What’s your opinion about saving confidential information on cloud devices such as a Google Drive, One Drive, etc? Do you think that they’re safe? For the purposes of this poll, assume that the site uses https.
I’m currently uploading a lot of my parent’s financial information to a Google drive and I’m telling myself that it’s safe. If it were to be stolen, it wouldn’t be pretty.
I sync everything across machines using iCloud, I trust that Apple know what they are doing with the encryption. And I use Crashplan for backup - likewise, they are well established and I trust that they know what they are doing - they claim that they have no way recover my data if I forget my encryption key.
But I’m not so sure about using Google Drive to store confidential data. It’s designed for sharing stuff. I’d be worried that your parents might be messing around with uploading photos to share with someone, and accidentally make their confidential files public.
I don’t trust the cloud with anything. They are under other people’s control and anything could happen at any time from any quarter. Too many ways it could be compromised.
Depends on how you conceptualize “trust”. My first-line worries would be that no, at some point in the future, I would not be able to retrieve that data. That they will have gone to pay, or changed how much it costs, or changed the storage allocation, or just plain shut down shop. Or that connectivity is interrupted on my end at a critical juncture and I can’t get to it.
Therefore nothing important ends up with its only copy being on someone else’s server.
But that’s different from worrying about confidentiality breaches. I’d be medium-worried about that if the info was unencrypted and sufficiently self-explanatory that it would be easy to exploit.
I think there’s a possibility that my cloud accounts at Google and Microsoft could be cracked as part of a wider operation. I have to weigh that against the convenience of storing or transferring files. But if the data is only there for a short while, doesn’t it reduce the risk?
I do my computer backups on an external drive I keep outside the house. Yesterday, I remembered that my last backup was from December. So I did a quick .ZIP with a password, containing stuff that’s post-December: my Quicken files, a number of files concerning my 2018 income tax returns, several banking statements and pay slips, plus some pictures of guys from DailyCuteBoy :o.
And then I uploaded it to OneDrive. Foolish, right?
But this afternoon I’ll have the external drive in my hands and put the .ZIP on it (or maybe I’ll do a full backup). And then I’ll delete the file from OneDrive. So it will have been there maybe 36 hours.
So this is how I view Google Drive, Microsoft OneDrive and maybe DropBox. But I would not have the same view if it were called Great Lotus Cloud or, well, Facebook Drive.
Both at home and work I use Google’s Backup and Sync. It’s free and I don’t have to think about it as it’s always running in the background. Having not interacted with it at all, I can go to my Google Drive and find a file I created or edited seconds ago, it’s already been backed up.
Most (all, hopefully) of my sensitive info (account numbers, passwords), have at least some security, just to keep [local] prying eyes off of them.
But there’s some herd protection as well. If someone cracked Google’s Drive servers, area they really going to get to my data? And are they really going to pry open my quicken file? And if they do and manage to extract some banking credentials, is the bank really not going to reimburse me?
I’m not saying it won’t or can’t happen, but a lot of things have to go wrong for my personal information to be breached and used. Enough that I’m not likely to spend the extra time and money manually backing up and encrypting everything to a physical, removable drive, on a regular basis.
Depending on how things play out, you’d still have the data on your personal computer, so even if your backup location became inaccessible, you could still back it up elsewhere.
But that’s not always the case. I spend close to a decade uploading pictures to photobucket. It was the main place I used to store them. Over all the time, I’d uploaded them from a multitude of devices (phones, laptops, desktops, actual DSLR cameras etc), many of which I know longer had. A few years back, they went pay to play with very little notice and a very high cost ($400 or $500 a year) . You could still look at them, but no hotlinking (not a big deal for me, but it’s why you see the broken links all over the internet) and no easy way to download them.
They were, essentially, holding them hostage. Thousands upon thousands of pictures and they only way to get them back was to download them one at a time. Luckily I eventually found a program that automated it, but it was a PITA.
If you choose a reputable company, and use 2 factor authentication, and use a unique password (i.e. one that’s not even similar to passwords you use on other sites), and use common sense precautions (e.g. know how to identify and avoid phishing), then yes, it’s safe.
If you’ve been using the same password on every web site for 5 years, and use that same password on your cloud storage site, then maybe not.
I was going to answer, but quickly realized I don’t know enough about clouds to properly respond. I’ve tried. In fact I’ve looked at clouds from both sides now, up and down and still somehow it’s cloud illusions I recall.
Other: As others have implied or stated, Google, Microsoft, or Apple aren’t going to intentionally allow other people access to data you haven’t shared, and all three companies are competent enough that while cracks/hacks might be possible, they’re not going to be common, widespread, or long-lived.
But any online service is only as secure as the authentication and credentials that guard it, and most people’s online hygiene is terrible. Nearly all the “hacks” you read about in the news about where people obtain specific people’s personal info (as opposed to database hacks that might net millions of records) aren’t provider security failures at all – they’re just a combination of people using easily obtainable information for “security questions” or (most commonly) using re-using passwords across many services. Another set of disclosures comes from people not realizing what’s shared and what isn’t (particularly photographs, it seems).
You’ll know better than us how good you are about that stuff.
This. My data being hacked is a secondary concern, & I believe that that would occur by the cloud storage being hacked rather than me being hacked personally; after all, it would be more lucrative to hack them where you then have access to many accounts rather than to nick an individual.
My primary concern is that they either go away or change terms/make it ridiculously expensive. I do the old fashioned method of backing up to an external drive on site & one that lives off site.
Also a consideration is that I am a photographer/videographer; I have terabytes of images & movies (I did > 50 GB at an event two weeks ago). To completely back up everything to the cloud I need to in one of the business/professional categories, which is much more expensive than any personal one.
Vimeo used to have unlimited free video storage; just with a cap as to how much you could upload at a given time - day/week. They changed that model to only give you so much total free storage. Given I had about 5 years of videos up there, I had about 3x the allowable limit, effectively closing that channel to me unless I paid for (the second tier of ) service.
Probably nothing on the Internet can be claimed to be “safe” with confidence, but it is awfully convenient. You’ve got to decide how much risk you’re willing to accept in exchange for that convenience, and you’ll have to do so without knowing precisely how much risk there actually is. Not long ago some rather severe vulnerabilities were discovered in https encryption. obligatory xkcd #1 and #2
As others have mentioned, for average users the bigger concerns with confidential information are probably user error of various flavors than a compromise of the hosting service’s security.
This is really what it comes down to. Identify those documents which could actually lead to problems if someone could see them, and then encrypt those files. There aren’t that many, compared to the documents like a TV warranty, etc.
Preventing unauthorized access is only one part of information security. It also needs to be reliably accessible for authorized users, and it needs to be protected against loss. On the latter point, this showed up in the news today:
Now imagine Microsoft is migrating servers for their OneDrive system, and they accidentally lose your last 12 years’ worth of family photos. Oops, sorry about that. You’d like to think Microsoft won’t ever fuck up like MySpace just did, but there’s no reason it couldn’t happen.
I recently switched my email access from POP to IMAP. The former protocol saw all my emails for the past couple of decades stored on my desktop PC hard drive, which I backed up regularly. The downside was that this didn’t leave copies of my emails on the server, so I couldn’t access old emails remotely after having downloaded them to my desktop. This was occasionally annoying, but not in a big way. Switching to IMAP kept copies of my email on the server, so now I can access old emails from anywhere in the world. But I’m not trusting Comcast to guard the only copies of my emails; I still have a copy on my hard drive, and I still back that up regularly.
Likewise with SmugMug, which I use only for sharing pics (not for storing unique copies).
For any other personal data files - Word docs, spreadsheets, etc. - I don’t lead the kind of life that necessitates instant access to that stuff 24/7. If I anticipate that a need might arise during an extended absence from home, I’ll bring a thumb drive with me. These days, portable storage is compact and cheap.
I’m more concerned about losing access to stuff I store in the cloud than I am about someone hacking it… Then again, I don’t keep unencrypted super-sensitive data stored there either. I view my cloud accounts as an easy way to sync files between otherwise difficult-to-connect computers or devices, and also as a sort of off-site backup. (I have multiple offline up-to-date backups as well… Repeated hard drive failures in the '90s taught me the importance of backing up.)