Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

No, your data isn't secure in the cloud

Lucas Mearian | Aug. 14, 2013
In 2012, Google alone received 21,389 government requests for information affecting 33,634 user accounts.

Another project aimed at protecting consumer and corporate data is Tahoe Least Authority File System project (Tahoe-LAFS), a free and open-source storage system created by developer Zooko Wilcox-O'Hearn. O'Hearn built the storage service to ensure data is secure from prying eyes as well as resilient to hardware failure. The service is distributed across a grid of multiple storage servers.

He's been working on secure way to compute with Dropbox in which data is encrypted in meaningful way. All of the data is encrypted and integrity-checked by a gateway server, so that the servers can neither read nor modify the contents of the files.

"Even if some of the servers fail or are taken over by an attacker, the entire file system continues to function correctly, preserving your privacy and security," the service claims.

If you're looking for a really robust online storage solution, users should consider end-to-end cryptography, Auerbach said. That means the encryption keys are only live on your private server or computer.

"That way, the service provider only sees encrypted, garbled junk," he said.

For textual communications, such as instant messaging, the OTR (Off the Record) protocol is sufficient to ensure your communications are secure, Auerbach said. OTR is a cryptographic protocol that uses a combination of the AES algorithm, the Diffie-Hellman key exchange and the SHA-1 hash function.

For email, the Pretty Good Privacy (PGP) protocol and Open PGP encrypt emails to a recipient so no service provider can see what you send.

The one issue with encrypting emails and texts is that the person you are communicating with must also have the protocol operating on their system so that you can share the public key with them to decrypt the data.

For documents, TrueCrypt or PGP are reliable encryption algorithms that give a user full control over keys, and they're free. There are also password managers and generators, such as KeyPass or OnePass, that ensure your password is random, encrypted and more resilient to brute force attacks.

A private social network
When it comes to social networks — Facebook, Twitter, LinedIn, Google+ or Ning — the only protection is what the provider offers in terms of privacy settings. But that doesn't mean your data can't still be accessed by the service provider or that the government can't gain access to it.

"If we lose this privacy, then what good is the cloud?" said Mark Weinstein, an online privacy expert. "How would you feel if all your friends and relatives could view your text messages and emails?"

Weinstein has created a private social network called Sgrouples. The site is live now, but the privacy service is still under development and is expected to roll out in the fourth quarter.


Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.