Privacy Concerns with Cloud Storage

[jeffreyfranz]

Hope I am asking this in the right place. I have resisted using cloud storage/back-up until now because of my own skittishness re privacy, snooping, NSA, etc. I also don't have need to store huge files, though that could change soon. Does using iCloud (or anyone's cloud storage) open one up to privacy invasions any more than may occur as a function of general internet and email use? Thanks.

 

[jeffreyfranz]

Hope I am asking this in the right place. I have resisted using cloud storage/back-up until now because of my own skittishness re privacy, snooping, NSA, etc. I also don't have need to store huge files, though that could change soon. Does using iCloud (or anyone's cloud storage) open one up to privacy invasions any more than may occur as a function of general internet and email use? Thanks.

PS: Not sure if I understood what I was doing when I checked the box for Wiki. Hope that doesn't mess up any potential replies.

 

[KALLT]

I’m not sure whether I understand your question. If you want to protect your privacy on the web then there are various options for each.

On the web:

• Use a search engine that respects your privacy and does not track your behaviour. My favourite is DuckDuckGo (you can even use it in Safari).
• Connect to sites over HTTPS, not HTTP. This ensures that the transmission is encrypted and makes man-in-the-middle attacks and traffic sniffing harder or impossible (DuckDuckGo prefers HTTPS in its search results).
• Use browser plugins to block trackers and plugins. I use Ghostery and Adguard.
• Use a VPN to conceal your IP address from websites and your traffic from your provider and others. Especially important when you’re connected to a public Wi-Fi network.

E-mail:

• Use a mail provider that respects your privacy. There are lots of inexpensive paid options that are completely ad-free.
• Use a mail provider that offers mailbox encryption as well as mail encryption. There is a very interesting project called Protonmail.ch which currently has a public beta for this, but there are other options available.
• Use e-mail aliases or disaposable e-mail addresses when you sign-up for less-serious sites. If you just want to sign up without ever disclosing your e-mail address, you could try using an e-mail address generator like fakeinbox.com or 10minutemail.com.
• Make sure that your e-mail is set up correctly. If there is an SSL authentication or better, use it.

Cloud:

• Use a provider that you trust, you will be storing your files with them. Popular services like Dropbox, Google Drive and iCloud claim that they encrypt the data on the servers, but not interally. I know that Dropbox does check individual files for duplicates to compress the server data.
• Verify that the data is transmitted securely as well. Contacts and calendar data using the CardDAV and CalDAV protocols can use SSL.
• If you use one of these providers then manual encryption of your files may also be an option. This is a bit more tricky on iOS of course and I’m not sure whether there are tools that can decrypt files locally. There are encryption tools on the web and you can also create encrypted virtual disks with Disk Utility.
• Make your own local cloud server with OwnCloud. You can use it for photos, contacts and other data. You can buy cheap mini-computers like the Raspberry Pi for less than $30 which are perfect for this purpose. You can take all the security precautions yourself and don't have to store anything on a foreign server.

 

[2984839]

Anytime you store your data on someone else's computer, it's a privacy risk. The difference from web browsing is that web browsing doesn't expose the contents of your hard drive to the internet or to a government (outside of a massive security hole in the browser). However, anything you put there is exposed. If it's not encrypted, this is a very large privacy concern. If you encrypt it locally--and only locally--using a solid, peer reviewed, open source encryption tool and a long passphrase or public key that only you control, it's fine to store in the cloud without privacy concerns. The worst that could happen is someone gets their hands on a bunch of encrypted files.

Do not trust any encryption that isn't done on your computer or any closed source encryption utilities. Lots of sites will encrypt your data once they get it, but they have the keys. That means that governments and/or advertisers will be given free access to it.

 

[jeffreyfranz]

I’m not sure whether I understand your question. If you want to protect your privacy on the web then there are various options for each.

[/LIST]

Kallt & 556fmJoe:
Thank you for the informative and detailed responses. I am a novice in this area, so I will do some additional searches to look for instruction on how to go implementing your suggestions. Great replies.