Google's Gdrive Raises Instant Privacy Concerns

An anonymous reader writes "The rumor mill is already raging over the potential functionality and capacity for Google's online storage service we talked about earlier this week (the company says 'it makes sense' to put all its Web apps under the same umbrella). But Internet rights advocates are now crying foul over liability issues, a probable lack of encryption and a cash-cow model that could scan all your personal data for advertising keywords. From the article: "'Google would be wise to offer users an option to encrypt your information,' says Nimrod Kozlovski, a professor of Internet law at Tel Aviv University. 'It really needs to have really detailed explanations of what the legal expectations are for storing your info.'""

you have the choice

[yagu]

You have the choice to:

• Not use the google service
• encrypt your data you choose to store online with them
• use some other service

Seriously, the issues raised are the same as with the other on-line storage services. And, this move by Google mostly integrates/consolidates what they already offer, albeit with the extension of storing any kind of data. I think it's great, I've started storing much of my data on line in various forums and I love the internet access. At your parents house and need a file? Download from the clouds. Got a special inside track on a new job and they need your resume, quick? From the clouds. Serenity now!

If you've got data you think sensitive, encrypt it, or figure out a different way to store it. Personally, from anecdotal, but plentiful, observation, those who store their data "in"/on the internet:

• are far less likely to lose data
• have much more universal access to their data
• will probably spend less overall (no upgrades to disk drives) to store their data
• and bother me far less with support issues

As for the screaming about Google figuring out a way to make money doing this, hwah? Kind of what running a company is about. And the more money they figure out how to make by ads makes the price point that much less for you and me, or anyone willing to trust Google. For the moment, I am. I'm assuming I'll get enough warning signs to not trust them, I'll move my data elsewhere. For now, good for Google.

This isn't new, just big. And, from a personal standpoint, I hope it's one more ding in Microsoft's armor. The more there are alternatives to data locked up in Microsoft's products, the better chances of real competition, and ultimately progress (finally!) in technology. (sorry, had to dig... this is slashdot, right?)

Re:

[ByOhTek]

You make a lot of good points, but remember - the guy who the quoted from a lot of the complaints... is a nimrod.

Bad humor aside, you are right. It's not like anyone is being force to use it - it's not like anything is being changed and there are exising users - this is a new product and everything is out in the open. Like anything else network related: if it's important, don't put it on the web like a dummy.

Re:

[rtb61]

Here is an interesting point for you. What about minors and protecting their privacy, they can not legally agree to any privacy invasive contracts, and google by law must seek to protect the privacy of minors. Has google been lax and allowed their single minded drive for profits to over ride it's legal and moral responsibilities.

Then there is second and third party privacy. When people have records of other parties on their hard drives and google starts scanning and recording that data for a flood of psyc

For Encryption...

[epiphani]

Use truecrypt. Open, GPL, quick and easy.

Re:For Encryption...

[cromar]

For the lazy [truecrypt.org] :)

Looks pretty cool, but I am guessing that it couldn't be used in conjunction with gDisk. Also, "only" Windows and Linux are supported.

Re:For Encryption...

[Mazin07]

You'd have to create a local encrypted "container" (which is a filesystem in itself), fill it with data, and then put it on your gDiskDriveSpaceBox.

It's like storing a safe at the rental storage unit.

Re:

[Random Destruction]

There are programs that encrypt individual files a la truecrypt too. I don't recall which off the top of my head, but I had one set up for online data storage. The big benefit of this method is when you update one file, you upload one file, rather than your whole encrypted volume. The one I used even encrypted the file names, so you couldn't guess what they were other than by size.

Re:

[The MAZZTer]

A safe that you would have to physically and completely remove and take all the way home before you could open it to add or remove anything, and then take it all the way back to commit your changes.

Re:

[Kadin2048]

You're assuming that the storage device (GDrive or what have you) gives you block-level access to your files. I'm not sure that's a good assumption; I think it will probably be geared towards small documents and will require you to download a file in its entirety in order to edit it.

Even if TrueCrypt doesn't require you to read and load the entire .tc file into memory in order to decrypt part of it (I don't know if that's true or not; I really don't know a darn thing about the internals of TrueCrypt), you s

Re:For Encryption...

[PopeRatzo]

Truecrypt is a really nice solution, not necessarily to gDrive (although it might be), but to protecting your privacy generally.

But I suggest you get it quickly. I believe that as soon as some "killer" encryption app that is user-friendly(for non-techies) and secure comes along, we will see efforts to outlaw private, personal use of encryption.

There's a guy named Zimmerman who can tell you just how badly the government would like to make it against the law to encrypt data or communications. And the idea that he got in trouble just because foreign countries could get hold of pgp is simply a flimsy excuse. There have already been cases where the personal use of encryption alone has been used as probably cause for the search and seizure of person and property.

Sure, I'm a paranoid, but that doesn't change the fact that the corporate authoritarians who are running our government are engaged in a full-court press to take away our freedom and our privacy. And they are succeeding at an unprecedented rate.

I hope one of you out there comes up with a simple app for encrypting data that works well with gDrive. And thanks, cromar, for the link to Truecrypt. I played with it a while back, but now I see that it's been improved to the point that I'm going to use it on all of my external storage.

Re:

[VGPowerlord]

Zimmerman? Was he the one that said "Privacy? Google?! Pssh!"?

Re:

[jvkjvk]

But I suggest you get it quickly. I believe that as soon as some "killer" encryption app that is user-friendly(for non-techies) and secure comes along, we will see efforts to outlaw private, personal use of encryption.

Sure, I'm a paranoid, but that doesn't change the fact that the corporate authoritarians who are running our government are engaged in a full-court press to take away our freedom and our privacy. And they are succeeding at an unprecedented rate.

I don't quite understand how this would happen.

We would need a law that differentiated "corporate" and "personal" encryption, because I can tell you right now that there is no way any multinational is going to hand over their encryption keys to the US government or go unencrypted. It's simply not in their best interest to do so.

I also believe that such a law differentiating classes of encryption users {corporate, personal} would be almost impossible to enact and if enacted would be challenged immediate

Re:For Encryption...

[PopeRatzo]

I don't quite understand how this would happen.

I understand your feelings, jvkjvk. I didn't understand how the government would take away the right to habeas corpus, or how it could hold American citizens as "enemy combatants" or how it could eavesdrop on the entire internet. I thought for sure that someone, somewhere in Congress or surely the Supreme Court would say "wait, we have a Constitution here, that says you have to do things a certain way". I didn't realize that our system of checks and balances was a fiction or that our system was so vulnerable to a committed sociopath who wanted to bring down our system of laws (Bush or Cheney, take your pick). Even failing all of those, I was sure that our press, the watchdogs of our freedoms, would leap into the fray and scream bloody murder if someone tried to do what the Bush Administration did. Unfortunately, it seems that they've been so beaten down by being told they were too "liberal" for the last 2 decades, and corporate interests have so thoroughly enforced their ownership, that there doesn't seem to be an effective press any longer in this country. They're too big worrying about one candidate's cleavage and another candidate's haircut.

I didn't understand how it would be possible for the government to do searches and seizures without a warrant, in lieu of a declared war, or for that matter how, so soon after Viet Nam, a massive mobilization of our troops causing thousands of American lives could be engaged without a formal declaration of war, especially in lieu of the target of that invasion having attacked the US. I didn't understand how it would be possible that we'd fight that war using corporate-led army of private mercenaries who would be above the law of any world nation. I didn't understand how it would be possible for a Presidential election to be decided by a couple of Republican-appointed Supreme Court justices after they forced a state to STOP COUNTING VOTES.

But that's where we are today. Trust me, before a woman or a black man is elected President, personal users of encryption will be considered outlaws. Hell, did you ever think that someone whose grandson used a legally available piece of software for its intended purpose could be considered an outlaw and fined hundreds of thousands of dollars, having had a private squad of thugs raid her house and seize her computer?

I could go on, but it's Friday night and this vodka/cranberry juice is starting to put me into a good mood. It's been a long week and fighting fascism is thirsty work. I pray that a lot more of you highly-skilled, technically savvy, bright people give it a try (fighting fascism, not vodka/cranberry), but until the government seizes your iPods and your Xboxes and your 42" HDTVs it probably won't happen. But then again, with the sources of cheap credit which fuel our consumer economy drying up, it just might. When it does...meet the boys on the battle front.

Peace, citizens.

Re:

[TheVelvetFlamebait]

But I suggest you get it quickly. I believe that as soon as some "killer" encryption app that is user-friendly(for non-techies) and secure comes along, we will see efforts to outlaw private, personal use of encryption.

Nope, I'm not buying it. It's a question of incentives, and there really isn't incentive enough to outlaw it now. It's not like the government gets anything out of spying on people; they do it to show they're serious about security, to appease a frightened population. If everyone starts using

Re:

[skeeto]

encrypt your data you choose to store online with them

I can think of at least one interesting way to set this up using FUSE [sourceforge.net]. Once this service becomes available, someone writes a FUSE filesystem for it. Then you use encfs [sourceforge.net] to mount an encrypted filesystem on top of the mounted gdrive. Viola! Mount a gdrive locally and hide its contents from Google too.

Re:

[skeeto]

EncFS does all the work for you. You can either go with the default settings or you can choose "paranoid mode" and it cranks everything to the max. Example,

$ encfs /tmp/enc /tmp/raw

Creating new encrypted volume.
Please choose from one of the following options:
enter "x" for expert configuration mode,
enter "p" for pre-configured paranoia mode,
anything else, or an empty line will select standard mode.
?>

Standard configuration selected.

Configuration finished. The filesystem to be created has
the follo

Re:

[lazlo]

One other point: What this Nimrod is suggesting is that you can't trust Google to respect the privacy of your data, but that you can trust them to encrypt it for you. I don't quite see how that works...

Re:

[omeomi]

One other point: What this Nimrod is suggesting is that you can't trust Google to respect the privacy of your data, but that you can trust them to encrypt it for you. I don't quite see how that works...

Well, the first implies trusting the company and its policies. The second implies trusting the company _and_ any employee who has access to the data. At least if it's encrypted before being written to disk, there's probably a few less people who have access to the unencrypted data. I still wouldn't store an

Encryption as a double edged sword

[pwnies]

First off, if you're that concerned about your data being secure, you probably should just store it on a personal webserver and encrypt it yourself.
That being said, I really don't see this as a major concern for Google in relation to the success of Gdrive. A large percentage of people today really don't care about whether or not their personal data is scanned an analyzed, as proven by the information people list on social networking sites like facebook, myspace, livejournal, etc.
So the real question here is whether or not Google (and the small percentage of users that would use encryption) would benefit enough from this feature to offset the time needed to develop it and the hassles that will come along with it. I think that alot of the users wont realize that if Google encrypts their data with the password that the users provide, then there will no longer be that friendly "Forgot your password? Let us reset it for you." button. People will then be constantly complaining that they can no longer access their data if they forgot their password and had it reset (Because the data is encrypted based on their old password obviously). The only way that Google would be able to recover that data for the user is a.) by brute forcing it, or b.) by using precomputed hashes in a rainbow table format (though something tells me that Google is smart enough to use salts and this wouldn't be an option). Realistically, even Google doesn't have the resources to go around brute forcing people's passwords. This means the only real way that Google could encrypt the data would be to store their passwords as plaintext in case the user forgot it, which is really just providing security as the cost of losing alot more security. All in all I don't see the process being beneficial for Google or the users.

Re:

[Asgard]

If the contents are encrypted then Google can't have the password (or else it is useless), so there is no way for them to provide you with your password. The best they can do is wipe your drive and give you a clean slate.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Encryption as a double edged sword

[nahdude812]

The idea behind encryption is that even Google shouldn't be able to read your data. If Google holds both the encrypted data and the key, then it is barely different from having it stored unencrypted, but you get to keep your "Forgot the password to my data" option. If Google can't read your data (as is being suggested in the article), then it also can't give you access to it when you forget.

Re:

[account_deleted]

Comment removed based on user account deletion

No, Google does NOT need to use encryption

[Sycraft-fu]

Because that's not useful. If they encrypt your data for you, guess what? They have the key! If you want your data safe from them, YOU need to encrypt it. That's just how it works. If you send your data in the clear to someone else and then they encrypt it for you, that means they can get at your data. Same deal is you send them data and the encryption key as well (see AACS). The only way to give it to them, but not let them at it is for you to encrypt it yourself, and to not give them the key. Then and only then can you be assured that while they have a copy, they can't read it.

Seriously people, get Truecrypt, it isn't hard.

Re:

[barzok]

Seriously people, get Truecrypt, it isn't hard.

Unless you're a Mac user. No TrueCrypt there (yet). Have to use other methods.

Re:

[JazzLad]

Yet another reason not to be a Mac user?

I kid, I kid! Man, I used to have great Karma, I wonder what happened.

Re:

[Burz]

Umm, like the one built-into OS X: encrypted disk image.

But overall a file encryption tool like gpg may be more secure than letting google or others see the disk I/O flow over the net. In that scenario, which truecrypt isn't designed for, I believe a disk encryption scheme becomes weak.

Re:

[barzok]

I'm aware of encrypted disk images BUT the problem really is that if I use TrueCrypt on my work computer (Windows) and my wife's laptop (also Windows) to protect my data, I can't upload that to Google and then bring it down for use on my MacBook.

If I use an encrypted disk image on the Mac, I can't use it on the Windows systems.

Wrong.

[l4m3z0r]

If they encrypt your data for you, guess what? They have the key! If you want your data safe from them, YOU need to encrypt it.

This is patently wrong. Why can't I supply them with a public key that they use to encrypt, but I never reveal my private key thats used to decrypt the data. I mean honestly this is what public key encryption was invented for.

That said they dont need the key as you gave them the DATA to encrypt in the first place. So you'd have to trust them that once they encrypt it they t

Re:

[Paul Rose]

Maybe I'm just completely mising your point, but:

This is patently wrong. Why can't I supply them with a public key that they use to encrypt,

Because if they are doing the encryption then they have the plaintext.

They store two copies, the text that they encrypt and allow you to read, and the plaintext that they mine for info.

Re:

[Professor_UNIX]

Why do you assume they would have the plaintext? Look at Mozy for an example of what the parent commenter was talking about. You can either use their key to encrypt your data, in which case they can also decrypt it without you needing a separate key, or you can use your own encryption key and the software encrypts the data which it before it sends it to Mozy's servers. Why can't Google do the same thing?

Re:Because in that case you gave them the plain te

[Ephemeriis]

If someone has the clear text at any time, or the decryption key at any time, you are implicitly trusting them with that data.

Exactly. If you're already trusting Google to do the encryption or hang on to the key or whatever...then why bother having them encrypt it in the first place? Your privacy has already been compromised and you're already relying on Google to do what they claim they're going to do. If you are genuinely concerned about about your security/privacy then you aren't going to want to rely

Re:

[The MAZZTer]

They can still implement encryption that allows the user to provide a key... but I suppose there is no way to guarantee the key isn't saved somewhere, other than Google's word.

That's precisely it

[Sycraft-fu]

You either trust them or you don't. If you do, then what is the encryption supposed to buy you? You trust them right? If you don't, well then why would you trust their software to encrypt it, but not send the key?

Re:

[N7DR]

Because that's not useful. If they encrypt your data for you, guess what? They have the key! If you want your data safe from them, YOU need to encrypt it. That's just how it works.

That's only how symmetric key cryptography works. If the only reason that this system was insecure was that Google would have the decryption key, then one would use public key cryptography to circumvent the weakness.

However, the real hole in letting them encrypt the data is that you have no way to stop them from keeping an

Jesus Christ

[Jugalator]

At least let Google say something on their plans first...?

Besides, what's so special even if they'd do this? It's the norm to not encrypt mails. It's the norm to not encrypt instant messages on servers on services that provide offline messaging (Messenger, ICQ, ...). Software may send usage information to some company's servers. Game companies analyze your system to detect cheats, and could in the process find a lot of other things on it.

As usual, when this is released, I think *gasp* that the users will just have to decide for themselves if they care for having encryption or not. They'll also be free to encrypt their data. Why the rumor mill? Just chill and take it for what it is, as with any other service. It's not like Google will force you onto it. Then I could see the fearmongering kicking in early be more motivated.

Re:

[Joe U]

There's a problem with the way things have been done, that's why we are having this discussion.

Actually, Twitter, this is more of a 'I have not personally seen or used your service, and you have not published detailed specs, so I will write some suggestions on how to fix the problems you have'

The other options are things like M$'s Live Desktop Rape Service

Yeah, you don't have too much free time on your hands. Tell your mom to stop sending the sugary snacks to your apartment over the garage, they're gettin

I trust Google as of now...

[explosivejared]

Disclaimer: I don't see myself being an early adopter or anything of this service, but not because of privacy.

cash-cow model that could scan all your personal data for advertising keywords

What, like the "disaster" that Gmail is? I'm all for Internet privacy, but get some perspective. I trust this service in the hands of Google. They've done nothing to shake that trust, and to be frankly I have good faith that they won't. They're a data miner, sure, but they have always done in the least intrusive way as possible. Get this, I even like their ads sometimes! I know, unbelievable right! So thanks for being watchdogs and all, but as of right now, Google has my trust.

Re:I trust Google as of now...

[Jugalator]

Agreed -- Google hasn't done anything evil about their information other than by machine analyzing the data to provide relevant ads. I think the reason is simple enough... Even if they were evil enough to do anything more, they ought to have the brains to understand how damaging that would be to their brand when it's the god damn core of their business model. Managing information. I mean, I can't even see how Google would even want to do this even from a business perspective. It would just take them to be discovered having done something fishy once and they could risk losing a lot of their reputation.

relevant ads for essentially random/encrypted data

[StandardDeviant]

Cool, I might be able to find some new powernoise musicians that way! :D Merzbow has reminded me at times of what it must sound like to pipe a tarball into /dev/dsp.

(My gdrive would probably contain one large encrypted file. Tar + gpg + free offsite backup, sounds like a win to me.)

Re:

[apt142]

The other situation that I would be concerned with is not so much that Google would want to read and/or misuse my data but rather that the RIAA/MPAA, or some other untrustworthy entity would want to. In the case that the government on behalf of an entity or itself would attempt to compel Google to give up those files, I would like to feel that they aren't handed over on a whim.

Google was the only major search engine that denied the government a copy of their search results about a year ago. They were w

Re:

[GoofyBoy]

>they ought to have the brains to understand how damaging that would be to their brand when it's the god damn core of their business model.

I value my privacy enough to NOT trust it others based on a fact/promise/hope/dream that they will stick to a business model in the distant future.

Re:

[MightyYar]

CIA, FBI, NSA, Mossad, or whatever spy agency

I'll have to remember to encrypt my emails the next time I plan an overthrow of the US and Israeli governments. Thanks!

Gadzooks, where do you people come from? Email is sent in plaintext from server-to-server. If you are sending something that you don't want others to read, reconsider your choice of email or encrypt the data. Maybe terrorists are so stupid that they send each other plain-text emails like, "Hey Ahmed, lets blow up that pizza place next week!", but I doubt it.

Re:

[a whoabot]

First they fear the CIA and Mossad, then it's the Freemasons, Rotarians, and Lionists. No joke, it's in the Hamas covenant.

Re:

[fmobus]

Yeah, and for some reason that could never happen in other e-mail services. Never!!

If you want failproof privacy, roll your own encryption. Period.

Re:

[vux984]

They've done nothing to shake that trust, and to be frankly I have good faith that they won't.

Pretty much anyone who has ever dated has been in this situation. And yet the world is littered with broken hearts, cheating/backstabbing boyfriends/girlfriends, bitter breakups, and vicious divorce proceedings. I'm not saying one shouldn't trust people, but your a complete idiot if you think you can't get brutally hurt. At least with love the risk is worth it... what does google give you? Free webmail? Some online

I am so tired of hearing about this.

[Evil Kerek]

#1 - Everything on the internet is not free. Actually, nothing is truly free - there's a cost SOMEWHERE. #2 - You do not have to use G So stop getting your panties in a wad. Just because YOU don't like the idea of it, doesn't mean some of us couldn't care less and like the idea of free storage. Everyone acts like GMail is the only mail system out there or that they are being forced to use it. Don't like the ads? Don't like that Google might read your mail? DON'T USE IT. You have plenty of choices out there - it's not Google's responsiblity to provide you with free anything. Get over yourselves.

I do not get it

[bogaboga]

When it comes to GDrive, I wonder whether anyone is being forced to use it. I doubt this is the case. If this is not the case, why not just avoid it? Shhesh?

Re:

[MillionthMonkey]

When it comes to GDrive, I wonder whether anyone is being forced to use it. I doubt this is the case. If this is not the case, why not just avoid it? Shhesh?

There are many reasons one might not succeed in avoiding it. For instance, one might send a sensitive document to someone unaware of these issues who then uploads it to GDrive. Not everyone is going to have seen this story that you're complaining about.

Can't say I'm concerned

[Yalius]

It's a free service, some will find it useful, some won't. I mean, what kind of nimrod would expect his data to be 100% perfectly private and encrypted if he's outsourcing his data retention to someone else, and then question the company storing his data for, um, storing his data in the form he transmitted it? I just don't get the OMFGism.

"Internet rights advocates are now crying foul"

[serviscope_minor]

Simple, don't use it. Seriously, google aren't in the business of simply giving stuff away out of the goodness of their hearts. They're giving things away because they think that they can generate revenue. Pretty much the only thing they get for storing your data "for free" is the data itself.

Just like your emails: you pay them by giving data so that they can search it advertise to you. Why would anyone think that they would do anything else with more of your data.

If you are sufficiently naive to think that a company will simply give you free online storage for no benefit to themselves, than I have a bridge to sell you. Lots of traffic, one careful owner...

Re:

[sqrt(2)]

I block every ad google serves up in every location and form. Besides the nebulous value I am for data mining (and have fun mining largely encrypted data and fake/garbage demographic information), what revenue am I providing the company? They'd be lucky to break even on a freeloader like me. I guess I should be happy that stupid people exist, they're subsidizing my ad-free e-mail account and an awesome search engine.

Re:

[sqrt(2)]

There is no sense of entitlement, although I wont deny I can be an asshole at times. I know the free ride would be over if too many people were like me, which is why I do not encourage the same behavior I practice. And when it ends--when, not if--I wont be angry because I know I wasn't paying a dime for what I was getting when I had it.

Why use it?

[east coast]

If you got data that is so sensitive that you're worried about Google processing it for some kind of ad targeting purpose you should be worried enough to spend a few bucks and get a webhost for your data. You can get a webhost with a couple of gigs of storage and more transfer for ~10 bucks a month. What's the issue?

This is Madness. This is Slashdot.

[njfuzzy]

This is idiotic. Seriously. The "product" in question is a rumor. No details are confirmed about how it will work, what advertising hooks there will be, what features it will have, or whether it will ever see the light of day. You know what criticizing it at this point makes you? Not an analyst, not an expert, not a technologist. It makes you a guy with a guess and a blog.

Re:

[grassy_knoll]

Ahem.

It makes you a guy with a guess and a blog.

Note to self: get blog.

My concern here is not my usage....

[Churla]

I know to avoid things if it involves giving private information to Google. "Do no evil" motto or not they have already shown they can and will bend to the right political pressure (i.e. China), or the right financial pressure (i.e. focused ad targeting).

My concern is how many people will blindly use it who don't know better. How many of those people will be ones I have to deal with? How much information about me will they be storing on G that I won't have control over? What happens when the government

Common Sense lacking?

[Bryansix]

How do any of these concerns also not apply to GMAIL. In fact there are software packages you can use to turn your gmail account into a "G Drive" already and utilize those 5+ Gigs for file storage.

Hmm..

[Selfbain]

Do they write these articles from scratch or do they have a program that just generates them from a template whenever Google makes an announcement?

Want another M$?

[jhRisk]

Granted Google has not yet shown us they're capacity for evil (tm) the way M$ has over the years but give them a chance... they're still young. Bottom line is that the same arguments I've seen here for why it's not a big deal (ex. do this, do that or don't use them) are the very ones used for why M$'s monopoly is not so bad (ex. use Linux, do this, do that) Problem is M$'s stanglehold at this time makes those options less "adaptable" for the masses. If we knew then what we know now we would have prevent M$ from even getting there.

But Google can do no evil, right, therefore despite this company being at that very point where we can do something before the ignorant masses consume their products in such quantities to the point where, like M$, change is difficult, we shouldn't worry about the same thing happening here, right? Yeah... right. Unfortunatley I see another monopoly coming but this time on personal information products which may not restrict our freedom of choice in the same sense as the M$ one does (eg. our ability to choose alternate technologies) but will be so valuable and so entrenched in everything that it'll be just as difficult to move away from.

We realistically could see most people, companies and even the governments depending on Google the way we did on Blackberries. It took the RIM injunction scare of 2006 to open some eyes up since even emergency services were depending on Blackberries (sigh.) Think beyond this on Google product, their 700MHz band bidding and every isolated move they've made in the past 5 years or so. Look at all of it holistically and as much as I like them and their products I don't like where it potentially leaves us in the future.

Re:

[msuarezalvarez]

Granted Google has not yet shown us they're capacity for evil [...]

Indeed, there are no flashy Evil Capable on google's pages. MS's marketeers are clearly way ahead of them!

Do we need legislation?

[rueger]

Many valid points are made here, not the least of which is that sensitive information should secured locally, not via some free web service. And of course, Google does tell you what they will and will not do with your data, as do most places like Facebook etc.

What I'm interested to watch is how legislation, or even case law evolves as more and more information moves on-line. Will lawmakers force on-line services to encrypt customer data, or to meet minimum levels of security? Will servcies like Google

Re:

[Forbman]

well, what happens if Iron Mountain screws up your company's backup tapes, loses them, they get destroyed in transit between IM and your company, etc.?

Just remember

[SCHecklerX]

Part of a good security strategy is to have off-site backups of important data. So, it is better to put stuff on Google's servers than it is to risk losing it when your system crashes, don't you think? For sensitive information, encrypt before storing (or store it on google as a truecrypt volume? I haven't used the gdrive thing, but if it can be mounted, then this seems the optimal solution).

I have a Chinese friend with Yahoo Mail...

[ZombieRoboNinja]

She's studying in the US, but most of her family is back in China, and she uses her Yahoo mail account to communicate with them.

She does this knowing full well that Yahoo is reading her mail and will rat her family out to the government if she says anything that smells like dissidence. She told me she always tries to be careful how she words things, just in case. But she doesn't bother encrypting things or switch email addresses, because she's NOT a political dissident, and she has "nothing to hide." To me,

how could Google encrypt?

[eean]

Whats the point of having Google encrypt and decrypt your info? They'll have to turn it over, decrypted, if served with papers. And wouldn't release it otherwise.

Encryption has to happen client-side.

These "privacy advocates" have no business

[IGnatius T Foobar]

I don't know who these supposed "privacy advocates" are, but as far as I'm concerned they can go f**k themselves. If they don't trust their data on Google's servers, then don't use the service. END OF DISCUSSION.

Re:

[mattwarden]

Or encrypt it before you upload to google.

How long before some open source software is written to do this seamlessly, just like truecrypt does on your local drive? I'm betting 2 weeks after launch. Actually, I'm betting it is being designed right now by someone.

If you don't like privacy advocacy

[xant]

You can ignore it. It's the same advice you gave.

If there's a privacy problem, Google is not likely to tell you about it. Not everyone in the world is aware of problems with the privacy of their data. "Advocates" are the people who warn other people about those problems. Everyone should make their own informed decisions. It is ridiculous to think every possible user of GDrive would know the possible issues with it.

That's assuming the problems will actually exist, which I'm not convinced of yet.

eCryptfs

[omnirealm]

When Google provides a Linux filesystem (either native or via FUSE), people can use eCryptfs [sf.net] to prevent Google from reading the contents of their files. eCryptfs stacks on top of other filesystems and encrypts the data.

You don't necessarily need encryption

[Mr. Pibb]

You can just use any obsolete archiver if you don't want Google scanning your data. Sure, they could write a module to unzip your files, but are they going to bother with LHarc and .ZOO files?

Legal expectations?

[BobaFett]

'It really needs to have really detailed explanations of what the legal expectations are for storing your info.'

You've given Google your data, they can look at it all they want. Simple enough? They will certainly have the service agreement you have to accept when you use the service, with things like how much your copyright on your works protects you and what license you explicitly grant them by uploading copyrighted works to their storage, things like that. But basically, you stored your data on their disk

Fool me once, shame on you. Fool me twice...

[$criptah]

If people trust a company with the data, then I can blame nobody but them. During the past years there was so much information about data loss and security breaches that it makes me want to un-plug my computer when I am not at home. Given the fact that Google, Yahoo, Comcast and other big companies constantly play favorites and bend over in front of foreign governments, I do not and will not utilize their services for any serious business.

I trust only myself or dead people. If you need space, get an exte

I let my E-mail Provider Read All My Mail

[Jon_S]

This same paranoia came up when GMail came out. People all freaked out that Google was reading their mails to match up ads.

I don't have GMail. I pay for a service (*) rather than look at ads.

But you know what, I still let my e-mail provider read all my mails. How else does anyone think that spam filters work? You can't filter out spam without reading the e-mails.

It's not like Eric Schmidt is there reading each message looking for the good ones.

* service = fastmail.fm I highly recommend them.

Good Sense and Protection Money

[blueZhift]

There's a lot of talk about encryption here, but it is unlikely that "ordinary" users are going to use it or care. But I would say that if I had any illegal or questionable materials, good sense would make it unlikely I would store them on a Gdrive. And as far as Google data mining my files for ad purposes, my guess is that they will offer a paid service wherein your data is not scanned by them at all, beyond virus scanning I would guess. So if you pay the protection money, then it's cool, if you trust Goog

Nothing specific to Google

[ozzee]

There already exist drive in the sky web services. I suspect Google's gdrive is only a me-too comparable service. If we're so paranoid (which I probably am), then the game is already won by the bad guys. Case in point, over the last year, I have needed to wipe my hard drive clean four times because something went awry, just unexplicable things like network services starting to do strange things. No virus check found anything. With the guise of a Microsoft update, my computer can be surreptitiously surrendering all kinds of information against my will, we don't need a gdrive for that, it's already possible and more than likely happening to almost all who use Windows.

I can think of a few fixes but it's probably not going to be something that will happen fast or without a fight.

Imagine if....

[gentlemen_loser]

Microsoft knew as much about you as Google does:

It appears that you are trying to erase emails that your mistress sent you. Would you like to:
o Forward them to your spouse?
o Click on the banner ad to delete them?
o Forward them to all of your contacts?
o Buy an update to Office for the low price of $799.00 to delete them?
o See other options?

Third

[hhawk]

If you transfer you data to a third party, there is really little chance that someone isn't going to have access to it, including Admin. users on the system.

If you really need to use it you could of course encrypt before you upload.

Home based RAID systems now sell for $300-$500 with TeraByte size drives. Or put the data on a Flash drive and store it in your bank vault.

Griping about vaporware

[ElizabethGreene]

Does no-one else observe the futility of griping about a product that does not exist yet? Let's see what they come up with before gathering the pitchforks and torches. -ellie

My goodness ..

[ScrewMaster]

says Nimrod Kozlovski,

You mean there actually are people named Nimrod?

I'll take two

[torkus]

Seriously. This is another pile of shi....erm... sensationalist 'cry wolf' journalism.

Google has my data that they're storing for me, for free, because i gave it to them...along with my email...and a spot on my MSIE toolbar, and a spot on on the MSIE searchabr, and a spot on my desktop for desktop search...

Seriously, we coudl all say to encrypt it but 99% of people out there won't. Ease of use + free > privacy to most people. In fact google still keeps your data private. Yes, they'll give you targete

no encryption?

[m2943]

Google generally makes APIs available for their services, and they will likely do the same here. So, if you want an encrypted file system with Google storage, all you need is the right client.

I suspect you're going to see a Fuse-based encrypted Google file system within days of the release of the API and service.

A little too late to be concerned...

[blahplusplus]

... about privacy. I mean really online unencrypted email gives any bad person in the right place access to a lot of your personal information anyway. If we dumped all the email out of the free emails services, I'm sure we'd have a hell of a lot of data just from that alone.

Re:

[waztub]

Actually, Nimrod is a fairly common Israeli name. It's from the Bible.

Re:

[rkanodia]

In the Bible, Nimrod is described as a mighty hunter. The name acquired its newer meaning thanks to Bugs Bunny, who used to refer to Elmer Fudd as a 'poor little Nimrod'.

Re:

[pla]

Oh any why do you need online storage? Use SSH/SFTP and you're all set. I guess that only works for all us geeks who leave our machines on 24/7, or run our own servers.

As a geek who leaves (some of) his machines on 24/7, and also makes extensive use of SSH tunnels, might I ask how you make the use of remote filesystems transparent, in particular on a (corporate standard) Windows desktop?

I know you can tunnel Samba, but the only way I know of requires having a local Linux box not running Samba, with it

Re:gdrive?

[The Angry Mick]

i got dibs on the ../pr0n directory

Would that be called the "G-Spot"?

Re:

[Culture20]

Genesis 10:8 Cush was the [father/ancestor] of Nimrod, who grew to be a mighty warrior on the earth.

Re:

[g0at]

No, but you're not the only un-educated knob, either.

Re:

[bladesjester]

Kid, humor is where you find it.

Maybe you'll understand that when you stop being a troll. =]

Re:

[bladesjester]

I'm sorry that you're so uptight that you fail to see humor in the world and are, in fact, I'd say you're getting bent out of shape over this just to have something to gripe about.

Well, as the OP, I can say that race and nationality have nothing to do with it.

It's a great example of a difference between cultures, and in my opinion is indeed amusing. An intelligent Nimrod, which is slang for someone stupid (and he does indeed seem to be quite intelligent).

In my time, I've encountered quite a few amusing nam

Re:

[g0at]

Pardon that I failed to notice you were the OP. I will admit that I'm in a bad mood at the moment, for unrelated reasons. That has perhaps coloured the tone of my postings.

The point that I was originally trying to make was one of education and awareness:

An intelligent Nimrod, which is slang for someone stupid (and he does indeed seem to be quite intelligent).

The reason this seems funny is because of a lack of awareness of the slang term's origin [wikipedia.org]. Were this conversation being had before the time of Chuck Jones and John Steinbeck, there would be no humour at all.

I have to admit that I had the same reacti

Re:

[bladesjester]

No, kiddo, the reason it seems funny is the cultural disconnect, and like it or not Steinbeck is a part of the culture. You're "if this were before the time of Steinbeck" comment just shows how much you don't get it and how far you are going out of your way to be uptight.

"In my opinion, laughing at the guy's name (which itself carries some weight of history and knowledge deeper than probably you or I ever regularly conjure) simply shows ignorance"

First off, *most* names have a deeper meaning than most peop

Re:

[g0at]

Okay. I apologize for calling you a knob. Your rant is at least as mouth-breathing and defensive as mine, though.

I didn't see what value was added to the universe by posting a question about whether anybody else found his name funny. Many people likely did. Did you really want to take a poll? Or simply make your opinion known?

-b

Re:

[bladesjester]

Kid, my rant isn't mouth breathing in the least nor is it defensive. In fact, its purpose was to teach you something. I hope you learn the lesson some day - more people need to.

As for why I said it, spreading mirth is often a positive thing.

You have a great deal to learn. (Among them is that following an "apology" with an insult is not the mark of an apology.)

Re:

[g0at]

I bow down to you, wise sir! You are wholly correct; your lesson is restrained and gentle in tone, and reverently received. With luck this fresh sapling that I am shall grow up to be as humble as you.

-b

Re:

[aclarke]

Come on, mods, ignorance is no excuse. Genesis 10:9 [biblegateway.com]

Re:

[MillionthMonkey]

I'm not sure where Nimrod got such a bad rap -- as king of Assyria he was anything but a dork.

As usual, this is all Bugs Bunny's fault. [leanleft.com]

Re:

[m4ximusprim3]

zzzz..*snort* roomba!...zzzzzzzzz *dreams of capresso* Back OT: I don't trust them as far as I can throw them. But, that doesn't mean it's not a useful service and that I won't use it. I'll just stash my bank records somewhere else. See? simple!

Re:Nimrod Kozlovski

[sm62704]

Well hell, with a name like "Anonymous Coward" I can see why you would get picked on. My name got its share of yuks, especially since I wore coke bottle glasses* "Oh, mcgrew, you've done it again!"

But I really felt sorry for another kid in class, Charlie Salmon.

-mcgrew

* Coke bottles used to be made of very thick glass back before the stone age. Mr. Magoo was a nearaly blind cartoon character who was too vain to wear his glasses and unwittingly did good in every episode. Yes, I'm a geezer. I see they brought Charlie Tuna back.