Ask Slashdot: With Whom Do You Entrust Your Long Term Data? 178
jppiiroinen writes: F-Secure, a company based in Finland, has sold its cloud storage business to a U.S. company (Synchronoss Technologies, Inc) speculated to have ties to the NSA. In previous, public announcements, they used arguments equivalent to, "trust us, your data will be safe." Now, it's likely F-Secure simply realized that competing against the big players, such as Google and Dropbox, didn't make much sense.
But it makes me wonder: Whom do you trust with your data? And who really owns it? What about in 3-6 years from now? How should I make sure that I retain access to today's data 20 years from now? Is storing things locally even a reasonable option for most people? I have a lot of floppies and old IDE disks from the 90s around here, but no means to access them, and some of the CDs and DVDs has gone bad as well.
But it makes me wonder: Whom do you trust with your data? And who really owns it? What about in 3-6 years from now? How should I make sure that I retain access to today's data 20 years from now? Is storing things locally even a reasonable option for most people? I have a lot of floppies and old IDE disks from the 90s around here, but no means to access them, and some of the CDs and DVDs has gone bad as well.
Same answer every time. (Score:5, Insightful)
Once you give your data to "the cloud" it ceases to be YOUR data.
Now it belongs to whomever owns those servers.
You want to keep it? Then keep it on your own hardware.
Re: (Score:2)
"You want to keep it? Then keep it on your own hardware."
Exactly.
A.
Re:Same answer every time. (Score:4, Insightful)
"You want to keep it? Then keep it on your own hardware."
Exactly.
A.
When every piece of marketing-subsidized hardware in the future looks and smells like today's whored-out smartphones, attempting to secure said hardware will be rather difficult, or impossible.
Point is, you won't be able to ensure you "keep" your data anywhere, much like a smartphone today. Unless you're going to enjoy maintaining that offline system locked in a vault powered off 99% of the time. Doesn't smell very useful.
Re: (Score:2)
"When every piece of marketing-subsidized hardware in the future looks and smells like today's whored-out smartphones, attempting to secure said hardware will be rather difficult"
You can't do better than 'when this mythical event happens...' ?
A.
Re: (Score:2)
Unless you're going to enjoy maintaining that offline system locked in a vault powered off 99% of the time.
Funny you should say that. I have an old Mac Mini with a bunch of external drives hooked up to it. Every other week it turns itself on, plays the Imperial March from Star Wars and runs a Carbon Copy Cloner incremental duplication of the files from my server. It emails me when it's done so I can turn it off, as there are multiple jobs and I can't tell which one will finish last. When it's done I turn off the mini and it sits there another two weeks. Every so often (when I think of it) I sync up to an old Dro
Re: (Score:3)
Unless you're going to enjoy maintaining that offline system locked in a vault powered off 99% of the time.
Funny you should say that. I have an old Mac Mini with a bunch of external drives hooked up to it. Every other week it turns itself on, plays the Imperial March from Star Wars and runs a Carbon Copy Cloner incremental duplication of the files from my server. It emails me when it's done so I can turn it off, as there are multiple jobs and I can't tell which one will finish last. When it's done I turn off the mini and it sits there another two weeks. Every so often (when I think of it) I sync up to an old Drobo as well then unplug it. This means that yes, I do in fact have an offline system powered off 99% of the time. Sadly I do not have a vault but otherwise I have three copies of (almost) all my data at any given time.
Well, this is...rather inspiring.
I currently run a Mac Mini, but I will keep this in mind for a future project. Thanks!
My current project is tackling this issue from the other side, by culling my data down to what is essential. I mean hell, I was staring at 300 CDs and DVDs in my closet burned of various backups over the years. Grabbed 10 - 15 discs a day and tackled it. Got through it all, now I'm culling down the RAID array.
When we're carrying around 100TB pocket-sized SSDs in 10 years, I know this ef
Re: (Score:2)
Re: (Score:2)
Re:Same answer every time. (Score:5, Insightful)
This should be the only answer and this thread should be immediately be marked as "closed"
The person who asked the question doesn't understand how computing works.
Re: (Score:3)
Or ... a person who doesn't understand how computers work could ask a question and get answer ... just not from you.
My answer is to store data both locally and in the cloud.
Re:Same answer every time. (Score:5, Insightful)
The person who asked the question doesn't understand how computing works.
... and the person that thinks there is only one answer probably doesn't understand how encryption works. You can put data in "the cloud" and still keep it private.
Re: (Score:3)
The person who asked the question doesn't understand how computing works.
... and the person that thinks there is only one answer probably doesn't understand how encryption works. You can put data in "the cloud" and still keep it private.
Exactly. I use Dropbox to sync data between PCs, and I use a TrueCrypt vault (maybe should be changed since TC went away) that I can open from any of the PCs.
Re: (Score:2)
Exactly. I use Dropbox to sync data between PCs, and I use a TrueCrypt vault (maybe should be changed since TC went away) that I can open from any of the PCs.
Will your data always be available to you?
Seriously, you folks get so hung up on encryption.
If I was a bad guy, I'd just pland to make your data inaccessible. In commerce, a few minutes can make the difference between your success, and your failure.
Re: (Score:2)
Will your data always be available to you?
Of course. You put a copy of your data in the cloud, and keep the original data locally.
If I was a bad guy, I'd just pland to make your data inaccessible.
Right, because Amazon Web Services is so much easier to DDOS than "Joe's Dry Cleaners".
Re: (Score:2)
The private part yes, the keep it part is the one that fails. They can simply delete it, and no amount of encryption will protect you from that.
Re:Same answer every time. (Score:5, Insightful)
Encrypt your own data, store it where ever and hope it's not valuable enough for someone to bother cracking it.
Re: (Score:2)
Re: (Score:2)
And you have to keep in mind that even well encrypted data will be easy to decrypt some day later.
Assuming there isn't a back door or other exploit, not really...
Modern encryption should not be crackable via brute force... ever... It would take more time and energy than exists in the Universe, the math is that big.
Re:Same answer every time. (Score:5, Informative)
Once you give your data to "the cloud" it ceases to be YOUR data.
It boggles my mind that people still haven't caught on to this. I'm going to expand on your message just a little bit:
Once you give your data to "the cloud", it becomes the property of government snooping agencies. It doesn't even matter if you're in a country that doesn't actively snoop (if you believe that such a thing exists anymore). Companies change hands, and they do so across political boundaries. Companies cannot be trusted with your data. Period.
Hopefully, this little incident opens some eyes.
Re: (Score:2)
Re:Same answer every time. (Score:4, Informative)
Once you give your data to "the cloud" it ceases to be YOUR data.
Now it belongs to whomever owns those servers.
You want to keep it? Then keep it on your own hardware.
"The cloud" is just too fuzzy a term. I have no problem with cloud-based file storage services, but I'd never put, say, my personal photos on an online photo-sharing service, or any other content-aware cloudy-thing.
My own hardware? That's silly. From Snowden we know the NSA can access files on my home server just as easily as they can on a cloud-based file server. If they take an interest in you, pretty much the only defense is a latop that you built before they took an interest in you and that you keep locked in a safe at all times when not using (I believe Bruce Schneier does this). But anything less than that, if they like you then you have a keylogger already, sorry.
All we can realistically hope to put our trust in is encryption. Even that's not easy (but if TrueCrypt passes it's audit, it's good enough for me). An encrypted archive is just as safe "in the cloud" as it is on a home file server.
Want to backup your data long-term and can't afford LTO tapes in a box out of state? Make one (encrypted) copy locally, but not in your house and not powered. Store another (encrypted) copy in the free files hosts if its small, or Amazon Glacier if you can't fit in the various free options.
Re: (Score:3)
"The cloud" is just too fuzzy a term. I have no problem with cloud-based file storage services, but I'd never put, say, my personal photos on an online photo-sharing service, or any other content-aware cloudy-thing.
"The cloud" is just the hip new marketing-speak for "centralized server". In this context, it's not too fuzzy at all. Your file storage service is no safer from spying than content-aware services.
My own hardware? That's silly. From Snowden we know the NSA can access files on my home server just as easily as they can on a cloud-based file server.
We don't know that at all, because it's not true unless you haven't set up your own server correctly or you don't have the correct security measures in place. Yes, a determined attacker (NSA or otherwise) can find a way into your servers, but it's' much more difficult for the government than cloud services, because they will have to bring their NSL or search warrant to your house or actually engage in hacking.
Re: (Score:2)
If you use good encryption, do you care?
If you don't use good encryption, obviously you're not even trying.
In what scenario does it actually matter that your encrypted archive is in some cloud service? If your government can compel you to divulge the key, OK, I could see that, maybe.
Re: (Score:2)
If you use good encryption, do you care?
Is encryption the only problem inherent in "the cloud"?
In what scenario does it actually matter that your encrypted archive is in some cloud service? If your government can compel you to divulge the key, OK, I could see that, maybe.
In what scenario does it matter if a bad guy keeps your data from you? I can think of many.
Re: (Score:2)
Always have 2 backups, as I said upthread. You want an offsite backup of some sort, kept in a different state. The expensive (but better) way to to backup to tape, and send the tape to Iron Mountain, or whoever, in a distant state. For the rest of us, sticking the data in the cloud is just as good.
There's no perfect safe place to put any sort of archive - but having the live data plus 2 backups each with different failure modes, is pretty close. Sure things can go wrong in the cloud, but those are diffe
Re: (Score:2)
If you use good encryption, do you care?
Yes, I care. In the first place, good crypto is not a panacea -- certainly not as good as maintaining physical control over your data storage. All crypto that is in common use (that I'm aware of) can be broken given enough time and effort. If you're using crypto to protect long-term storage, you're taking a risk. And, given that the NSA said they store encrypted communications indefinitely, all transmitted information is long-term storage. Remember the purpose of crypto is not to keep something a secret for
Re: (Score:2)
It's crucial for liberty to make it impractical to do broad-reaching dragnet surveillance, and any real encryption of archives accomplishes that. Much like for email, PGP might have some weakness, but it's good enough to stop wholesale searches (unless there's something Snowden didn't know). If you're archiving actual state secrets or somesuch, by all means be more paranoid, but remember that for valuable targets, the NSA has a frankly astonishing toolkit, with dozens of ways to get a keylogger where they
Re: (Score:2)
I agree about the use of crypto. Don't misunderstand me -- I'm not saying not to use crypto at all! I encourage its use everywhere. I'm just saying that it's not as protective of data at rest as lots of people think.
So I'm not sure "keeping physical control" really accomplishes much
It forces them to deal with you and your machines to get access to your data. It might give you a change to fight against the disclosure, but even if not, you at least know the disclosure happened. If the data is in the cloud, it will just get handed over and you'll never know.
It also goes a lon
Re: (Score:2)
Umm, you didn't fix it for me, you broke it! I was intentionally and explicitly referring to all attackers, not just the NSA. That includes script kiddies (who happen to be the easiest crowd to defend against).
Locally migrated to modern formats (Score:1)
How fucking hard is it?
"Oh I don't deal with floppies no more and the optical discs can't be read!"
So?
Currently it would be hard-drives, even if that mean the new one will be half-filled with the content of your old one (depending on how you do it ..)
How far in the future they will scale or whatever we'll deal with data volumes it's reasonable to keep at home in the future I don't know.
For now it's not harder than getting discs + NAS / whatever yourself.
Get a fire safe (Score:2)
I got a nice beefy Winchester fire safe from Costco for ~$300 . No state sales tax on it either, I suppose since they want to encourage people to lock up their firearms.
There are much cheaper "plastic water cooler" fire safes available... some even have USB ports on them so you can backup to a big USB disk in them without having to open them.
I still encrypt and backup annually to AWS Glacier ( 42cents per month for 42 GB at the moment, mostly raw camera photo dumps) using the SAGU java client. Also have s
Re: (Score:2)
tl;dr: me
I not only don't use cloud file storage, I run my own e-mail server and DNS.
Re: (Score:2)
I treat the cloud as I do a type of storage medium.
The pros of cloud storage:
1: Depending on the type, one can store a lot of stuff on it.
2: Is it durable, and data stashed there is likely to persist even if a site goes down, or your drive array dies.
3: There are auditing tools available and access can be well controlled, depending on the cloud server.
4: It is easy to use. In fact, with OS X, it pretty much comes with the OS.
The cons of cloud storage:
1: The data can be stored anywhere geographically.
Re: (Score:2)
Hate replying to myself, but there is one major con I forgot:
Network access. If you have a dodgy, metered, or slow connection, this can be a major hindrance not just with access for a restore, but initial file storage.
I don't trust anyone (Score:5, Funny)
you can own it if you can defend it (Score:3)
Re: (Score:2, Flamebait)
If you have sufficient defenses, you don't need to pay taxes... (But by then, you're probably collecting taxes.)
Re: (Score:2)
Good luck with that. "I saw you swerving back there, license and registration please." "You seem nervous and what's that smell?" "So you don't consent to a search? Let me just get a narcotics dog" "Why he barked, what a surprise." "Is that your stack of cash?" "Oh I'm seizing it." "Well you drive a car and lots of cash, drug dealers drive cars and have lots of cash so you're probably a drug dealer. Oh, and the dog barked" "Sure you can get it back if you get a lawyer and fight it a few years in court" "Thie
Re: (Score:2)
I accidentally modded your post down when I spazzed out on the keyboard. This post should revert that.
Keep making copies (Score:1)
Yes, media goes bad. You can't just leave your data in one place and hope it stays there.
Keep making copies on new media, and use all of the data integrity best practices that make sense for your use case--RAID, ZFS, whatever.
Keep testing your backups and making sure you always have multiple good copies of the data you want to keep.
It may mean a lot of work and some moderate expense, but only you can place a value on your own data.
My Attorney (Score:2)
I leave all my important data with my Attorney. I update it every so often which sometimes involves copying the old stuff to a new drive and adding anything new. My attorney is also a family member so YMMV.
As for my cloud data, I pretty much assume that any smaller company could go bust any day, and the larger ones could quite possibly be doing things with my data that I don't like. I use those services accordingly.
Nobody but myself. (Score:2)
My long-term data is kept on NAS4Free box running ZFS RAID1.
If any piece of hardware fails, I can replace it and be right back in business. Nobody is going to hack into it. If I lose internet connectivity in any way, I still have full access.
Re: (Score:2)
Ditto, and I use CrashPlan on that host to back everything up to Crashplan, as well as the server component to backup files there.
Yeah, use up more storage, but I have revision history and drives are cheap.
Re: (Score:2)
I'm with you no one but myself.
As far as data 20 years from now, much of the data I keep aside from music and family photos will not be relevant in 20 years. Warranty information, order confirmations, receipts, and shipping information for products I've purchased is usually only needed until the warranty expires in 1-3 years. How long does software last 1-2 years or less before a new major revision makes it entirely obsolete and you are unable to upgrade with out purchasing a new copy. if you purchased it o
I keep all my important data (Score:3)
on servers in the balkans and eastern Europe.
Take a bit, leave a bit? (Score:2)
Wrong question (Score:5, Insightful)
Wrong question, if it's asking for a storage company that you can trust your data with.
Correct question: which open source encryption software would you trust to encrypt your data /before/ uploading it anywhere. You can upload whereever you want, and redundantly too. All you have to do is store locally is a private key. No different from storing a passport or home or auto title.
Re: (Score:2)
Good question. I asked something similar in a comment the last time this question was asked, only about a week ago [slashdot.org] but nobody provided an answer. Maybe we'll get one this time.
My own thought was to use 7-zip to make strongly encrypted 7z files, but somebody can suggest something better. In particular, it would be nice if such a tool could automatically do the uploading/downloading to/from the storage provider, which 7-zip doesn't do.
Re: (Score:1)
Have you considered: http://duplicity.nongnu.org/ [nongnu.org]
It's got some upsides and some downsides, but I like the fact that it uses standard unix formats all the way down. i.e., if duplicity were to disappear overnight, you can still use cat/tar/gzip/gpg to restore your files.
Yes, it can upload to some storage providers directly, and you can write your extension to upload to any other provider.
Re: (Score:2)
Good question. I asked something similar in a comment the last time this question was asked, only about a week ago [slashdot.org] but nobody provided an answer. Maybe we'll get one this time.
My own thought was to use 7-zip to make strongly encrypted 7z files, but somebody can suggest something better. In particular, it would be nice if such a tool could automatically do the uploading/downloading to/from the storage provider, which 7-zip doesn't do.
Something like Boxcryptor, perhaps? Although it only works with consumer grade cloud storage it sounds like what you want. Although it is $48/year on its own (if you want to do fancy stuff like manage multiple cloud accounts or encrypt filenames before storing them) so the costs of the belt to go with the suspenders can add up.
https://www.boxcryptor.com/ [boxcryptor.com]
Re: (Score:2)
Duplicity has worked well for me in the past on my linux server.
http://duplicity.nongnu.org/ [nongnu.org]
Trust No One (Score:1)
Your data is your responsibility. You cannot trust anyone else. If there is a failure, they just point you to the TOS you agreed to. Stop wasting money on "cloud" storage and get two (different brands) of NAS or make two of your own (better). If your data is valuable, then it is worth the expense to protect it.
Trust but Verify. (Score:2)
Very Telling (Score:3)
Even the most technically astute among us have lost data to storage format changes over time...
I've moved a lot of stuff forward to modern hard drives, but I'm sure there are some things I missed.
Basically there is no hope, so save what you can, and learn to live with loss.
Really network storage is the best kind of offsite backup but there you simply are going to have to live with the fact that MULTIPLE foreign intelligence agencies will have your data (not just the NSA). Encrypt it to reduce casual prying also from network admins, but just understand everything put on the internet will be seen by someone else.
no one (Score:2)
If they have the only copy of your data, by Murphy's law it will be lost. Keep a backup, the 'cloud' loses data all the time.
If they have an unencrypted copy of your data, by the rule of the internet, it will be made public.
Myself. (Score:5, Interesting)
On both counts.
Nobody else has any significant vested interest in preserving my data - at best any business will have to pay me a penalty if they lose it - almost certainly a pittance compared to the personal value of the data, and a tradeoff they will almost certainly make without hesitation if it makes sound business sense. And should they go out of business, well heaven help my data, they certainly won't - the corporation is already sunk, and it's not like any of the individuals have anything to lose. Non-incorporated businesses may have more favorable (to me) liability repercussions, but are also far more vulnerable to disruption and/or collapse due to personal tragedy
As for ownership - as the old truism states, possession is 9/10ths of the law. If I want to retain ownership of data on someone else's hardware I encrypt it securely before I give it to them. Anything less is an invitation to data-mining, at the least.
Hard disks get bigger. (Score:5, Interesting)
Hard disks get bigger.
Store your data on a reliable raid or mirrored array.
Feed it every 1-2 years with fresh, bigger hard disks.
You will never run out of space if you are a normal household.
Re: (Score:2)
Re: (Score:2)
RAID is no backup!
Re: (Score:2)
I occasionally take a backup disk to work, which is a very Earthquake and fire resistant building. I also keep some of the most important information (tax, insurance details etc) encrypted on a cloud drive.
Re: (Score:2)
I did mean you should use a RAID NAS as a backup device. Have you computers back up their data to the RAID NAS.
So when a magnetic drive fails in a computer, you can recover from the NAS. When a NAS drive fails, you can just replace it, because it's a RAID NAS.
Absolutely nobody ... (Score:3, Insightful)
Know who you can trust?
You, and encryption you implemented ... absolutely nobody else. Period.
And, really, if they break into whatever keeps your private key for your crypto, you can't even trust that.
In an age where spy agencies have decreed they're allowed to do anything, and don't care about jurisdiction ... assume the world is full of malicious actors.
Because it is.
If you're an acquisition by a US company away from having your data be under their jurisdiction, assume they'll get into it even if that involves breaking your country's law.
Re: (Score:2)
Implementing your own encryption is probably the worst idea ever.
Re: (Score:2)
I suspect he meant "an implementation using existing encryption software that you selected yourself."
Re: (Score:2)
Encryption you've implemented?? If you aren't actually a cryptographer and you haven't had your implementation tested by other actual cryptographers, then you're making a terrible mistake in trusting your implementation. It's incredibly easy to implement crypto that looks and acts as if it is correct, but contains a hidden, subtle flaw that renders it easy to crack nonetheless.
Anyone (Score:3)
Disclaimer - I do keep local copies as well, redundancy is important as who knows when a *cloud* service will go tits-up as they like to say at El Reg...
Argh pick one: (Score:2, Informative)
To whom do you entrust your data?
With whom do you trust your data?
Illiterate moron.
Re: (Score:2)
I presume what AC meant was that OP should learn how to write proper.
Re: (Score:2)
How (Score:4, Informative)
If you really want to be able to keep your data that long, you need a serious plan. You need to back up everything to at least two separate devices other than your main storage, and you need to keep at least one of those devices off-site so your data can't be destroyed in a local disaster. You need to test your backups regularly to know if/when your medium is failing.
When a medium fails- or if you think it might be about to fail- get a replacement that uses more modern technology, and make a fresh copy. If you are ever about to replace your computer with a new one that can't read your old backup medium, buy newer media that does work with the new computer and make copies while you can still read the old ones. If you keep doing that regularly, you can always have a good copy that will work with your computer. It's more effort than copying to the cloud and trusting, but it means you're in control of your own data.
The real key is to keep making regular backups and regular tests. If you expect to be able to put something into a box and still use it 20 years later, you're in for an unpleasant surprise. You have to keep copying, testing, and updating your technology in order to have a serious hope of keeping up. If you do that, though, you have a very good chance of keeping access to your data at least as long as you have software that will still read it. I have 20+ year old data at work that I can still access because we've been careful about moving it to new media, and because the company that wrote the software is good about backward compatibility.
Long term storage: process is more important (Score:5, Insightful)
How should I make sure that I retain access to today's data 20 years from now?
I still have my long-term MSDOS backups from 1991. The backup file is a whopping 13MB in size, and that includes the OS, a word processor, a C compiler and my source code.
.
I just made sure that I continually copied forward the backup files I wanted to retain. Each iteration of archival storage increased about ten-fold, so space wasn't a problem.
I think it is more important to have a good archival process in place. To the OP, the error you made was leaving all the data you want on old floppies and IDE drives, etc.. You should have moved that data off to more current media as your processing moved to more current media.
Floppies and IDE still have options... (Score:2)
IDE - Find a USB-IDE enclosure. Sure, nobody makes them anymore, but there are plenty of used ones out there for 3.5" and 2.5" drives. Spend 5 minutes on Craigslist or eBay.
3 1/2" floppy - Seriously? You can pick up a brand new USB 3.5" floppy drive for US$10 on Amazon (and eligible for Prime).
5 1/4" floppy - This one would take a little more effort--buy a FC5025 card, a used 5.25" drive, an old USB enclosure (with a Mo
Re: (Score:2)
I think it is more important to have a good archival process in place. To the OP, the error you made was leaving all the data you want on old floppies and IDE drives, etc.. You should have moved that data off to more current media as your processing moved to more current media.
And this part you can get professional help with. You encrypt it, they deal with redundancy, backups, integrity checking, media rotation. keeping it in multiple geographical locations and whatnot. Yes, you can do it yourself but if you put it on say Amazon Glacier you can be pretty sure it's there (unless an evil hacker gets access to your console and deletes all your archives, I guess... but not due to media deterioration)
Weakness of the digital age (Score:2)
Most of the comments are technically correct, but everyone seems to have accepted the elephant in the room: We have no decent archival solution for the digital age. The bookkeeping done by monks 600 years ago can still be read today, as long as you can make out their handwriting. Accounts from 19th century companies were kept in ledgers. Barring fire, flood or other disaster, any ledgers someone thought were were keeping are still legible today. Some readers may recall that UBS got in trouble for trying to
Re: (Score:2)
I have TRSDOS backups from the mid '80s. Years ago I imaged a bunch of .DMK files with a Catweasel board (including the bad sectors from back in the day), then used a utility to extract files from the images. I can now use them with an emulator. While I was at it, I even imaged some random Osborne and Kaypro CP/M floppies that I had found.
My remaining big project someday is that I have a bunch of TRS-80 cassettes from back when I was a kid. I have ripped a few of those, but the crappy signal levels are as
Re: (Score:2)
no one cares about your data as much as you do (Score:2)
Whom do I TRUST? (Score:2)
Three individuals:
Me
Myself
and I
EOT
Nobody will ever be able to get my data (Score:2)
As soon as I finish working on something, I delete it.
Same answer and the only answer (Score:1)
Jesus. Who else can save ya?
Nope (Score:2)
Offside storage (Score:2)
With whom do you entrust your METAdata? (Score:3)
Can't access IDE drives and floppies? Really? (Score:2)
How is it that you can't access floppy disks and IDE drives now?
Here:
http://www.newegg.com/Product/... [newegg.com]
And here:
http://www.newegg.com/Product/... [newegg.com]
Those are from a simple google search, and among the first links returned; you could probably find cheaper deals than those.
Myself (Score:2)
I do not trust any third party storage for my data, short or long term, and especially not cloud providers. It is legally impossible for them to guarantee that it remains safe from spying. Instead, I keep my data stored on my personal servers that live in a place that I physically control.
Who do I trust with my data? (Score:2)
Myself. (Score:2)
> Whom do you trust with your data?
Me.
And who really owns it?
Me.
What about in 3-6 years from now?
Still me.
How should I make sure that I retain access to today's data 20 years from now?
Keep it on a backup. When your primary starts to die, get a new primary. When your backup starts to die, get a new backup.
Is storing things locally even a reasonable option for most people?
Why not?
Also, if you do still have data in floppies (which, why, they were a great transport medium at the time, but never a particularl
What is more reliable? (Score:2)
A file server with a reliable disk subsystem and file system that is maintained well, or a company that probably won't be around any more in 20 years?
Me. (Score:2)
I don't trust my data to anybody but myself. I maintain control. I keep all my data moving forward on multiple copies of my latest hardware.
Realize that when you put your data out in the cloud it is subject to both corruption and scrutinization. How do you know you are getting your data back? You don't.
Call me a control freak, please, but at least I have my data. In the cloud you are nothing but a wisp of smoke that dissipates with the whims of the server owners.
The Packrats Creed (Score:2)
This is my hard drive. There are many like it, but this one is mine.
My data is my best friend. It is my life. I must master it as I must master my life.
My data, without me, is useless. Without my data, I am useless. I must secure my data true. I must make more secure than my enemy who is trying to steal my data. I must defeat him before he defeats me. I will...
My hard drive and I know that what counts in information warfare is not the scripts we write, the AV packages we deploy, nor the smoke we create with
On My Own Server (Score:2)
I don't trust my data with any cloud storage company, because none of them can be trusted.
Most of my data gets backed up to encrypted disks that can be stored off-site.
Data that I need to access remotely, like my phone's calendar and contacts, live on my home server. It runs only the software that it needs, sits behind a firewall, and is updated with security patches regularly. It has a much smaller attack surface than any cloud storage company's data center, and is a much less interesting/valuable target f
I trust me. (Score:2)
Whom do I trust? I trust me and only me. any data I value doesn't leave my possession and if stored online is encrypted using a method of my choosing. the data I do store in cloud providers is only data I don't care if someone else manages to get ahold of.
As many have said, self storage for the win. (Score:2)
Look, the virtue of the cloud is that you like having easy access to the data. Probably you don't know how to set up or don't like the idea of using a personal FTP server or using the MyCloud system to set up your own cloud storage system.
I get it. However, if you actually want to be secure, then that is the bullet you have to bite.
The NSA is not going to hack 100,000,000 different micro servers especially considering that a lot of them are going to be different. They're all going to be behind different rou
Re: (Score:2)
> personal FTP server
I'm afraid that, in this day and age, with the monitoring of FTP logins in man-in-the-middle attacks worldwide, no public facing FTP server should be considered "private". FTPS or FTPS or any of several other good protocols all can help with this. But I've encountered far too many environments where people use the same password for their FTP, and their email access, and insist on making it publicly available. Then they wonder why their systems get broken into.
Re: (Score:2)
It was just an example. Choose your hosting software of choice.
Re: (Score:2)
I'm afraid that you're going on to expose part of the underlying problems. 100,000 individually built, individual managed servers are likely to suffer 50,000 catastrophic failures for dozens of different reasons, ranging from lost passwords, accidental deletion with no snapshots, hardware failures, breakins due to incompetence such as using FTP, breakins because they choose terrible passwords, and others. These are _precisely_ why so many people are going to cloud services
Frankly, many of the "just ask arou
Re: (Score:2)
As to lost passwords, one can assume that any such system grants passive root access to anyone that has physical possession of the system. My own servers for example have no passwords for local access. It is only remote access that requires passwords. I forget my passwords all the time... I just reset them. No big deal.
As to backups... back up your data. Why is this so hard? I have an old computer that sits in my closet. It is slow but it draws very little power and has a lot of connections for harddrives.
Only myself (Score:2)
Eventually you will pay (Score:2)
To hell with 'the cloud', store your own data! (Score:2)