Using the cloud for media

[jwolf6589]

I was just using my dictation recorder (instead of using the Voice Memo app on my apple devices) since not everything I dictate do I want available in iCloud or even on the internet. This got me to thinking 💭 about media stored in the cloud. Every time I take a photo/video on my iPhone it stores it in iCloud but when I take one with my Powershot they are stored on a SD card and transferred to my Mac via USB and backed up to a USB hard drive and not available on the internet. I pick and choose what I want on the internet as not everything do I want on the internet.

Which leads me to the question. Am I being overly paranoid about my privacy for my media being able to be hacked? I guess the ability NOT to instantly transfer media to the cloud is an advantage for some people who have private media. This advantage one cannot find with a iPhone.

 

[r.harris1]

Yes, you’re being unjustifiably paranoid . I shouldn’t think anyone would be trying to hack your voice, image or video data. Or the media data of most of us. We are simply not important actors in the grand scheme of things and not worth expending the effort on. Not to be a downer, but let’s be realistic . Just turn off iCloud on your phone if you feel otherwise.

 

[MBAir2010]

and we think the ssd cards are fragile?
(compared to photos on iCloud)

 

[kenoh]

I too think you are being overly paranoid. Think of your cloud content as being a voice in the crowd, you are in amongst the background level of din. Unless you upload something to rise above the crowd, no one will notice you so you have a certain degree of privacy within the anonymity that that affords - though not to be taken as secure. Security is only really present when the effort to get something out weighs the value of having it.

The next thing - and don't take this the wrong way - I would trust Apple to secure your content on their servers more than I trust you to secure them at home. Reputational damage to Apple as a consequence of a data leak or breach means they maintain as good a security model as feasible. They employ large numbers of experts to help ensure they are doing as well as can be expected.

At this stage you would be better being paranoid about websites you visit and what they are harvesting from you or what digital dossier the likes of Google and Facebook have built on you based on your movements and activities so far. Next your internet provider, they collect data on your internet usage or your email provider or even your bank. For fraud prevention they log data about financial transactions up to and including location data and authentication methods used - like finger print recognition on your phone to use Apple or Google pay etc.

If you want to freak yourself out, do some reading into OSINT - Open Source Intelligence - and see how much information you can find on yourself out on the web - you will be amazed.

Unless your recordings are in some way illegal or morally questionable then yes worry about them being found, but worry about where the weakest link is and that weakest link I am afraid is reading this post right now. It isn't Apple or AWS or GCP or whatever Facebook is called today. Think about apps that harvest data from your phone or that track you or the content you seem to find enjoyable or the content that makes you jump over to amazon to make a purchase.

Unless they are looking for blackmail leverage, then having access to your picture of the frog is of no value to them. so they will go hunt elsewhere for data they can maliciously monetise.

If you feel like you are being watched, then good, because you are but not in that way. I hate to break it to you but you are just a number to all of these companies and criminals, just a revenue potential. Your credit card number is worth less than a dollar on the black market.

All of this assumes you are not an investigative journalist about to whistle blow on a world wide conspiracy. In which case you should be using protected corporate servers to hold this anyway - as per data protection laws.

 

[bunnspecial]

Going from 3tb of on-board storage in my last Macbook Pro(a 1tb SSD and 2tb spinner) to 512gb in my M1 made me rethink asset storage.

I pay for piles of Dropbox space as well as iCloud. I remember my wife, shortly after we got married, saying "I have bunches of iCloud storage if you ever need any"...and her "bunches" was 200gb while I have 2TB.

Dropbox is my main photo back-up though since it's somewhat more cross platform. Even though I don't venture outside OS X/macOS, I can access Dropbox from Leopard or Snow Leopard via the web app, and if you knew how I handle some of my photo assets you'd know why that was important. Oh too how I miss as recently as ~2016 or so when the Leopard desktop app would still sync with Dropbox... With that said, I store a lot of work stuff other than photos in Dropbox and it's regularly been handy for me to grab something on a Windows classroom computer, for example.

All of that said, my work was hit with ransomware yesterday, and it's made me realize just how vulnerable "online" resources can be. I'm glad I've never used their internal shared storage drive...actually I've never even accessed it since I'm a stubborn Mac user in a Windows shop who opts to supply my own computer rather than use one they provide. Still, though, it's been a gigantic disaster and I'm happy I still have my stuff(and I'm just hoping they get back to some semblence of operation by Monday, alhtough from what I know that seems unlikely-it's going to be interesting if we finish out the semester submitting grades by hand, and fortunately I have local backups of mine and even paper although a lot of faculty only keep online gradebooks...). One of the things I did yesterday after all of that happened was take a 3tb external spinner I've had sitting in its box for a while and get true local backups of everything I cared about. And yes, the choice of a spinner is intentional-even though solid state normally lasts forever, when it's gone it's gone, while data can almost always be retrieved from a spinner short of plate destruction or a "deep" erase.

 

[jwolf6589]

I too think you are being overly paranoid. Think of your cloud content as being a voice in the crowd, you are in amongst the background level of din. Unless you upload something to rise above the crowd, no one will notice you so you have a certain degree of privacy within the anonymity that that affords - though not to be taken as secure. Security is only really present when the effort to get something out weighs the value of having it.

The next thing - and don't take this the wrong way - I would trust Apple to secure your content on their servers more than I trust you to secure them at home. Reputational damage to Apple as a consequence of a data leak or breach means they maintain as good a security model as feasible. They employ large numbers of experts to help ensure they are doing as well as can be expected.

At this stage you would be better being paranoid about websites you visit and what they are harvesting from you or what digital dossier the likes of Google and Facebook have built on you based on your movements and activities so far. Next your internet provider, they collect data on your internet usage or your email provider or even your bank. For fraud prevention they log data about financial transactions up to and including location data and authentication methods used - like finger print recognition on your phone to use Apple or Google pay etc.

If you want to freak yourself out, do some reading into OSINT - Open Source Intelligence - and see how much information you can find on yourself out on the web - you will be amazed.

Unless your recordings are in some way illegal or morally questionable then yes worry about them being found, but worry about where the weakest link is and that weakest link I am afraid is reading this post right now. It isn't Apple or AWS or GCP or whatever Facebook is called today. Think about apps that harvest data from your phone or that track you or the content you seem to find enjoyable or the content that makes you jump over to amazon to make a purchase.

Unless they are looking for blackmail leverage, then having access to your picture of the frog is of no value to them. so they will go hunt elsewhere for data they can maliciously monetise.

If you feel like you are being watched, then good, because you are but not in that way. I hate to break it to you but you are just a number to all of these companies and criminals, just a revenue potential. Your credit card number is worth less than a dollar on the black market.

All of this assumes you are not an investigative journalist about to whistle blow on a world wide conspiracy. In which case you should be using protected corporate servers to hold this anyway - as per data protection laws.

I was just watching a documentary and Snowden was in it. He thinks everything is being recorded (every phone call as well) and the only safeguard against it is storing your data at home. But then again I am one user among millions so does the government really have that much manpower? Perhaps not. My media (photos, videos, voice files) I have in iCloud from my iPhone,ipad, mac, apple watch, and I have on SD cards or internal memory from my other devices. My friend thinks eventually... (well lets not get into that as I believe he is overly paranoid).

 

[MacNut]

I was just watching a documentary and Snowden was in it. He thinks everything is being recorded (every phone call as well) and the only safeguard against it is storing your data at home. But then again I am one user among millions so does the government really have that much manpower? Perhaps not. My media (photos, videos, voice files) I have in iCloud from my iPhone,ipad, mac, apple watch, and I have on SD cards or internal memory from my other devices. My friend thinks eventually... (well lets not get into that as I believe he is overly paranoid).

Nothing is secure unless it's fully encrypted. But even then there are no guarantees that they keys don't get stolen. Just assume everything you say and do in a "public space" is out there. By public space I mean where people can listen in. Be that your phone, internet, walking down the street.

 

[jwolf6589]

Nothing is secure unless it's fully encrypted. But even then there are no guarantees that they keys don't get stolen. Just assume everything you say and do in a "public space" is out there. By public space I mean where people can listen in. Be that your phone, internet, walking down the street.

Then what I say in my personal dictation recorder which is not connected to the internet is fine.

 

[MacNut]

Then what I say in my personal dictation recorder which is not connected to the internet is fine.

If it's not connected to the internet or anything that is connected to it you should be fine. Unless you are a spy or secret agent I don't think anyone would care though.

 

[Fishrrman]

I'll go against the grain here.

I have no trust in "the cloud". Not Apple's cloud, nor anyone else's.

I have a small free account with microsoft onedrive on which to post some stuff that I want freely accessible to others. But that's all "the cloud" there is in my computing life.

Everything else is backed up onto locally-controlled drives.
That's how it will be for me, forever more.

 

[MacNut]

I'll go against the grain here.

I have no trust in "the cloud". Not Apple's cloud, nor anyone else's.

I have a small free account with microsoft onedrive on which to post some stuff that I want freely accessible to others. But that's all "the cloud" there is in my computing life.

Everything else is backed up onto locally-controlled drives.
That's how it will be for me, forever more.

I don't trust cloud backups, I won't be paying these services forever.

 

[Clix Pix]

I am another who does not use the cloud for backups. I back up everything locally and keep one set rotating in-and-out of my safe deposit box at my bank. This works for me.

 

[cupcakes2000]

I use Cryptomator for the cloud. It creates an encrypted volume which you can put wherever you like. If it’s well encrypted with a secure password that only you know, then it doesn’t matter where it is kept, generally. Certainly for most threat models.

Those saying ‘they aren’t looking for you’ and ‘you’re just a voice in the crowd’ are massively missing the point. Mass surveillance, be it at a gov level, or a multinational advertising level, or a hacking risk level or any level you care to think about, all exists but is generally NOT the point. The point is to create a level of privacy that ensures that the information you wish to keep wherever you want, remains private. It doesn’t matter whether you or anyone else feels it’s worth knowing or not. It should be private.

OP- keeping it away from the internet is the most private. If you wish to be able to store it on a cloud somewhere, you need to ensure only you hold the keys to decrypt it. I suggest Cryptomator. Look in to it, it’s hugely useful open source and free and very easy to use.

 

[jwolf6589]

I use Cryptomator for the cloud. It creates an encrypted volume which you can put wherever you like. If it’s well encrypted with a secure password that only you know, then it doesn’t matter where it is kept, generally. Certainly for most threat models.

Those saying ‘they aren’t looking for you’ and ‘you’re just a voice in the crowd’ are massively missing the point. Mass surveillance, be it at a gov level, or a multinational advertising level, or a hacking risk level or any level you care to think about, all exists but is generally NOT the point. The point is to create a level of privacy that ensures that the information you wish to keep wherever you want, remains private. It doesn’t matter whether you or anyone else feels it’s worth knowing or not. It should be private.

OP- keeping it away from the internet is the most private. If you wish to be able to store it on a cloud somewhere, you need to ensure only you hold the keys to decrypt it. I suggest Cryptomator. Look in to it, it’s hugely useful open source and free and very easy to use.

If it’s very private I won’t store it on the internet period.

 

[MacNut]

If it’s very private I won’t store it on the internet period.

It's already there unfortunately. Social Security numbers, birth dates.

 

[Apple fanboy]

If it’s very private I won’t store it on the internet period.

I don’t shoot that sort of picture so I have no issues with my iPhone snaps being on the cloud. But I suppose if you are shooting privates it might be different!

 

[MacNut]

I don’t shoot that sort of picture so I have no issues with my iPhone snaps being on the cloud. But I suppose if you are shooting privates it might be different!

Nobody wants to see mine, that's for sure.

 

[AlaskaMoose]

Then what I say in my personal dictation recorder which is not connected to the internet is fine.

Why being so worried about it? Well...as long as it is not illegal porno or any other illegal activity, I would not worry about it.

 

[mackmgg]

I'll be another voice in the "not unreasonably paranoid" group. I do keep my photos (mostly, some I just keep locally) in the cloud, and I do cloud backups but make sure they're encrypted first (I use Arq, which lets you encrypt your backup and then send it so the cloud provider just sees encrypted data).

But as far as voice dictation? I keep my journal on paper written with pen. Partially because I just like handwriting it, but mostly because I don't want to have a digital copy of that. It would certainly be convenient to have something that syncs between devices and I don't have to carry with me when I travel, but for that I value privacy over convenience.

I don't trust cloud backups, I won't be paying these services forever.

Cloud backups aren't for long term storage, they're for "oh **** my house burned down with all my backup drives, luckily I at least have a copy of my current data stored elsewhere"

 

[MacNut]

I'll be another voice in the "not unreasonably paranoid" group. I do keep my photos (mostly, some I just keep locally) in the cloud, and I do cloud backups but make sure they're encrypted first (I use Arq, which lets you encrypt your backup and then send it so the cloud provider just sees encrypted data).

But as far as voice dictation? I keep my journal on paper written with pen. Partially because I just like handwriting it, but mostly because I don't want to have a digital copy of that. It would certainly be convenient to have something that syncs between devices and I don't have to carry with me when I travel, but for that I value privacy over convenience.


Cloud backups aren't for long term storage, they're for "oh **** my house burned down with all my backup drives, luckily I at least have a copy of my current data stored elsewhere"

Unless you have a lot of bandwidth, doing a full restore from the cloud would be a pain in the ass.

 

[jwolf6589]

I'll be another voice in the "not unreasonably paranoid" group. I do keep my photos (mostly, some I just keep locally) in the cloud, and I do cloud backups but make sure they're encrypted first (I use Arq, which lets you encrypt your backup and then send it so the cloud provider just sees encrypted data).

But as far as voice dictation? I keep my journal on paper written with pen. Partially because I just like handwriting it, but mostly because I don't want to have a digital copy of that. It would certainly be convenient to have something that syncs between devices and I don't have to carry with me when I travel, but for that I value privacy over convenience.


Cloud backups aren't for long term storage, they're for "oh **** my house burned down with all my backup drives, luckily I at least have a copy of my current data stored elsewhere"

My handwriting is so bad that would not be an option.

 

[mackmgg]

Unless you have a lot of bandwidth, doing a full restore from the cloud would be a pain in the ass.

It would take ~1 day for 1TB at 100Mbps. Compared to the alternative (which is not having the backup) I'd say that's not bad. I'd always prefer to restore from a local copy if I have one, but sometimes that's not an option (local one fails, fire, drive failure while traveling, theft, etc) so I'll happily pay a couple dollars/month to make sure I always have a backup plan. And if your Internet is too slow for a web backup, most of the major cloud providers will (for a fee of course) mail you a drive with your data as well.

My handwriting is so bad that would not be an option.

Mine wasn't great when I started it! By now I'd say it's definitely improved a lot. But to be honest half the benefit of the journal is just writing things down. Even if I can't read it back it's still worth it!

 

[kenoh]

I was just watching a documentary and Snowden was in it. He thinks everything is being recorded (every phone call as well) and the only safeguard against it is storing your data at home. But then again I am one user among millions so does the government really have that much manpower? Perhaps not. My media (photos, videos, voice files) I have in iCloud from my iPhone,ipad, mac, apple watch, and I have on SD cards or internal memory from my other devices. My friend thinks eventually... (well lets not get into that as I believe he is overly paranoid).

They record what they can feasibly and economically do. Is the technology available to do it? yes. Has storage and processing power become sufficiently capable to capture everything? yes it theoretically can but not even state funded digital snooping gets that kind of funding. Cross border traffic is monitored as are telephone conversations for flag words. You guys have been watched for that stuff for years. Over here we have Echelon. The government arent interested in your particular preference of adult entertainment or your penchant for listening to K-Pop. While this is embarrassing, they are only interested in capturing actionable intelligence on potential threats to national security.

The bigger worry is criminals who trade on embarrassment.

It comes back to the comment earlier - you have to make it more effort to get than it is worth having it. Layered security, sensible passwords. Always think weakest link. Do you use the same user id and password for Amazon as you do the mom and pop pet supplies company you order treats from? that is how they get you. They know the average person will use the same user id and password for multiple online access. This means if they get it, then they have multiple attack vectors they can use against you. The most common gotcha is when they dont bother attacking Amazon. What they do is they go after the mom and pop store who cannot employ security to protect them - point of least resistance. They grab the customer database and then try all the user ids and passwords in that database against Amazon, knowing that some will work.

The only true safeguard is to store it in a place completely disconnected from anything.

I watched a video this week about a team at Nottingham University using a beefy PC with 12 graphics cards. They were running HashCat which is a CUDA Hashing tool. On that rig it can run literally billions of tests a second to do a dictionary attack against a password database of 4,000 passwords that had been encrypted. It was taking seconds to run and getting 1700+ of them. I mean scary stuff.

The day is coming where the power to capture and analyse this is real.

Seriously though. Whenever you have the option to turn on two factor authentication? do it. Is it perfect? no, is it a pain? sometimes yes, but it is better than picking up the pieces of a breach as @bunnspecial says above. The IT team at his work have a week of hell ahead of them. This is where cloud Sync vs cloud backup has a very different meaning.

 

[kenoh]

Unless you have a lot of bandwidth, doing a full restore from the cloud would be a pain in the ass.

Good point. This is another reason for choosing Glacier. For a fee they will send you a set of recovery disks. So if you cannot wait for recovery, you can go that option.

 

[kenoh]

Then what I say in my personal dictation recorder which is not connected to the internet is fine.

Until you connect it to your MacBook Pro that is....