Cloud storage. Am I a Luddite?

[GraemeT]

I think WP8 is great (with greater potential) and I'm really enjoying my 820 that I've had for nearly three months now. However, I feel I'm being pushed towards cloud storage (I know this is not peculiar to M$) against my will. This is making me feel uncomfortable. My stuff is on some unkown server, in some unkown place, where unkown persons could be doing whatever they want with it, and I'd never know.

I was first taken aback when I discovered that my contacts are automatically backed up on my M$ account, somewhere or other. I've just bought an SD card for my 820 (which thankfully worked) in the hope that I might be able to store documents on it. Nope, absolutely media only, so it's the phone's diminishing internal memeory or SkyDrive. Okay, so there's 7GB of free storage, and it is very convenient I admit, but I think I'd rather endure a bit more personal data management hassle and have my stuff stored locally where I'm in charge of it.

What do others think? Am I in the dark ages here or am I sensible to be wary? I'd be interested in your angles on this.

 

[Dileu]

I think you are right to be concerned. These cloud services take a LOT of energy to run with their huge data centres, and they also rely on a consistent and good data service that's affordable to run (in a world of data capping, that's not a given). Not to mention the security and privacy concerns you mention. Give people the choice, that's what I think.

 

[markfive]

I know quite a few people have concerns about this sort of thing. I used to as well (to the extent that I used to run my own mail server) but for some things I've now changed my view.

Wherever you store your data, there is a risk. If you store it just on your phone then there is the risk of loss or theft. If you store it at home there is the risk of theft or fire. If you store it with MS, Google etc there is the risk of hacking and others (especially IMHO Google) having a good look through to send you "relevant" ads.

I keep personal documents, photos etc at home on a resilient (2Tb mirrored) NAS, but I use Skydrive as a backup store for important stuff. Email, contacts and calendar are cached locally on my laptop and also stored online. That way I have the convenience of cloud but the assurance I can get to anything should there be an MS issue or I had no net connection for any reason, and I could recover the important stuff if the NAS were lost.
I'm pretty impressed with Skydrive, now they've relaxed some of the earlier limits it's as good if not better than Google Drive, and I could see myself moving more stuff online in the future. But for some things (e.g. music) it simply doesn't make sense at present so I will keep the NAS for that at least.

 

[speedtouch]

You are completely justified in your concerns about cloud storage. I refuse to use SkyDrive because Microsoft scans every single file for violations to their terms of service. Get a violation? BAM! Your Microsoft account is shutdown forever. I like to keep my files secured and private. Which is why I don't use any storage service but SpiderOak. It's the only secure one out there. They're working on a Windows Phone app and I hope it will be released in the coming months.

The problem with all the Microsoft, Google, or Apple accounts is that each of those companies can recover your password and can see your stuff. (If they wanted to.) Same goes for a hacker who breaks into those services, he could quite possibly break into your account, too. I like it when services don't know my password and cannot recover it.

 

[anon(5370748)]

If you were a Luddite, you wouldn't be posting to a forum

Being worried about security is never a bad thing. I have very, very little sensitive data that I'd care if someone else saw, and I don't keep that on any device that I could lose or have stolen or on any cloud service except for Crashplan, and even then it's in a TrueCrypt archive for extra security. I have a NAS at home that backs up my SkyDrive and Dropbox folders, so I always have a local copy if one of those companies go out of business. I also use Crashplan as a full system backup for all the computers in my house.

If someone compromises my phone and sees my documents on SkyDrive, then they'll get some good book and movie recommendations and hopefully buy me some groceries on my list. I guess they'll also see my Lumia 920 photos and run out and buy one because they'll be so impressed with the camera in it.

 

[thed]

You are completely justified in your concerns about cloud storage. I refuse to use SkyDrive because Microsoft scans every single file for violations to their terms of service. Get a violation? BAM! Your Microsoft account is shutdown forever. I like to keep my files secured and private. Which is why I don't use any storage service but SpiderOak. It's the only secure one out there. They're working on a Windows Phone app and I hope it will be released in the coming months.

The problem with all the Microsoft, Google, or Apple accounts is that each of those companies can recover your password and can see your stuff. (If they wanted to.) Same goes for a hacker who breaks into those services, he could quite possibly break into your account, too. I like it when services don't know my password and cannot recover it.

You're right about them scanning your files, but I think you're selling MS, Google and Apple a bit short on password security. I'm sure that they cannot actually recover your password. Storing passwords in the clear is a rookie mistake when it comes to security, and if it ever came out that any of those guys were doing this then it would really discredit them as a company (I would hope). If you really don't want them looking at your files then you can encrypt them on your end before uploading. It looks like SpiderOak provides a utility to easily do this, but you can do it yourself or write your own utility to do this with Skydrive.

 

[speedtouch]

You're right about them scanning your files, but I think you're selling MS, Google and Apple a bit short on password security. I'm sure that they cannot actually recover your password. Storing passwords in the clear is a rookie mistake when it comes to security, and if it ever came out that any of those guys were doing this then it would really discredit them as a company (I would hope). If you really don't want them looking at your files then you can encrypt them on your end before uploading. It looks like SpiderOak provides a utility to easily do this, but you can do it yourself or write your own utility to do this with Skydrive.

Now that I think about it, you're probably right. If they're using a utility like passwd on UNIX, there isn't really a way to recover it...but it can be reset. Yes, SpiderOak, as part of its normal operations, encrypts your files first, then uploads them to cloud storage.

 

[d_abbatelli]

Honestly, in my position, I don't really care too much about the security of my data stored on some server... I don't have much to hide, and I think companies like MS, Dropbox or Google can do the job of keeping my data safe better than how I would be able to do.
But what I really don't like is that I can't read a stupid .pdf on my phone, that doesn't exist a single decent app for playing my music collection because they all are designed for streaming, and so on... And all this, just because the OS "is designed to work from the cloud".
Seriously, I think cloud is a good thing, but don't you ever take a plane and want to listen to music? Don't you pay roaming abroad? It never happens to you of being in some remote place with no connection whatsoever?
Cloud is good if it can make my life simpler, not more complicated!

 

[Laura Knotek]

USB isn't any safer. The latest Patch Tuesday addressed vulnerability involving elevation of privileges via USB. That's not the first time USB needed security fixes. Microsoft Security Bulletin MS13-027 - Important : Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986)
[h=4]Windows USB Descriptor Vulnerability - CVE-2013-1285[/h]An elevation of privilege vulnerability exists when Windows USB drivers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2013-1285.