Linked by David Adams on Fri 11th Dec 2009 01:25 UTC
Privacy, Security, Encryption I was reminded of Sun Microsystems' Scott McNealy's infamous sound byte (used as the title of this article) when I read about Google CEO Eric Schmidt's foot-in-mouth moment during a recent CNBC interview (YouTube Link). Here's what Schmidt said: "I think judgment matters. If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place. If you really need that kind of privacy, the reality is that search engines -- including Google -- do retain this information for some time and it's important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities."
Thread beginning with comment 399073
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:

Even having never actually used such a service myself, I'd kinda expect that they'd do the encryption on their end, both to provide a degree of transparency to the end-user ("just send us your files, and we'll magically encrypt them for you at some point"), and possibly precisely so they can guarantee their own access to that data later, if they need it (like if they're compelled by court order to turn over your data).

If you just buy space on some remote pool of storage, then sure, send it whatever you want. I'd expect a consumer-oriented backup service to try to make the process as simple and transparent for the client as possible, so I'd expect the service provider to handle the encryption on their end.

Reply Parent Score: 2

jabbotts Member since:

The question first struck me with Amazon's storage service; do they store my data in such a way that it is an encrypted blob only accessible by me? The only way I would consider using one of these services would be as a duplicate of my backup archives in encrypted form. This on the basis that I'd be using it as an off-site backup since the service adds no advantage for me as an active data storage (I call those flashdrives or ye-old port 22 back at the ranch ;) ).

My thinking the other way is that it's unlikely to be encrypted on the server side. Provided they can differentiate which files belong to which user; why add the expense of managing encryption beyond the ssl tunnel for the network traffic. I honestly would like to think that storage providers are setting up double-blind encrypted storage for the users but it's not likely. If the user didn't encrypt the files then I don't forsee them not being cleartext in the storage providers database.

(this is something I'd rather be corrected on rather than correct about though)

Reply Parent Score: 2

j.blechert Member since:

I have been using Wuala for some weeks now and they encrypt the files with my private key on my computer, it doesn't leave the computer as far as I can see, though of course that might just be an appearance and their license stuff might lie about the key staying on my computer and them not being able to decrypt my files.

Reply Parent Score: 1