So Microsoft is peeking into private folders, and judging the contents based on political and religious values not inscribed in any law? And completely terminates all Microsoft service to anyone found wanting to obey by these fundamentalist directives?
The warning should not be "watch what you store on SkyDrive", the warning should be "stay the hell away from Microsoft".
I'm suprised how easily people swallow someone else's hearsay and then spray vomit it out as the truth.
For all we know that guy had a lot worse things than a couple of half nude pics in those 9GB of data.
Having followed a bunch of these types of stories on some other sites (webhostingtalk), 9 out of 10 times the "victim" is holding back so much details from the actual story that they might as well be lying.
And for all we know he had a picture of his newborn. Aren't you promoting the same hearsay?
I'm suprised how easily people swallow someone else's hearsay and then spray vomit it out as the truth.
and then you said:
Having followed a bunch of these types of stories on some other sites (webhostingtalk), 9 out of 10 times the "victim" is holding back so much details from the actual story that they might as well be lying.
You're contradicting yourself. You're stating hearsay (you had no direct contact with the issue of 9/10 lying people, you only heard it from webhostingtalk) and then purporting it to be true.
Regardless of whether the original author is telling the truth, it doesn't matter because that's not the point of the article. The point is that you may lose more than you know simply by being deemed a violator in the eyes of Microsoft, so it's buyer beware.
Relating to your comment: People are innocent until proven guilty in the US. If Microsoft found something that they deemed a code of conduct violation, then they can bring it up with the police or they can at least bring it up with the account owner. Maybe it was SkyDrive uploading more than he expected?
While we can't easily confirm the truth of what happened, we should be able to confirm if the quote from the SkyDrive ToS is accurate. If it is accurate, then it is worth pointing out to people.
I don't think that private file storage services should be snooping in what I'm storing. Their limitations to what I store should be limited to what's legal (they can have stricter limitations to what I share if they want), and they shouldn't be checking every file (even automatically) to see if it looks legal.
I tried to look for the ToS, but it seems that to see them I have to first get a LiveID and agree to the LiveID ToS, so I gave up at that point.
The people objecting to this on the basis of hypocrisy are making an obvious error and should know better. The population of people complaining about how they were wronged by a corporation has different characteristics than the population of skeptical comment writers.
I was unsatisfied with your company's support to the point that I cancelled services in less than a month. I recommend against doing business with rsync.
Your support engineers aren't familiar with basic UNIX backup utilities and decline to provide support services despite your advertising holding them in such high regard. From rsync's website:
"All technical support is handled by engineers that have the access, authority and expertise to solve your issue.
There are NO first level techs and no auto-responders or ticketing systems. You will always deal with a human engineer immediately.
You will receive support for all interaction you have with your rsync.net filesystem. Support is unlimited, regardless of your tool, platform or implementation."
If there's anyone using rsync who has had a different experience, feel free to speak up, but I was less than satisfied. When I saw the shameless self promotion on HN I felt compelled to give a second perspective.
That would imply that MS is unique here -- they're not. Apple's TOS for iCloud * says it scans content and may revoke service if it finds content it deems "objectionable," "obscene" or "in poor taste" (that last one cracks me up ;) ).
If I remember right -- I'm thinking back to the kerfuffle over Google Drive's and Dropbox's TOS -- the other services have similar clauses.
a. upload, download, post, email, transmit, store or otherwise make available any Content that is unlawful, harassing, threatening, harmful, tortious, defamatory, libelous, abusive, violent, obscene, vulgar, invasive of another’s privacy, hateful, racially or ethnically offensive, or otherwise objectionable;
Perhaps there is context missing but the Apple one above refers to "uploading" and "storing". Seems like it would apply to anything you put in iCloud? And since it includes the catch-all "otherwise objectionable" it would seem to make it quite open ended, almost unusable really.
Assuming Microsoft employees are ravenously pouring over your private folders seems a little short sighted: reliable skin detection is fairly easy to accomplish, which given a folder full of photos testing positive, might get a sample flagged for review. From a cost perspective, it would make sense that the sample might not have been reviewed manually until he contacted support.
It may also have been something as simple as having too many images in the folder fuzzy matching the huge DB of porn they have (Bing and Google probably have the largest collections of all kinds of porn on the planet). This is easily done using e.g. scale-invariant feature transform.
Certainly no cause for "stay the hell away from Microsoft".
The other issue is who is readily available to discuss this if it happens? How do I know my emails don't just go to someone who barely speaks the language? If my Microsoft ID was locked out that's quite a few services I wouldn't have access to.
Every service I've worked on doesn't look, because they don't want to know -- there's no business reason to know. Having this kind of knowledge about customer content is completely counter to the business goals.
An intelligent company will work to minimize disruption to the user. Affording the user privacy and turning a blind eye to this sort of thing goes a long way towards producing a usable product.
But, what if someone complains? What if this photo was public and resulted in a complaint?
Even then, the idea that an entire account should be suspended over a TOS violation is absurd. By all means remove the content. Perhaps even disallow uploads for a time, or even indefinitely. But a policy of disabling everything including unrelated services and purchased content smacks if ignorant product design and typical Microsoft hubris.
This is a great example of why their product services can't gain traction in the market.
I can easily imagine them scanning for certain filetypes, then displaying large pages of thumbnails for somebody to review. Porn would be readily discernable, and some would surely enjoy having this job.
At least in the early days Microsoft was known for having a large stash of porn on their network, and it probably wasn't just for academic purposes.
Well you should read the terms of service, and then adhere to them. Perhaps Microsoft would do well to provide in bold letters near the front that most people will find their terms intolerable and should probably not sign up for SkyDrive.
This is like a hotel manager kicking you out because you and your partner are having sex. Why? Because prostitutes have sex too, and we don't want our hotel associated with that.
There are other, more troubling things here too. Materials related to the sale of firearms and ammunition are prohibited. Firearms in various forms are completely legal to own and trade to various degrees in the United States, why are documents relating to that trade of firearms banned?
I also see that anything that incites, advocates or expresses profanity is prohibited. I would advocate that all SkyDrive users place a copy of the terms of service in their account. This should incite most people to express their opinion of Microsoft's actions by saying "Fuck you, Microsoft", and thus violating the terms of service.
Thanks for pointing out the arms/ammo ban. Didn't notice that very relevant point amid the proliferation of prohibitions. This sucks for us federally licensed collectors (FFL C&R); bizarre that storing a copy of my license on SkyDrive could cause MS to completely reject me as a customer/user. Seems a "final straw".
Instead of "place a copy...", I'd suggest rating SkyDrive "zero" and deleting it.
I agree with your analogy. I don't understand your last two sentences. I don't get how advocating users placing copies of the ToS in their accounts incites people to express their opinions with a "fuck you, MS."
The user you replied to is (humorously) suggesting that since the SkyDrive ToS are so objectionable they are quite likely to incite profanity (at least amongst the internet cognoscenti), thus itself becoming a forbidden item under its own ToS if placed in a SkyDrive. 'Twas a form of satire, ridicule intended to expose truth.
I guess I fumbled the satirical point that I was trying to make.
Most folks don't read terms of service documents. But, putting this particular terms of service document on your SkyDrive and reading it would incite many people to express their opinion of the document using profanity. (It certainly had that effect on me ;) )
The most disturbing thing here is that Microsoft are routinely looking at peoples private data to monitor it. Whether this takes the form of an automated program to flag things up, there's still going to be a human arbitrating the final decision.
I don't think that's a good analogy though. People feel peer pressure to accept the humiliation of the TSA because it is for our "safety." When it comes to long term storage of our privates, I think there will be a different attitude.
If you work or play in space owned by someone else (Google, Microsoft, Amazon, whoever) then you have to realise that they can do almost anything they want.
If this starts happening too regularly then consumers might start to rethink the benefits of cloud-based systems for running large parts of their lives.
Painting way too broad a brush stroke. Just because an idiotic corporation has no idea how to administer their cloud products doesn't mean they are all bad. I've been using dropbox for years and I've never heard of anyone anywhere having their account shut down for having a nude photo.
In fact, I know there's tons of pirated content on dropbox because when I add a pirated movie, 9 times out of 10 it get's synced immediately. That means that file exists there already and they can identify it via MD5 hash. They could have banned it based on some sort of blacklist, but they didn't.
Probably because they understand that if they did, they would piss their paying customers off. So why spend effort trying to do that?
And that's how you get into trouble. You have to assume the good actors will at some point in the future execute a bad tactic (via incompetent or even malicious employees) and act accordingly. This doesn't mean you have to avoid cloud storage services altogether. The right thing to do is encrypt all your files before uploading.
Absolutely. I don't mean to suggest that nobody should ever use cloud services.
But you should be aware that things like this happen, and that there are policies which let them happen.
Dropbox might not be interested in blocking pirated content at the moment, but this could change in the future. Their polices already say that it isn't allowed, so what would you do if all of your pirated movies just disappeared one day?
I believe Dropbox create a hash for all users' files that point to a single file hosted on Dropbox, so Dropbox save the space that would have been occupied by the - according to them - redundant files. You could say that a Dropbox repo is like a list of references to non-redundant files hosted by Dropbox.
In finding any disagreeable content, I believe the implication was that Dropbox could map it the other way around from the infracting file to a list of users with the file's hash.
I don't think Microsoft know what they doing. All cloud storage providers need a policy similar to what Microsoft have. They cannot have pirated content, child porn etc on their servers.
This rule should be strictly enforced on public folders. On private folders Microsoft shouldn't even be looking. While you should not be allowed to store "bad" content, it shouldn't be enforced on private folders unless there is some from of legal request.
I don't understand why they think it should work any different. Skydrive should be a way to back up files. You cannot back up your files if someone is snooping on them or if your account is banned for accidentally including that risky photo of your wife in the back up folder...
But fine. Whatever. Microsoft want to make their service unusable. Why are they then banning the entire live account? Suspending people from XBOX live and prohibiting them from using app purchases? If they are suspending the account the account holder needs to be refunded. Why don't they just prohibit the account from using SkyDrive?
Microsoft have been getting better recently. On this though they seem to have completely lost the plot.
I wish all cloud storage providers would prompt an "encrypt with your own key" link before you upload each file, and then do the encryption for you. Of course, then you'll have to trust them with their own encryption method. But if they are using standard encryption methods, that shouldn't be an issue, right?
In theory, they can do the encryption for you, on the client, and never send themselves the key. However, the effort required to audit a given client and verify that they are in fact doing that, doing it securely, and doing it in a way where they won't later change their minds and grab the key or whatever greatly exceeds the effort of simply handling the encryption yourself.
I understand why people call for this, but it's really a very narrow window of "security concern" where that's a valid feature.
Much better would be an open API, and an open source client, which does the encryption, preferably not even technically affiliated with the cloud provider.
Here would be my ideal scenario, but it requires changes at the OS level:
During installation, Dropbox asks the OS for an encrypted read/write view of "/home/user/Dropbox". The OS confirms this with the user. The user sets up the key/password for that encryption. Done.
If Dropbox is compelled in future to try and gain access to the unencrypted view of that same folder, it would have to ask the OS permission, and the OS would ask the user.
Dropbox could also ask for an unencrypted view on the initial installation, but the user should still be allowed to specify that the view it gets is of the encrypted versions of files only. This would be entirely transparent. Dropbox would have no idea if it's getting the full view or the encrypted view.
Well, yes, I see that issue. But also that is not as simple as MS now takes it:
- Childporn; pictures of very young children are stimulating to perverts and while there are definitely very 'wrong' pictures in this category, there are also just pictures you took of your young kids and have in your private folders ; that's not childporn UNLESS a pervert gets his hands on it. Meaning when it is private and yours, it should not be removed. It's memories of your children who naively play in the garden forgetting to put their pants on (I wish I could do that ffs) for instance. In the wrong hands dangerous, private and not shared; perfectly normal.
- Pirated movies; at least here you are allowed to backup movies you own, again if they are private, it cannot be that your account is removed for this; you HAVE the DVDs in your home and you ripped them in case of fire or when the break (and they often do after many years).
Both are crap arguments for removing accounts or even data UNLESS they are made public.
Hence it can be solved very easily ; just scan public dirs.
> All cloud storage providers need a policy similar to what Microsoft have.
No they don't. Its my data. Stay the heck out of my storage room that I pay you for every month, on time.
Its disappointing how far those companies go in playing cops and judges. They should provide service, not the letter of the law.
If cops have a good enough reason to believe you hosting child pornography, they could get a subpoena from a judge and then request Microsoft to open your vault. Otherwise we getting to the point where we don't need judges anymore -- we have bunch of creeps at Microsoft or other company deciding on what is "right" or "wrong". And this is wrong.
This is what we have to understand. Microsoft stores this digital information on servers that THEY OWN. That means that if any child pornography or defaming naked picture is found on their property, THEY are liable.
If a friend came to you and said keep this on your property but don't look in it and the police came and searched your property and found that it was a nuclear missile, I don't think you could say oh but my friend wasn't planning on sharing it with anybody.
The problem here for me is not so much that MS found an image they didn't like and then over-reacted (which I rather think they did). It's that they have obviously written tooling specifically with the purpose of finding these things, and then shutting down accounts.
That they think it's OK to routinely look at these files, where I think most consumers would have a reasonable expectation of privacy, highlights to me an extremely scary though process.
> contains or could be considered ‘junk mail’, ‘spam’, ‘chain letters’, ‘pyramid schemes’, ‘affiliate marketing’ or unsolicited commercial advertisement.
The amount of spam I used to get that was "Send this to 5 other people or bad things will happen" was amazing, and it'd be a shame if they were banning people who were storing all their email.
> depicts nudity of any sort including full or partial human nudity or nudity in non-human forms such as cartoons, fantasy art or manga.
This is baffling. I can make a guess at what nude means - "a naked human, or a human with breasts or genitals on display." But I'm lost at partial human nudity. Is a man with shoes, socks, trousers, and an unbuttoned shirt clothed, or partially nude? What about if he takes his shirt off? What if he's a slob, or if he's like the guy in the diet coke ad? What if the image is a woman in a long t-shirt (with non-visible underwear).
I understand the need for wriggle-room with these types of rules, but they need to make this a bit clearer to avoid regular photos being banned.
I don't understand why MS don't allow you to migrate your stuff out of their service. This guy appears to have lost a lot of stuff. He was a dedicated MS user - he even had a Win7 phone (now useless) - but he isn't anymore.
What is even more baffling is the bit just preceding that at the top of that section  that says:
You will not upload, post, transmit, transfer, distribute or facilitate distribution of any content (including text, images, sound, video, data, information or software) [...]
Text?! Well, that rules out backing up e-book collections there.
To be fair, I don't think Microsoft are that out of touch with reality that they truly believe nobody will use their Skydrive to back up their porn stash or, uh, erotic literature. I also doubt they will police content to that extent, and they're just doing a CYA with these over-broad terms and conditions.
As an aside: for some reason, this reminds me of a question I had to answer when filling out a UK visa application (paraphrasing) -- "Have you even been involved in any terrorist acts?"
well, I doubt there is a culture where there is no distinction between a part and the whole.
What "partial nudity" means is very arguable and _has been_ argued (e.g. many stories of services not allowing breast feeding pictures), I was just pointing out the specific differentiation between full and partial seems simple.
About children: of course I don't see anything bad with pictures of naked kids, but the service has very little chances of knowing whether those pictures of 7 years olds are your nieces' or you're in a shady business, and they are reasonable to protect themselves.
We live in a fucked up society.
Obviously, there are huge gaps between stating rules, actually enforcing them, and enforcing them in a dumb way.
I think there is a huge gap between private and shared pics; if you share you should take all kinds of cultural stuff + site rules into account, but hosting them in private folders?
If I like to take naked pictures of myself and put them in a PRIVATE, never shared folder, I really find it a huge error of MS to close down accounts for that reason. And it'll bite them if they keep doing it.
of course there is difference, but the rules are in place because if it turns out that someone on $SERVICE is are sharing login information with a network of people doing $BAD_THING you want to be able to say "he did that against our policy" not "well, we thought it was private".
Agreed ofcourse. However MS seems to enforce them lacking this; stuff is in private folders and no bad things are done. Of course you want to enforce rules; we run a big photo site ourselves and we know how that works, but we wouldn't ban people for pics in private albums. Nor do we (ever) check them.
But yes, if there is something wrong you want to have the RIGHT to remove + ban for any reason you see fit. MS is a company, they have no obligation to host your crap. Well, if you don't pay. If you do I think it's even muddier water IMHO.
Thanks for making me discover owncloud! The only sad thing is that it uses server-side encryption, which I don't trust even if I own the server :(
However, through the power and sheer awesomeness of open source, I might try to get my hands dirty at implementing client-side encryption sometime. The rest of the software looks perfect and I have a couple Linux boxes just begging to be used :)
Why should the cloud storage providers care what you store in your account, especially if it's all private? This sets a dangerous precedent. Imagine if Gmail didn't allow you to send "certain" images to someone else.
I think if they keep doing this, either Microsoft or any other cloud storage provider, it will be a huge drawback in trying to convince people to store their files in there instead of their own their own devices. This is something we'll all worried about before cloud storage services took off, and now that worry is turning into reality.
users may not:
Send, upload, distribute or disseminate or offer to do the same with respect to any unlawful, defamatory, harassing, abusive, fraudulent, infringing, obscene, or otherwise objectionable content
Thank you for pointing that out. Didn't notice that. Time to move away from gmail. It's not longer a FUD highlighting some clause saying "they can close your account". Because now they are actively closing user accounts.
This article is about Microsoft, I don't think there are examples of Google doing this. (Although there have been similar things in the past).
If you want to move away from gmail, who would you move to? I suspect that almost all services will have similar terms, so the only option would be to host your mail yourself. Even then, you probably can't use most hosting services to run the server.
There is a trade-off between wanting people to store as many types of file as possible, and not wanting to get associated with some of those files. It would not do for Microsoft to get a reputation as "the company that helps wankers store their porn". Some people would use competitors instead because they object to porn, other people (and businesses) would use competitors so as not to associate themselves with porn either.
Why does this reasoning apply to file lockers but not to e-mail? I have no idea.
Porn is associated with wanking, and wanking is stigmatised even though presumably most men have been wanking for far longer than most men have been using porn.
Porn is also associated with prostitution, which is stigmatised as well. And some men feel that although of course there is nothing wrong with the porn they watch, the porn some other men watch leads the featured actresses into prostitution.
And some men watch porn even though they feel it's morally wrong (and morally wrong things are stigmatised). They just don't have the self-control to stop themselves. (That makes them hypocrites, but most people are hypocrites one way or another.)
I get that "protect the children" is an overused slogan these days, and not just in relation to adult porn. But it's far from the whole story.
(n.b. I'm trying not to argue about what should be, I'm trying to talk about what is.)
This is why I use clients that do client side encryption. The data is encrypted on your local machine; usually compressed and then sent off to the cloud. The key is stored on your machine and there is no easy way for them to see the data you have stored. I used to use Jungledisk but switched to SpiderOak because the Linux client is much better. There really isn't much of a drawback other than you must never forget your password :) if you do you are pretty much out of luck.
I've no idea about the performance on mac, however if you haven't tried it out in the past couple of months they have really done some great updates to the clients. As far as slow with large datasets I have about 400GB (compressed down to ~300) that I am backing up, with regular additions on a daily basis. Some releases have been pretty sucky, but it keeps getting better, I would highly recommend them to anyone.
"incites, advocates, or expresses pornography, obscenity, vulgarity, profanity, hatred, bigotry, racism, or gratuitous violence. "
Wow, not only is it impermissible to upload pornography but apparently it is impermissible to talk about it too.... Nor can one express hatred of an ex or even say that there are times when hating another person or even an idea is beneficial!
Way to go Microsoft!
I HATE Neo-Nazis! Good thing I am not posting a document that says that to Skydrive!
I don't know; it seems like it might be a fringe enough usage case that it doesn't trigger peoples' outrage. Granted, people don't necessarily think of SkyDrive as a social platform, but with the frequency that embarrassing photos are uploaded to Facebook, you can imagine that there is either an ignorance or a nonchalance toward privacy among the same young people who'd use SkyDrive.
Yes, it's seriously messed up that Microsoft employees are presumably snooping around in your private SkyDrive folders, and it has the potential to really get people to migrate away. But it requires overcoming a huge barrier of apathy, and I'm not sure this has the momentum to do so.
Access doesn't mean backup. If I have a document in Google Docs only, I can access that from anywhere with an internet connection. If I'm talking about a cloud backup, I mean e.g. Dropbox where I have more than one copy.
But even then, I can't understand why people think that SERVICE X is always on.
Obviously there's a few people who know the up times and down times and make an informed choice.
But many people just assume that it will always work, and who will suffer when that service is not available.
Maybe my early experience of batch processing and unreliable utility supplies and a few experiences of dropped services has taught me, and that other people are living in a world with remarkably good up times and thus don't get the chance to learn that three nines is not six nines.
Wow, this is insane. Microsoft is shooting themselves in the foot here. Guidelines like this are a dealkiller for just about everyone. Even people who have no intention of putting questionable content on their drive will recoil on the mere idea that Microsoft is monitoring their private files.
This made me go check the terms and conditions for DropBox, and they're much better. The closest they come is saying you may not "publish or share materials that are unlawfully pornographic or indecent, or that advocate bigotry, religious, racial or ethnic hatred". That's a whole lot different to Microsoft's banning of any kind of porn, lawful or otherwise, even when it's not published or shared.
The latter clause is awfully broad and subjective. If someone put in their Dropbox account pictures of say, artifacts of the Nazi regime, would that be violating the rules? It's not at all clear that that would be advocating bigotry, religious, racial or ethnic hatred on the part of the user themselves, but it clearly was related to historical political movements which did so.
One obvious way to handle this on private folders is client side encryption. Companies need to be protected, and users need privacy. This seems win-win. If an agency need to look in private folder, they must go through user - and that would at least have legal recourse.
There is, actually, a loss to the provider. Every person's version of pirated movie X will be unique, which means the provider has to pay for more storage space than they would without encryption. (since without encryption they could compute a hash of the file and point to it on their servers)
When it comes to Microsoft, I always wonder whether it's just incompetence or a very clever attempt to discredit the whole cloud idea that threatens their cash cows (that are based on the rather outdated concept of local software and data).
BTW, this is the creepiest "GMail Man" variant ever.
The really interesting angle to this is that (apparently) Windows 8 and the next version of office are going to default to storing a lot of stuff in Skydrive. So unless you actively try to store stuff locally it is going up to the cloud. It will be very interesting to watch what happens as a tidal wave of (intended to be) private porn hits Skydrive and consumers get their accounts banned en masse.
Like others, I think MS is in a dead end street here. There is stuff that they just can't allow - harboring child porn is illegal regardless of whether you're storing it for someone else, etc. But if they don't default content into Skydrive then hardly anybody will use it and people will keep assuming Google Docs and other cloud services are just "better" for collaboration. The only way out is client side encryption, but that disables many server side functions (eg: search) and gets god-awful complex for sharing between parties.
This is why I prefer services to be with different providers. Having storage with dropbox, mail with gmail, phone with Apple etc. etc. means one service dying won't kill your entire online persona. While if you use G-drive, gmail, android phone, Google everything like they want you're basically screwed if you violate the TOS of any service.
This is especially bad when you lose money. As stated in the article, he lost apps that he had bought and paid for! This is a very gray area, and the fact that a software company can put arbitrary rules for one of its services that affect your assets in another domain, assets you paid for, is possible illegal.
Think about what happened if you went to Wal-Mart and purchased clothes and other items there. Then, two years later, you cause an incident at Wal-Mart and you are banned from their store. Does that give Wal-Mart the right to come to your house and burn everything you previously bought at their store???
Reminds me of the people who lose access to Gmail, because they violate some completely arbitrary rule on Google+.
I can't believe companies do so much to deter people from their cloud services. That'd be like Apple shutting down the iTunes and iCloud of a developer, who hacked around in iOS. I hope that has yet to happen.
I read the Dutch thread on Tweakers.net related to the suspesion of WingsOfFury. This was done because of a favorites folder which contained links to inappropriate material. So, in effect, making a backup of your links can lead to a blockage/suspension?!?!?!
My wife's pregnant, I'm taking lots of 'Whoa, look at that belly' pictures, which are automatically synced with my Dropbox account. Nudity everywhere. ;-)
I expect I'm having nude pictures of my son in about a month and a half.
Ignoring that I just made fun of all these 'nude is evil' rules: Why should Dropbox look at my data, at all? If I ever get a confirmation that they so much as access it for purposes other than backing it up/restoring it or on my direct request (through the client apps/web ui or whatever) I'm going to leave them for good. They provide storage, not more. And storage attributes (bytes stored) is all they should care about.
"Don’t publish sexually explicit images or videos, such as those with nudity or graphic sex acts. Writing about adult topics is permitted as long as they aren't accompanied by sexually explicit images or videos, or any material that promotes or depicts unlawful or inappropriate sexual acts with children or animals. Additionally, we don't allow content that drives traffic to commercial pornography."
"You agree not to misuse the Dropbox services. For example, you must not, and must not attempt to, use the services to do the following things....publish or share materials that are unlawfully pornographic or indecent, or that advocate bigotry, religious, racial or ethnic hatred;"
Well publish is a totally different thing, i have no problem with that as long private shares are excluded. I am not thrilled to publish my Porn Folder to the public anyway (and yeah, i admit i have one).
Interesting would be if they scan anything unpublished.
This prohibits publishing "Violence", "Hate speech" and "Sexually explicit material", amongst other things.
I'd guess it was written with more public publishing in mind, so it's not clear whether it's intended to include purely personal content on Google Drive.
I'm not surprised at all. If I recall correctly, there was a link posted a while back about someone breaking some condition in the Google TOS, and thus being locked out of their Google Account, and therefore all their email, documents, and so on.
And that's why I'm trying to make sure I don't become too dependent on any one "cloud" ecosystem.
Since SkyDrive no longer has a restricted list of filetypes allowed for upload. How hard would it be to only upload encrypted files?
A neat solution would be a client side utility that encrypts local files (or entire folders/tarballs) with gpg, generates checksums, splits them into 2048KB or 1024KB chunks and uploads those to SkyDrive. The downside is that there would have to be some sort of management/database locally (and on every machine you wanted to download the files to) that would keep track of which chunks make up which file and rebuilds everything when you download them.
I've actually had this happen to me a few months ago; I tried to sign in and my account was locked due to some private pictures I had stored. I decided to just wait out the the "grace period" they gave me. When I checked back a few weeks later, my account was left unchanged. I hadn't even contacted support, so I'm curious as to why my situation was any different. As far as I can tell, all charges were dropped.
Sorry, why are people falling for the cloud? The whole thing is absurd. We had all our data nice and safe, we could make it accessible across the net, and it was complete in our control. Then some one came up with a new trendy way of ruining all that. Now, for some reason I am yet to understand, we give control of our data, data being the most precious thing in IT since you cant go out and buy a replacement, to bible bashing, moralistic, judgemental, board meetings in big corporations.
This is the biggest kings new clothes situation since Satan knows when.
Guys, you know how this works. Stop marching in towards the edge of the cliff. Its is no use bleating on and on about privacy etc, when almost every one is buying in the the cloud regime. When the hell did these companies ever respect your privacy and right to your own morality. You know they don't. Yet ever single time this sort of issues crops up there is almost utter surprise. Its like watching a woman being beaten up for the 100th time by her psycho husband.
Please, the king has no clothes. None. Secure you own data your way.
You mean the Cloud is not the panacea for online life that everyone acts like it is? You mean there's a reason you may not want to ditch having your own storage hardware in favor of "all cloud all the time." huh.
Seriously, why would anyone use this service. No profanity?
Trusting Microsoft with cloud storage is akin to using Hotmail for email. It's unthinkable for anyone with technical knowledge, but often the only option that non-techies are aware of. The best we can do is educate others to use something sensible.
Ideally, client side encryption might be a good solution for this. From what I've seen, there isn't a public API to work with skydive. Even some open-source efforts are mostly outdated by now. Maybe that could be something worth looking?
Damn, I've been using SkyDrive to store OneNote notebooks for easy sharing and editing. Never thought they actually check private folders - yet another reason to never store any sensitive or important information in the cloud...
You could also use dropbox,where the dropbox folder is only writen to by a script that encrypts the data. I have a dropbox folder where I put the files I want to store, then every night, I have a script that automaticly encrypts the files that were added/changed and puts that in an a dropbox.enc folder that gets synced with the server.
If someone were to make this into an actual product, it sould be relatively simple to make the encryption happen as soon as a file changes and avoid the latency.
I firmly recommend Tarsnap. Even though it's paid, it's fairly cheap (at least by European/US standards) since you only pay exactly what you use, the client application is open source and it's a one-man-show by Dr. Colin Percival, cperciva here on Hacker News: http://news.ycombinator.com/user?id=cperciva
It's not for everyone, though:
At the present time, Tarsnap does not support Windows
(except via Cygwin) and does not have a graphical user
I'm starting to suspect that the people who keep recommending TrueCrypt for day-to-day usage on Dropbox fall into the camp of "Do as I say, not as I do." Because if they are actually using TC the way they suggest, they might as well use FTP.
First, I created a small 64 MB TrueCrypt partition. I then mounted the partition in TC. I noticed immediately that the tc file has an exclusive lock, so any changes in your TC partition will never be synced until the partition is unmounted! If your use case is to mount your partition immediately upon login, work for the day, and then shutdown, Dropbox will never have an opportunity to sync your partition.
My next test was to mount the TC partition simultaneously (Desktop and Laptop). Then I run into conflicts, as another posted mentioned. Because of the exclusive file lock, if you mount simultaneously on two machines, you will start getting duplicate -conflict files when unmounting either of the partitions, since the other is still locked. It's not immediately clear from examination which TC partition is actually the most recent one. And may Gods have mercy on you if at any time you edit both partitions before they sync.
Even if you're willing to live with these annoyances, there is now the trade-off of which partition size to create. Too large of a partition and syncing can take a long time, even if you make minimal file changes (because of chaining, there is not a 1 bit -> 1 bit change in TC partitions). Too small of a partition, and you'll have to keep resizing it or creating new ones. What a hassle.
The only use case which seems to work well for me, is for minimally modified files, like for annual tax returns. Here, a TrueCrypt container makes sense and works quite well because the partition is basically read-only and unlikely to be simultaneously or even regularly mounted.
So for those people who keep suggesting TrueCrypt, I'm curious, do you actually use it, and if so, how? The suggestions for file-level encryption (encfs) appear to be much more sane.
Rent a fracking server and be done with all these third parties. I'm sure that there's a simple, OSS web based file explorer for when you need to browse the files in Firefox. SSHFS will let you mount the drive as if it was native. The cloud is massively overrated for stuff like this.
The advantage of EncFS is that it's not a huge binary blob, instead you transparently store files with garbled names and garbled contents, but an otherwise untouched directory structure. I'm not sure if TrueCrypt can do that too.
1. all encryption/decryption is done in JS. BouncyCastle java source code is used (slightly tweaked for performance) - it is compiled into JS using Google's GWT compiler.
2. flash is only used for triggering file save dialog, similarly to downloadify, in browsers that do not support HTML5 alternatives. In Chrome, which supports <a download>, flash is not used (100% JS/HTML5)
3. problems mentioned in the post you referenced can be generalized into two groups: (a) hijacking the server to serve "trojaned code", and (b) inherent JS limitations such as the absence of proper PRNG.
Concern (a) is valid. However, most client systems have auto-updating software products installed, with auto-updating enabled (browsers auto-update themselves; anti-viruses and OSes do the same, etc. - the Flame worm was using Windows Update to sneak in, I think). It is a universal issue in the modern "connected" world, and most users have to live with this threat if they want to use the Internet in any meaningful way; I can't imagine a person eyeballing the source of every patch they compile/apply on their system.
Concern (b) is not really valid now, IMHO. As mentioned above, it is possible to use a solid open-source crypto library either directly (e.g. Stanford Crypto JS library) or compile one into JS, to use proper PRNG, etc. With proper testing (standard/published test vectors; cross-platform tests - encrypt in JS and decrypt in java, etc.) it is possible to make good crypto in JS. And things like side-vector attacks do not look relevant here, as the attacking code needs to run on the client, which means the client has been compromised already.
Thanks for replying. Excellent choice on BouncyCastle and it never occurred to me the clever compilation to JS using GWT. With that said, why not use the OpenPGP (RFC 4880) support instead of PKCS#1?