What we as tech people should be doing is educating and helping those people. Set your family up with a NAS for local backup and have it mirror to, say, Backblaze. Set your parents/grandparents up with a password manager. Etc.
- If you share something, you need a way to share the key
- Things like a truecrypt drive work poorly with file sync clients
I'm trying hard to invalidate this with PhotoStructure. My goal is to be installable and usable by even my least-computer-savvy family members.
Although there are desktop installers, users can move their library to a NAS, rPI, oDroid, NUC or a VM in the cloud--anything that can host 64-bit docker images--but only if they want to. Everything in your library works cross-platform because I didn't want to be tied down to any OS or hardware.
PS: There's an image that can't be loaded on the confirmation page when registering for email updates.
PhotoStructure imports files that are available to the device that it runs on: local files and anything mounted via a network filesystem (like AFS, NFS, or SMB/CIFS).
I use SyncThing or Resilio Sync to send my phone's photos and videos to my NAS. When I'm on vacation with limited bandwidth, I add a sync node on my laptop (which is connected to the hotel WiFi), so my phone syncs quickly to my laptop next to me, and then through the course of the day, the laptop syncs back home.
Although it's certainly more convenient to have everything wrapped into one app, I think there's an appeal to being able to choose the tool that works for you. (In other words: it's much less code I have to write and maintain--writing battery-efficient, stable background jobs on both iOS and Android are a PITA!)
> There's an image that can't be loaded on the confirmation page
Are you using ublock origin or a pihole? Those block most images coming from mailchimp.
I'm currently running both syncthing and Google Photos to store my photos. syncthing is great once it works, but it is definitely not something I would expect a family member to be able to set up.
In any case I'm very much looking forward to see where PhotoStructure is going. I've set up a reminder to give it a try.
I'll be sending out instructions to my next wave of beta users soon.
This is a very black and white way of looking at trust. Trust is earned, it can be broken, it can be rebuilt. All human relationships are built upon trust, and it is fallible just like anything else. To have trust is to create vulnerability. However, just as you mention, that vulnerability comes with an upside.
What you are saying is: because there is vulnerability in trust, you should trust no one.
Relationships with corporations are not the same as human relationships. Being open with other humans is part of the human experience.
Being open with special legal entities that we have fabricated as societies for economic gain is justifiably questionable.
Mine is just my last name @gmail.com. It is a rather uncommon name, and I've met many others with that name, as I've accidentally received email intended for them.
I'm in the same boat. And uncommon, but not rare. I've gotten emails intended for my brother. One time, I got a collector emailing about something with a rental car crash that I previously got confirmation email for. Recently, a Dutch woman discovered email and think she has my email address. It's amazing how many websites don't verify email addresses.
The potential impact of a large company screwing up is massive. The risk is lower.
I would assert that the probability of an individual overexposing their own data in any one year period is probably close to 75%.
In my neighborhood, 5-6 cars are broken into every week, because the owners don’t lock the doors. If a process that simple isn’t handled well, folks aren’t handling more complex/abstract processes.
Click the 'not now' button when your browser or OS pops up asking you to install a patch.
Download pirated software that is infected with other malware.
Visit dodgy websites in an overly permissive browser in order to stream some media without spending money.
(Most people, myself included, are guilty of at least one, if not more, of the above)
Same. Part of it is just incorrectly addressed emails sent to my primary address. The other flood of emails I receive is on a domain where I've got a catch-all, and I regularly receive emails intended for recipients on a similar domain.
Is your email something like email@example.com?
I also got a lot of email for a high school reunion where the school was named after someone who shares my name... And people routinely left off the numbers in the email address, ending up with mine.
The rest of the not-mine emails all look like phishing attempts to me, and not just mistakes made by some office worker.
I have an iPhone but I don't use iCloud's backup or sync feature either, I just store my photos locally. I backup my iPhone to my iMac, and I backup my iMac to my Synology NAS in my closet. I try to keep my private data private.
Edit: I want Photos app to have this feature. Other apps can do it on iOS but they have to play location services shenanigans to get it to work in the background and I don't do that. The Photos app has special abilities.
Once a while if I have to share any photos with some friends I send them an iCloud link and then remove the photos once they have either downloaded or seen.
I know there's a risk of losing the data if I forget/misplace the key(s) and my hard disk dies (at the same time) but then I could forget my Google credentials too, or worse still (with a higher probability) I could get locked out of my Google A/c and I don't know any Googler, neither do I have too many Twitter followers.
It's been worth it and once setup it's been running smoothly for over a year (across 2 laptop changes/data migration).
Our business, on the other hand, works closely with government agencies, insurance companies and similar institutions, and the cloud is an absolute no-go. All sensitive data on-premise on the intranet. No need for change.
I believe many people are not aware yet, that things in the cloud cannot be controlled, or they consciously accepted that. Many companies won't take this risk.
I surely hope you are not in charge of any consumer-facing cloud storage products.
I would love to see Nextcloud create a "time machine" type box, where it runs both as your router and as a "home cloud" service. That way it would be much easier to configure it as a public facing service.
Don't get me wrong, I still use NextCloud, but you can only access my instance through a VPN (or by being on my home network where my server runs). I would suggest that everyone else does the same if you're hosting your own data.
I have been using it for 4 years, and I recall one in the past year, but Nextcloud was loud and clear on making sure you had to upgrade. It was even nicer with auto updating on Debian, I didn't have to do anything to get my server patched (I just went in to confirm it was patched).
However it's hardly unheard of for PHP to have RCEs. Usually the RCEs are in programs written in PHP, but PHP itself is hardly blameless. For comparison, Python has had 5-10 code execution CVEs in the past 10 years.
And again, I'm not bashing PHP or NextCloud here. I would probably also firewall NextCloud if it was written in Python. The only thing protecting your data from being public is a single service that you are running and gated by a basic login form -- I personally feel much safer with it behind a WireGuard VPN.
The usual argument is that Google is less likely to make mistakes than the average Joe managing his own infrastructure.
Which isn't to say that you shouldn't use it, just that you are exposing yourself to different risks, and you should take steps to mitigate those risks. Primarily by duplicating your data other places.
It was the push I needed to set up a Mailinabox instance. It was a breeze to install and has been working great since I spun it up four months ago.
I am not Australian/located in Australia so I would have about as much recourse with fastmail as I would with google (ie. none).
Noticed on October 4th. I'd noticed some emails weren't turning up in searches but I chalked it up to my bad memory until there was one I knew for a fact should have been there. It was Oct 22nd by the time we got to any sort of conclusion, which was basically "there's nothing we can do for stuff that far back but I'll try to restore any recently deleted emails we can find". Getting details/logs/info from their support, even after they escalated to a higher level, was like pulling teeth.
They restored a bunch of things I'd actually deleted but they were all stuck in Draft mode, took till Oct 31st for them to sort-of fix that mess.
I set up the Mailinabox somewhere in that period. I still have my fastmail account because I wanted some overlap to test the MIAB before committing, and I'm getting ready to fully pull the plug before my next billing cycle.
It was a good lesson in setting up regular backups and not trusting any provider. I found Fastmail great to use until that experience, and I could see them being useful as a relay to send through trusted servers, but not worth my money to deal with the terrible support.
It really doesn't need much, and the guide is very complete. Took me a Thursday evening plus some waiting for DNS propagation.
Not blocked by anyone as it's a legit provider. Have been using it for years with my own domain.
> Google has been sending emails to affected Takeout users. In the email, which was first spotted by 9to5Google, Google writes, "Some videos in Google Photos were incorrectly exported to unrelated user's archives. One or more videos in your Google Photos account was affected by this issue. If you downloaded your data, it may be incomplete, and it may contain videos that are not yours."
> While this message is directed to Google Takeout users who tried to download their own data and accidentally got someone else's, we've yet to see a message directed to the "unrelated users" whose videos ended up in the archive. We've asked Google if it plans to notify users who have had their private videos exposed, and we'll update this article if the company responds.
For that matter, software itself is full of surprising and undefined behavior, so it really shouldn't be a surprise that large corporations sometimes have "simple" mistakes that appear really big. That is just software in motion.
I strongly suspect there were more problems in the system than just toLower(), or else the system was hosting significantly more than a quadrillion images. Your mention of "or just incrementing" sounds much closer to the mark.
1: I interviewed a HORRIBLE candidate and told my boss in no uncertain terms not to hire the bozo. Then, I look at my colleagues and explain how poorly the interview went.
2: I go away for two weeks to have surgery
3: I come back and learn that we're hiring the bozo
4: My boss asks me to do some pair programming with the bozo, and he doesn't understand some very basic concepts
5: I hear the bozo is debugging webservice code in production
6: We had a data leak from one of the bozo's bugs
From what I remember, it was a very dumb bug based on clear misunderstanding of fundamentals.
For all I know, your videos might be in a zip file on my external HDD I use for backups, and I'll never know unless I need to restore data after some disaster and that's the latest takeout that I have.
I would prefer using a simple S3 backend. It seems that finding a reliable photo sync'ing app for iOS (outside of Google Photos or Dropbox) is difficult.
I've been manually using Image Capture and uploading to S3 but that's quite inefficient. Thanks!
It came preinstalled with my instance of mail-in-a-box (https://mailinabox.email/), which is an easy way of hosting your own email. With my self-hosted instance of mailinabox and LineageOS my phone is completely google-free. :)
Edit: And it has a decent iOS sync client as far as I know.
I'll be moving backups there. Maybe I can run a weekly / monthly rclone to sync Mega to S3 to have some redundancy.
Seems like something similar. Ie, someone else's weird crap was used by my account's Assitant to make a compilation/summary.
Also, very curious to learn more of the technical details down the road?
This is a catastrophic issue and it's terrible Google have sat on this for so long.
https://news.ycombinator.com/item?id=22231922 Reviving Sandstorm (sandstorm.io)