π

You Can't Control Your Data in the Cloud

Show Sidebar

There is this well cited argument that cloud companies like Google, Apple, Amazon, Facebook, and you-name-it are able to protect your personal data much better than you are able to. They have military grade security restrictions, better backup methods, and are able to do this much cheaper. Everybody is doing it so it seems to be OK to put your data into the cloud.

While this argument being absolutely true, people seem to forget that giving away your data to any third party is the root of many problems in the first place. It is not relevant to whom you are giving your data to. Yes, this also holds true for Apple's iCloud where many people think it's a save heaven.

Let me explain by examples.

Please note that the links provided are only a small selection of numerous facts on how the cloud is damaging your privacy in an enormous amount. This article mostly refers to personal data and not business-related data.

If a link is not available any more, please do use the Internet Archive WaybackMachine to find archived versions for a given date. Drop me a line if you do spot a source that should be not relied on.

The incidents collected on this page is only a tiny fraction of all incidents reported. Please use other sources like this for an overall picture. I'm just collecting distinctive incidents that support my point.

Disclaimer especially for tech-savvy people: Please note that I am using a simplified term of "cloud" which refers to storing data or metadata of us in the public cloud. I am specifically not referring to cloud-computing in terms of putting my own (encrypted) data in an S3 container or processing nodes that may be even stateless. With the exception of cloud processing services that turn bought devices into bricks after discontinuing their service. You see, it's complicated. If you know what a threat model is, you most probably know these things here already.

Losing Control

No matter, how secure your cloud vendor is storing your data, you are going to lose control. Same holds true for the European cloud.

With cloud-connected devices in your house, you might even lose basic services like heating or you lights. If this doesn't scare you already, how about losing control over your cloud-connected car? Even your cloud-connected sex toys record your "private sessions" to the cloud.

Not every data is lost or stolen on purpose. Mistakes happen. Whole MS Office suite apps might not be available all the time. Or cloud storage like Apple iCloud are offline from time to time.

Particular widespread hobby: people tend to buy smart home devices that turn into expensive waste after losing support from the vendor. Cloud-based car alarm system? Well, it's actually the perfect tool to locate and steal your high-class car.

You're losing exclusive access on the logs to your data. This is subtle but nonetheless important when it comes to sensible data.

This site collects the biggest data breaches (or leaks). It contains over 30.000 reports of incidents including Facebook, Microsoft, Yahoo, Twitter, Friend Finder Network, and so forth.

Intermission: the following incident is probably the incident with the most impact worldwide of all times. However, it did not get that much press coverage in the general media. The nature of this incident is a total security desaster for Microsoft services which can not be trusted any more. This is because Microsoft can't replace all of their key infrastructure and their services (with potential backdoors) at once.

This article is discussing this notion from a different angle.

Data Gets Used Against You

You can't be sure how your cloud vendor is analyzing your data "for your best experience" or enforce arbitrary policies like the avoidance of nudity or strong language. And of course they sell the results of this analysis to third party companies. Same holds for user reviews. And of course your online purchases. Using a dating service should scare you when they give away your most sensitive data to advertisers.

Cloud companies consider you as their product, not their customer. They sell your data. Sometimes, they are not even interested in fixing security issues of your cloud.

Companies do give access to collected user data to their "business partners". Research shows that companies are exposing sensitive data with and without noticing more and more.

Steve
Tweet by misterbrilliant with a video on Alexa's inability to get help.

You can't be sure of any malicious employee who is mis-using or leaking data. Employees sell sensitive data.

Inability To Delete

If you delete data in your cloud, nothing gets deleted for real. Truth is, the cloud vendor disables your access permission. Therefore, "deleted" data is used in the background and even re-appears from time to time.

Losing (Access to) Your Data

You can't be sure that you don't get locked out of your own data. This fortunate

People got locked out of their own cloud infrastructure. Sometimes you get locked out of your house. You even can get locked out from your cloud-connected shoes. Sometimes, your ISP is threatening to turn off your heating when you are using the Internet in a way they don't like. Politics can lock you out of your rented cloud-driven software products. Somebody is probably able to kill your pet over the Internet. Whole companies go offline when your cloud vendor wants.

You can't be sure that even cloud vendors are losing data.

Tweet: @GitHubHelp, you blocked our entire company account after one employee opened his laptop while visiting is parents in Iran. We are completely blocked from deploying!

(Good) Cloud Providers Turning Bad

You can't be sure that the business model of your cloud vendor is changing so that they act differently compared to past statements. Sometimes your cloud vendor gets bought by a bigger fish. Or he is deciding to share your private data with others without your consent. Or he is introducing "quality of service" to storage performance which drags you down in production stage. Governments are beginning to sell sensitive data for profit as well.

If I ever get to interview a Google Cloud exec, I have one question
Tweet by QuinnyPig about the trustworthiness of Google's cloud availability.

Even your cloud-connected vacuum cleaner is selling information on your home to the highest bidder. Or it is providing a perfectly fine spying tool for the bad guys. Or it simply opens your door for the bad guys.

Furthermore, there is always the possibility of cloud vendor employees, who give away your data to interested parties as happened with Twitter 2022-12 (German heise). You have to trust every employee who has access to your data. All of them. Do you?

My favorite analogy here is the old sex education trope "wear a condom or you are exposed to all of the STDs of all of your partner's partners". Only in the cloud, the arrow of time is reversed. Everything you share you have to trust the company to steward, and not just the company as currently constituted, but all future versions, ownerships, partners and employees of the company.
/truffdog on HN/

You're the Product

Your privacy is of no concern for cloud companies. They don't care about the security of your data at all. Cloud vendors are even willingly hurting your privacy or health.

Many times, your data gets public because of a simple error. Also passwords. Even kids toys become spyware.

You don't have any idea on how manipulated cloud data is used to do psychological experiments with you.

Inability to Control What Goes into the Cloud

You don't even know what data is really uploaded to the cloud. And if you put documents in the cloud, you can never be sure if others can access it or not. Or how your data is processed and re-used by others.

Losing Cloud Service

You don't have any influence on whether or not cloud services are discontinued by big companies like Microsoft. Game over. Lights go black. Your TV set as well.

Home automation is a potential risk in most cases. And if a service is not discontinued, it happens that years of data get lost somehow. Like twelve years of music files.

Cloud-connected devices destroy the internet and become expensive junk. Don't be surprised: any cloud-dependent device is going to stop working sooner or later. Even expensive ones.

Even temporary down-times of the cloud affect your life in many ways.

Thinking Public Cloud is “cheap” is a fallacy. I address some of the reasons why here
Tweet by tcrawford with link to https://avoa.com/2017/07/18/why-are-enterprises-moving-away-from-public-cloud/

It's Not Always Bad Intention

You cannot possibly have any idea how many bugs or false configurations are exposing your data to any third party.

Forced Insecurity by Law and Agencies

The USA has laws forcing (cloud) providers to include back-doors that circumvent cryptographic protection. There are secret laws for secret agencies which force cloud vendors to secretly give away your information.

International cloud vendors ignore local legislation that is here to protect your personal data.

No Such Thing as Anonymity

There is no anonymity. You can be identified by the way you are doing videos, your hardware, your software configuration, your mouse movements, your geographical position, and so forth.

What To Do About It?

If you're still thinking of using public cloud services for your data, make sure to read about the conditions to do so you should be aware of.

There is no "undo" here. Once your data is out, your role in controlling this game is over. Outsourcing security has it's price whose currency is not Euros or Dollars but loss of privacy, control, and to its final degree: security.

Reclaim you digital life. Follow my postings on this blog and on Twitter - I am trying my best to stay independent and to own my own data.

You've got something to hide - even when you are not aware of it. And that's nothing that anybody is allowed to hold against you.

Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say. Edward Snowden

So in case someone tells you that he is pretty witty to let a cloud vendor host his data "because it's more secure", you can reply to this argument that the NSA has also a one of the biggest military grade cloud full of data scraped from your personal (cloud) data. Not against terrorism. Not at all: The leaked NSA selectors are not reflecting any focus on terror-related data. So much for this red herring.

"Hosting" your very private data there is nothing you're going to enjoy. As any cloud vendor, they now more about you than you might think of: your porn profile, you health history including all of your past, present and future diseases, what you're thinking about politics, products, people, or anything else, you whole set of social contacts, your wife and your secret girlfriend as well, and so on, and so on. Still don't care whether or not data like this gets exposed, archived, or leaked without your control?

Similar Pages for Different Topics

Here are more curated pages that collect incidents and events for various topics:

Drop me a line if you know more pages like that.


Related articles that link to this one:

Comment via email (persistent) or via Disqus (ephemeral) comments below: