Do you trust the "Cloud?"

tecboy · Sep 2, 2014

One hundred celebrities had been hacked with their photos in the cloud. A lot of my jpegs are in the iCloud and Dropbox. I wonder how secures my photos are going to be. Sounds pretty scary.

pgriz · Sep 2, 2014

No. Don't trust Google either. Have stopped using Facebook for similar reasons.

rexbobcat · Sep 2, 2014

Convenience > Trust

Derrel · Sep 2, 2014

Who here recalls the demise of an early cloud entry "Digital Railroad"? Anybody here remember how FAST that ship sunk? It was like the Titanic. They issued a notice that subscribers needed to download their stuff. Before people were able to actually GET their images off the servers, the whole place was shuttered. Digital Railroad set cloud photo storage back maybe five full years. It was quite an eye-opener.

Usul · Sep 3, 2014

Is your house secure enought to protect you from a group of professional robbers or thieves? I doubt. But I guess you are not going to spend tons of money to protect it on this level or don't want to sacrifice of convinience or comfort to achieve certain security level. I guess someone apply a lot of efforts to steal those photos and I doubt anyone would spent even an hour to steal my personal photos or photos of 99% of us so I keep calm. If I had something what could be interesting for hacker I wouldn't place in the net anyway.

PhotographTalk · Sep 3, 2014

The only time I will ever use this type of setup is when I have files or photos that are not worth much and I am just sharing them for possibly technical reasons such as screen shots and so on.

molested_cow · Sep 3, 2014

Come on people, we are only at this technological stage and already everyone's freaking out.

In stories like ghost in the shell and/or Transcendence, where a human's consciousness interacts with the internet really is what we need to think about. While the entire social fabric, politics and culture will change completely, the definition of privacy will also be something that we can't really grasp today. Imagine if everyone uploads their own consciousness, the number one security issue will be, how do one protect itself from its memory being spied on or even stolen? Memory will probably be the most valuable item for criminals, and also for criminals to hide from law enforcers. It's Sci-fi time!

Ian.H · Sep 3, 2014

Not for me either I'm afraid. Call me draconian.. but google, farcebook, 3rd-party cloud services, etc, don't trust or use any of them.

Personally, I run ownCloud on 3 different servers (2 located at 2 of my premises and one on a rented box) so I have the convenience with a lot more of the trust. Naturally there's always an issue of the rented server.. but I think a lot less accessible than the likes of dropbox for example, and the obvious issue of potential security exploits within ownCloud itself as an application and having to keep abreast of maintenance myself (being a web dev and unix sysadmin.. it's not so much of a hassle).. but far happier this way than handing my files over to the likes of google to scrape and sell data from for example.. especially with desktop sync clients (or native WebDAV) and an iOS client too for when I need to access things on the go with my phone.

Cheers..

Ian

JoeW · Sep 3, 2014

tecboy said:
One hundred celebrities had been hacked with their photos in the cloud. A lot of my jpegs are in the iCloud and Dropbox. I wonder how secures my photos are going to be. Sounds pretty scary.

First, it now appears (and this info could be wrong) that the photos were hacked by getting in to people's phones, by phishing, and by dedicated efforts to crack passwords. The latest report I've seen doesn't attribute any of this to Cloud vulnerabilities. Apple says hackers targeted celebrity accounts, not iCloud systems - The Washington Post

Second, yes, it's correct to be concerned. But not just about Cloud vulnerabilities. For instance, the only true way of cyber and system security for civilians is "two factor" authentication. Assuming you follow all the other basic 101 advice (password of at least 8 characters with caps and non-cap, number and symbol, nothing that spells a word, not written down anyplace, not used on other accounts or sites, no symbology to you such as your birthdate....oh...and you change it monthly; a personal firewall to your system plus password protected home wifi so someone on your sidewalk can't access your network; maintaining at least two different malware checkers on your machine and using both regularly; screening all attachments and incoming messages; security on your phone; no auto sync with your laptop/computer and any backup systems; running a magnet and then a drill through any hard drive or flash drive that you discard or give away), "two factor" authentication (which most systems allow for) is a major pain. But it's pretty effective for civilians in mainstream life. It means that before you sign on to any site or log-on to any program, you have to enter a small code. But that code changes every time you enter that program or that website. So for instance, you decide to check our your favorite website The Photo Forum to see if there any any interesting threads by Runnah. You put in your name and password and click enter. You aren't allowed in the site. Instead, a message is texted to your phone with the code. You then enter that code into TFP sign-in and you're allowed entry where you discover, sadly, that Runnah has been on vacation and has started no new threads. It only took you about 5 minutes to sign-on to the site (b/c you had trouble reading the text on your phone and typed it in wrong once).

I have no illusions here. If someone wants to really break in to one of my systems and they have the resources (and no, I don't mean the FSB or the NGA or the Chinese), then they'll be successful. They can go through my garbage. They can contact my clients (who may have a password to a photosharing site I sent them to review their photos). They can engage in a range of scam activities (most of them person to person over the phone) to get info to engage in a brute force attack.

astroNikon · Sep 3, 2014

I only put things up on the Cloud that I don't care if they disappear.

photos are only copies ... my masters are on disk
I keep fairly long passwords, and do not click off of a site. I will only go places directly (if you get paid for clicks, I'm not your friend).

JClishe · Sep 3, 2014

Trying to make a connection between someone's passwords being cracked and overall trustworthyness of the cloud is nonsense. If you only had a screen door on the front of your house, would you say your entire house is insecure because someone busted through the screen?

No system will ever be anymore secure than its weakest link. Your password is almost ALWAYS the weakest link.

All of my offsite backups for all of my images go to the cloud (Microsoft Azure). I have tremendous peace of mind knowing that every single night, every new and updated image I have is being backed up to an offsite location in a completely automated process and I never have to worry about running out of disk space or manually transporting disks between locations. Hell yeah I trust the cloud. It's changed a major part of my overall image management and workflow and I'm far better off because of it.