The Cloud is looming large, offering us ways to store and share our data in ways that were never before possible. We can effortlessly share our documents and photos with our families and friends, while maintaining control over their spread using powerful granular privacy controls. But it’s quickly becoming clear that the cloud isn’t ready for us. Because the services we rely on are letting us down with a frequency that is simply unacceptable.
I’ve been putting this post off for a while, mostly because I didn’t want to point to a single breach and call it a trend. But in only the last two months, we’ve covered at least three major web services that suffered security lapses tied to software bugs or scaling issues. In our posts covering these problems, one of our commentors will inevitably say something along the lines of, “that’s what you get for uploading your data to X service“. And the more problems I see, the more I’m beginning to agree with them.
For a recap, let’s revisit some of the problems we’ve recently seen.
In March I wrote about a bug in Google Docs that would share your files with people whom you’d never given access to. Granted, it would only share these files with contacts you’d previously interacted with, and not the entire world, but this did little to ameliorate the issue – in some cases it would be better to share a supposedly private document with a stranger than a coworker.
Two weeks later, we were alerted to a bug on Facebook that would allow users to circumvent any ‘limited profile’ lists they’d been placed on by their friends. For example, if you had placed your boss on a ‘Limited’ profile list so they couldn’t see your latest party photos, they’d be able to get around it. This ‘exploit’, if it could even be called one, was so easy to carry out that I’m sure many people did it accidentally.
Finally, earlier this week Twitter posted a note to its Status blog saying it was having issues with “misdelivery of direct messages”. In other words, some supposedly private messages were being routed to the wrong users. Given Twitter’s problems with bugs in the past this didn’t come as a huge surprise, but it’s unnerving nonetheless.
When faced with such security lapses, most services try to downplay them by pointing out how few people (relatively speaking) were affected. In the case of the Google Docs issue, Google promptly explained that only .05% of all documents were wrongly shared. But when we’re talking about userbases of millions, even an apparently trivial percentage becomes significant, with thousands of people affected. What’s worse, I’m sure this sort of phenomenon is far more common than we realize. The other services involved just aren’t big enough (or honest enough) for anyone to notice.
So why is this happening? There seems to be an accepted notion among many engineers that as their service scales, there is no way that it will be 100% secure. To some extent, I acknowledge and agree with this. Very smart people are always going to be trying to access valuable data by whatever means necessary, and complex security exploits are unfortunately a fact of life on the web. But that doesn’t mean that it’s acceptable for the service to wrongly share user data simply because of a bug. It’s the difference between having your bank apologize for losing your money because someone robbed it, and it telling you that the teller accidentally withdrew a few thousand dollars from your bank account and handed it to someone else. This sort of thing just can’t be happening.
My real issue with these security lapses isn’t so much about the misdirected messages or the wrongly shared photos – the odds of these being truly damaging really are quite low. It’s that these problems serve to undermine the public’s trust in ‘the cloud’. Once we get past the security problems, having our data immediately accessible no matter where we are is incredibly valuable – and probably inevitable. It’s only a matter of time before our health records are going to be stored online in some form, simply because having instant access to them can be lifesaving. But if the public loses faith in the integrity of their data stored online, or the security measures protecting it, then it could take years to regain its trust.
So what can we do? Though I’ve dabbled in programming for years, I unfortunately am not an engineer by trade (a fact that I’m sure opponents of this post will promptly point out to show that I can not possibly know what I’m talking about). But the answer seems clear regardless. If an application is cracking under load, or is too complex for its own good, then new signups and features should be put on hold until the damn thing actually works properly. The word ‘private’ should not mean “this will remain hidden until we accidentally break something”.
To close, I want to make clear that I understand that these engineers are dealing with extremely difficult problems, scaling their incredibly complex services at unprecedented rates. And I respect the hell out of that. But the more often issues like these pop up, the more the general population is going to distrust the security protections of these online services, no matter how good they eventually become. Which is why we need to sort these problems out now.
How many Twitter direct messages go out as public tweets every day by mistake? What percent of these contain damaging personal data, such as credit card numbers? The total number seems small now, but with the public pouring into social media at tremendous rates, the total damage caused by these leaks will mount.
What’s worse than the leaks is the fact that once data leaks it gets picked up by Google and becomes part of your permanent record. What’s even worse than that is Google’s refusal to establish a verifiable review process for removing entries from its index. Either they’ll do it or the government will do it for them. With Congressmen and Senators using Twitter, it is only a matter of time before national security information goes public through one of these leaks.
In the meantime, everyone needs to monitor their most critical personal data with Google Alerts. Parents should also monitor information relating to their children. I’ve written up a complete procedure for this on my blog:
http://www.aler...ur-kids-online/
We need to STOP giving guys like Google and Facebook a free pass.
We need to completely SHUT DOWN the argument, if you want privacy, don’t use the Internet. That has got to be one of the stupidest memes ever propagated.
The only way these companies will listen is if we vote with out feet (or clicks). That is why I use services like Yauba http://www.yauba.com (I even made Yauba my homepage) and support EFF ad other organization that fight for all of us.
We need to protect our rights and freedoms online and well as offline. Otherwise, we will wake up one day in a world where companies control and sell all of our information without and abandon.
Nice one on Yauba.
For a beta product it is pretty slick.
Does anyone know who is behind it?
Hmm, Yauba does look very interesting …
how does Yauba compare to the other so-called Google killers Powerset and Cuil?
People dont know what is good for them. So better to set privacy defaults without asking them. “users donno what they want until you show them” – Steve.
But most websites trick users, giving non-intutive cumbersome privacy settings like in facebook.
http://www.yaub...sttname=privacy
“Our Privacy Policy:
Our Internet privacy policy comes with no fine print, no footnotes, no caveats, no ifs, no ands, and no buts.
The entirety of our privacy policy is as follows.
We do not keep any personally identifiable information.
Period.”
That is a breath of fresh air
There are a few more privacy search engines
http://www.ixquick.com/eng/ [uses Google AD]
http://aafter.com
Does people really care about privacy until the craigslist killer show up?
Not particularly specific to cloud-based stuff…
You’re right, it isn’t. But I think these issues will become a bigger deal the more people upload their sensitive data to the web. And most of the time, it will be to these so-called cloud services.
Agree, but then the so-called cloud services are also becoming a big deal — see eg http://bit.ly/Xl4YY
Hi Jason
As I have already commented on similar posts, sensitive data / documents can’t be shared online without encrypting.
Maybe it’s time you cover cGeep!
And we have exciting plans that we’d be happy to share a bit more about with you.
Lets just say that there is a reason that we at SpiderOak Inc run a 100% Zero-knowledge storage Cloud environment.
Most breaks today still come from within the companies themselves. Our clients can rest easy assured that not even our developers or programmers can crack the encrypted environment their data resides in.
Daniel Larsson
https://spideroak.com – Online Backup and Sync
You’re misusing the term “zero-knowledge”, which has a precise mathematical definition in cryptography.
Reading SpiderOak’s encryption specifications, you’re clearly not using a zero-knowledge protocol. In fact, your authentication protocol is vulnerable to man-in-the-middle attacks.
While we’re on the topic, it seems like every few months I hear about some study pointing out how people use simple passwords *gasp* and — even worse — the same password for multiple accounts! Shocking… or not, I mean, who really has a different complex password for every account they use?
You can, of course, force the use of complex passwords but then you get the “I keep my passwords on a sticky note in my drawer” problem.
So while we’re solving the privacy problem from the back end cloud perspective, may as well figure out what the hell we’re gonna do on the front end as accounts/passwords/personal info per capita only continues to grow.
I could be wrong, but I’m betting the problem you’re pointing out, Jason, is smaller than the problem I’m pointing out. Regardless, it sure would be nice if both problems would just go away.
A world where I can trust my stuff/privacy is safe in the cloud and only accessible with my credentials that no one else can figure out. If only.
Hi Bob
In the limit the way to solve this is P2P – where my complete information profile remains with me and I allow audiences to view portions. For example there is no need for private credentials to be retained for login. There is at least one technical solution to this.
I am totally in sync with what has been written here. The way cloud services are failing on regular basis and a frequency which is difficult to accept, I truly believe that clouds will definitely take some more time to establish themselves and be accepted. Meanwhile the service providers will have to come up with some reliability checks to ensure that clouds remain reliable for the common users.
Last week I tried a lot of online project management tools. I found a hosted one that seemed to be just perfect. However, throughout the week I began thinking about security and privacy.
Even though I had no reason to suspect that there were any security problems, I decided not to use that service and choose something that I could install in my own server.
I do realize that what I installed could also have security problems, but at least it will be on my server where I have more control over it.
I do agree that could computing’s greatest challenge is maintaining the security and privacy standards that the users need.
Great post!
Really well put: “The word ‘private’ should not mean “this will remain hidden until we accidentally break something”.”
“The Cloud” is still rather young. As implementations mature and become more and more standardized privacy safeguards should improve as well.
Think about ecommerce – when it just started ~15 years ago, the field was rife with problems, simply because coders had to deal with hacks and exploits that they’d never dealt with before. Nowadays most sites are rather safe because the safeguards are pretty standard.
Hi Jason,
This is part of the issue I’m trying to solve with my new angel funded startup, http://www.life...treambackup.com. As more services move to the “cloud,” users have all kinds of stuff that isn’t backed up anywhere else because it didn’t originate on their PCs. We tie into a bunch of APIs and backup it all up because even though Google and other cloud companies are pretty solid, hackers, user errors, and minor technical flaws like the ones you mention can cause content and data to be modified. We wanted to build a way to recover that.
Our site is getting a redesign and then will be open live to the public in a few weeks.
But is online privacy such a big deal? The vast majority of internet users don’t experience security breaches. The recession may already be over http://iamned.com/blog/ stock market surging
—————-
While we’re on the topic, it seems like every few months I hear about some study pointing out how people use simple passwords *gasp* and — even worse — the same password for multiple accounts! Shocking… or not, I mean, who really has a different complex password for every account they use?
You can, of course, force the use of complex passwords but then you get the “I keep my passwords on a sticky note in my drawer” problem.
Your point is moot, not because you’re not an engineer, but because every service you cited is a non factor in cloud computing. They are already untrusted toy applications, I wouldn’t trust zuckerburg with a wooden nickle. Nobody really cares about stupid lost twitter messages. What a joke.
Google Docs is a non-factor in cloud computing?
Don’t really see a point to this article. Sorry.
u need sleep @david…
marvin
http://yousuggest.us
Security holes happen for the same reason planes crash: the people that build and fly these services are fallible. Don’t fly if this is a problem for you.
Privacy breaches don’t only affect the people who lose information. The cost of clearing up identity fraud means we all pay a little bit extra for stuff.
“It’s the difference between having your bank apologize for losing your money because someone robbed it, and it telling you that the teller accidentally withdrew a few thousand dollars from your bank account and handed it to someone else. This sort of thing just can’t be happening.”
But that still *does* happen with banks. “You have a bank error in your favour”/”You have a bank error against you”. The thing with money, is that if that is all they lose, they can cover it themselves and you would never know. As long as you remain with the correct amount on your statements, it doesn’t matter.
The postal service lose post all the time.
No service is perfect, and expecting the cloud to be is unrealistic. I’m not saying their outages aren’t important lapses, as they are and better procedures need to be in place to deal with these errors. It all needs to be in context though.
everyone is gonna get to know what its like to be britney.
open social = radical transparency
ControlLocator.com – complete yourself
Except for the money and the stupidity.
Facebook even lost some of its data few months back (I’ve shared it here)
People lose their trust because of these kinds of things.
OMG Jason, you can not possibly know what you’re talking about.
And you think your PC is any more secure or reliable than a server farm run from a professionally staffed NOC?
In the cloud, a single event gets a lot more press than it does on people’s PCs (Cloud-bashing drives a heck of a lot more traffic than whining about your own PC going down), but do you really think more people were affected by the Google Docs breach than PC spyware and stolen laptops?
Even if Facebook shared photos you told it not to, what’s the alternative? Flickr has some amount of privacy control, but not as many people have accounts so it’s not as practical. You could tape them up on a wall in the office, but then you lose all privacy control. If there’s something better than Facebook in terms of stability and user base, than that’d be a fatal mistake on their part, but there isn’t, so you just have to live with it.
Yeah, cloud technology isn’t perfect. It’s still better than the alternative.
Cloud computing needs to stop being a buzz word and starting being something people give serious thought and attention too. I know there is a push to bring everything “into the cloud” and give us computers without hard drives. Nothing frightens me more. I want my data on a hard drive I can have disconnected to the internet, on a computer that can be shut down over night, or can be just stuffed in a closet. Having everything “in the cloud” just sounds like a security problem with no real solution.
I agree with you. The lack of privacy has been growing exponentially year after year. I own a removable hard drive myself.
I remember your article on Google Docs, but I had no idea that Facebook supported the spying of employers. I am an advocate of employers when it comes to making sure their employees do their jobs on their shifts, but as far as the employees’ free time goes, it is just that…their free time. I personally don’t work for someone else and don’t have reason to fear a boss leering over my shoulder at my latest party photos, but for those who are employed by someone else, my heart goes out to them. This really shouldn’t be allowed.
I’m not sure I can see a way around this… and you’re right the trust issue gets hit hard when data is accidentally revealed.
Also, most people don’t read TOS… and even more of most people aren’t IT, many of our friends for example are still at the email level. To those people I feel a little concerned because on the one hand there’s a lack of skills to understand the risk, and on the other you’ve got software companies writing TOS that are probably designed to exonerate them from any responsibility for your privacy or data integrity.
As long as they can’t put that in writing to protect our data it should be obvious they don’t even think it’s worth gambling that security won’t be breached.
Nice article, someone’s got to write these cautionary flags.
why does this not bother me? boohoo the pic of my dog is in sinister hands. get real. there is no such thing as complete privacy.
While we’re on the path of making unrealistic demands I’d like to point out that sometimes TC gets information wrong or makes bad predictions. This should never happen as you are deceiving your readership.
Now I’m not a professional blogger, nor do I pretend to know anything about what you do but please just stop being wrong ever. Thank you.
The answer is to separate personal life from professional life. Maintain separate profiles for the different parts of your life and don’t give everyone access to everything. My mother doesn’t need to see my conversations with my friends. Your boss doesn’t need to see your party photos. This rush to integrate all online profiles is foolish. If you invite everyone you know everywhere you go, you won’t have any privacy. If you want privacy, keep things separate.
i know that online privacy/internet security has always been a big issue, but your right its seems lately that there been a onslaught of large companies with issues. we really need to start being aware and cautious of these issues, check out this link to articles with info on data breaches and what to do if your data gets compromised in a data breach. its better to be safe than sorry.
I wonder, is the increasing at an expected rate due to growth, or is the % of data breached actually going up? Sounds something like the news. Recently it seems like so much more is going wrong in the world, but is it really, or are we perhaps just being made aware of things that were always happenning, but weren’t aware of? Perceptions vs. reality. Perceptions sell, reality, not so much.
THANKS
halı yıkama
Privacy is to technological progress as pro-life morals are to stem cell research. Culture lags technological feasibility and as capability grows faster, these types of issues will start to hold us back more and more. Not that this is a huge issue. Basically what I’m saying is that privacy is a non-issue. We just don’t realize it yet. The perils of 1984 get avoided when private information is available to everyone, not just a powerful few. When everybody’s closely guarded secrets are revealed, we realize that we’re pretty much the same and the deep dark secrets won’t really be that noteworthy.
This issue could be right . But I think these issues will become a bigger deal the more people upload their sensitive data to the web. And most of the time, it will be to these so-called cloud services.
Don’t post your personal stuff in the public domain. It’s as basic as that. Be more careful. Be aware that all things can break. It’s really basic. Stop blaming other systems for being foolish.
Make sure wherever you’re entering your billing deets is PCI-DSS certified level one.
That’s why I don’t use Facebook to share my pictures. I like the fact that I can privately share my pictures with family through http://www.myotherdrive.com and not worry about creeps seeing pictures of my kids or where I live. So many pieces of information can be grabbed off a picture on the web about where you live, etc.
Thanks Jason,
I’ve been in the industry a while and am already very aware of how insecure most applications, cloud or not, really are. I operate on the assumption that anything on the web isn’t private. My 12 year old really made me think about online privacy and how the average kid or adult thinks about it. They don’t. I appreciate guys like you telling the story and how it applies as real world examples that everyone needs to be aware of. You support what I and my collegues tell people every day: If it is on the internet or access over the internet, assume anyone can see it. Each person must make an informed choice about putting thier info out there, either social networking, or even online banking for that matter.
For some people (i.e. those who don’t back up their home computers and who allow them to get infected with viruses and spyware) I believe cloud apps are actually safer for their data. They just need to exercise some discretion and think before putting something out there.
I’m a fan of Google Docs and other cloud apps, but I’ve been telling people all along that there are some things that just don’t belong online. Treat the Internet the way you would treat a new acquaintance: Most people are not going to tell someone they just met about their personal finances, medical history, who they made out with at last night’s party, etc. Fewer would tell this stranger passwords to their online accounts. I keep telling people that e-mail is not a secure form of communication, and cloud apps are not necessarily secure either. More secure than e-mail perhaps, but incidents will happen.
Such disclaimers do not mean that it is acceptable for cloud app providers to make mistakes that will leave your information vulnerable. Sooner or later there will be a lawsuit.
Privacy is a hot topic. There are many more privacy issues than with Facebook and Google Docs. This is the price that we pay for “free services.” Free is rarely free and never private.
For privacy-assured use of your phone try letscallme.com. They let people call you without knowing your phone number. A great way to participate online while keeping your privacy secure.
Make sure wherever you’re entering your billing deets is PCI-DSS certified level one.
thanks
I’m a big fan of cloud apps, and I was actually hoping to find one to use for handling finances, but for something like that — exposing so much personal/important data — you want to make sure the service is tested and tested and tested…
I agree with the real fear that medical records stored on-line become ‘lost’ or accidentally shared with a those who should not be able to see them ie me, you, your neighbour.
I work in PR and we’re increasingly using social media and many more on-line tools means the public have to have trust in the medium and the message or we’ll be losing a whole avenue of ways to reach publics.
The tried and tested methods of sender, channel, receiver have been superseded by social media but only if it’s secure and trustworthy.
For example, if we want to research a campaign asking members of the public to share their views on sensitive issues like violent crime or personal health matters through a secure log-in, they need absolute assurance that the data will not be lost or accessed by anyone other than the intended recipient.
THANS ALL
thanks all
insightful article. Your idea to handle such a sorry state makes sense.