Is Skydrive safe enough

Discussion in 'other software & services' started by ams963, Nov 30, 2013.

Thread Status:
Not open for further replies.
  1. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Hello,

    I use Skydrive. I also use skydrive app on my desktop. Do files always need to be encrypted before uploading to Skydrive? Or is Skydrive safe enough?
     
  2. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,785
    Safe from what?

    Edit: Someone more knowledgeable can correct me if I'm wrong, but I think the fine print in the user agreements for this cloud storage type stuff pretty much states that they own your files once you put them up there, and that they can do whatever they like with them...
     
    Last edited: Nov 30, 2013
  3. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    it depends how sensitive your files are.

    if the files contain sensitive, confidential or classified info then it should be encrypted.

    trust no one.
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,785
    Exactly... I would even go so far as to say trust no encryption... but that would probably be overkill... :)
     
  5. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    i guess we can classify computer privacy in 3 classes:

    * personal privacy (mostly against identity theft, protecting banking info, etc)
    * business privacy (against industrial espionage and trade secret and such)
    * protection from government agencies

    most of us here at Wilders will fall within the first 2 classes.

    if one needs protection against government agencies then one has a very big problem indeed. ;)
     
  6. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,785
    You got that right.... :)
     
  7. Raza0007

    Raza0007 Registered Member

    Joined:
    Mar 30, 2009
    Posts:
    1,425
    Location:
    USA
    According to the reports going around, NSA has complete access to the contents of everyone's skydrive, so if you need to hide something from the govt. you need to encrypt the files securely before uploading to Skydrive or any other cloud storage for that matter.
     
  8. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    Choosing to interpret that as if they can log on and click on what they want is utter nonsense. It refers to the fact that they have access to the unencrypted communications between companies servers (the fiber cables) which won't be an issue after MS, Google, etc. finishes implementing server to server encryption.
     
  9. Raza0007

    Raza0007 Registered Member

    Joined:
    Mar 30, 2009
    Posts:
    1,425
    Location:
    USA
    My information is sourced from this article in Guardian. US govt. did not sue or challenge anything in this article because Guardian possesses hard evidence to backup their claims, provided to them by Snowden. Had it not been for the evidence, we would have seen a lawsuit against Guardian. You can read the article yourself, specifically the NSA's PRISM program.

    The issue with NSA spying the fiber-optic cables between MS, Yahoo and Google's data centers is a separate issue, unrelated to their PRISM program.

     
    Last edited: Dec 1, 2013
  10. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,729
    Location:
    localhost
    UUhm... the usual partial views... You should normally also attach the response from the other involved party (i.e. Microsoft).
    http://www.microsoft.com/en-us/news/press/2013/jul13/07-11statement.aspx

    In other words, as all the other service providers, they do comply with court orders. Nothing more nothing less.
     
  11. UnknownK

    UnknownK Registered Member

    Joined:
    Nov 3, 2012
    Posts:
    160
    Location:
    Unknown
    You really believe what companies like microsoft say?
     
  12. guest

    guest Guest

    You really believe there's any companies out there who will play the role as the good boys?
     
  13. Raza0007

    Raza0007 Registered Member

    Joined:
    Mar 30, 2009
    Posts:
    1,425
    Location:
    USA
    Yes, Microsoft denied the allegations but did you notice that they did not sue Guardian for defamation, for printing false information ruining MS's reputation. Why do you think that was? Was it because Microsoft has suddenly become a peace-loving benevolent organization that believes in the principles of live and let live? Of course not, they can't sue Guardian, as all the allegations are based on hard facts, and MS will only be damaging themselves further.

    If you read the article it says that MS worked with NSA for months perfecting the system to give NSA unrestricted access to user data on hotmail, skype, skydrive and outlook.com

    In any case, this NSA surveillance program does not concern me. I was only responding to the question on whether it is safe to use skydrive or other cloud storage sites, and the answer is that yes it is safe as long as you encrypt the files locally on your computer using any of the three leading algorithms, Towfish, Serpent, AES at their max settings, and then upload the files to skydrive. If you use the skydrive's built-in encryption, then according to the article, before skydrive encrypts your files it makes a copy of the raw data and makes it available for NSA.

    And if you do decide to use skydrive's built-in encryption, then you just have to trust that all people employed by NSA are saints and will not take your data and sell them to third parties for cash. Of course, we already know how good NSA's internal security is, as Snowden managed to take away copies of everything including the kitchen sink from them.
     
    Last edited: Dec 1, 2013
  14. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,086
    The article described Microsoft working with US agencies to bypass some encryption:

    and it also mentioned Microsoft working to make access to SkyDrive stored documents easier:

    The article doesn't discuss "SkyDrive built-in encryption" though. Which doesn't even exist, does it? Users willing to increase their exposure to Microsoft related threats and store their files in SkyDrive attempt to mitigate the risks by using *separate* software that performs client-side encryption/decryption... right?
     
  15. Raza0007

    Raza0007 Registered Member

    Joined:
    Mar 30, 2009
    Posts:
    1,425
    Location:
    USA
    I have never used Skydrive so I do not know about their encryption. However, some cloud storage companies offer to encrypt your files while you are uploading them or they give you an option to encrypt your files after you upload them on their servers (I have personally never used any cloud storage, so this is second hand information).

    Like you said, the best mitigation is to encrypt and decrypt your files locally, then you can safely upload them to Skydrive.
     
  16. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Thank you so much everybody. I knew I could always turn to my fellow Wilders for advice and guidance. I've learned a lot. And point taken. I'll continue to encrypt with 7 zip before uploading to Skydrive.

    My files are a little sensitive. But I don't think they are sensitive enough or important enough for NSA to be interested in.;) But if files are stored or accessed in mass and sold casually to other parties then I'm worried. I mean nobody would take the time to ask for my account specifically to MS or other companies. I'm not that interesting.:D But I don't want individuals or companies messing with my personal files.

    I wanted to access my files from my phone as well as my laptop. But no 7-zip or truecrypt for Win 8 phone. I thought if I could simply use Skydrive to access from my phone it would have been very convenient. But as I always do, I checked with very experienced and expert friends here. Thank you so much guys.:D:thumb:
     
  17. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,086
    Local encryption/decryption should help to protect the information. However, I wouldn't go so far as to call such a pattern "safe". We're still talking about exposure to, and in some form storing personal files on, a server/cloud that is owned and operated by strangers. The user will forever lose control over what they upload as well as visibility into exactly what happens to it.

    We'd want to take a very hard look at the client side software, the mechanisms it uses, how the user is doing things, and what they are putting at risk. The objective should be to reveal no information to the cloud storage provider. We don't want them, or anyone else who might gain access to their systems, to know the encryption algorithm(s) used, how many rounds were used, to see filenames, the size of files, which files are being frequently accessed, which portion of files are changing, file hashes, dupe information, etc. We'd also want to be able to meaningfully monitor the behavior of the client side software... observe the protocol exchanges, verify that no unexpected commands/responses were being used, very that what is being uploaded is actually encrypted properly, so forth.

    Furthermore, we wouldn't want the act of establishing the cloud storage account or using it to have negative, secondary consequences. Here I'm reminded of the various cases where someone signed into a multi-purpose cloud account and was shocked to find that doing so automatically triggered a silent upload/sync of contacts, browsing history/passwords, etc. from their platform to the platform manufacturer's cloud. I'm also reminded of the "Windows 8.1 will encrypt hard drives by default" thread and related articles which lead to "When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to online Microsoft account and TPM protector is created.". There can be any number of unexpected, silent, even negative consequences that occur that moment you first establish/use a cloud account. So, at least in cases where we're talking about a platform manufacturer's cloud account, one can't approach things with a "I'll just use this account for cloud storage purposes and encrypt everything myself" mentality. Additionally, every time you log into an online account, even a dedicated cloud storage account, the account provider (and possibly other parties in cases where secure connections aren't used or are being MITM'd) gets a bead on you. It enables various tracking and information sharing scenarios. If the cloud storage provider is involved in other businesses... especially personalized advertising, market research, public cloud hosting for businesses, etc... it may use your cloud storage activity for secondary purposes.
     
  18. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Steganography (I recommend OpenPuff) can help with that. But in the end, the only safe cloud is your own if you know how to secure it.
     
  19. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    Which is why I don't use "Last Pass" to store all my passwords, I keep hearing " Get off my cloud" by the Rolling Stones strange. My new computer is Windows 8.1, before Microsoft decided to use "Bitlocker" I thought of using Truecrypt to encrypt my HD.
     
  20. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Windows 8.1 is already cloud-centered, have you disabled those components? I only use LastPass for convenience and better security for all the trivial sites, so my brain is unburdened for storing all the important passwords.
     
  21. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    Yes, I read Skydrives privacy policy along time ago, I never signed up. A alternative is dropbox. I transferred all my important files from my old computer to my new computer with a flash drive.
     
  22. Raza0007

    Raza0007 Registered Member

    Joined:
    Mar 30, 2009
    Posts:
    1,425
    Location:
    USA
    You have a good point here. In fact it is written in most if not all Cloud storage license agreements that the files uploaded to the cloud become the cloud provider's property. All users have to accept the agreement before they can begin uploading the files.

    It is this same principle that holds cloud storage companies liable for unauthorized activities of its users. A recent case was that of Megaupload, the authorities shut it down and arrested its CEO just because its users were using its services to upload and transfer copyrighted materials.

    The other issue of data mining for advertising purposes, I think Google and possible others already do that. They even scan your personal emails to provide targeted ads, so scanning your cloud files should just be routine for them.

    Bottom line is that if you value your privacy, then stay away from cloud storage.
     
Loading...
Thread Status:
Not open for further replies.