Results 1 to 20 of 29
Thread: Cloud storage / backup?
04-02-2014, 08:21 AM #1
Cloud storage / backup?
The recent thread on the (un)reliability of SSD drives (and other HDDs) got me thinking about cloud backup/storage options. A lot of people in that thread said they used them.
I've always been a bit wary of them. Mainly for privacy / hacking reasons. Given the number of high-profile sites that have gotten hacked over the last few years, I kinda adopted a policy of only putting things online that I don't mind being public.
So that has meant no real use of cloud backups.
But on the other hand, they would provide a nice layer of backup against anything happening to my PC in the real world.
(I have a usb HDD backup, but if there is a fire / break in then I'd imagine that would be gone too.
So it's the risk of hacking vs the risk of local incident.
I actually do have some things in the cloud. Steam for many games. Google music for, er, music. But none of those are private.
I also have accounts at a few cloud storage providers (30gb skydrive, 50gb tresorit, 6gb sugarsync, etc..) from various offers. But I don't really use them for anything I worry about losing, just for sharing/syncing. So they are mostly empty right now.
So, what do people think? Safer to have an online backup (for things like photos), or safer to keep them offline?
04-02-2014, 09:46 AM #2
04-02-2014, 10:24 AM #3
- Join Date
- Feb 2014
- 2500 North University Avenue, Suite 100,Provo, Utah,84604
Cloud storage is different. These services take a portion of your hard drive and synchronize it with the online storage. Make changes on the hard disk and they are quickly replicated to the cloud storage.
04-02-2014, 10:37 AM #4
04-02-2014, 12:48 PM #5
I use Crashplan, but I let it sync to my Pogoplug. The data stays mine. It's not cloud, but it does work and is internet accessible.
04-02-2014, 01:54 PM #6
I'm new to the field, but would there be any upload speed issue? I mean, if I back up at a USB2.0 portable HDD, for 4GB thingy it generally takes me 15 mins, I express much more time would be required for uploading to Internet?
04-02-2014, 02:02 PM #7
It depends on your upload speed. Most people are using cloud storage for small files and documents I think, something that will take a second or two to upload.
04-02-2014, 02:05 PM #8
04-02-2014, 02:47 PM #9
The main risk would seem to be corrupted data getting replicated across.
As online 'backup' providers must also sync regularly, is the main difference that they keep previous versions. Or that you have finer control over the scheduling?
Given that I have 80gb of free cloud storage, i'm reluctant to sign up to a monthly fee for a cloud backup provider.
I guess i'm mainly interested in whether people feel it's safer or more risky to have all your private photos, videos, documents in the cloud.
I get that a lot of sites like SpiderOak and Tresorit seem to market themselves on security, but given some of the high profile hacks (and the Snowden related stories), I worry that these big cloud storage sites must be a hugely tempting target, and it just takes one small mistake on their part to let hackers get in. Maybe.
04-02-2014, 03:03 PM #10
04-02-2014, 03:16 PM #11Want to add me on Steam? Steam name: Mr. Gert
Guild Wars 2 characters: Norgothus (Norn Necromancer), Maggrivo (Charr Warrior)
04-02-2014, 03:17 PM #12
It really depends on what kind of service you use. Some only allow you to manually upload files, some sync specific files, some sync folders, etc.
Personally, I use Spideroak as it supports basically every kind of back-up these days. I have the Hive folder which operates like Dropbox and I use that for things I want to transfer to my tablet or quickly transfer between systems. Then I manually back-up a lot of folders (game saves, personal documents, work documents that are not sensitive, etc) and have a few syncs set up among those. And you get a decent number of gigs free and can usually get a few more just by paying attention to the blog (I have 21 gigs and never spent a single penny).
But the thing to remember is this: Be aware of what you are syncing. Anything truly sensitive should have an extra layer of encryption. I sync my passwords in a file between systems, but that file is a KeePass Database so that, if my SpiderOak is compromised, the hacker can't do much without a LOT of effort. I also store tax info and legal documents in my personal folder, but I keep that in a TrueCrypt for the same issues. Whereas I really don't give a shit who has access to my music library, so I just use Google Play Music for that.
Imagine you are in a hotel where every single room uses the same key. That is Lavabit's model.
While there is a bit of murkiness regarding how Spideroak works. Allegedly only you have the keys to your files and it is based off your password and SpiderOak can't recover your password, but I do recall (a few years ago) an idiot friend of mine forgetting his password, getting it reset, and having his files. But either way, regardless of if SpiderOak can access your files, they already do what should be expected of them: Each user has their own key for their own files. So if a warrant comes down because JimmyJohn_420 is a pedophile, only JimmyJohn_420's files can be accessed by law enforcement,
No service is 100% secure. Law enforcement around the world can always get their equivalent of a warrant and The Big Bad NSA/Super Script Kiddies can hack into your account. But here is the thing: People are inherently lazy, and there are MUCH easier and MUCH more important targets out there. Maybe The Big Bad NSA can hack your computer, but why would they want to? Maybe DarkWhiteHat_69 can hack into your truecrypt and get your SSN, but why would he waste his time on you?
It is the same issue as with personal home security. A lot of people just need a deadbolt on the door and don't care beyond that (think Dropbox). Anyone with a lockpick and a few minutes can break into that. Others prefer to have a home security system. It doesn't take much googling to figure out how to bypass those. And some people go all out and have a custom home security system and keep guns around the house. It is all a matter of effort versus return. If someone wants to get in, they will. All of this is a deterrent to make them say "I'll go home invasion/rape the neighbor, she only has a bulldog"
The key is to use a reputable service and to be aware of what you are syncing. Always assume that nothing is unhackable and consider what the failure case is. At the bare minimum, if you want a "secure" system, make sure that their method encrypts your data at the individual level so that you won't be affected if a warrant/subpoena is issued for someone else. If something is sensitive, add a local encryption (Keepass works on Windows, Linux, and Android. And probalby Mac/iphone. And Truecrypt works on Linux and Windows and probably Mac). And so forth.
So why, you may ask, would you want to use a cloud service at all if they are all inherently insecure? Because those cloud services are a lot less likely to fail (hard drives and burned CDs aren't permanent...) and you aren't completely fucked if your home burns down or gets flooded. You can avoid a lot of those issues by doing an offsite back-up (have a trusted friend hold the spare HDD), but even that can fail if your trusted friend isn't as security conscious.
And keep this in mind: a few months back I was watching one of those "thief-proof your house" reality shows where they have a real (former) thief break into people's houses to show them how shitty their security is (and then brag about how the new security system really DOES make them thief-proof even though the issue is still that the morons don't lock their windows...). And when they were looting the "tech savvy" guy's house, the thief pointed out how he instantly goes for any spare HDDs or discs he sees in a cabinet or closet if the person looks "smart", because odds are that contains all of your personal information and is VERY easy to carry out. Laptops might have GPS devices and anti-theft systems (and are things that raise flags at the more reputable pawn shops). Desktops are heavy as hell. External drives and discs are VERY light and the drives can be pawned with no questions asked if there isn't anything good on it. And, even better: People are smart enough to cancel their credit cards if the physical card has been stolen. Criminals have a LOT more time if they get the number.
06-02-2014, 04:02 AM #13
Interesting, kind of what I thought.
But whereas it's unlikely a hacker will go to the trouble of hacking an individual PC, it seems much more likely that they'd target a massive online file store.
I also have my sensitive docs in a Truecrypt file, and my passwords in a Keepass file. But my main concern is photos. I have thousands of pics of family, kids, etc.. and i really don't want to lose them, but I also really don't want them spread around the world.
Skydrive is the easiest to sync them to (though I only have 30gb there), but I'm not sure about their privacy/security. (though they did say they'll be 'best in class' by the end of this year, in response to the Snowden / Hacking revelations of last year.
Tresorit say they can't access your files and things are encrypted locally first. (Have 50gb there due to opening offer)
But in all cases you are basically trusting that they are (a)honest and (b)competent.
So, I agree on the idea of encrypting locally before uploading.. but that makes things much less smooth and user-friendly, and I'm not sure the easiest way to do it for thousands of photos. (trucrypt needs a fixed file size, right? and then it'd be a massive 50gb file to upload/download anyway).
And a system that is inconvenient/manual is one i probably won't use.
It occurs to me that the easiest way for the bad guys / nsa to get your data would be to simply set up lots of legit-looking cloud storage / vpn services and then let you give them all your data.
We tend to find these services through places like Lifehacker, but blogs don't seem to do much research and background checking into legitimacy... so you end up with well known services.. but we don't really know who is behind them. (exacerbated by the fact that many of them base themselves overseas to avoid US data requests, but that then makes them even more obscured).
(Tresorit, for example, seems legit, but could be run by a bunch of hackers / russian mafia for all I know).
(box.net is another very popular one, that seems to be used by a number of big companies, but i think i read something about their android client sending/storing all passwords in plain text... (maybe wrong on the details, but it was definitely a basic security flaw))
06-02-2014, 01:52 PM #14
Well, that is one reason I use Spideroak as it is one of the most well known ones and, at the very least, they are becoming very active in educating people about security. We obviously won't know what is REALLY going on until they actually open source this year, but it would be a pretty elaborate con.
As for your photo issue: If memory serves, the latest truecrypt versions support expanding storage, but I don't know how the syncing would work with that (if it does diffs you are okay. if it just redownloads...)
06-02-2014, 10:28 PM #15
- Join Date
- Jun 2011
I've spent an inordinate amount of time playing with various backup solutions - I change my methods fairly often - I've had to disaster recover a few times - my 10p would be
1 - EVERYTHING you're actively working-on should be in a 'live cloud backup' folder (I use Dropbox for development and Google Drive for photos) - it's idiotic not to do this, especially as it's mostly 'free'.
2 - You should also use a 'periodic backup' solution (I use Crashplan - a paid account with cloud storage) to backup both your work (as above) and things like your c:\user and c:\programdata folders (game saves!!)
3 - Finally, you should occasionally image (I use Macrium Reflect Free) for recovery in the event of hardware failure Unlike the other 'cloud' backups, images are stored locally because 20-30Gb isn't really practical to upload (til I convince her-indoors we need fibre!!)
That way I have the option of using Dropbox to get back individual files (and access those files on other devices) - Crashplan to roll-back entire folders to a point-in-time (and to a different location if I wish) and Reflect will bring back an entire drive (or I can just mount the image as a 'virtual drive' to compare content etc.)
The only solution I'm not 100% happy with nowadays is Dropbox. I think they're greedy in terms of their paid options, mean in their free space, stupid in the way they penalise people who share content BUT they're becoming quite ubiquitous to the point that not having a Dropbox account would lock-you-out of useful things (e.g. Android Backups to Dropbox etc.)
If anyone wanted to talk-me-into a better 'live' backup tool - I'm all ears tho (esp as I lose 48Gb of Dropbox space in 3 months time!!)
Last edited by trjp; 06-02-2014 at 10:32 PM.
06-02-2014, 11:02 PM #16
- Join Date
- Mar 2012
If you have a machine to run it on, OwnCloud is an open source Dropbox replacement, with no space limitations and without compromising your data by trusting someone else to store it for you.
07-02-2014, 12:12 AM #17
- Join Date
- Jun 2011
The problem with "running your own cloud" is that it's not going to be a 'cloud' - it's going to be a PC which is in your house or a relatives house or a friends house, rather than a nice, secure, protected data-center - which makes it much less useful.
Unless you're hoarding child porn or planning terrorist activity, I cannot figure what people are worried about in terms of privacy either. In a world where TBs of data are uploaded every day, the 'encrypted' stuff is the only stuff anyone will want to read - uploading unencrypted content is like 'blending into a crowd' - odds of you being noticed diminish enormously.
The key to backup is replication - keeping as many copies as you can in as many places as possible - the cloud is a cheap option and you'd be a berk not to make some use of it.
I hate to keep bringing up the Project Zomboid thing but that was a textbook example of people being dumber than cheese - if it's worth making, it's worth taking a copy of it - or ideally about 10 copies of it.
09-02-2014, 03:05 AM #18
Grr. Been using Sugarsync for 3 years. This morning it popped up with a message saying my "free trial" had expired.
Seems they've changed their business model and not bothered informing me.
(Despite the fact that I "earned" my free storage by refering people to them, etc..). Seems like a VERY dodgy tactic to me. So I'm looking for a new simple way to sync Keepass and photos from android to desktop.
Sigh. I'd have really recommended them before this...
Last edited by BillButNotBen; 09-02-2014 at 01:04 PM.
09-02-2014, 09:33 AM #19
So, is Dropbox my best bet on android for a simple automatic way to send photos to my PC? And to sync keepass, wallpapers and ebooks?
09-02-2014, 10:25 AM #20
Personally I use SkyDrive but maintain on-site portable HDD backups too. I wouldn't rely on one or the other.Nalano's Law - As an online gaming discussion regarding restrictions grows longer, the probability of a post likening the topic to the Democratic People's Republic of Korea approaches one.
Soldant's Law - A person will happily suspend their moral values if they can express moral outrage by doing so.