Google Plans Service to Store Users' Data Online

achillean wrote this morning with a link to the Wall Street Journal, announcing plans we've all seen coming for a while: an online data storage service from Google. Though the article doesn't come out and call the project 'gDrive' or anything like that, it does indicate the service could be available within the next few months. "Google's push underlines a shift in how businesses and consumers approach computing. They are increasingly using the Web to access applications and files stored in massive computer data centers operated by tech companies such as Salesforce.com Inc., Microsoft Corp. and Google. Such arrangements, made possible by high-speed Internet connections between homes, offices and data centers, aim to ease users' technology headaches and, in some cases, cut their costs."

Everything old is new again

[pryoplasm]

a strategy that could accelerate a shift to Web-based computing doesn't this sound just a little bit like a dumb terminal in terms of computing?

Re:

[ByOhTek]

if by "a little bit" you mean "a whole lot", yeah, it does.

There's nothing wrong with a computer as a graphical dumb terminal - if it does what the user needs it to do. There are plenty of users who would be fine with this, and for whom it would work quite well. Cheaper computers with the desired functionality? Nothing wrong with that.

Re:

[smittyoneeach]

The substantial difference between what Google is up to and previous dumb terminal applications is one of scope.
If the possible participants/locations for working on stuff is wherever there is reasonable internet bandwidth, then some interesting use-cases crop up:

• Keeping a TODO list as a google document that you can see both at home and at work, blowing by the limitations of Exchange server configurations and mixing personal/work stuff
• Collaborating on a school project. Tried this actually, and the limi

Re:

[ByOhTek]

Quite true, but a lot of people don't have things they consider critical on their computers.

Personally, I wouldn't use it (or would at least keep a backup of anything I don't want to loose), but there are a lot of people who wouldn't care if someone else looked at their data. Data corruption/loss would be a problem though.

Less Risk

[EgoWumpus]

Data corruption/loss would be a problem though.

Less so, I think, than if you're asked to keep track of your own stuff. Businesses drop big bucks on making sure they have backups of all computer files because the average person simply cannot be relied upon to do it themselves, accurately and regularly.

Re:

[ChrisA90278]

"...doesn't this sound just a little bit like a dumb terminal in terms of computing?"

No. I'd call it "Smart Termional". A dumb terminal is simply a display device, smart terminal can run programs and interact with the user. It makes great sense to keep a word processing document on a server. It is small and only takes a few seconds to move the document to whatever "smart terminal" the user is logged into. If you have ever used one of those systems where your desktop follows your log in it is great. Lo

Upload

[niceone]

Once installed, you upload your files by right clicking on them and selecting "I'm feeling lucky".

This sounds fun

[DeeQ]

first thing I'm going to put up there is personal information to others. Any bets for how long till they are compromised?

Call Me Paranoid

[cybermage]

In an age of sealed warrants, if the government even bothers with that, why would anyone put their data out of their sight? When it comes to privacy, I cannot see how the benefits outweigh the risks.

Re:

[TimeTraveler1884]

In an age of sealed warrants, if the government even bothers with that, why would anyone put their data out of their sight? When it comes to privacy, I cannot see how the benefits outweigh the risks.

Well see, there is thing called "encryption". If used properly, it can be quite effective in maintaining one's privacy. With Google's track record of protecting user's privacy, I would not be surprised if the service automatically encrypts the data during transit on the desktop and Google does not transmit the

Re:

[cybermage]

Well see, there is thing called "encryption".

Okay, some wing-nutty paranoia now. Is there any form of encryption that you believe people like the NSA cannot crack? I suspect stories like "Skype encryption too tough for German police" [zdnetasia.com] are a ruse to encourage criminals to use the Skype which is likely easier to track, and certainly less portable, than prepaid cell phones.

Besides, if Google doesn't do the encryption, 99.99% of the data will not be encrypted. That should make the people with something to hide p

Re:

[mwilliamson]

>Is there any form of encryption that you believe people like the NSA cannot crack? Yes, the NSA cannot crack one time pad encryption (OTP), nor will the every be able to. Provided you generate your OTP keys using a pure random number generator (not pseudo-random...so software-based is out of the question), this system is uncrackable. An associate of mine created such a pure random number generator based on radioactive decay. Provided you don't loose (or ever loose) your keys and have a secure way to

Re:

[TheRaven64]

To be secure, a one time pad needs to be bigger than the data it is encrypting (you need one page per symbol, and the size of each page needs to be big enough to represent each symbol). This makes it pretty useless for storing data on someone else's server, since you need to securely and safely store more data locally and so could just store your data, rather than your key.

Re:

[mwilliamson]

Why does it need to be bigger than the data? I always thought it only had to be the same exact size of the data. (or are you talking about being able to actually make it useful and add data) -Michael

Re:

[TheRaven64]

You have a source stream. For simplicity, let's say it's plain text, so you have 26 possible symbols in the input stream. A one time pad is a mapping from each symbol in the input stream to a different symbol, so you need 26 mappings. For it to be secure, you can't use the same mapping twice in a row (you can use two identical mappings in a row, but only as a result of your noise source giving the same thing twice). For your 26-character input stream, then, you need 26 mappings in your one time pad per

Re:

[pyite]

Is there any form of encryption that you believe people like the NSA cannot crack?

Yes. I find it highly unlikely that the NSA can crack AES-128 and beyond. The algorithm has been extensively critiqued and found to be strong. And 128 bits and above is beyond the ability of a brute force attack.

Re:

[fyngyrz]

The algorithm has been extensively critiqued and found to be strong.

...and if the NSA could crack AES-128, what would you expect to hear from them and any security-cleared academics involved? Let me lay it out for you bluntly. They'd say something along the lines of "The algorithm has been extensively critiqued and found to be strong."

Also, there's quite a difference between what Dr. Joe Honest, working on his stipend until 4pm each day with what he, his TA, and his mighty 3 GHz windows or linux m

AES security and crypto in general

[Beryllium Sphere(tm)]

As the old saying goes, if you count on crypto to solve all your problems you don't understand crypto and you don't understand your problems.

The point that your data can and will be attacked while it's in plaintext is well taken. A networked machine running a web browser (the Sendmail of the 21st century) is a low security device, even with a good operating system. Google for "Scarfo", the mobster who was using PGP but also had an FBI keylogger on his computer.

As regards AES, though, we've got good reason to think it's resistant to cryptanalysis. The NSA is also in charge of protecting government secrets from foreign snoops and has approved AES for protecting classified data.

The low security of a workstation cuts both ways in an argument about gDrive: because your data is already at risk sitting on your hard drive, storing it encrypted on gDrive might not be any worse.

Security without threat modeling is like bricks without straw. What are we protecting data against? Loss, primarily. I trust Google's backups more than I trust mine (but I'd tell a client to look for a provider willing to sign an SLA). Unauthorized copying by crackers? AES should be an adequate control to cover that risk. Subpoenas? An attorney with two brain cells to rub together will subpoena the decryption keys, so no help from AES there. Vacuum-cleaner style mass government surveillance, looking for keywords like "Tibet" or "Falun Gong"? AES should prevent that. Government criminal investigation? You could (in the US) argue that surrendering the keys would be self-incrimination and end up paying a lawyer lots of money to argue the point for years. Expensive and undependable security, but then in a criminal investigation there's not much security difference between gDrive and your local machine anyway.

If you have security needs you should do an analysis like that last paragraph, only longer. For lots of people encrypted files on gDrive might be just fine.

Re:

[Sancho]

...and if the NSA could crack AES-128, what would you expect to hear from them and any security-cleared academics involved? Let me lay it out for you bluntly. They'd say something along the lines of "The algorithm has been extensively critiqued and found to be strong."

Though since the algorithm is public anyone can examine it, including people who are NOT under NDA.

Also, there's quite a difference between what Dr. Joe Honest, working on his stipend until 4pm each day with what he, his TA, and his mighty 3 GHz windows or linux machine can do, and an organization that has billions in budget normally, can get more anytime they ask, no difficult goals but breaking encryption and signal intercept, and which has made it a point to hire as many of the best minds in encryption as possible for, oh, say the last fifty years or so. And this in a world where quantum attacks are thought to be only a matter of sufficiently developed technology.

If we're talking about a brute-force, the math is pretty easy to figure out. You decide that you protect your data from X computing power, and you realize that if someone has X^2 computing power, they're going to get your data. Generally speaking, that's the best that you can do.

If we're talking about flaws in the algorithm that allow someone with a "secret key" to decrypt the data, then we're talking abo

Re:

[phantomcircuit]

Frankly if the NSA is coming after you I would forget about the data and run like hell.

Disappear... seriously

Re:

[TheVelvetFlamebait]

Yeah, you're paranoid. No-one's out to get you. Even if you decide to entrust your information to Google, there's by far no guarantee the government will read it or store it, and even if they do, use it in a way that detriments you. They really don't gave a motive.

Re:

[Stooshie]

... I would not be surprised if the service automatically encrypts the data during transit on the desktop ...

That technique is already used on a site called www.passpack.com [passpack.com]. You log in using your account and the site downloads a password protected zip file to your browser. You then type in a second password to unzip the file you can then edit the data/files. when you are finished the file is zipped (password protected) and re-uploaded to the server.

This means the file on the server is protected (128

Re:

[Anonymous Brave Guy]

With Google's track record of protecting user's privacy, I would not be surprised if the service automatically encrypts the data during transit on the desktop and Google does not transmit the keys to their server.

I'm sorry, what track record would that be?

Google are quite possibly the world's leading authority on automated information gathering. After all, their ad-based business model fundamentally relies on being able to target those ads, and the continued success of their primary service, the search engine, depends on how effectively and comprehensively they can process the entire WWW.

As we have seen in the past, with everything from Google Street View to the leaks from a certain other popular search engine

Re:

[TimeTraveler1884]

I'm sorry, what track record would that be?

For one, there is refusing demands for search data. [washingtonpost.com]

As we have seen in the past, with everything from Google Street View...

I don't agree with this, but the Google Street View is in general a continuing debate. I am speaking specifically of data that you submit to Google willingly. Not data captured by Google through your public exposure. Google does not break in to your home and take "Google Cribs View" panoramas of your home interior and publish them online.

.

Privacy must be defended

[Anonymous Brave Guy]

In the information age, perhaps people's expectations need to change? It needs to be realised what you really do in public is not local but global.

Alternatively, maybe we should introduce legal safeguards that apply to data, taking into account the much greater storage, data mining and communication facilities available today? Just because we can do something, does not mean we should, particularly where "we" means governments, businesses or other groups with disproportionate resources rather than private individuals.

In fact, I would argue that to some extent this is inevitable. Everyone does things in "public" (which apparently includes people obs

Re:

[fialar]

An interesting study here done by Privacy International:

http://www.privacyinternational.org/article.shtml?cmd%5B347%5D=x-347-553961 [privacyinternational.org]

Google were rated "Hostile to Privacy". Read their interim rankings PDF.

Re:

[rtb61]

Juts one point to highlight about google so called protecting people's privacy. Google fought to prevent giving the information away for 'free' not selling that information. Your privacy is google's profit centre of course it will fight any government gaining access to what it sells for with out paying for it.

It might be unfair to say google is the single greatest threat to privacy, but certainly the googlites preaching that no one should expect privacy on the internet, that private emails are postcards,

Re:

[Anonymous Brave Guy]

Juts one point to highlight about google so called protecting people's privacy. Google fought to prevent giving the information away for 'free' not selling that information.

Ironically, as I write this, the top story on the Slashdot homepage [slashdot.org] suggests that Google aren't always so good at protecting people's privacy.

That case is doubly ironic, because it sounds as if there really was a decent case there and so a court probably would have issued the proper order, justifying Google releasing the relevant data. Doing so before that order was issued doesn't sound much like fighting not to give the information away to me, though.

Re:

[pembo13]

From what I hear, encryption may be effective at getting you tortured.

Re:

[MikeFM]

I have an online storage system already in development that is somewhat similar to this. The client is a Java applet that is loaded when the user visits our website. Each file is encrypted by it's own unique key in the client before being stored and keys can either be recorded locally, such as to a thumb drive, or stored on our secure server. The secure server uses an encrypted file system and once turned off can only be restored with it's own key disk and a password. The key disk is kept in a safe location

Underground storage

[InvisblePinkUnicorn]

Methinks this trend will create a network of vast underground datacenters so large that archaeologists of the distant future will be left wondering whether we were created by metallic silicon creatures.

Re:

[Khuffie]

And when they discover how to extract that information from the datacenters...will be distracted by the vast amounts of pr0n.

Filesystem over IMAP.

[dannycim]

Fudge, I had just started to write a virtual filesystem driver using IMAP as a back-end. (Not fast, but gmail's 5.2G is free.)

Oh well, I'll put it on the back-burner until I hear more.

Re:

[i.r.id10t]

Already done - http://richard.jones.name/google-hacks/gmail-filesystem/gmail-filesystem.html [jones.name]

Re:

[azrider]

gNFS, anyone?

Useless to me w/Rogers

[brunes69]

Unless Google can lobby Rogers to get rid of its arcane practice of capping usage at 60GB / month for it's standard high speed, me, and around 50% of people in Canada with high speed internet, can not make any real use of this service.

It is pretty sad that a company will give you a nice 6 Mbps link only to cap you at 60 GB, which you could exceed in only 1 day of saturating your link.

Re:

[chrish]

Not to mention the standard North American practise of providing terrible up-stream speeds on cable and DSL lines. It'd take ages to upload 5GB (or whatever GMail's current limit is) of data.

I'm too impatient to back up 5GB of data over my 100Mbit LAN, I'm not doing it at "up to" 800kbits/sec.

Re:

[empaler]

I love my capless 10/10 pipe. M4 ph4t p1p3, as I call it. I could have a 20/20, but that'd just seem so wasteful.

Re:

[Kalriath]

Stop whining. For $70 I get a 2Mb link with only 15GB a month. Well, the theoretical maximum speed of the link is 7.6Mb, but the exchanges can't really hack that.

Re:

[krayfx]

i still find that reasonable than the joke of a broadband offered by BSNL/ India. We have a 2 Mbps link with a cap of 400MB datacap, and if you exceed the base limit - you are charged 25 cents an MB! and rack up 15-20 dollars suppose you download the ubuntu ISO. Of course, the package is very cheap at 6 dollars.

512 kbps unlimited bandwidth goes for 50 dollars and 256 kbps for abt $25. i know, kinda sucks, but its getting better all the time. a few years back, many villages that did not see any kind of conne

possibilities

[rgiskard01]

As a recent convert to google apps, this is very interesting. I have/still have all the concerns about my privacy, but the offering was too tempting to pass up. Of course I use the Firefox Customize Google add on, but also don't really put anything sensitive up there. If they build it right, it could be very nice. I've tried all the online backup apps, and outside of Mozy, don't really like any that much. But I'm now all Linux, so Mozy is no longer an option. Anything that competes with Microsoft is a

Re:

[gbjbaanb]

FTA:

The Mountain View, Calif., company plans to provide some free storage, with additional storage allotments available for a fee

Sounds exactly like Mozy [mozy.com], but with mozy you can excrypt everything with your own key, makes uploading no different but you have to decrypt any restored files yourself. Somehow I cannot see Google doing this as they'll want to use their technology to keep a single copy of a file on their servers if several people upload the same one.

I'm not sure how they'll manage to slip adverts in either, maybe you'll only be able to access file restores with a web UI?

So, all in all, Mozy is better. Now we all need t

Re:

[TooMuchToDo]

I've tested Mozy and MozyPro. All in all, my experience has been so so. I'd definitely use it for small clients, but not in an enterprise situation.

Re:

[gbjbaanb]

I don't use a Mac, but it's always worked for my home PC. Perhaps 2Gb per file is past some limit and I'm not sure you'd want to use it for such very large files. Here, you're better off with a networked/external drive (or even a DVD-RW).

Try telling the Mozy people.

Re:

[CdBee]

Mozy's a joke - if you want online backup, JungleDisk ($20, one-off) plus Amazon S3 ($0.18/GB/month) are the way do store a 2gb file easily and safely

Probabilities

[Anonymous Brave Guy]

I have/still have all the concerns about my privacy, but the offering was too tempting to pass up.

And that is why things in today's database-driven, surveillance-obsessed society are going to get very much worse before they get better.

It's quite sad that even after the big leak here in the UK last week, things have gone quiet on the political front and there isn't a sustained media attack on our underpowered privacy and data protection laws.

BS Post

[smittyoneeach]

Storin' those data
To network platta
Drive image good
As face image could
Burma Shave

Thin client

[mrbill1234]

Thin client computing is on its way back - like it or not.

Though nothing new, this is a great idea who's time has finally come - particularly for people with mobile devices connected to wifi hotspots - both of which Google has been investing in.

Re:

[Anonymous Brave Guy]

Thin client computing is on its way back - like it or not.

Why? What advantage does using all these on-line services actually offer me as the end user? How is this service better than my own hard drive (or having a remotely accessible server set up at home that I control)? How are Internet-based applications from the likes of Google or Salesforce.com better than installing software locally in any technical way?

All these services are basically just playing on the convenience of using a remote service, and that in turn is only relevant because of the absurdly awk

Re:

[mrbill1234]

1) Most people don't have the technical savvy or the desire to setup a remotely accessible server, let alone have the headache of backing it up and keeping it operating.

2) This is not a technical issue, but rather one of convenience. You can iron your own shirts too - and loads of people do, but loads of people pay someone else to do their ironing too. I'm not saying that Thin Clients will take over, but they will have a fair share of the market.

3) Yes there are risks with an online provider, but hey,

Re:

[igb]

What advantage does using all these on-line services actually offer me as the end user?

If you do all your computing in your proverbial mother's proverbial basement, and that basement happens to be a disused Minuteman silo, then what you say is true. But just as I want to be able to access my home directory whichever of my employer's offices I'm in, and I've been in them on three continents, I'd quite like to be able to have my private (home home?) directory available wherever I am. And my email. And m

Re:

[TooMuchToDo]

You're solution sounds excellent. Can you provide any details on the WebDav part of it?

Re:

[igb]

I've just got a lump of space on a whitebox PC (mirrored disks with ZFS on Solaris 10, but others will prefer Linux) served up with the Apache WebDAV module (which ships with Solaris). Were I really paranoid I'd create a zone to run the web server in, but as things stand it's not running as root and I'm reasonably comfortable with the security as it stands. The authentication is standard Apache, but I've forced all access to the directory to be via https to avoid sniffing (the data centre is actually a Un

Amazon S3

[NickCatal]

I already do this a bit with Amazon's S3 storage system. It is really nice being able to store files anywhere and paying all of $0.03/month for it.

But hey, I'll take free any day.

On a somewhat related note: It would be great if Google bought the LexisNexus people. Having public access to their database would be a great public service.

Re:

[Jon_S]

But will gFiles (or whatever) work with rsync. No rsync with S3 is what is holding me back from that.

Re:

[NickCatal]

rsync doesn't work with S3, but s3sync [s3sync.net] does

Re:

[leoxx]

There is also duplicity [nongnu.org].

Re:

[CdBee]

if you use Jungledisk to create a r/w (via webdav) filesystem on S3 you can rsync against that trivially

Re:

[Jon_S]

If you check the linux forums for Jungle Disk, there are lots of people having problems with the rsync over an S3 bucket mounted through WebDAV. The problem seems to be in the webdav implementation, but its a problem nonetheless.

But I hadn't found that s3sync before. That sounds like it would do the trick. Thanks Nick for the tip.

Now my only problem would be the lousy 256 kbps or whatever uplink I get with my Verizon DSL. I wouldn't mind the slow uplink but saturating the uplink also saturates the downl

Re:

[caluml]

I wrote a little version of something like this. Java + Fuse = mountable filesystem that is accessed via a process. Copying files to it encrypted, uploaded it, and made a note of it in a SQL table. Listing was SELECT filename FROM files;, and you could copy the files back from it. Worked fine.

Re:

[aengblom]

Google buying LexisNexis wouldn't really do you much good. If Google bought -- and opened up to the public -- LexisNexis, most of the content providers would quickly drop out of the service (or significantly hike their rates) since Google would essentially be selling their content to their audience.

In other words, Google now has to come up with and payo ut the revenues of LexisNexis' 32,000 sources to keep the service together.

If you're not aware, that's a lot.

User-centric Encryption needed

[mwilliamson]

Google needs to incorporate encryption with keys totally held and managed by the end user in such a way that even if Google is subpoenaed or shown national security papers, Google would be technically unable to access end-user's data. Another words, at no time should Google have access to any of the user's cleartext nor the user's secret key. Decryption would all be client-side. A subpoena or national security letter would have to go directly to the end user who would then at least know they are being served.

Re:

[BlueParrot]

Technically they don't actually need to implement any form of encryption other than SSL for the transfer. There's already plenty of tools arround for users to encrypt their files, and truecrypt can even create an entire filesystem inside a single encrypted file. Thus all google really needs to do is to not prevent users from uploading files they have encrypted themselves. The client-side tools already exist, no need to reinvent the wheel.

Re:

[mwilliamson]

good point...this would be useful in finding the "container within the container" technique used in truecrypt. The national security letter would be written in such a way that the drives themselves would be monitored at a low enough level to confirm the probable hidden container. Of course, with GFS spread across multiple drive arrays connected to multiple servers connected to multiple data centers residing in multiple countries, it would be a real bitch to implement.

Re:User-centric Encryption needed

[Zarhan]

Not gonna happen.

Their business is advertising.

So, they will be reading through your documents so they can put up some ads when you are browsing your files online. Putting your home finance excel sheet to gDrive? Be prepared to see TaxPlanner ads on the sidebar. Putting your holiday photos to gDrive for backup purposes? They'll probably go through the EXIF data and send you ads about latest Canon products (or whatever your camera model is).

Re:

[Anonymous Brave Guy]

Not gonna happen. Their business is advertising.

Sorry, I've posted in this thread already so I can't mod you up. But your post is right on the money. All these people talking about encryption are forgetting that storing the data in an independently encrypted way simply isn't in Google's interests. And if people start encrypting everything themselves, as any smart user of the service clearly would if they used it at all, then Google will either find ways to link those users to other services so they can guess which profitable ads to include, or they wil

Re:

[jfuredy]

Sorry, I've posted in this thread already so I can't mod you up. But your post is right on the money. All these people talking about encryption are forgetting that storing the data in an independently encrypted way simply isn't in Google's interests. And if people start encrypting everything themselves, as any smart user of the service clearly would if they used it at all, then Google will either find ways to link those users to other services so they can guess which profitable ads to include, or they will simply cancel the service if it isn't making money and isn't leading to something else they do making money.

It may be true that Google wants to be able to read your data to serve ads, but the real question is, how many people would actually use it on all of their data? And will Google go out of their way to prevent encrypted data uploads for the small percentage of intelligent and vocal users who want encryption? My bet is that they don't provide encryption, but that they don't prevent it either.

Re:

[DrCode]

Very true. So if they see that you're carrying on an affair, they not only can send you advertising for "discrete" hotels, but they can give your spouse ads for private investigators.

Re:

[The Famous Brett Wat]

Contrary opinion here.

• Most people won't encrypt when given the option to do so, because encryption requires keys and keys are inconvenient. Laziness wins, so Google won't lose significant ad revenue through offering the possibility.
• They already offer things like POP service on Gmail which performs an end run around ads. They are introducing IMAP as well, which is worse from a simplistic ad revenue perspective. Google are not as blinkered by revenue prospects as you suppose.
• Having refined the service on a v

Re:

[crt]

That's what makes a solution like Amazon S3 [amazon.com] with Jungle Disk [jungledisk.com] appealing - your data is encrypted transparently before it leaves your machine with a personal, private key, and no one (Amazon included) can access it.

It's doubtful that Google or most other online storage provides will offer that however - they want to tie your data to their applications (e.g. edit your documents online, share your files through their web site) - and that just doesn't work if they can't read your encryption.

Encryption method?

[BlueParrot]

What kind of encryption would you use for this?

The most secure would be to store a single large archive of all your files encrypted with a strong cipher, but that has the disadvantage that you have to download it all to decipher it.

Alternatively you could encrypt each file separately, which would speed up access considerably, but also leak more information about what you are storing (i.e many small files vs one big one ).

I guess if the data is sensitive enough to require the former type of encryption you shouldn't transmit it over insecure connections to begin with...

Re:

[mwilliamson]

There is no need to decrypt the entire file to be able to use it. You can design a file system so that only the blocks needed are decrypted and you can basically use the file system just like a live file system with the crypto layer keeping it all very much transparent. Using Google's online file storage in such a way that you could mount it like a drive, then sticking a truecrypt [truecrypt.org] container in it would give the desired effect of my previous post.

Re:

[Poromenos1]

Personally, I'd use the OSS gDrive file manager that will be developed, which will in all probability GPG encrypt each file before uploading and decrypt after downloading, rather transparently. It might even go one step further and assign random filenames to the files while keeping an encrypted lookup table to the original filenames so it can display them to you.

Re:

[MoralHazard]

Or, you could use per-block encryption to allow random seeking on file access operations, with block granularity. You might think that block granularity isn't true random access, but it's what hard drives do (you have to read/write from the drive in terms of 512-byte sectors, not individual bytes).

This method has a side effect of reducing the amount of side-channel information that a server-side spook-installed tap can gather. He'll see your access patterns, in terms of whether you're reading and writing

A very old idea

[Rob T Firefly]

This shouldn't be a surprise to anyone. It's Google, and it's one of the oldest ideas on the Internet which they haven't yet done; before the dot-com bubble burst there were at least half a dozen sites that claimed to provide an online "drive" of sorts - X-drive and E-drive are ones that come to mind, I think they advertised on the radio. Going further back, I remember using an online storage service on CompuServe in 1995 or so.

TrueCrypt support would be tasty!

[Jugalator]

Hmm, if Google's encryption plans are lacking, how about a mountable GDrive in TrueCrypt, popping up as a partition with the traditional encryption methods of TrueCrypt? :-D

:-------D

OK, so that was last part was really unnecessary, but still...!

Name Suggestion

[HangingChad]

I suggest calling it gPorn, because you know that's what's going to be on there.

baby photos

[MikeFM]

I have a similar service in development. I expect porn to be a pretty popular use but I think the real area money will be made is in backing up people's photos and home movies. The average parent (and grandparent) has switched to digital photos and movies but doesn't have the know-how to properly safeguard these personal treasures. With our service all the user has to do is come to our website and log in and their photos and movies are indexed and backed up for them.

The file sharing abilties will no doubt h

I don't get it

[jav1231]

Haven't we the public shown that we don't want our data online this way? And they pursue it anyway. You hear all of these reports about Google becoming the next Microsoft. This sounds very Microsoftish.

Re:

[LWATCDR]

Flicker, YouTube, Gmail, Hotmail, Yahoo briefcase....
The public has show that it loves putting its data on the internet.
Hack I use gmail/yahoo mail for backups. I just email files that I want to backup from my gmail account to my yahoo account. Instant redundant off site backups.

Re:

[CdBee]

Speak for yourself

Web apps like google docs and gmail are great as now I can have all my wordprocessing and spreadsheets accessible from any compliant computer, and from my laptop and desktop without sync issues. Nothing confidential goes into it, but for everything I'm not sensitive about its fantastic

Likewise online storage. I'll use it to back up any files i wouldnt care if the word saw, like my old holiday photos, my mp3s, maybe some downloaded video if usage allowances permit. Presently my photo

Re:

[pembo13]

Haven't we the public shown that we don't want our data online this way? And they pursue it anyway. You hear all of these reports about Google becoming the next Microsoft. This sounds very Microsoftish.

Not sure that it sounds Microsoftish. But while Slashdot may have shown that they don't, but the typical internet user seems to love to store every bit of their life online.

Already Done it;s called Amazon S3

[bangzilla]

Amazon has been doing this for ages - very well I might add. What does Google bring to the party. Advertising? Big whoop. I like the privacy of my data. I don't want Google scanning my data as it scans my email. That's taking things just too far. What next? Google coming around to my house to check my desk draws.....?

Re:

[yoduh]

While I love S3, its not for the common person. If Google used an S3-style system as a good backbone and added a few very usable features it would be an improvement. I like the power of writing my own scripts and controlling what I send to S3, but I'd like to have more power to see what is in my buckets. I can do list command, but I'd like to know sizes and dates and to be able to query that information easily. Even just view it in a web control panel just to grab a small file from it.

Re:

[TooMuchToDo]

So Google should do S3, but give you the convenience of a web interface as well as the power of an API? By god! I think it's possible! =)

Sorry, it's been a long day ;)

Re:

[TobyRush]

If Google is intending this service for online storage of personal information, I don't think it's going to succeed... people use Facebook for that sort of thing.

Re:

[pipatron]

On the contrary.

I've long been planning to put my most personal and important data on Google's servers, using the already existing gmailfs. Using good encryption, of course, which you really should use on local storage as well, if there's even a slight chance that it might get physically stolen.

Using this would give me a very cheap (actually free) off-site backup, so I know I can still retrieve my stuff even if my house burns down, or if RIAA sends the police to get my computers...

Re:

[StankDawg]

The RIAA wouldn't need to send the police for your computers since they can subpoena Google to get the evidence that they need. They do that for search queries now. Uploading your personal data gives law enforcement one stop shopping to your information. A "portal" to all of your personal information. How convenient...

Re:

[TheRaven64]

Which is why the grandparent mentioned strong encryption. How they get the data is irrelevant; they still need to get the keys from you, either via installing spyware or using something like RIPA to make you tell them.

Re:

[TooMuchToDo]

If Google has your data, they have enough horsepower to break everything but the toughest ciphers. Aren't distributed systems what they do best?

Re:

[TheRaven64]

Do you really think Google has enough computing power to crack 128-bit AES? To crack a symmetric cypher, on average, you need to search half of the key space. That means you'd need to search 2^127 keys. My 2GHz Core 2 Duo can (according to openssl speed aes) do about 40,000 1024 byte blocks per second. In one year, it could do 1.3x10^12. If you had a compute cluster composed entirely of machines of this speed, it would need a shade under 1.3×10^26 machines to be able to crack a single AES-encrypte

Re:

[Glonoinha]

"256-bit encryption ought to be strong enough for anybody." - Glonoinha '07

Some of you laugh because you think it is true.
Some of you laugh because you think it is false.
Some laugh because you remember BillG saying the same thing about 640k.
And very few of you laugh because you know what I know, but none of us will actually admit it.

Re:

[caluml]

Assuming that brute force is the way to go. Which I think you've explained quite well that it isn't.
Maybe the key in AES256 is divulged a bit at time, in the 95101924th bit, the 814255525181th bit, etc.

Re:

[trianglman]

A back door in AES would have been found by now. There are enough brilliant security experts hacking on the big public schemes, with full access to the algorithm (it is open source after all), that something would have been found by now. The only weakness known in AES is weak passkeys.

Locking your files with the password "12345" is about as brilliant as it has been [imdb.com] for the past 20+ years.

Re:

[pipatron]

Actually, by personal data I don't mean the heaps of movies and music that I've been downloading from the internet... ahum.. I mean linux distributions. More like pictures I've taken, source code I've written, and in general, things I can't download again from the internet.

RIAA would of course want to believe that it contains their precious Imaginary Property, but since it's encrypted, they could only guess.

Re:

[utopianfiat]

second dupe.
and it's already been done- 1GB of storage on Gmail? This is why Zonk is unchecked in my "show stories from" dialog.

Re:

[simcop2387]

if you're not seeing his stories, how'd you know to come here to comment?

Re:

[mwilliamson]

Just create a RAID set with Google's online competition who will certainly all step up to the plate.

Re:android

[4D6963]

Any android device can be a 'dumb' terminal for your data.

Excuse the necessary pedantry, but do you realise that something cannot be a "dumb terminal for data", and that it's quite an insensible way to formulate it regardless of what the term "dumb terminal" actually means? Are you aware of the fact that "dumb terminals" involve remote processing, and not mere access to remote data? I just had to clarify this, as people keep talking about dumb terminals and thin clients as it actually has little to do with the topic at hand.

Re:

[gentlemen_loser]

What is really interesting is that Google could, in theory, link duplicate files. For example if 10,000 people have the Will Farrel "SNL/Blue Oyster Cult" video in their storage area, Google could soft link to just one copy and break the link if one particular user ever edited it.

Or if the RIAA or MPAA deem you to be in position of copyrighted material or ...