Google Plans Service to Store Users' Data Online

achillean wrote this morning with a link to the Wall Street Journal, announcing plans we've all seen coming for a while: an online data storage service from Google. Though the article doesn't come out and call the project 'gDrive' or anything like that, it does indicate the service could be available within the next few months. "Google's push underlines a shift in how businesses and consumers approach computing. They are increasingly using the Web to access applications and files stored in massive computer data centers operated by tech companies such as Salesforce.com Inc., Microsoft Corp. and Google. Such arrangements, made possible by high-speed Internet connections between homes, offices and data centers, aim to ease users' technology headaches and, in some cases, cut their costs."

Useless to me w/Rogers

[brunes69]

Unless Google can lobby Rogers to get rid of its arcane practice of capping usage at 60GB / month for it's standard high speed, me, and around 50% of people in Canada with high speed internet, can not make any real use of this service.

It is pretty sad that a company will give you a nice 6 Mbps link only to cap you at 60 GB, which you could exceed in only 1 day of saturating your link.

Amazon S3

[NickCatal]

I already do this a bit with Amazon's S3 storage system. It is really nice being able to store files anywhere and paying all of $0.03/month for it.

But hey, I'll take free any day.

On a somewhat related note: It would be great if Google bought the LexisNexus people. Having public access to their database would be a great public service.

Encryption method?

[BlueParrot]

What kind of encryption would you use for this?

The most secure would be to store a single large archive of all your files encrypted with a strong cipher, but that has the disadvantage that you have to download it all to decipher it.

Alternatively you could encrypt each file separately, which would speed up access considerably, but also leak more information about what you are storing (i.e many small files vs one big one ).

I guess if the data is sensitive enough to require the former type of encryption you shouldn't transmit it over insecure connections to begin with...

TrueCrypt support would be tasty!

[Jugalator]

Hmm, if Google's encryption plans are lacking, how about a mountable GDrive in TrueCrypt, popping up as a partition with the traditional encryption methods of TrueCrypt? :-D

:-------D

OK, so that was last part was really unnecessary, but still...!

Re:Filesystem over IMAP.

[i.r.id10t]

Already done - http://richard.jones.name/google-hacks/gmail-filesystem/gmail-filesystem.html [jones.name]

Re:Call Me Paranoid

[cybermage]

Well see, there is thing called "encryption".

Okay, some wing-nutty paranoia now. Is there any form of encryption that you believe people like the NSA cannot crack? I suspect stories like "Skype encryption too tough for German police" [zdnetasia.com] are a ruse to encourage criminals to use the Skype which is likely easier to track, and certainly less portable, than prepaid cell phones.

Besides, if Google doesn't do the encryption, 99.99% of the data will not be encrypted. That should make the people with something to hide pretty easy to pick out.

Re:Recomendation to dissidents

[StankDawg]

The RIAA wouldn't need to send the police for your computers since they can subpoena Google to get the evidence that they need. They do that for search queries now. Uploading your personal data gives law enforcement one stop shopping to your information. A "portal" to all of your personal information. How convenient...

Already Done it;s called Amazon S3

[bangzilla]

Amazon has been doing this for ages - very well I might add. What does Google bring to the party. Advertising? Big whoop. I like the privacy of my data. I don't want Google scanning my data as it scans my email. That's taking things just too far. What next? Google coming around to my house to check my desk draws.....?

Re:Already Done it;s called Amazon S3

[yoduh]

While I love S3, its not for the common person. If Google used an S3-style system as a good backbone and added a few very usable features it would be an improvement. I like the power of writing my own scripts and controlling what I send to S3, but I'd like to have more power to see what is in my buckets. I can do list command, but I'd like to know sizes and dates and to be able to query that information easily. Even just view it in a web control panel just to grab a small file from it.

Re:Call Me Paranoid

[fyngyrz]

The algorithm has been extensively critiqued and found to be strong.

...and if the NSA could crack AES-128, what would you expect to hear from them and any security-cleared academics involved? Let me lay it out for you bluntly. They'd say something along the lines of "The algorithm has been extensively critiqued and found to be strong."

Also, there's quite a difference between what Dr. Joe Honest, working on his stipend until 4pm each day with what he, his TA, and his mighty 3 GHz windows or linux machine can do, and an organization that has billions in budget normally, can get more anytime they ask, no difficult goals but breaking encryption and signal intercept, and which has made it a point to hire as many of the best minds in encryption as possible for, oh, say the last fifty years or so. And this in a world where quantum attacks are thought to be only a matter of sufficiently developed technology.

Personally, I think if you depend upon encryption, someone, somewhere, is quite likely to be archiving your data in the clear. Even if the decrypt mechanism "trick" involved was no more complicated than scooping your OTP off your computer without your knowledge. Which we all know cannot happen. (cough.)

If you want security from generic canvasing of your data, put it on a machine that has no network connection, and ensure that said machine has considerable physical security, right up to and including a Faraday cage [wikipedia.org]. It won't stop anyone who physically comes after you, but your data will remain unscanned as long as you remain of no interest to the authorities. Past that point, you could wake up and find your Faraday cage missing, computer and all. :-)

And of course, nothing so quaint as that old-world concept of a "warrant" will impede them.

Re:This sounds fun - Killing Off Identity Theft !

[thosf]

Besides having google list paid advertising messages with the data, I think your suggestion (with a twist) has Excellent merit.

Here's what we should all do. Post phony-balony (fictional) data so it can be harvested and merged with the existing data that compromises the identity theft databases.

After several months, the database will be all but USELESS because they won't know what data is valid and what data is false.

No one will want to buy identity data if it contains so much false information, that it becomes useless. It actually becomes DANGEROUS to the purchaser because there's significantly reduced payoff - while it increases the perpetrator's exposure to risk of detection and prosecution.

Every place you visit on the web should be an opportunity to "salt" it with fiction. I recommend that you forward this idea to everyone you know to rapidly make this happen.

I am starting this initiative here and now by posting my (false) data:

Robert DeScully
6733 Orion Ct. Apt-B
Ann Arbor, MI 48109
Occupation: IRS Auditor
Annual Income: $187,200
Soc. Sec. No.: 853-98-1294

To paraphrase mayor Daly, "Post soon and post often" (he actually said, "Vote soon and vote often.")