Forgot your password?
typodupeerror
Data Storage Encryption Privacy The Internet

Online Storage With a Twist 268

Posted by timothy
from the wiseacres-will-volunteer-to-store-porn dept.
mssmss writes "For a long time, I have been looking for a way to securely store my files online without being tied to a single vendor — whose survival my storage depends on. It looks like Wuala has a way to do this, according to this story in the Economist. They use donated disk space of users to scatter your encrypted files over multiple computers."
This discussion has been archived. No new comments can be posted.

Online Storage With a Twist

Comments Filter:
  • Nice idea (Score:5, Interesting)

    by Hyppy (74366) on Thursday September 11, 2008 @01:59PM (#24965751)
    It's like RAID for online storage.

    Sounds great, but what happens when a massive worm outbreak occurs?
  • No thanks... (Score:5, Insightful)

    by KGIII (973947) * on Thursday September 11, 2008 @02:02PM (#24965797) Journal

    I don't think I want to be liable for the data that someone puts on my PC should the encryption ever be broken.

    • Re: (Score:3, Insightful)

      by CogDissident (951207)
      Yeah, I can see the government not being particularly forgiving if that chunk of data on your harddrive happens to have childporn or something on it.

      "No, really your honor, it wasn't my data. I was just sharing storage space with people online." Is not going to fly in court.
      • Re: (Score:2, Interesting)

        by geekmux (1040042)

        Yeah, I can see the government not being particularly forgiving if that chunk of data on your harddrive happens to have childporn or something on it. "No, really your honor, it wasn't my data. I was just sharing storage space with people online." Is not going to fly in court.

        Or, perhaps having this particular software on your computer could actually create the reasonable doubt you require to protect you? Think about it.

        • Re: (Score:3, Funny)

          by darkfire5252 (760516)

          Or, perhaps having this particular software on your computer could actually create the reasonable doubt you require to protect you?

          Exactly. That's why I make it a policy to run an open wireless access point.

      • Considering the fact that their server is based in Germany, and one of the "features" listed is

        You can also easily share part of your files with friends, family, and co-workers.

        I'm sure the government, police and the German version of the RIAA/MPAA could quickly make this site/server both less secure and less permanent.

        My general advice would be not to store any important files online because being online is inherently insecure. Important files can be stored in a safety deposit box at a bank (a more traditional and secure approach). For temporary and remote access of files that one may n

      • Re:No thanks... (Score:4, Insightful)

        by Timothy Brownawell (627747) <tbrownaw@prjek.net> on Thursday September 11, 2008 @02:45PM (#24966593) Homepage Journal

        Yeah, I can see the government not being particularly forgiving if that chunk of data on your harddrive happens to have childporn or something on it. "No, really your honor, it wasn't my data. I was just sharing storage space with people online." Is not going to fly in court.

        Even if you can point to the company's website "see, I was using this, ask them if I had any way to know what they put on my computer"? Especially since they must have some sort of index saying what they stored where, so you could ask for the relevant part of that.

        The real issue isn't what would work in court, but what the media or HR people would do even without a conviction.

        • Re: (Score:3, Informative)

          by TooMuchToDo (882796)

          The real issue isn't what would work in court, but what the media or HR people would do even without a conviction.

          Don't think for a second that this is up for debate. You'll be publicly shunned and humiliated for a long time to come even if the charges are dropped or your found innocent.

      • by billcopc (196330)

        The sad thing is we all know CP freaks would totally (ab)use this service, tainting it for everyone else.

        Me, I'd actually like an unencrypted alternative. As a sysadmin, I want to know what's being stored on my disks, and if I disapprove I should have veto powers over who stores what. If I find questionable material, I delete it and ban it from my system. Given the (presumably) large number of hosts, the sender will be able to find a more friendly home for their files, and I don't get my hands dirty.

      • by EWAdams (953502) on Thursday September 11, 2008 @03:52PM (#24967629) Homepage

        The only disk space I would be comfortable donating to this would be on a Truecrypted drive, so even if someone cracks their protection, it's secondarily protected by mine. If the cops seize my drive, they find nothing.

    • I don't think I want to be liable for the data that someone puts on my PC should the encryption ever be broken.

      Yeah, but I assume that you would be anonymous to others who are storing their data on your disk. Unless of course the DOJ sends them summons.

      Anyway, from my understanding not all the information gets stored in one disk. You'll at max get a sixth.

      • Re: (Score:3, Insightful)

        by thermian (1267986)

        I don't think I want to be liable for the data that someone puts on my PC should the encryption ever be broken.

        Yeah, but I assume that you would be anonymous to others who are storing their data on your disk. Unless of course the DOJ sends them summons.

        Anyway, from my understanding not all the information gets stored in one disk. You'll at max get a sixth.

        And you think that'll help? No way. If they catch you with even a suspicion of child porn on your pc, you are absolutely screwed.

      • by KGIII (973947) *

        1/6 of a collection of photographs would be more than enough I suspect. The risks don't, in my mind, cover the potential benefits. I use a tertiary backup method with one of the backups being off-site. It is not perfect but it ensures minimal risk of data loss. If I were less lazy about it I'd be even more happy but losing a couple of gigs of trivial data because of a hardware failure and my laziness is an acceptable risk to me.

        • Re:No thanks... (Score:5, Insightful)

          by denmarkw00t (892627) on Thursday September 11, 2008 @02:33PM (#24966381) Homepage Journal
          In a distributed system of file chunks, you would never have access to what those chunks make up unless it is YOUR data, so I think its actually a lot safer than you think. In a system like this, all you're storing for other people is essentially random chunks - it would be very difficult to prove in court that you in fact were aware of the content this data belonged to and that you willingly supported a criminal.
    • by apankrat (314147) on Thursday September 11, 2008 @02:15PM (#24966045) Homepage

      > I don't think I want to be liable for the data that someone puts on my PC

      I don't want random people's data on my disk. Period.

      I was a beta tester for Wuala and the lack of access control to my donated disk space was the biggest issue. I talked to their CTO and suggested to have an option of donating the space to specific peers only, which should've not been hard to do given they have the social grouping support in place already. He didn't see an issue with wildcarded access though, so they were not planning (nor in fact did) anything about it.

      • by lysergic.acid (845423) on Thursday September 11, 2008 @03:13PM (#24967091) Homepage

        that sorta defeats the purpose of having a shared online storage network. if everyone wanted to have total control over the space they donate, then instead of having one large public pool of online storage to be shared by everyone, you'd just have a bunch of small fragmented storage spaces or a bunch of disconnected groups of 5-6 people sharing a few gigabytes of storage. if that's the case then you might as well just call up a few of your friends and ask each other to hold onto your files for you.

        the point of Wuala is so that they let you store whatever you want on the space they donate, and you let others do the same. it seems like a fair trade to me. obviously, if you don't want to share your disk space with strangers, then this service isn't for you. just build a RAID array.

      • Re: (Score:3, Insightful)

        by Danathar (267989)

        That's the thing with social/cpu/storage collective software...

        You have to PARTICIPATE in order to get the benefits.

        If you don't want to share, then nobody wants to share with you!

    • Re:No thanks... (Score:5, Insightful)

      by Hyppy (74366) on Thursday September 11, 2008 @02:17PM (#24966067)
      Or, what if you're in the U.K.?

      Police: "We want your encryption keys"
      Joe: "I don't have them, they're not my files!"
      Police: "Think it over in solitary confinement."
      • by KGIII (973947) *

        I wouldn't be at all surprised if various governments actually tried prohibiting some (lawfully prohibited) uses of encryption for private citizens. I even worry that today's mindset of the average person I come in contact with that they'd succeed at such.

  • by oahazmatt (868057) on Thursday September 11, 2008 @02:04PM (#24965833) Journal
    I don't know why, but I really don't like the idea. Even on Google Docs I only put up things that I'm perfectly willing to have comprimised. The idea of having an intermediary overseeing any of my data just encourages me to go out and by an external drive or two.
    • Re: (Score:3, Informative)

      by Oxy the moron (770724)

      The idea of having an intermediary overseeing any of my data just encourages me to go out and by an external drive or two.

      Where do you store your external drives? If it's your personal items you're referring to, you probably keep them in the same house as your computer. Not much of a backup in the event of a fire/tornado/flood/etc. If it's for a business, unless you have offices in multiple locations, you probably keep them in the same office. So now if someone breaks your office's physical security, they have access to your backups as well.

      I understand where you're coming from; it's difficult trusting someone to not abuse

      • Re: (Score:3, Interesting)

        by FictionPimp (712802)

        I have a agreement with a family member. I provide them a ssh account on one of my machines with 2TB of storage, they do the same for me. Then I use rysnc to backup my data into an encrypted volume.

      • by billcopc (196330)

        I hear these arguments all the time... how everyone should have offsite backup.

        What I want to know is: How often does your house burn down ?

        There is a very small quantity of data that I consider priceless, and even then I could survive without it. It would suck ass, but my heart isn't going to stop. I certainly won't jump off a bridge if I were to lose my MP3s or a bunch of movies. Pictures can be archived to disc, as well as my own works like audio masters and code. If I ever come across something that

    • That defeats the whole point of remote storage though. What if your house burns down/floods/gets robbed? It's the Paranoid's Folly: keep all your eggs in one basket, or store them where you can't always seem them?
    • by Sancho (17056) *

      That's why you use encryption. Just about any online backup host that doesn't care which files you send them will work with encrypted files. Encrypt before you send it over. It's really quite simple.

      You lose some degree of delta-syncing, if you're doing something like that. You obviously can't send only the changes to a file unless you're doing the encryption remotely (which has some security implications.)

      My backup scheme makes use of remote and local storage: encrypted backups to a remote host, and lo

  • by Duncan Blackthorne (1095849) on Thursday September 11, 2008 @02:06PM (#24965889)
    It's a nice idea for a perfect world, but we don't live in a perfect world therefore I see several potential problems. One is that like with Tor [torproject.org], anyone at the end-point could be monkeying with the system. In this case someone could manage to crack the encryption scheme used, and access people's private data. Another problem I see is that if someone is using a service like this to store copyrighted data (mp3's, DVD rips, etc) then, encrypted or not, innocent disk-space-contributors could be implicated in civil or criminal proceedings. Also, some people have bandwidth caps on their internet connections, and even those who don't aren't necessarily going to be happy with our bandwidth being used; I suppose though that if their client software allows bandwidth limiting then it wouldn't be much of a problem. A question I have about this: is there redundancy? What if all or part of a file you're trying to retrieve is on a remote system that's offline?
  • by houstonbofh (602064) on Thursday September 11, 2008 @02:07PM (#24965891)
    "For a long time, I have been looking for a way to securely store my files online without being tied to a single vendor â" whose survival my storage depends on."

    And when the master server that knows where all those little pieces are goes down, you are still without your data.
    • by fuzzyfuzzyfungus (1223518) on Thursday September 11, 2008 @02:19PM (#24966115) Journal
      It's a pity, a truly distributed system could certainly be built, and it would look similar in many respects to this one. I suppose Wuala has no real incentive to build a system that doesn't need them, though.
      • by Carnildo (712617)

        It's a pity, a truly distributed system could certainly be built, and it would look similar in many respects to this one.

        There is. It's called "Freenet".

    • by cizoozic (1196001) on Thursday September 11, 2008 @02:25PM (#24966219)

      And when the master server that knows where all those little pieces are goes down, you are still without your data.

      Thank you! What do we have for our winner?

      When I started reading TFS I assumed it was going to be some kind of distributed free storage service, that simply stores a copy of each file on multiple free online storage sites. As far as I'm concerned, this instead rates last after single service with a good backup plan and backing it up yourself. /vertisement much?

    • by steelfood (895457)

      Without a master server, you're basically looking at freenet. And uh, we know how well freenet works.

    • You don't need a "master server". There are lots of ways to get around this. One is to simply ask where your data is. Ask 10 other machines "Have you seen data item 45635? they in turn ask 10 other machines in about ten cycles every machine in the system has been quarried. This could work but would be a massive waste. But what if each machine cached it's queries? Then most could be answered without sending a message.

      This is how DNS works. I ask my local DNS server "What is the IP address accociated

      • by imsabbel (611519)

        Well, of course you could do stuff like that.
        In fact, you could use Kdemlia or some other distributed hash system.

        The point is that these people want a hierarchical system..

  • Hmmm.... (Score:5, Interesting)

    by Facegarden (967477) on Thursday September 11, 2008 @02:07PM (#24965897)

    Hmm... sounds good. I'll donate 2TB of space each from multiple computers at different locations and between all of them i'm bound to have two critical pieces of your files, then all i have to do is shut them all down! Muah haha haaaa!

    And actually, what would happen if a major disaster shut down all the PC's in a major metropolitan area? Does the service provide enough redundancy that even if everyone in silicon valley went offline, my files would still be safe? I'd rather know where my data is.

    Also, slashverteisment? The concept is interesting but the story doesn't bring up the more interesting issue of privacy, it seems like just an ad.
    -Taylor

    • Re: (Score:3, Insightful)

      by spacefight (577141)
      RTFA There is redundancy for just that reason.
      • Re: (Score:3, Insightful)

        by Whatanut (203397)

        He didn't ask if there was redundancy. He asked if there was "enough" redundancy. How many nodes going down does it take before the system/data is crippled?

        • At least, they're having another copy of your files on their servers. So when their P2P network goes down, they'll revert back to a traditionial online storage mode...

          What about the availability of my files?
          We can't give any guarantees or service level agreements at the moment. Instead, we offer you our promise that we will do our best to make sure your data is always available. Your encrypted files are stored redundantly on our servers so that even if a server crashes, they can be resurrected. Encrypted

      • by Thelasko (1196535)
        You bring up a good point about redundancy. In order to have one copy of my data on this system someone else needs to donate an equal amount of space. But the article says:

        That is an amount of data equivalent to six versions of the original file

        Therefore, someone else would have to donate six times as much data as I need stored. For this to break even I would have to donate 86% of my hard disk to backup 14% (including system files that probably don't need to be backed up). I don't think people will go

    • I'll donate 2TB of space each from multiple computers at different locations and between all of them i'm bound to have two critical pieces of your files, then all i have to do is shut them all down! Muah haha haaaa!

      Your argument is that if the system were poorly designed then it might fail. Well "duh"

      What if the files was distributed such that each block is stored in three places over a diverse set if IP addresses and then on top of that we compute a checksum block by taking the exclusive or (XOR) of each

  • I like the idea in theory. P2P storage, very nice.

    Except that it relies on sucking up somebody else's bandwidth, which may or may not be saturated as they are torrenting pr0n and/or playing WoW.

    And it relies on hard drives that will sometimes unexpectedly get wiped from time to time, completely without notice and beyond my control or knowledge.

    And except that someday, inevitably, somebody will break the encryption and will have access to pieces of my stuff.

    And except that isn't this pretty much what Freene

  • Bittorrent (Score:3, Funny)

    by robo_mojo (997193) on Thursday September 11, 2008 @02:09PM (#24965955)

    They use donated disk space of users to scatter your encrypted files over multiple computers.

    So they use Bittorrent?

  • Even though you don't want to tie yourself to a single vendor, that's still exactly what you're doing.

    Just ask yourself: If Wuala goes under, how will you get your data back?

    It doesn't sound like their client application does all the distribution itself, but rather everything is funneled to and from a central server that tracks the scattered data and makes sure enough mirrors are maintained for reliability.
    =Smidge=

  • Do the math.... (Score:2, Interesting)

    by cptdondo (59460)

    If my system is part of this network, then...

    I have a 1KB file that I want to store. So I send it up to the cloud. It gets stored as chunks that take up 6KB...

    Now if I participate in the cloud, I need to offer up 6KB of storage.

    Hmmm..

    RAID6 needs less than 50% redundant drives. This stuff needs 600% redundant storage.

    The storage needs don't add up, except in specialzed situations. Let's say I have information I don't want anyone to find if they steal my computer. I put it up there. But if it's so sensi

  • Freenet (Score:4, Insightful)

    by Danny Rathjens (8471) <slashdot2@raTEAthjens.org minus caffeine> on Thursday September 11, 2008 @02:16PM (#24966063)
    Encrypted distributed donated storage sounds a lot like Freenet. [freenetproject.org] :)
  • Oh joy. (Score:4, Interesting)

    by R2.0 (532027) on Thursday September 11, 2008 @02:23PM (#24966181)

    Step 1: Joe pervert is busted (legitimately) for kiddie porn. It is determined he stored some of it with this service.
    Step 2: Service is subpoenaed, and they give out all the user info for all the places where the bits of the files are stored.
    Step 3: Arrest hundreds of people, declare a major kiddie porn ring busted, receive promotion.
    Step 4: GOTO Step 1

  • by Skapare (16644) on Thursday September 11, 2008 @02:24PM (#24966189) Homepage

    I have more than twice that number of files on my 8 external hard drives.

  • Nice idea, but no thanks now that my use is capped thanks to comcast.

  • by Yvan256 (722131) on Thursday September 11, 2008 @02:32PM (#24966361) Homepage Journal

    I have a home business. So, for safety, I always keep one copy of my data at work and one at the office.

    Oh wait.

  • For all the downsides already listed, isn't this idea exactly the same as FreeNet? You'll have someone else's sicko illicit p0rn on your system, while someone else is trying to crack the encryption protecting your bank records. All until the indexing scheme breaks, in which case nobody can retrieve their files.
    • while someone else is trying to crack the encryption protecting your bank records.

      What, with a couple of percent of each file? And not "bytes 300 to 1900", but a couple of percent of a polynomial function describing all the bytes in the file.

  • Churn is your enemy (Score:4, Interesting)

    by mcorner (168581) on Thursday September 11, 2008 @02:45PM (#24966601) Homepage

    On paper it is mostly a great idea.

    We had a paper on some tricks to play in file systems to make it perform better:

    http://prisms.cs.umass.edu/mcorner/papers/fast_2007_tfs.pdf

    But when you get down to it, churn is your biggest enemy. If you look at the rate at which people join and leave p2p networks, the amount of replication you need to do can use a lot of bandwidth. Every time a user quits (or drive crashes etc.) all of the data they were storing for others must be replicated again. If they aren't available online for a while you have to assume they have left the network and replicate proactively. See the paper for a few sample calculations based on the churn found in systems like kazaa and skype.

    -M

  • Freenet has been doing this for years. Basically all it is is a distributed, encrypted filesystem with some HTTP front end.

    That's a ridiculous oversimplification, but that's how it works to the user.

  • Bit Torrent Scenario -> 1. File 86 % complete and no other seeders. Stuck for 5 days ! Dang !

    Wuala Scenario -> 1. Stored Large File.
    2. Want to download file.
    3. File 86 % complete and no other seeders. Stuck for 5 days ! Dang !

    Possible ?

  • If the data is scattered among many computers, it won't do you any good (or get you any excitement) to store a few blocks of porn. At best you get a few pixels, and you probably won't even know WHICH pixels they are supposed to be, seeing that they are supposed to be encrypted.

    Next time, pick something like "Will-trade-blocks-for-food" or something like that.

  • I prefer my online storage on ice, not with a twist.
  • by SiliconEntity (448450) on Thursday September 11, 2008 @03:07PM (#24967005)

    I would recommend taking a good look at Tahoe [allmydata.org], from allmydata.org. This is an open source project that uses a conceptually similar file dispersal system for backup, but it has been designed and reviewed by expert cryptographers. There is also a commercial version available at allmydata.com [allmydata.com] which has generously sponsored the open source project. Tahoe is working on Windows, Mac, Linux and other Unix style systems.

    Tahoe does have a minimal dependency on a central server to first learn about the peer nodes that hold data, but only for the initial callup - once the client is running, it remembers all the peers it is using. And they are working towards eliminating even this dependency with "gossip" introductions, so if you can connect to any peer you can learn of all the others. Everything is cryptographically protected with encryption and signatures to make it effectively impossible for anyone to see the contents of your files without your permission.

  • Just the perfect thing to store my collection of M. Night Shyamalan [wikipedia.org] DVDs...

The 11 is for people with the pride of a 10 and the pocketbook of an 8. -- R.B. Greenberg [referring to PDPs?]

Working...