Love the cloud, the marketing goes. It’s here, it’s there, it’s everywhere, and better yet, it’s nice and familiar; your own little personal cloud is chock-full of your own little personal files and all the magic takes place behind the scenes — adding files to your online storage account is as easy as adding files to your documents folder. Whoever said “You can’t take it with you” never had a 25GB SkyDrive locker.
The cloud is wonderful. The cloud is everywhere. The cumulative cloud knows everything about you. But over the past few weeks storms have rolled in and left plenty of people wondering: is the cloud all it’s cracked up to be?
Trouble in paradise
The dark clouds started brewing at the end of July, when several Dropbox users began receiving spam after spammers were able to gain access to their accounts, partially because many users repeated the same username/password combination at multiple websites. When another site’s login credentials were stolen, the information was used to access the Dropbox accounts.
Things came to a head this past weekend, when baddies leveraged overlapping vulnerabilities in Apple and Amazon’s security authentication schemes to seize control of current Wired and former Gizmodo journalist Mat Honan’s personal cloud. They gained access to Honan’s Amazon, Google and iCloud accounts, then proceeded to remotely wipe his iPhone, iPad and Macbook using Apple’s “Find my <insert device here>” feature. The hackers also screwed around with Honan and Gizmodo’s Twitter accounts.
In the midst of all this, Apple founder Steve Wozniak piped up with his own ill tidings. “I really worry about everything going to the cloud,” he said during an audience Q&A following a performance of Mike Daisey’s “The Agony And The Ecstasy Of Steve Jobs” earlier this week. “I think it’s going to be horrendous. I think there are going to be a lot of horrible problems in the next five years.”
What, was he hacked too? Nope — he’s just worried about the potential implications of moving all of your data off of your PC and into the servers of giant mega-corps. “A lot of people feel, ‘Oh, everything is really on my computer,’ but I say the more we transfer everything onto the web, onto the cloud, the less we’re going to have control over it,” Woz said.
The problem isn’t with the cloud, it’s with YOU
It’s all worrying stuff, especially once you consider that Microsoft has deeply hooked online-enabled Microsoft Accounts and its SkyDrive service into the guts of Windows 8. But should the recent woes scare you off from the cloud?
The cloud is just as wonderful today as it was yesterday, or a few weeks ago. The problem is, cloud technology has advanced to the point where it’s too comfortable and easy to use. People have forgotten the dangers inherent in storing all your prized possessions on someone else’s servers, especially in these Lulz-filled days.
Lax security procedures by company personnel had a hand in both the Dropbox and Honan hacks, but they were exacerbated by even more lax behavior by the end users themselves. Simply put, if you’re going to be using remote services for sensitive things, you need to step up your security, as tedious and boring as that might be. If Honan and the Dropbox users took better steps to secure their data, the damage could have been significantly mitigated.
Using the same login credentials at multiple “critical” websites? It’s common, but nevertheless ludicrous. Invest some time setting up a password manager and creating strong codes. Password managers aren’t foolproof, but they beat using “p*assword” for your banking, WordPress and Digital Trends accounts alike. Likewise, two-factor authentication is a pain in the ass, but much less so if you have a smartphone on your hip. Oh, and the security questions that ask for the name of your mother or pet? Here’s a protip: don’t actually use the name of your mother or pet.
And if your data is really, truly important, there’s no excuse for not creating a local backup on a DVD, external hard drive or secondary computer. Honan lost a year’s worth of data when the hackers wiped his Mac — including all the pictures he had of his newborn daughter.
What about Woz?
Steve Wozniak raises a much deeper question: are we getting too complacent with our data in these days of cloud storage? Sure, the hot new service offers unlimited free storage, but what are they doing with your data when you upload it to their servers?
So far, the answer has been pretty straightforward. Early fears about Google Drive’s privacy appear to be misguided; cloud storage lockers all promise that what’s yours is yours and what’s theirs is a license to use the data only in ways needed to provide the service itself. So far, so good — unless the Terms of Service change suddenly, of course. (You remember the clause in the ToS that said it could change at any time, don’t you?)
As our own Andrew Couts laid out earlier this year, what cloud storage services don’t offer is a guarantee for your data’s safety. If a glitch wipes out your research paper or wedding photos, you’re out of luck, plain and simple. (That’s why you want to back up your data locally!) It’s the same song if hackers get ahold of your account and use your personal information to trash your life as hard as they trashed Honan’s.
If you store any information that’s even remotely sensitive in a cloud locker, the only way around the potential privacy issues is encrypting your data before you upload it. That way, not even the cloud service itself can decipher your information. The free and open source TrueCrypt is my go-to encryption tool, but there are other options available, such as BoxCryptor, a multiplatform tool designed specifically for encrypting files plunked into your cloud service of choice.
Woz’s other implication — that we’re actually losing sight of owning data thanks to the glut of all-you-can-eat streaming subscription services — may be accurate, but whether or not it’s a worry is up to you. Personally, I’m fine with spending $18 a month to “rent” gajillions of songs, movies and TV shows from Spotify and Netflix. I fill in the blanks with digital music downloads and DVDs/Blu-rays of the titles that aren’t available on my chosen streaming services, creating a hybrid rent/own media library.
I’m still a Sky Captain
“For the first time, it’s becoming possible for us to use Web and Internet services for almost all of our needs,” my colleague Jeffrey Van Camp said in April, in the wake of Google Drive and the approach of CISPA. “This is fantastic, but our added connections and use of the Net now looks a lot like a honeypot to entrenched entertainment companies who don’t want their business models to change and our government, which is now finding it so easy to access so much more information than it ever dreamed possible just a decade or two ago.” I’m going to add hackers and disgruntled employees of the cloud services to the list of potential no-goodniks.
Jeffrey suggested keeping important files off the ‘Net and giving cloud services the hairy eye. I agree wholeheartedly with the second part, but I’m not so in-step with the first part. Between Google Docs, SkyDrive, Netflix, Hulu Plus, SkyDrive, Skype and Dropbox, I live a large part of my life in the cloud, and now that I’ve experienced the cloud’s go-anywhere freedom, I wouldn’t have it any other way.
Fortunately, I don’t need to. As frightening as the recent woes are, nothing has changed. The cloud is wonderful, but it isn’t infallible. Continue giving the cloud services the hairy eye and treat storing your oh-so-personal data off-site as the potential liability that it so clearly is. Because as uncomfortable as constantly wearing a tinfoil hat can be, not wearing one when you need it most hurts even more. Here’s hoping that Mat recovers the pictures of his newborn daughter.