I currently don’t use any kind of web services that require the use of “The Cloud”, but I’m curious about a certain aspect of it. What kind of privacy do you have when you’re storing your data in the cloud? Is it just hanging out there in your web service provider’s servers, mingling with everyone else’s data? Does it have it’s own little “locked” compartment on the server that only you can access?
TIA, don’t need answer fast. 
You don’t know until it’s too late. That’s the problem with the cloud, really: All it means is “We’ve outsourced this function to a company we communicate with over the Internet.”
If you’re not paying for it, don’t rely on it. If you are paying for it, don’t rely on it unless you’re willing and able to sue, and a lawsuit settlement is actually going to make it all better in your eyes.
Jason Scott, of Archive Team fame, has a piquant little piece called FUCK THE CLOUD which lays it all out for you.
The directory structure/server configuration will be different depending on the host.
The scary thing, at least in my mind, is the legal issues involved. My company recently moved to some cloud services. I pointed out at that time a troubling legal issue. Recently there was a court decision where the government (FBI, iirc) served a warrant for some files that were stored in a cloud storage companies servers. The government took a bunch of drives that had data from customers of the cloud storage company that were not named in the warrant. The court ruled that the government had the right to check all the data.
In other words it gave the government the right to all of the data, even if the data did not belong to the company/person named in the warrant.
That is a bit troubling, at least to me. I also believe that the court ruled that the customers who lost data, but were not named in the warrant, and presumably not guilty of any criem, could not recover their data.
I assume that the rules will be worked out in due time. But right now I do not trust cloud services with any valuable data.
I will hunt up a cite tomorrow. I originally found the story on Slashdot.org.
Eric
Hey, whatcha worried about? Look who’s involved… the FBI, the court system, judges…
They’re all good people, right? [/sarcasm]
Seriously…
You are absolutely right with what you said, but you also missed out on an even bigger danger: if you use the cloud, you don’t even know in what country your data is being held.
In the above post, at least the people involved had access to the American legal system. But in the cloud,your data could be stored in India, in China or in Nigeria.
I use dropbox to host [?] excel files for my EVE Online corp, and some pictures that I want to also share. Dropbox is only on my ancient laptop. I don’t have anything on that machine that I don’t mind being out in the public eye. It has no passwords, nor anything other than open office, firefox and the basic stuff that it came loaded with from the factory. It is sort of the computer version of a burn phone. I do not trust dropbox to keep anything private, call me paranoid but I have always thought the idea of cloud storage as seriously insecure.
I am also the one who introduced dropbox to my corp. I found google documents absurd that you couldn’t save them to your own computer to manipulate offline [or at least when I first got sent a link to a spreadsheet that one of the guys in our corp was using]
First of all, if you think that not using web services that require the “Cloud” means that your information is not out there, you are almost certainly mistaken. Your most important information is not your photo or video collection, inappropriate though it may be, it is the information that you give all the companies with whom you do business. As time goes by, they will all be doing business there. While it is true that security remains an issue in cloud based computing, it is also true that security remains an issue in non cloud based computing (where all the servers, storage and applications are owned and maintained by the company).
What is going to happen shortly is that the security issues will be somewhat ameliorated (they will never be solved) and the difference in price between maintaining all that hardware and software in house and going to the cloud will force many companies to make that transition. Keep in mind that most companies do not consider themselves to be in the computing business, yet they spend hundreds of millions of dollars a year maintaining those departments (some of them good at what they do, many of them just terrible). They will jump at the chance to jettison that aspect of their business.
They will continue to keep a hand in creating some key applications because they believe that those applications give them a competitive edge, but those applications themselves will run in the cloud.
I think it’s a mistake to think “the cloud” has any kind of unified security or privacy measures. It’s like asking if “the web” has privacy protections - each web site has its own policies.
For example, I use SpiderOak for online cloud backup. One of their promises is that the encrypted data cannot be opened by anyone who does not have the password, and that they don’t have it. So employees, government agencies, etc. cannot see what I’ve backed up. That’s a level of security that services like Carbonite and DropBox don’t offer. Since I store a lot of customer financial data there, I consider any extra security a priority.
Now, yes, I am admittedly trusting that they follow their own policies. In that sense, the cloud is like every other part of life - you try to stay informed and take the most reasonable bets you can.
I think you need to be more specific.
On the one hand, if you’re a (direct) customer of Amazon’s AWS cloud, you have extremely good control of privacy and they’re obsessive about data separation. (Even the list of data center names is randomized-- so one client’s “zone A” is another client’s “zone D”.)
On the other hand, you have services like Flickr who erroneously made private photos public for a full 20 days before fixing the issue.
Those two services are both considered “the cloud”.
The cloud is like a valet service: “Here, take my car/file, and bring it back to me when I ask for it.”
You only have reputation, word of mouth, and your own common sense to know if they go park your car on the steet (beside the fire hydrant) or in a secure locked facility; do they leave the keys in the car or lock them in a guarded room? And so on.
Not only - is your data stored overseas or in the USA, but is that allowed? Some countries (USA?) have laws that prevent you from taking your key data, like company ledgers, and stashing them beyond the access of law enforcement warrants. Not to mention, the whole “force to reveal passwords” issue when your files suddenly become encrypted files.
Later it occurs to me to mention Ferris Beuller in conjunction with valet parking… 
Your in-cloud privacy depends on the diligence of service providers.
You have ABSOLUTELY NO PRIVACY
ANYWHERE.
When will people realize that? In addition to the risk of your data being on a drive which is seized for whatever reasons, all any security does is make the bad guy’s job more difficult. Putting your critical data on a device I can put in my pocket goes a long way toward making my job easier - now I just need to find that drive. At least you have a locked door.
Now you want to put it on a disk that also holds MY OWN data? Thank you thank you thank you. Now all I need to do is tweak the disk catalog so my pointers are the same as your pointers.
Now I don’t even need a key.
I knew a SVP at Wells Fargo who lost a ton of high-end customer data. WFB is very good at what is called cross-selling - getting existing customers to buy more products - you might open a checking account. 10 years later, you are likely to have bought a CD, maybe an IRA.
They hired a consulting firm to analyze their customer data and recommend products to pitch to them.
This was a one-man operation with an office on the second story over a retail operation. The data was on his laptop which he left in this highly-secured office overnight. One morning he found the door had been jimmied.
The cloud makes that theft look absolutely labor-intensive
In the old days, data was in fortresses. Then we put it on little drives in closets. then on laptops, then tablets, now on USB sticks.
You many of you have a little file on you phone with all your account ID/passwords?
Some day something is going to happen to make people realize that there really are bad guys out there and some of them are downright clever about finding sensitive data.
1980 Worst case - 3270 terminal connected via VTAM to mainframe. Beside terminal is user manual with ID and password written on title page.
1990 Worst Case - account data and applications on a server in the utility closet the janitorial staff still uses.
2000 - critical data now on boss’s laptop. Why? because she says so.
2010 - Keys to everything on a phone.
2020 - data is somewhere in the ether - even the security people don’t really know where it is. And p.s. - it may be on a separate drive, but what all is on that backup tape that was just cut? - if I can force a restore, god knows what all is going to be brought up or where - if I know how that center works, I can well guess where that backup will be loaded and grab it while operations is sorting out the catalog.
I too would assume NO privacy. Your data is sitting on one or more hard drives in one or more places that are accessible by an unknown number of people. Comforting?
Use the cloud for mundane stuff that you wouldn’t care if anyone saw. Otherwise keep confidential/sensitive information close to you and preferably not attached to the Internet if you want to be really secure.
There’s a happy medium somewhere. The cloud is convenient, maybe exchange family photos or whatnot, if someone else sees them it’s not your first choice but not the end of the world either.
Everything on the internet is public, whether you want it to be or not. If YOU encrypted it, and ONLY YOU have the decryption key, I suppose you could consider it private. However, there’s nothing but reputation to ensure that data is safe. So you’ll have to back up anything important locally anyway. “The cloud” can be a useful part of your backup strategy, but in no case should you rely on it exclusively.
By the way, “the cloud” is a lot more than just online data storage. If you have a virtual server on Amazon’s EC2, I suppose that’s as “private” as any other machine connected to the internet that you don’t have physical access to. I.e., as secure as your configuration and the password you secure it with. Never underestimate hackers.