Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Bug Google Communications Data Storage Security The Internet

Google Explains Tuesday's Drive, Docs Bug That Marked Some Files As Violating Terms of Service (9to5google.com) 97

On Tuesday, Google's cloud-based word processing software was randomly flagging files for supposedly "violating" Google's Terms of Service, resulting in some users not being able to access or share their files. Google today explained the issue and addressed concerns that arose. 9to5Google reports: Several users on Tuesday morning reported no longer being able to open certain files they were working on in Docs, while others were locked out mid-edit. "On Tuesday, October 31, we mistakenly blocked access to some of our users' files, including Google Docs," Google said in a blog post. "This was due to a short-lived bug that incorrectly flagged some files as violating our terms of service (TOS)." Afterwards, Google provided a comment to Gizmodo noting that a code push made earlier that morning was at fault and that full access had been restored to users hours after the bug first arose. Today's clarification goes on to explain how that error on Tuesday caused Drive to "misinterpret" responses from the antivirus system designed to protect against malware, phishing, and spam. As a result, Docs "erroneously mark[ed] some files as TOS violations, thus causing access denials for users of those files."
This discussion has been archived. No new comments can be posted.

Google Explains Tuesday's Drive, Docs Bug That Marked Some Files As Violating Terms of Service

Comments Filter:
  • by sehlat ( 180760 ) on Thursday November 02, 2017 @05:09PM (#55479369)

    Looks like it's to drop using Google Drive as my go-to backup for my work projects, or much of anything else, for that matter.

    • by Anonymous Coward on Thursday November 02, 2017 @05:12PM (#55479383)

      This is The Cloud. They're not YOUR files, they're OUR files.

    • So there was a minor outage that was caused by software? Could easily have happened for a million other reasons that no one would care about.

      Would the outage have exceeded 12 hours? I can't see any RTO details, but if not you are still well within 99.9% availability.

      That's way better than what you will ever achieve with crappy consumer equipment.

      • So there was a minor outage that was caused by software? Could easily have happened for a million other reasons that no one would care about.

        Would the outage have exceeded 12 hours? I can't see any RTO details, but if not you are still well within 99.9% availability.

        That's way better than what you will ever achieve with crappy consumer equipment.

        Looks like Google employees are presenting.

        Sorry church, The cloud is advertized as the ultimate in security, and availability, Fuck you and your cloud is better than "consumer equipment.

        Here comes the curse. May you get locked out of the biggest and mot important document you ever had, th eone your boss and your jobs depend on, and you only have it in teh cloud, since who would put it oncrappy consumer equipment. Go to the customer and tell them you got nothing.

        • Nope not a google employee. Or a seller of goggle products.

          And no one actually involved in cloud transformations advertises it as the ultimate in availability or security. The ultimate option remains having multiple instances of each server stored in diverse on-prem datacenters where you control all access. But the cost of doing that is insane. You price up what it would cost you to have HA between two server groups across two locations, with your own dedicated fibre connections.

          Now factor into that 3 y

          • Nope not a google employee. Or a seller of goggle products.

            And no one actually involved in cloud transformations advertises it as the ultimate in availability or security.

            That doesn't mean that we don't hear that often and loudly. Employee, zealot, or useful idiot, the glowing reports of unassailable security, 100 percent uptime, and almost miraculous reductions in cost of infrastructure and eliminating employees have been shouted from the rooftops for years.

            The ultimate option remains having multiple instances of each server stored in diverse on-prem datacenters where you control all access. But the cost of doing that is insane.

            Well okay. But who needs ultimate? The cloud certainly doesn't approach ultimate, and stupid stuff like expired security certificates (microsoft) and arbitrary lockouts from your own information by google are as much fai

            • I do store classified data in the cloud. I don't store it in google docs though.

              Some of the cloud options offer security that is at military classification. Some of data that I work with cannot leave the country, has to remain inside certain datacenters and has a load of other security requirements around it. We still use the cloud.

              Believe it or not Microsoft's Azure product is very secure if configured correctly.

              • I do store classified data in the cloud. I don't store it in google docs though.

                Some of the cloud options offer security that is at military classification. Some of data that I work with cannot leave the country, has to remain inside certain datacenters and has a load of other security requirements around it. We still use the cloud.

                Believe it or not Microsoft's Azure product is very secure if configured correctly.

                That is only remotely the cloud we're talking about here.

      • by Cederic ( 9623 )

        Could easily have happened for a million other reasons

        But it didn't. It happened because Google didn't like the contents of your documents.

        I don't recall ever agreeing to let Google even fucking read my documents, let alone tell me whether they're "acceptable" or not. So fuck Google, no more Google Docs for me.

        • You uploaded it to a platform that allows you to edit the documents in a web browser. How exactly did you NOT think you gave permission to google to open your docs?

          If they can't open the docs they can't give you the ability to edit them. And then you have to expect them to build protections to stop bad docs taking the system off line.

          • by Cederic ( 9623 )

            Congratulations on completely missing the point.

            Google can provide CRUD capabilities without ever knowing the content of the data.

            It's the same way that a DBA can administer a database without ever looking at its data. In theory that's not possible but in practice it's very easy. Just the same for Google and docs.

    • There are encryption layers you can add to your Google Drive, so even they can't see what you store (BoxCryptor is the one I use but I'm sure there are many others). Doesn't work for Docs and Spreadsheets, but who uses those anyway??

    • WTF?! You already knew that.
  • by nsuccorso ( 41169 ) on Thursday November 02, 2017 @05:09PM (#55479371)
    On the one hand: they fixed it quickly, using the same deployment processes that broke it quickly

    On the other hand: no real consolation to those locked out by the bug

  • It's not just "the cloud", such a thing could happen on any network. It's that you must "trust" that Google will revert the issue and grant you access to *your* documents. They don't have to.

    • Re:Cloudy Ownership (Score:4, Informative)

      by 110010001000 ( 697113 ) on Thursday November 02, 2017 @05:18PM (#55479431) Homepage Journal
      How would I flag my data on my own network or computer as violating my Terms of Service? The mind boggles. It definitely is "the cloud". The cloud means you don't control your data.
      • You run antivirus on your computer, don't you. Mine flags stuff inappropriately occasionally.
      • How would I flag my data on my own network or computer as violating my Terms of Service? The mind boggles. It definitely is "the cloud". The cloud means you don't control your data.

        That pretty much ends the argument!

    • It's not just "the cloud", such a thing could happen on any network. It's that you must "trust" that Google will revert the issue and grant you access to *your* documents. They don't have to.

      The only person I trust is me. I've lived long enough to know that my documents won't mean a damn thing to anyone else. And for any cloud service, I'm just another customer.

      So I'm stored locally, with one local and one backup not stored here. Pretty simple, as I care about my most important customer.

  • Why don't stupid users understand: YOU DON'T OWN YOUR DATA. It belongs to the mega-corporations. Idiots. Personal computing is dead. Long live Corporate Computing.
  • by Grog6 ( 85859 ) on Thursday November 02, 2017 @05:20PM (#55479443)

    "OK; as a word we commonly use has now been associated with terrorism and banned by the search algorithms, we suggest instead of 'the' you use 't__he' or 'Teh'".

    We hope to have this solved soon.

  • by Anonymous Coward on Thursday November 02, 2017 @05:21PM (#55479447)

    I'm playing it safe and storing all my documents on Microsoft OneDrive.

  • ... they scraped them all.

  • It just goes to show you should never use as primary storage a service that will, for any reason, censor or lock content - because someday anything you have may be declared "wrong".

    I don't mind editing documents and moving them into the cloud, I don't even necessarily mind iCloud based apps like Keynote that stores things to iCloud - but there at least I can save a Kyenote file locally and work with it there if I like. Google Docs have always been a bit too "pure cloud" for my liking...

  • ... the cloud is.

  • It came off a perfectly innocent looking thumb drive that I found in a parking lot in Langley, W. Virginia.

  • Long term keep your data away from any deep file "inspecting" cloud product.
    If you have the bandwidth to upload, you can share with your collaborators and colleagues as needed.
    Too many checksums, SJW, AV efforts trying to look into your data with cloud services.

    Keep your data sets, ideas, tech, optimisations, language use secure from been searched, sorted and questioned.

    If a server product is needed find a real hosting company with real hardware that can offer a fully self encrypted service.
  • by jonwil ( 467024 ) on Thursday November 02, 2017 @05:36PM (#55479527)

    "the cloud" is really just "someone else's computer" and if you store data on it, that other entity can deny you access to it.

    • "the cloud" is really just "someone else's computer" and if you store data on it, that other entity can deny you access to it.

      OTOH, nothing guarantees that you have access to data stored on your computer, either. Various sorts of downtime can and do occur. In the worst case, you may lose your drive and find that it's all gone, unless you're unusually assiduous about backups.

      For the average person, and in the long run, it's likely that storing your data in a professionally managed data center where it's replicated and backed up automatically will give you greater total availability and much greater protection against loss.

      Of co

      • by Anonymous Coward

        Yep, as usual - backup your files. That's all you need.

        • Yep, as usual - backup your files. That's all you need.

          ... but hardly anyone does.

          • Yep, as usual - backup your files. That's all you need.

            ... but hardly anyone does.

            Well then, grant access to your cloud provider to look at your files, and if you don't toe the line, you might not have access to them, or might even be arrested.

            I really don't care if people store anythingon the cloud, I merely say storing anything there is an open invitation to lose it or to find yourself in trouble, deserved or not.. If you don't care, by all means do it.

            By the way, don't people remember when an idiot was caught storing kiddie porn on Ubuntu's cloud service? They'll scrape it, they

            • Meh.

              Kiddie porn is a special case, and rightfully so. Outside of that, none of the major providers is going to hand over any data without a court order, and they do a much better job of ensuring availability and security than you do.

              • Meh.

                Kiddie porn is a special case, and rightfully so. Outside of that, none of the major providers is going to hand over any data without a court order, and they do a much better job of ensuring availability and security than you do.

                So they just scrape it and block access fopr the LuLz? With no law enforcement intereststs, do you suggest that they are blocking access to people 's documents because they are buisness matters only? Like maybe some competitor of Google's?

                I might be stupid, but that even sounds stupid to me.

  • by Anonymous Coward

    See subject: "From win & lose but STILL somehow - it's CLOUD'S ILLUSION I recall..." themesong for Google today!

    * What a BULLSHIT LIE on their end... lol!

    (You've got to be TOTALLY STUPID to believe in 'cloud = safe' or 'cloud = secure' bs...)

    APK

    P.S.=> "It was a 'bug'" lol - the ONLY bug is in their brains... apk

    • by Mal-2 ( 675116 )

      You really don't know clouds at all.

  • by thereitis ( 2355426 ) on Thursday November 02, 2017 @05:52PM (#55479605) Journal
    If what Google says is true - that the files were accidentally marked as malware, phishing, or spam - then they were giving users a pretty terrible error message saying user documents violated the TOS. Why not spell it out - hey, we flagged this file for malware, phishing, or spam. At least then the user doesn't think that *they* did something bad by violating the TOS.
    • If what Google says is true - that the files were accidentally marked as malware, phishing, or spam - then they were giving users a pretty terrible error message saying user documents violated the TOS. Why not spell it out - hey, we flagged this file for malware, phishing, or spam. At least then the user doesn't think that *they* did something bad by violating the TOS.

      I don't know if it was the case here, but it's often a good idea not to provide detailed information, because that helps people who are trying to figure out how to sneak stuff past the filters. That doesn't quite explain this case because if the attacker understands that "ToS violation" means "we detected your malware" then nothing was gained. But it's likely we don't have the whole story here, and there may be additional elements that make it make sense.

      Or maybe not. It's impossible to say with the avail

      • by awyeah ( 70462 ) *

        Ah, yes, security through obscurity.

        • Ah, yes, security through obscurity.

          No, that's not what it's about. At all.

          What I'm talking about is more akin to rate-limiting brute force attacks on passwords, or not returning the error codes that enable the million message attack on RSA.

  • by Anonymous Coward

    NT

  • by sexconker ( 1179573 ) on Thursday November 02, 2017 @07:15PM (#55479931)

    TFS is nothing more than Google saying the bug was a bug due to buggy code that buggily flagged things based on a buggy interpretation of another component's output.

    How many files were affected? Why some and not others? Why is the antimalware component involved? What's there to misinterpret from its output?

  • by Anonymous Coward

    I get so many companies pitching me cloud this and cloud that. My response has consistently been, I don't trust the cloud for any business critical processes/data. The sales reps will laugh their snipe little laugh and make some pithy comment about 'oh, you must be old school'. Yet we see time after time stories like this, almost always portrayed by the company in question as a 'glitch' or a 'bug' and that it has been addressed and fixed. We are reassured that it will never happen again.... until the ne

Failure is more frequently from want of energy than want of capital.

Working...