π

You Can't Control Your Data in the Cloud

Show Sidebar

There is this well cited argument that cloud companies like Google, Apple, Amazon, Facebook, and you-name-it are able to protect your personal data much better than you are able to. They have military grade security restrictions, better backup methods, and are able to do this much cheaper.

While this argument being absolutely true, people seem to forget that giving away your data to any third party is the root of many problems in the first place. It is not relevant to whom you are giving your data to.

Let me explain.

Please note that the links provided are only a tiny, tiny selection of numerous facts on how the cloud is damaging your privacy in an enormous amount. This article refers to personal data and not business-related data. Additionally, please note that I am using a simplified term of "cloud" which refers to storing data or meta-data of us in the public cloud. I am specifically not referring to cloud-computing in terms of processing nodes that may be even stateless. With the exception of cloud processing services that turn bought devices into bricks after discontinuing their service. You see, it's complicated.

Losing Control

No matter, how secure your cloud vendor is storing your data, you are going to lose control. Same holds true for the European cloud.

With cloud-connected devices in your house, you might even lose basic services like heating or you lights. If this doesn't scare you already, how about losing control over your cloud-connected car? Even your cloud-connected sex toys record your "private sessions" to the cloud.

Not every data is lost or stolen on purpose. Mistakes happen. Whole MS Office suite apps might not be available all the time. Or cloud storage like Apple iCloud are offline from time to time.

Particular widespread hobby: people tend to buy smart home devices that turn into expensive waste after losing support from the vendor. Cloud-based car alarm system? Well, it's actually the perfect tool to locate and steal your high-class car.

You're losing exclusive access on the logs to your data. This is subtle but nonetheless important when it comes to sensible data.

Data Gets Used Against You

You can't be sure how your cloud vendor is analyzing your data "for your best experience" or enforce arbitrary policies like the avoidance of nudity or strong language. And of course they sell the results of this analysis to third party companies. Same holds for user reviews. And of course your online purchases. Using a dating service should scare you when they give away your most sensitive data to advertisers.

Cloud companies consider you as their product, not their customer. They sell your data. Sometimes, they are not even interested in fixing security issues of your cloud.

Companies do give access to collected user data to their "business partners". Research shows that companies are exposing sensitive data with and without noticing more and more.

alexa help me i'm hurt pic.twitter.com/r6iHh5j5VN

— Steve Hogarty (@misterbrilliant) November 4, 2016

You can't be sure of any malicious employee who is mis-using or leaking data. Employees sell sensitive data.

Inability To Delete

If you delete data in your cloud, nothing gets deleted for real. Truth is, the cloud vendor disables your access permission. Therefore, "deleted" data is used in the background and even re-appears from time to time.

Losing (Access to) Your Data

You can't be sure that you don't get locked out of your own data. This fortunate

People got locked out of their own cloud infrastructure. Sometimes you get locked out of your house. You even can get locked out from your cloud-connected shoes. Sometimes, your ISP is threatening to turn off your heating when you are using the Internet in a way they don't like. Politics can lock you out of your rented cloud-driven software products. Somebody is probably able to kill your pet over the Internet. Whole companies go offline when your cloud vendor wants.

You can't be sure that even cloud vendors are losing data.

(Good) Cloud Providers Turning Bad

You can't be sure that the business model of your cloud vendor is changing so that they act differently compared to past statements. Sometimes your cloud vendor gets bought by a bigger fish. Or he is deciding to share your private data with others without your consent. Or he is introducing "quality of service" to storage performance which drags you down in production stage. Governments are beginning to sell sensitive data for profit as well.

If I ever get to interview a Google Cloud exec, I have one question:

"Why should we trust Google Cloud to stick around? After all, you killed Reader, Plus, Inbox..."

*seven minutes elapse*

"...Allo, Glass--excuse me, don't interrupt. I'm not done. iGoogle, Video, and Buzz?"

— Corey Quinn (@QuinnyPig) April 30, 2019

Even your cloud-connected vacuum cleaner is selling information on your home to the highest bidder. Or it is providing a perfectly fine spying tool for the bad guys. Or it simply opens your door for the bad guys.

#Google has optimized their unofficial motto «Don't be #evil» by silently removing a word.
Guess which one?#surveillance #privacy https://t.co/KnI7aNFn4V

— Karl Voit (@n0v0id) October 21, 2016

You're the Product

Your privacy is of no concern for cloud companies. They don't care about the security of your data at all. Cloud vendors are even willingly hurting your privacy or health.

Many times, your data gets public because of a simple error. Also passwords. Even kids toys become spyware.

You don't have any idea on how manipulated cloud data is used to do psychological experiments with you.

Inability to Control What Goes into the Cloud

You don't even know what data is really uploaded to the cloud. And if you put documents in the cloud, you can never be sure if others can access it or not. Even your cloud-stored passwords are leaking.

Losing Cloud Service

You don't have any influence on whether or not cloud services are discontinued by big companies like Microsoft. Game over. Lights go black. Your TV set as well.

Home automation is a potential risk in most cases. And if a service is not discontinued, it happens that years of data get lost somehow. Like twelve years of music files.

Cloud-connected devices destroy the internet and become expensive junk. Don't be surprised: any cloud-dependent device is going to stop working sooner or later. Even expensive ones.

Even temporary down-times of the cloud do affect your whole life.

Thinking Public Cloud is “cheap” is a fallacy. I address some of the reasons why here: https://t.co/3gr5iuIG5X #cloud #CIO https://t.co/B6gdyeDhD0

— Tim Crawford (@tcrawford) July 19, 2017

It's Not Always Bad Intention

You cannot possible have any idea how many bugs or false configurations are exposing your data to any third party.

Forced Insecurity by Law and Agencies

The USA has laws forcing (cloud) providers to include back-doors that circumvent cryptographic protection. There are secret laws for secret agencies which force cloud vendors to secretly give away your information.

International cloud vendors ignore local legislation that is here to protect your personal data.

No Such Thing as Anonymity

There is no anonymity. You can be identified by the way you are doing videos, your hardware, your software configuration, your mouse movements, your geographical position, and so forth.

What To Do About It?

There is no "undo" here. Once your data is out, your role in controlling this game is over. Outsourcing security has it's price whose currency is not Euros or Dollars but loss of privacy, control, and to its final degree: security.

Reclaim you digital life. Follow my postings on this blog and on Twitter - I am trying my best to stay independent and to own my own data.

You've got something to hide - even when you are not aware of it. And that's nothing that anybody is allowed to hold against you.

Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say. Edward Snowden

So in case someone tells you that he is pretty witty to let a cloud vendor host his data "because it's more secure", you can reply to this argument that the NSA has also a one of the biggest military grade cloud full of data scraped from your personal (cloud) data. Not against terrorism. Not at all: The leaked NSA selectors are not reflecting any focus on terror-related data. So much for this red herring.

"Hosting" your very private data there is nothing you're going to enjoy. As any cloud vendor, they now more about you than you might think of: your porn profile, you health history including all of your past, present and future diseases, what you're thinking about politics, products, people, or anything else, you whole set of social contacts, your wife and your secret girlfriend as well, and so on, and so on. Still don't care whether or not data like this gets exposed, archived, or leaked without your control?


Related articles that link to this one:

Comment via email or via Disqus comments below: