[HN Gopher] Google Drive could soon start locking your files
___________________________________________________________________
Google Drive could soon start locking your files
Author : paulcarroty
Score : 157 points
Date : 2021-12-17 15:04 UTC (7 hours ago)
(HTM) web link (www.techradar.com)
(TXT) w3m dump (www.techradar.com)
| ThinkBeat wrote:
| How is this done?
|
| Google claims files are encrypted at rest and encrypted during
| transfer.
|
| Metadata inspection? Checksum during upload?
| deathanatos wrote:
| They just read the file.
|
| You seem to be under the impression that either of those imply
| end-to-end encryption, which they don't. (And in Drive's case,
| AFAIK, E2EE is not an offered nor advertised feature.) The data
| was encrypted during transmission to Google's servers, sure,
| but it was encrypted _to them_ ; similarly, yeah, they store it
| encrypted ... and they have the key.
|
| (This isn't atypical either, sadly. E2EE is the exception...)
| dontcare007 wrote:
| Google dropped "don't be evil", so....
| jvolkman wrote:
| Did they?
| twiddling wrote:
| https://gizmodo.com/google-removes-nearly-all-mentions-of-
| do...
| jvolkman wrote:
| So it's still there.
| x86_64Ubuntu wrote:
| Encrypted at rest and transfer just means that if an
| unauthorized someone gets ahold of their backend systems, they
| can't read the file. It doesn't mean that Google can't maintain
| the key and use it to process and inspect the files. If they
| didn't have and use the key, they would never be able to create
| previews for files they keep, nor would they be able to offer a
| search function.
| djoldman wrote:
| Just a shout out for @cperciva's https://www.tarsnap.com/
|
| > Encryption: your data can only be accessed with your personal
| keys. We can't access your data even if we wanted to!
| falcolas wrote:
| Backups and sharing are rather different use cases. There's no
| mention of deleting the file (though it is something Google has
| done before) in this announcement.
| cheald wrote:
| I switched to a self-hosted Nextcloud instance some time back.
| Backups GPG encrypted and shunted to S3 for opaque offsite
| backup. It works quite well, and I don't have any concerns that a
| mistrained algorithm is going to lock me out of my files.
| floor2 wrote:
| And the cycle repeats. It starts with the obvious malware or
| hollywood movie takedown, but the actual policy is anything which
| goes against an opaque and subjective acceptable use policy,
| which means the entire world's files now need to conform to
| discourse within the narrowly defined Overton window controlled
| by a tiny group of likeminded people.
|
| Fast forward a few years, and we can all predict which content
| will be "hate speech" and which almost identical content will be
| allowed. Detection of copyright protected content will be
| automated, but appeals for fair use will be manual, slow and
| difficult. Double standards will abound where the liberal ideals
| of the company run up against corporate interests, favored
| politicians or powerful governments.
|
| And of course- someone will make a competing service which
| doesn't police content, and that service will in turn become a
| cesspool as all the worst offenders will be massively over
| represented there compared to merely the good netizens concerned
| about protecting a free internet.
|
| Maybe a massive move to decentralization is the only thing that
| can save us. 100 different services with 100 different policies
| on which content is allowed seems far better than the direction
| we're headed. I'd rather at least have the easy choice and
| understanding of which ideology and set of interests I'm being
| filtered through.
| [deleted]
| ItsBob wrote:
| Honestly? I'm fine with this: You're using space on their servers
| - This is the very definition of cloud imo.
|
| It's also a decent solution rather than just dropping the
| banhammer and locking your account so you can't then get your
| files out of their system.
|
| If you're concerned about it, encrypt your files before uploading
| them.
| reaperducer wrote:
| _If you 're concerned about it, encrypt your files before
| uploading them._
|
| Have fun explaining to your grandmother how she has to encrypt
| and decrypt her family photos so that yet another bad Google
| "algorithm" doesn't delete everything she holds dear because of
| a copyright troll.
| throwawayffffas wrote:
| > withdrawn from everyone but the owner
|
| And in the next iteration it will also block it for the owner.
| k8sToGo wrote:
| No need. It will just lock your entire account.
| cabalos wrote:
| Someone has been running a massive fake DMCA notice bot targeting
| website contact forms with links to Google Cloud Storage files
| for the last year. I wonder if this is in response to this
| ongoing campaign?
| dawnerd wrote:
| Time to just start encrypting everything.
| js8 wrote:
| Well, 15 years ago I told some people from Czech Pirate party
| that they are basically marxists. (At the time, they still wanted
| a fair copyright reform.) I didn't mean it pejoratively in the
| least, but seriously, as a historical warning.
|
| I pointed out that fight for fair copyright and culture in public
| domain has a historical analogy in fight for public lands, that
| were enclosed by capitalists by the end of the 18th century, to
| get people to the manufacturing plants. People didn't take me
| very seriously, because, we are white collar professionals, not
| some stupid peasants or communists, right? And of course,
| information wants to be free and are simple to copy, so they can
| obviously always be free.
|
| I think digital enclosures are coming, and the digital "public
| sphere" is shrinking. Some (Varoufakis) even say they are already
| there. Unless people fight the trend, most of the digital stuff
| you "own" today will be someone else's property, and not public
| (similar to land today). Access to it will be limited by laws and
| controlled by mandatory digital devices.
| Wavelets wrote:
| Along these same lines - I'm looking to leave Dropbox. Has anyone
| used Tresorit or SpiderOak? I use it basically for cold storage -
| just a place to store images, files, etc. that I only access
| very, very rarely. I generally use iCloud for accessing images
| taken on my phone. The files I keep on Dropbox are just there as
| a redundant backup.
| thisiscorrect wrote:
| https://www.techtimes.com/articles/269456/20211216/google-wo...
| makes it sound like they're adding a feature to review when files
| are restricted. That's very different.
| dilap wrote:
| I know it takes a lot of shit, but something like Urbit is
| seeming more and more appealing (necessary?) every day.
| dirtyid wrote:
| Do locked files and DMCA removals affect both online and offline
| synced files?
| the_doctah wrote:
| I'm sorry, Google will scan my personal files for hate speech
| now? When exactly the the first amendment become toilet paper?
| Certainly feels like it happened in the last 2 years.
| KindOne wrote:
| The First Amendment does not apply here since Google is a
| company.
| freedomben wrote:
| tldr: s/first amendment/free speech principles
|
| obligatory mention that the first amendment doesn't apply to
| private companies, only governments. Then reply and say, "I
| mean the spirit of the first amendment" and then I'll agree
| with you. better to just say "free speech principles" rather
| than "first amendment"
| fallingknife wrote:
| The first amendment does apply to companies. As in they have
| the right to not associate with you for any reason. However,
| there are plenty of cases where that right has been taken
| from them when their services have been deemed so necessary
| that they must do business with the general public. e.g. the
| electric company can't cut you off if they don't like your
| politics. And until recently we had net neutrality. There is
| no reason that a platform neutrality policy couldn't be
| legislated in the same manner without violating the
| constitution.
| the_doctah wrote:
| Very well, you are right. I did mean the spirit, and free
| speech principles.
|
| It just feels like every big tech company simultaneously and
| suddenly decided to crank up censorship. There are even
| examples of hosting providers and payment processors refusing
| service to other companies that don't follow certain
| "guidelines".
|
| It's a censorship cartel. When all these companies suddenly
| decide to turn the screws on certain viewpoints, it is
| effectively limiting free speech on society. And I shouldn't
| have to say this, but free speech is a good thing.
| wly_cdgr wrote:
| Yet another reminder to have multiple offline backups for any
| files you care about losing
| pedro2 wrote:
| I thought it already did that.
|
| Also, on some FB group someone said Google had deleted the
| copyright infringing files. Can anyone confirm it happens?
| SavantIdiot wrote:
| They cannot scan zipped files with a password. Problem solved.
| Unless they ban zipped files with a password.
| coolspot wrote:
| EncFS is more elegant solution than zipping your files.
| SavantIdiot wrote:
| Does it work with Google drive?
| deadalus wrote:
| I will never forget that the Christchurch shooting video was
| automatically deleted from users' PRIVATE Google Drive and
| Dropbox - no warnings were given and no explanation was
| presented.
| abraae wrote:
| Perhaps I'm sensitive as a NZer, but would you feel the same if
| the deleted document was a plan for a nuclear weapon etc?
|
| Though while giving a warning is clearly inappropriate, they
| should certainly have explained what they did.
| willcipriano wrote:
| Nuclear weapons aren't all that complicated, it's the
| enrichment that is hard. It's a large scale industrial
| process that requires a well equiped specialized facility. We
| can detect these activities from space, that's how big we are
| talking.
|
| You can get a rough idea of what is needed from Wikipedia.
| They are simpler machines than a automobile engine, at least
| in the sense that there are fewer parts involved.
| dhimes wrote:
| It's kind of a tough trick to get them to detonate
| properly.
| willcipriano wrote:
| A analogy, you can probably find full schematics of a
| Tesla, or close to it, but that isn't the problem. The
| car factory is the problem. How do you get one of those?
| If you have the resources to obtain one, you also have
| the resources to hire engineers to design a car for you.
| Majestic121 wrote:
| Why would you delete historical footage ? No one would even
| think to destroy or censor the footage from Auschwitz
| tomjen3 wrote:
| Having principles mean you support those even for the people
| you disagree the most with.
|
| In this case, people could have had the video because they
| agreed with the shooter, to using it to show people how
| horrible terror really is.
|
| Regardless, I fully support peoples right to have videos of
| terrible events.
| captainoats wrote:
| Yes, for US citizens the right to information is almost
| unlimited. Even plans for (nuclear) weapons is protected
| unless it's stolen classified material, you intend to develop
| a nuclear weapon, or you intend to export that information.
| ArchOversight wrote:
| Yes, I would feel the same if the deleted document was a plan
| for a nuclear weapon.
|
| If it is not shared with anyone, why should a cloud provider
| get to decide what I can and can't store?
|
| I want to be able to use that storage as an extension of my
| local hard drives/SSD's with the ease of use of accessing it
| between different devices. I still consider it my data.
|
| That those bits and bytes happen to represent a document for
| a nuclear weapon shouldn't matter.
|
| Now if you were to ask if I believe people should store a
| video of the Christchurch shooter? No, I full-heartedly
| believe its kind of sick that someone would want to
| store/archive that, but I don't want a cloud provider making
| that decision.
| pas wrote:
| Because it's their ToS, their hard drives, their business.
| Doing it without at least a day prior notice seems to be a
| very big no-no, but it obviously did not matter to their
| bottom line. The general public does not care about these
| issues enough, because there are other issues in society
| that seem to be more important for the plurality. (Just to
| name one crazies shooting people.)
| thrill wrote:
| it remains their property on which you store your
| preciousness
| ajb wrote:
| We had that sort of thing in 'real property' too. Today
| most jurisdictions limit the supervision landlords can
| decide to implement over tenants (who in fact have a
| 'property right' in many cases over the property as well
| as the freeholder, and the right to 'peacefully enjoy'
| (without intrusion) their home) .
|
| It seems like eventually the law will have to change so
| that these companies have to start treating users like
| tenants rather than serfs.
| ktkoffroth wrote:
| Video of a tragedy, while deplorable, is not on the same
| planet as plans for a nuclear weapon. Are you also of the
| opinion that thing like live leak should not exist/be
| accessible?
| vorpalhex wrote:
| The video of the christchurch shooter is a primary source for
| a historical event, in the same way that combat footage is.
|
| When primary sources are not available to the public then
| lies have the same footing as truth.
| xtracto wrote:
| I hear you, even though you are downvoted. Right here in the
| ~10 comments you have from Americans we can see the "double
| standards" that people adopt. There was no outrage (actually
| some "anti-outrage") when Apple, Google and AWS censored
| Parler, an _app_ that allowed "freedom of expression".
|
| People draw the line when it affects their beliefs, in that
| case they say it was justified for Google, Apple and AWS to
| censor an application that _potentially_ can be misused. But
| they get outraged at the thought of removing a video of a
| massacre, and also they outrage at the thought of limiting
| their access to tools that are made for the main sole purpose
| of killing people.
|
| Go figure!
| Majestic121 wrote:
| If you want to compare apples and apples, no American would
| think to remove videos of 9/11 or the Floyd murder.
|
| But it's not even about Americans, I'm from France and it's
| the same, no one would think to remove videos about the
| 11/13 except to keep it off Facebook so that kids would not
| see it.
| throw10920 wrote:
| > would you feel the same if the deleted document was a plan
| for a nuclear weapon
|
| Those two situations aren't even remotely comparable -
| nuclear weapon plans are straight-up _illegal_ for
| individuals to own in the US, so by removing one of those,
| Google would be complying with _federal law_.
|
| The Christchurch shooting video was not illegal under any law
| that I'm aware of, so Google was not legally required to
| delete it, and it was a primary source for a historical
| event, so Google _shouldn 't_ have deleted it, especially not
| from users' private drives that they weren't sharing (as then
| you can't even claim that they were spreading extremist
| material).
| pyuser583 wrote:
| There was a legal case in the US about this ... the
| government accidentally declassified the blueprints for a
| nuclear bomb.
|
| A magazine tried to publish the blueprints. The government
| argued all nuke related info is classified regardless of
| actual legal status.
|
| The federal government dropped the case, fearing they would
| lose.
| shmel wrote:
| It is a very slippery slope. Would you feel the same if it
| was a genomic sequence of a novel respiratory virus? Would
| you say it is a plan for a bioweapon and hence must be
| forbidden?
| quinnjh wrote:
| And the slope keeps slipping, what if new virology startups
| are gatekept by having their research materials flagged as
| bioweapon precursors?
| BlueTemplar wrote:
| Thankfully those are even more "mutually destructive" than
| nuclear weapons.
| mrweasel wrote:
| That eliminate both options for journalists and lawyers. There
| are professions which could have legitimate reasons for having
| the material and as terrible as it is, is it actually illegal?
| Meph504 wrote:
| From the legal standpoint, using those sort of services for
| storing sensitive case data like that is a bad call. too much
| media in those situations violate the terms and services of
| most platforms paid or not, and too many of those platforms
| have too many liberties with the usage policies on the media.
|
| If you are dealing with case data, you should be have those
| policies reviewed carefully, and should likely be encrypting
| before storing anywhere anyway.
|
| I say should because I almost never see case data stored to
| standard.
| chris1993 wrote:
| Possession of the Christchurch video is illegal in NZ. Not
| sure about elsewhere.
| lern_too_spel wrote:
| Everything I've seen indicates it was a shared file. I haven't
| seen any reports that files that are actually private (not
| shared) get deleted.
| micromacrofoot wrote:
| They do the same thing for copyrighted material, they can match
| a hash and nuke a file off the service at the drop of a hat.
| pedro2 wrote:
| _delete_ the file? not unshare it and keep it on the personal
| storage?
| fknorangesite wrote:
| fwiw the article says
|
| > These files will be flagged to their owner and restricted
| automatically, which means they can no longer be shared
| with other people, and access will be withdrawn from
| everyone but the owner.
| pedro2 wrote:
| all articles always say that but non-verifiable comments
| around the internet say the file is removed from
| everywhere.
|
| I'm trying to confirm this comment:
|
| > They removed it after they began using GIFCT to
| 'prevent terrorists and violent extremists from
| exploiting digital platforms.' All hashed versions of
| that video was removed from user accounts.
|
| > Page 16 : https://www.oecd.org/officialdocuments/public
| displaydocument...
| paulpauper wrote:
| as other mentioned, encryption solves this. Or scrambling,
| compression, etc.
| api wrote:
| Not on your drives => not your data.
|
| Not encrypted (at rest and in transit) => not private.
|
| There are no exceptions.
| dhimes wrote:
| Sadly true.
| srj wrote:
| Was it deleted or unshared?
| dokem wrote:
| I was actually trying to watch that video the other day. Google
| would not find it, Bing listed the actual video as the top
| result. Never thought I'd start to respect bing over google.
| pedro2 wrote:
| Whaaat? Link please
| deadalus wrote:
| They removed it after they began using GIFCT to 'prevent
| terrorists and violent extremists from exploiting digital
| platforms.' All hashed versions of that video was removed
| from user accounts.
|
| Page 16 : https://www.oecd.org/officialdocuments/publicdispla
| ydocument...
| yuliyp wrote:
| I haven't had my coffee yet, but I'm having trouble
| understanding your claims (about Google Drive deleting TVEC
| content) and how they relate to the OECD document you
| linked. That document does not state that Google (except
| YouTube) is a member of GIFCT. Further, on page 124 (in
| "Policies") of the document it states that Google Drive
| will prevent sharing of files it finds violating, or maybe
| ban an entire account in some situations.
|
| Am I missing something here?
| jart wrote:
| The policy going back to at least 2014 does mention not
| being allowed to "store" violence and gore. They even say
| that if it's shocking enough, then no artistic,
| scientific, educational, or documentary exceptions will
| allow it to remain on their platforms. I assume that
| means deletion. It's a different Internet than what many
| of us grew up with.
| https://support.google.com/docs/answer/148505
| paganel wrote:
| It would have been interesting if any of those users who got
| their video file deleted would have been directly attached to
| the shooter (like an accomplice, let's say), afaik that would
| have meant that Google Driver and Dropbox had tampered
| evidence.
| wodenokoto wrote:
| Google don't delete. They make unavailable.
|
| If a judge said that owning that video was probable cause or
| whatever, they could produce every user who used to have that
| file.
| snarf21 wrote:
| I wonder if in the future we'll need a "unique-inize" app that
| will make trivial changes to pictures and videos that change
| their hash and their size by a few bytes to defeat this kind of
| nonsense. Changing even one pixel's hue on one frame by a small
| amount should make the whole thing encode (depending on codec)
| to a different size and hash.
| ksec wrote:
| To battle the Cloud storage paradigm with uniqueness is
| always going to be a cat and mouse game.
|
| I wish the future is a NAS that is simple, fault tolerant (
| Bit-Flip protection, Error Correction, Drive Redundancy ) and
| extremely affordable. That is something the Apple Time
| Capsule should have been.
|
| Right now I cant even get a 2x 2.5" 2TB HDD and a NAS
| enclosure for under $200 RSP. I was hoping Kobol would be it
| someday. But chip shortage and many other things had them
| canceled the project.
| SavantIdiot wrote:
| There are other kinds of hashes besides cryptographic hashes,
| which tolerate differences, e.g. you can change things around
| and still get the same hash. This is what Apple does (or
| rather did) for their cloud scanner.
|
| Then there are other non-hash methods, similar to how Shazam
| determines a song in a noisy room. Poles, zeros, FFTs, there
| are many other strategies that are fault-tolerant.
| kurthr wrote:
| Sure, but just compress and encrypt. It won't play in
| place, but otherwise it's nondetectable (other than by out
| of band timing/metadata or very rough size estimates).
| jmclnx wrote:
| Came here to say this. Only an idiot (should say people
| without knowledge) would upload any personal data to the
| "Cloud" without encrypting it first. That includes
| pictures.
|
| As for size, you can always tar/encrypt its dir and
| include dummy files to modify its size.
| bshipp wrote:
| ...which is what floors me when Google made this
| statement. I thought the whole benefit of their Google
| drive system was deduplication of common files to
| minimize storage space costs. If they start tinkering
| with private files then people have no choice but to
| encrypt everything.
|
| This will cause their storage requirement to explode.
| However, if the goal is only to prevent public sharing of
| content in contravention of the user agreement then I'm
| surprised it took them this long to implement this.
| snarf21 wrote:
| Sure but it becomes an arms race. There is also a lot of
| people that have shown that you can make images of dogs and
| cats that hash to Apple's hash detector. At some point a
| white hat is going to start making memes that cause hash
| collisions. When 300M all violate some hash trigger, it
| will cause a stir and restart the game.
| Zamicol wrote:
| As long as Google is willing to serve binaries, encryption
| solves this.
| rainbowzootsuit wrote:
| Base64 would like to put in a word too.
|
| https://github.com/stewartmcgown/uds
|
| https://news.ycombinator.com/item?id=19907271
| Traubenfuchs wrote:
| They are way ahead of you, with stuff like neuralhash.
|
| Does it work? Mostly. Can it be tricked? Yes.
| alexfromapex wrote:
| Get a Synology NAS, you will not regret having data sovereignty
| the_doctah wrote:
| Or even better just build your own NAS. Synology are overpriced
| for what you get.
| katbyte wrote:
| they are also locking their newer 12bay and rack units to
| only work with their own overpriced (re)branded Toshiba
| drives.
|
| before this they were great units that were very easy to
| setup and manage provided you were not concerned about cost.
| egberts1 wrote:
| Better yet, run your ownCloud/nextCloud.
| layer8 wrote:
| It's not uncommon to install Nextcloud on Synology, so
| that's not an either/or.
| mcherm wrote:
| So... which cloud storage providers do NOT scan your files and
| propose to remove things which violate their own sense of what
| data is "appropriate"?
|
| Obviously, I could encrypt my data before putting on such a
| service, but that makes access less convenient.
| layer8 wrote:
| Nextcloud hosting providers generally don't.
| basicplus2 wrote:
| Your own cloud storage..
|
| such as a Synology NAS
| coolgoose wrote:
| 'our' files comrade. At this point it makes 0 sense to keep files
| in drive, since if the magical algorithm has any issues you have
| 0 ways of combating it.
| buro9 wrote:
| Reminder to periodically do a Google Takeout to protect your data
| from Google.
| encryptluks2 wrote:
| Why not just have everything synced. If you are using Google
| Takeout, you'll likely never be that type to figure out how to
| get your data back in somewhere else.
| Workaccount2 wrote:
| I have, uh, mp3 backups of all the music I have owned from my,
| um, ludicrously massive CD collection. Is it worth the risk that
| google might one day decide I am a pirate and block my account?
| agentdrtran wrote:
| It's a lot more expensive but a nice little synology NAS may be
| a good investment.
| throw10920 wrote:
| It is not worth the risk. Encrypt those - you don't have to
| choose a particularly secure key or encryption scheme, just one
| that's good enough that it's computational infeasible for
| Google to brute-force that scheme+key size for every one of its
| users.
|
| Actually, it might be a good idea to encrypt _everything_ on
| Google Drive - I wouldn 't be surprised if they analyze your
| files and use the results to augment their internal profile
| about you (or, even if they don't now, they could very easily
| do so in the future - remember when they scanned your emails to
| target ads at you?).
| StillBored wrote:
| And tar/pad them, encryption if not done carefully when
| combined with compression suffers from the same kinds of
| problems as ECB.
|
| AKA, it wouldn't surprise me at all, if given a disk with 100
| folders, each with 8-15 encrypted files each, that someone
| couldn't figure out which albums comprise a good number of
| those directories simply from the resulting file lengths.
| flatiron wrote:
| rent a gcp instance for a bit, rclone mount your drive
| instance, create another rclone encrypted mount, copy from the
| unencrypted mount to the encrypted mount. delete unencrypted
| content.
|
| go to your local pc and rclone encrypt mount your drive. now
| you have your linux isos and they are encrypted upstream
| tomc1985 wrote:
| BackBlaze, my dude
| [deleted]
| nix23 wrote:
| Do you really need a answer?
| kingcharles wrote:
| Has to be a rhetorical question.
|
| I was once responsible for ripping 250,000 CDs, legally, on
| behalf of various record labels, from tiny to the big 5. I
| would love to store a backup of all that data in the big
| cloud services and see which ones deleted my legally-owned
| data.
| vetrom wrote:
| Now imagine having to deal with disposition of the data and
| the ownership of the NAS throughout a bankruptcy.
| kingcharles wrote:
| What I'm trying to find out is what happened to the
| 250,000 CDs. They were put in storage unit. What happened
| to the storage unit when the company was liquidated? Did
| anyone even remember the CDs were there? Did someone bid
| on the unpaid storage unit and come across the biggest
| cache of music ever seen?
| jeidz wrote:
| If you ripped those CDs while contracted by these record
| labels, I don't see how it is legal for you to keep the
| files after the job and call them yours.
| reaperducer wrote:
| You assume that once the job was done, he washed his
| hands of it and it was over.
|
| I once digitized a large media collection for a company
| (not audio, though), and it regularly used me as a backup
| source of last resort for when the files failed/got
| lost/needed to be transferred in bulk to another
| company/whatever on their end.
| 29083011397778 wrote:
| For reference, I use FLAC instead of MP3. Your collection may
| be larger, but my ~12,000 FLAC files take less than 500GB. So
| I'd say it's a question of value: You could have redundant
| copies of your music for ~$300 CAD with a pair of Samsung T5
| SSDs, or you could someday lose every email, contact, photo,
| document, Youtube playlist, _and_ MP3 you use Google for.
|
| I'm not saying it's likely, but it only has to be a one-
| in-100-million chance for it to hit a couple Google users.
| forgingahead wrote:
| How redundant are SSDs actually? I've been doing offline
| backups, but the OCD kicks in and I start wondering how many
| I should actually have and how often I should replace them...
| entangledqubit wrote:
| I think the general consensus is that you shouldn't just
| leave them on a shelf for more than a year and that there
| is some temperature dependency in there.
|
| If you really care about the data, two+ backups stored in
| different places is completely reasonable. Note that
| "places" is not limited by physical as trying to maintain
| independent dependency chains (e.g. a durable storage
| provider may decide to cut off account access so maybe a
| second independent storage provider using a different
| credit card makes sense)
|
| Your OCD may also be helped a bit by having some way to
| verify you backups (e.g. use ZFS and scrub regularly and/or
| separate hash manifests of the files).
| volkl48 wrote:
| As a similar person - I've got a couple TB in Backblaze B2,
| encrypted on my end before upload.
|
| The /r/datahoarder subreddit and it's wiki is a decent starting
| place for figuring out backup options.
| logicalmonster wrote:
| On a technical level: I assume they'd be finding files they want
| to block by looking for a hash, right? Are these guaranteed to be
| unique or are collisions possible? And any organized and genuine
| bad actors can work around some kind of hash filter by altering
| files slightly, right? I'd hate to think that Google's abject
| arrogance is going to result in false positives that are going to
| nuke normal peoples' livelihood with no recourse while again
| barely having an impact on real bad guys.
|
| On an ethical and moral level: my opinion is subjective, but this
| puts an undesirable amount of control over people in the hands of
| a company that has demonstrated that it cannot be trusted. If
| Google cannot provide actual human customer support to avoid
| wrecking lives with bad algorithms that make wrong decisions,
| then their policy should be to merely allow everything that's not
| blocked by law/court-order.
| hoppla wrote:
| Ironically, craping the web can result in termination of your
| account:
|
| "we reasonably believe that your conduct causes harm or liability
| to a user, third party, or Google -- for example, by hacking,
| phishing, harassing, spamming, misleading others, or scraping
| content that doesn't belong to you"
| cookiengineer wrote:
| > scraping content that doesn't belong to you
|
| Oh the irony, Google. It doesn't belong to you either.
| jolmg wrote:
| Given that a search engine needs to scrape the whole web to
| exist, I can't understand how they can stand against a user
| scraping unrelated third-parties, like it's some sort of
| grand evil they need to stand up against.
|
| Talk about a pot calling the kettle black. I can't believe
| they put that in their terms.
|
| For future reference:
| https://policies.google.com/terms?hl=en#suspending-access
| visarga wrote:
| Scraping is one, publishing scraped content for SEO is
| another.
| jevoten wrote:
| > pot calling the kettle black
|
| Think of it more as Google defending its turf. They want to
| be the only ones with access to data in bulk, so that if
| you want to find something, you have to go through them.
| notorandit wrote:
| [Those] files will be flagged to their owner and restricted
| automatically, which means they can no longer be shared with
| other people, and access will be withdrawn from everyone but the
| owner.
| rabuse wrote:
| This is why i encrypt everything before I store with a provider.
| Have fun scanning that.
| aledalgrande wrote:
| Aside from legitimate DMCAs what I'm worried about is losing
| backupped files of any sort because some rogue individual files a
| complaint on stuff they don't own or because of an ML error and
| an inexistent customer service by Google. Also I don't really
| like the service to sneak onto any files I upload. What
| alternatives do we have for cloud file backup? I already do full
| backups, need something to sync files between devices.
| tomc1985 wrote:
| Nextcloud/owncloud if you want to self-host
| U8dcN7vx wrote:
| You wouldn't lose the content just the ability to share it, if
| I read it correctly, which is something I wouldn't normally
| want anyway. My backups are done with restic so Google can't
| tell what's present since it's encrypted.
| bshipp wrote:
| This has been my take as well.
|
| Honestly, if you're keen to share something you shouldn't,
| it's pretty trivial to host it via https://rclone.org as an
| http server. The only person accessing it off of Google drive
| is the original owner and gdrive can't tell that it's being
| shared beyond that.
| wly_cdgr wrote:
| There's a fantastic gadget for syncing your files between
| different devices....it's called a USB stick
| enz wrote:
| I use an S3-comptaible hoster with the rclone client which
| supports encryption/decryption on the fly. That is, I don't
| even need to trust my S3 provider.
|
| For syncing between devices, I guess `rclone sync` should do
| the trick.
| johnchristopher wrote:
| An owncloud droplet or owncloud on a VPS. Or an owncloud paid
| instance. All depends on your budget and your needs and your
| time.
|
| I totally switched off Dropbox when they limited the number of
| devices. Self host owncloud on a VPS, am very happy. From time
| to time I have to occ:upgrade something et voila. Used for
| syncing, not backing up.
|
| It helps that I can install and maintain it though, wouldn't
| recommend it to anyone without a bit of wed/IT experience or
| the time to lean some basics.
| no_time wrote:
| Just installed nextcloud, an owncloud fork today. Be warned,
| while server side encryption works, e2e is completely broken
| and has been for non brand new accounts for quite a while
| judging by the github issues.
|
| I'm not sure how much should I trust a vps host. I can mess
| around with encryption all day long but they can compromise
| my mail server without me ever knowing.
| johnchristopher wrote:
| > I'm not sure how much should I trust a vps host. I can
| mess around with encryption all day long but they can
| compromise my mail server without me ever knowing.
|
| Basically, you can't. It all depends on your threat model.
|
| edit: https://owncloud.com/features/end-to-end-
| encryption-2/ owncloud community and standard edition don't
| have e2e
| no_time wrote:
| Weird to think about it because some people trust VPSes
| with their entire business and not just their email and
| phone backup like I would.
|
| The enterprise edition is out of my budget range
| unfortunately.
| johnchristopher wrote:
| Maybe have a look at cryfs and encfs ? One of them is
| `optimized` for always on syncing and small chunks (can't
| remember which) and the other is deprecated (or a third
| one, can't remember at the moment).
|
| But yeah, if you have a business... don't self host too
| much sensitive stuff, delegate if you can.
| toomuchtodo wrote:
| SyncThing, Dropbox
| aledalgrande wrote:
| From another comment it seems like Dropbox also can snoop and
| remove your files. Will check SyncThing thanks!
| mmcgaha wrote:
| rsync and a dedicated server at OVH is starting to sound
| about right.
| _rend wrote:
| Would also highly recommend Tresorit for a similar E2EE
| service. (Not affiliated, just a happy customer)
| aledalgrande wrote:
| nice, pricing looks decent too
| serverholic wrote:
| This is what happens when we give too much power to centralized
| authorities.
| rkalla wrote:
| I've been a Google Fi customer for 6 or 7 years now and what
| constantly scares the hell out of me is the subreddit where about
| every 3-6 months you see someone saying:
|
| "Google Fi did me wrong, so I reversed the charges on CC - now my
| entire Google account is locked / all photos / all files in
| drive"
|
| This seems... like it's going to get regulated soon. Just going
| to take blocking the wrong account some day and boom, here we go,
| legislation.
| COGlory wrote:
| I left Fi because I was very concerned about something like
| this
| attack-surface wrote:
| You can encrypt your files with Cryptomator[1] if you don't want
| Google looking at your files. I'm not sure about their policy on
| that though? I mean if it's encrypted, then they can't scan for
| piracy / Christchurch videos and other contraband, right?
|
| [1] https://cryptomator.org/
| morpheos137 wrote:
| Google is going to go down in history as an example of what can
| go wrong by using advertising (scams) to fund "free services."
|
| The censorship is getting unbelievable.
| szszrk wrote:
| So.. Drive will automatically un-share our files based on their
| own algorithms.
|
| I've got a feeling this will be mostly an automatic DMCA takedown
| tool.
| micromacrofoot wrote:
| AFAIK they've already been matching hashes to remove pirated
| content, so this is an extension into certain types of
| "objectionable" content
| ipsin wrote:
| Is there a legal requirement to do a DMCA take down of
| something the copyright holder doesn't know about?
|
| If you put something on Twitter mentioning certain
| cryptocurrency keywords (e.g. MetaMask), you'll get reply
| tweets from bots in a few seconds with fake support documents
| hosted on Google drive.
|
| My sense is that this is what they are trying to stop.
| ricktdotorg wrote:
| I feel a big push behind this new policy is to remove the
| large amounts of commercially-broadcast TV content that is
| shoved into Google Drive and openly shared to 0.0.0.0/0 (e.g.
| via TV subreddits). Google has had fairly aggressive rate-
| limiting on viewing/downloading fully-open shared-to-all
| videos hosted within Drive for a long time, but there have
| generally always been ways around these limits. In the last
| few months, I have noticed several fairly large TV subreddits
| that used Drive for video distribution being closed due to
| too many DMCA takedowns, as such I feel that this policy
| change is G formalising their intentions to stanch this
| avenue of piracy, more than it may be a move to chase off
| malware/phishing ne'er-do-wells.
| kingcharles wrote:
| A lot of their takedowns come from user-flagging. If a user
| flags something, so that the item is now on the hosting
| site's radar, are they now responsible for it? They're only
| not responsible for things they are not aware of.
| unixhero wrote:
| Shit I got to decom that Gdrive.
| allturtles wrote:
| This whole story and most of the ensuing discussion seems to be
| based on a misconstrual of the Google blog post in question
| (https://workspaceupdates.googleblog.com/2021/12/abuse-
| notifi...).
|
| It is not announcing new content restriction policies. Those have
| already been in place. What's new are the user notifications:
|
| Not new: "When a Google Drive file is identified as violating
| Google's Terms of Service or program policies, it may be
| restricted."
|
| New: "Now, the owner of the item in Google Drive will receive an
| email notifying them of the action taken, and alerting them of
| how to request a review of the restriction if they think it is a
| mistake. For items in shared drives, the shared drive manager
| will receive the notification"
| jeffbee wrote:
| Totally misleading headline and all these comments are commenting
| on the headline without reading the article. Google has _always_
| had anti-abuse systems that will restrict sharing for content
| that violates ToS. The new feature is that the content owner will
| now be notified when their content has been restricted, if that
| owner has a Workspace account.
___________________________________________________________________
(page generated 2021-12-17 23:01 UTC)