Online Storage With a Twist

mssmss writes "For a long time, I have been looking for a way to securely store my files online without being tied to a single vendor — whose survival my storage depends on. It looks like Wuala has a way to do this, according to this story in the Economist. They use donated disk space of users to scatter your encrypted files over multiple computers."

Nice idea

[Hyppy (74366)]

It's like RAID for online storage.

Sounds great, but what happens when a massive worm outbreak occurs?

Re:Nice idea

[Van Cutter Romney (973766)]

Sounds great, but what happens when a massive worm outbreak occurs?

That's not a problem! [getridofthings.com]

Oh, those worms ...

Re:

[Spazztastic (814296)]

God damnit. I hope nobody was watching inbound websites right then, or I'm gonna have some explaining to do.

Re:

[Hyppy (74366)]

I doubt whoever watches inbound websites will want to hear you explain your worms.

Re:Nice idea

[Joe Snipe (224958)]

from the link:

Tapeworms can be found in both humans and people as well; though they are rarely found in humans

You don't want that link

[A nonymous Coward (7548)]

You know how one way to stop feeling the hurt of a stubbed toe is to get a bigger hurt?

Google for goatse.cx ....

Re:

[wizardforce (1005805)]

Sounds great, but what happens when a massive worm outbreak occurs?

multiple copies just like any other good storage solution.

Re:Nice idea

[flyingfsck (986395)]

Massive Worm? Then you have lots of melange spice and your eyes turn blue.

Re:Nice idea

[192939495969798999 (58312)]

I concur, and I further assert that backup storage may be one of those things that just doesn't fit into a distributed model nicely. Having several physical copies of the data is 1000 times safer than several online copies, or parts of copies, any or all of which could be wiped out by the same affliction even if in different physical locations by virtue of the network that connects them.

It may not fit...

[jd (1658)]

...but it certainly is done. The projects I've found that do much the same thing are NOT being run by kids in their basement, but serious, large-scale research centers that need to do wide-area RAID.

dCache [freshmeat.net]
iRods
OPeNDAP [freshmeat.net]
PVFS [freshmeat.net]
TPIE [freshmeat.net]

Re:Nice idea

[Hyppy (74366)]

Well, that point is covered. From what I understood, they will distribute your data across enough computers so that you'll have instant access to it 99.9999% of the time. That accounts for offline computers, etc.

No thanks...

[KGIII (973947)]

I don't think I want to be liable for the data that someone puts on my PC should the encryption ever be broken.

Re:

[CogDissident (951207)]

Yeah, I can see the government not being particularly forgiving if that chunk of data on your harddrive happens to have childporn or something on it.

"No, really your honor, it wasn't my data. I was just sharing storage space with people online." Is not going to fly in court.

Re:No thanks...

[Timothy Brownawell (627747)]

Yeah, I can see the government not being particularly forgiving if that chunk of data on your harddrive happens to have childporn or something on it. "No, really your honor, it wasn't my data. I was just sharing storage space with people online." Is not going to fly in court.

Even if you can point to the company's website "see, I was using this, ask them if I had any way to know what they put on my computer"? Especially since they must have some sort of index saying what they stored where, so you could ask for the relevant part of that.

The real issue isn't what would work in court, but what the media or HR people would do even without a conviction.

Re:

[TooMuchToDo (882796)]

The real issue isn't what would work in court, but what the media or HR people would do even without a conviction.

Don't think for a second that this is up for debate. You'll be publicly shunned and humiliated for a long time to come even if the charges are dropped or your found innocent.

Donate data space on a Truecrypted drive.

[EWAdams (953502)]

The only disk space I would be comfortable donating to this would be on a Truecrypted drive, so even if someone cracks their protection, it's secondarily protected by mine. If the cops seize my drive, they find nothing.

Re:

[darkfire5252 (760516)]

Or, perhaps having this particular software on your computer could actually create the reasonable doubt you require to protect you?

Exactly. That's why I make it a policy to run an open wireless access point.

The lack of access control

[apankrat (314147)]

> I don't think I want to be liable for the data that someone puts on my PC

I don't want random people's data on my disk. Period.

I was a beta tester for Wuala and the lack of access control to my donated disk space was the biggest issue. I talked to their CTO and suggested to have an option of donating the space to specific peers only, which should've not been hard to do given they have the social grouping support in place already. He didn't see an issue with wildcarded access though, so they were not planning (nor in fact did) anything about it.

Re:The lack of access control

[lysergic.acid (845423)]

that sorta defeats the purpose of having a shared online storage network. if everyone wanted to have total control over the space they donate, then instead of having one large public pool of online storage to be shared by everyone, you'd just have a bunch of small fragmented storage spaces or a bunch of disconnected groups of 5-6 people sharing a few gigabytes of storage. if that's the case then you might as well just call up a few of your friends and ask each other to hold onto your files for you.

the point of Wuala is so that they let you store whatever you want on the space they donate, and you let others do the same. it seems like a fair trade to me. obviously, if you don't want to share your disk space with strangers, then this service isn't for you. just build a RAID array.

Re:

[Danathar (267989)]

That's the thing with social/cpu/storage collective software...

You have to PARTICIPATE in order to get the benefits.

If you don't want to share, then nobody wants to share with you!

Re:No thanks...

[Hyppy (74366)]

Or, what if you're in the U.K.?

Police: "We want your encryption keys"
Joe: "I don't have them, they're not my files!"
Police: "Think it over in solitary confinement."

Re:

[thermian (1267986)]

I don't think I want to be liable for the data that someone puts on my PC should the encryption ever be broken.

Yeah, but I assume that you would be anonymous to others who are storing their data on your disk. Unless of course the DOJ sends them summons.

Anyway, from my understanding not all the information gets stored in one disk. You'll at max get a sixth.

And you think that'll help? No way. If they catch you with even a suspicion of child porn on your pc, you are absolutely screwed.

Re:No thanks...

[denmarkw00t (892627)]

In a distributed system of file chunks, you would never have access to what those chunks make up unless it is YOUR data, so I think its actually a lot safer than you think. In a system like this, all you're storing for other people is essentially random chunks - it would be very difficult to prove in court that you in fact were aware of the content this data belonged to and that you willingly supported a criminal.

Re:

[janrinok (846318)]

underage girl getting nailed by a horse

When someone mentions CP to me, it does not conjure up the same images in my mind as it appears to do in yours.... I'm not sure what that says about either of us but I wouldn't like to visit the sort of websites that you seem to frequent, or at least you appear to have 'heard' about.

Online Storage scares me

[oahazmatt (868057)]

I don't know why, but I really don't like the idea. Even on Google Docs I only put up things that I'm perfectly willing to have comprimised. The idea of having an intermediary overseeing any of my data just encourages me to go out and by an external drive or two.

Re:

[Oxy the moron (770724)]

The idea of having an intermediary overseeing any of my data just encourages me to go out and by an external drive or two.

Where do you store your external drives? If it's your personal items you're referring to, you probably keep them in the same house as your computer. Not much of a backup in the event of a fire/tornado/flood/etc. If it's for a business, unless you have offices in multiple locations, you probably keep them in the same office. So now if someone breaks your office's physical security, they have access to your backups as well.

I understand where you're coming from; it's difficult trusting someone to not abuse

Re:

[FictionPimp (712802)]

I have a agreement with a family member. I provide them a ssh account on one of my machines with 2TB of storage, they do the same for me. Then I use rysnc to backup my data into an encrypted volume.

Re:Online Storage scares me

[emag (4640)]

Must be nice to have family members for whom "ssh account" isn't a foreign language.

Re:

[RabidMoose (746680)]

That defeats the whole point of remote storage though. What if your house burns down/floods/gets robbed? It's the Paranoid's Folly: keep all your eggs in one basket, or store them where you can't always seem them?

Re:Online Storage scares me

[suggsjc (726146)]

Simple, have a RAIH (Redundant Array of Inexpensive Houses) so you can just mirror your houses, so that if one happens to burn down then you'll have a backup copy.

I'm not sure how well a RAIH5 solution would work though but I'm sure there are plenty of people working on that though.

A well-meaning idea, but perhaps flawed

[Duncan Blackthorne (1095849)]

It's a nice idea for a perfect world, but we don't live in a perfect world therefore I see several potential problems. One is that like with Tor [torproject.org], anyone at the end-point could be monkeying with the system. In this case someone could manage to crack the encryption scheme used, and access people's private data. Another problem I see is that if someone is using a service like this to store copyrighted data (mp3's, DVD rips, etc) then, encrypted or not, innocent disk-space-contributors could be implicated in civil or criminal proceedings. Also, some people have bandwidth caps on their internet connections, and even those who don't aren't necessarily going to be happy with our bandwidth being used; I suppose though that if their client software allows bandwidth limiting then it wouldn't be much of a problem. A question I have about this: is there redundancy? What if all or part of a file you're trying to retrieve is on a remote system that's offline?

Re:

[gnick (1211984)]

(go read the damn article for the full explanation of why 6 is plenty)

I've always wondered what RTFA stood for. F is for damn. Thanks.

=P

Single point of failure

[houstonbofh (602064)]

"For a long time, I have been looking for a way to securely store my files online without being tied to a single vendor â" whose survival my storage depends on."

And when the master server that knows where all those little pieces are goes down, you are still without your data.

Re:Single point of failure

[fuzzyfuzzyfungus (1223518)]

It's a pity, a truly distributed system could certainly be built, and it would look similar in many respects to this one. I suppose Wuala has no real incentive to build a system that doesn't need them, though.

Re:Single point of failure

[cizoozic (1196001)]

And when the master server that knows where all those little pieces are goes down, you are still without your data.

Thank you! What do we have for our winner?

When I started reading TFS I assumed it was going to be some kind of distributed free storage service, that simply stores a copy of each file on multiple free online storage sites. As far as I'm concerned, this instead rates last after single service with a good backup plan and backing it up yourself. /vertisement much?

Hmmm....

[Facegarden (967477)]

Hmm... sounds good. I'll donate 2TB of space each from multiple computers at different locations and between all of them i'm bound to have two critical pieces of your files, then all i have to do is shut them all down! Muah haha haaaa!

And actually, what would happen if a major disaster shut down all the PC's in a major metropolitan area? Does the service provide enough redundancy that even if everyone in silicon valley went offline, my files would still be safe? I'd rather know where my data is.

Also, slashverteisment? The concept is interesting but the story doesn't bring up the more interesting issue of privacy, it seems like just an ad.
-Taylor

Re:

[spacefight (577141)]

RTFA There is redundancy for just that reason.

Re:

[Whatanut (203397)]

He didn't ask if there was redundancy. He asked if there was "enough" redundancy. How many nodes going down does it take before the system/data is crippled?

Bittorrent

[robo_mojo (997193)]

They use donated disk space of users to scatter your encrypted files over multiple computers.

So they use Bittorrent?

Freenet

[Danny Rathjens (8471)]

Encrypted distributed donated storage sounds a lot like Freenet. [freenetproject.org] :)

Re:Freenet

[nurb432 (527695)]

Only that hardly used data can disappear off the network. I assume in the case of this other offering, it never goes away.

Oh joy.

[R2.0 (532027)]

Step 1: Joe pervert is busted (legitimately) for kiddie porn. It is determined he stored some of it with this service.
Step 2: Service is subpoenaed, and they give out all the user info for all the places where the bits of the files are stored.
Step 3: Arrest hundreds of people, declare a major kiddie porn ring busted, receive promotion.
Step 4: GOTO Step 1

15,363,490 files stored in Wuala

[Skapare (16644)]

I have more than twice that number of files on my 8 external hard drives.

Always make two backups

[Yvan256 (722131)]

I have a home business. So, for safety, I always keep one copy of my data at work and one at the office.

Oh wait.

Churn is your enemy

[mcorner (168581)]

On paper it is mostly a great idea.

We had a paper on some tricks to play in file systems to make it perform better:

http://prisms.cs.umass.edu/mcorner/papers/fast_2007_tfs.pdf

But when you get down to it, churn is your biggest enemy. If you look at the rate at which people join and leave p2p networks, the amount of replication you need to do can use a lot of bandwidth. Every time a user quits (or drive crashes etc.) all of the data they were storing for others must be replicated again. If they aren't available online for a while you have to assume they have left the network and replicate proactively. See the paper for a few sample calculations based on the churn found in systems like kazaa and skype.

-M

Tahoe - an open source alternative

[SiliconEntity (448450)]

I would recommend taking a good look at Tahoe [allmydata.org], from allmydata.org. This is an open source project that uses a conceptually similar file dispersal system for backup, but it has been designed and reviewed by expert cryptographers. There is also a commercial version available at allmydata.com [allmydata.com] which has generously sponsored the open source project. Tahoe is working on Windows, Mac, Linux and other Unix style systems.

Tahoe does have a minimal dependency on a central server to first learn about the peer nodes that hold data, but only for the initial callup - once the client is running, it remembers all the peers it is using. And they are working towards eliminating even this dependency with "gossip" introductions, so if you can connect to any peer you can learn of all the others. Everything is cryptographically protected with encryption and signatures to make it effectively impossible for anyone to see the contents of your files without your permission.

Re:

[tepples (727027)]

What if the FBI/NSA sets up a few computers on this network and just idly waits until something that interests them shows up on their storage space...

How would they know if it's something that interests them? Is there any evidence that even the NSA can crack, say, AES in a reasonable amount of time?

Re:Not me...

[Hatta (162192)]

And wouldn't kiddie pron collectors love this technology?

You could say the same about almost every technology. Full disk encryption, digital cameras, the entire internet itself, all this makes the life of a child pornographer that much easier. Focus on the good uses of a technology, and let law enforcement do its job if someone misuses it.

The toaster

[commodoresloat (172735)]

You people do realize we need to start with the toaster if we really want to do something about the kiddy porn problem. After all, studies have shown that many child pornographers start their day with a piece of toast for breakfast. Why should corporations be providing child pornographers with equipment that helps them exploit children in this manner?!

Re:

[nschubach (922175)]

Oh man, I wish the world had more people with your mentality. (IE: Don't pretend to be the highway patrol and pull in front of that speeder, get out of the way and let the patrol make their own money.) I'm being serious here. People don't know enough about how other people live in order to make life decisions for them. The same goes for government oversight of my life (you know... things like health care)