Well, this pretty much exhausts the pool of people who don't care for the data privacy. On the plus side, those who do want privacy are still waiting for a proper solution, and it is an opportunity.
(edit) It is really shocking how absolutely mind-bogglingly ignorant people are when it comes to their data privacy matters. How could any business person in a sane state of mind choose to share its data with some 3rd party company. Business plans, emails, everything. And Google actively promoting such behavior and endorsing ignorance - this goes well beyond "evil." It is one of the greatest disservices to the state of the digital culture of our times. So, yeah, great to see more of the same. Yay to the gDrive!
I'd really hate to be in Google's position. Really hate. They make a ton of services that are near universal, not due to lockin, not due to any other anticompetitive shenanigans, but because they're good and people want to use them.
And meanwhile with every product launch, 90% of the internet using public is rightly excited, 9 % are meh, and the remaining one percent are "zOMG GOOGLE IS EVIL! HOW DARE THEY MAKE A SERVICE THAT PEOPLE WILL WANT TO WILLINGLY USE! AND CAN EASILY MOVE DATA IN AND OUT OF!"
Some of you have a shockingly broad and absurd definition of "evil".
If there's something I absolutely don't want to be read, I'll upload a truecrypt volume. Problem solved, sans chicken-little-esque complaints.
I don't agree with the mentality that you're commenting on, but I can somewhat see where they're coming from. One way to think of it is to see all services as a mousetrap where the powers that be can snap the trap if they like, and fuck over a lot of mice (by betraying privacy).
Google may make really great services, but to people who view these highly-integrated services as potential mousetraps, it's just an irresistibly-gilded moustrap. It may be amazing, but it just means it's luring more people in to be snapped in the trap.
And I imagine you can become one of those people by being burned on privacy concerns, or by being pre-emptively vigilant regarding your privacy. There's been all kinds of news of services that have betrayed privacy in one way or another, so it's not totally far-fetched.
You just described every business. People don't have perfect knowledge.
Thank you for trying to raise awareness over an admittedly important issue.
But calling this "evil" is absurd.
Go yell at people convincing college kids to sign up for credit cards or buy magazines by handing out T-shirts and movie passes.
For comparison: The phone companies know about every phone call you make. That's a wealth of information. They're exploiting people's ignorance to get it...
The credit card companies know about every purchase you make. Why would a company ever let another company know everything about all of their purchases?
ADP knows how much you pay all of your employees!!!
When your hard drive "fails," the guy from HP and Dell could be copying all of your data, not just "servicing" your computer!!!
Look no further than your government. Frankly, you may be better served encouraging the use of encryption, because, sadly, I could probably convince myself that Google can be trusted to lobby for my rights/privacy more/better than my governments prying eye would lobby to take them away.
However, awareness of encrypting important data and not using online-social tools is the alternative.
>it's with them exploiting people's ignorance to get it.
How are they exploiting any kind of ignorance? What is the average GDrive user unaware of that Google is somehow evil for not disclosing in large, red, 52pt Impact?
And I quoted you saying "evil" because it's the relevant portion that I was responding to. You could have gone with "Hmm, cloud storage has a few drawbacks..." but no, you went full derp.
The same way a plumber is "exploiting" your ignorance. You don't know how to or have the tools to replace your kitchen sink p-trap... that is you are ignorant in this case. In step s the business with the tools and knowledge- or technology if you will...
You can't build your own gdrive or have the tools too (or the curve to do so is too steep). In steps google.
I disagree with the word "exploit" in this case. Maybe "capitalizing" on your ignorance. That's what a successful business does- capitalizes on prevalent ignorance- of process, or tools, or what-have-you- and makes a business model out of it.
It is really shocking how absolutely mind-bogglingly ignorant people are when it comes to online privacy matters.
A side note, but it's shocking how people are unable to believe that others are capable of making informed choices. Case in point: I use Facebook. I often get people hounding me- "don't you care about privacy?!?", "Facebook is using your data!"
Yeah, I know. I don't mind. The way I see it, privacy is the new currency- Facebook isn't providing me with a free service, I am paying for the service in the form of targeted advertising. And I am OK with that.
And to go back on topic...
How could any business person in a sane state of mind choose to share its data with some 3rd party company.
Because it's very difficult not to? I have a database on AWS- Amazon has access to that. Doing anything else would be very expensive. Even if I get my own server, whatever telco provider I use for the connection could easily sniff through my data if they wanted to.
You using Facebook is not a problem, because it doesn't affect me. However if you decide to use GMail or GA or Google Fonts or gWhatever, then it forces me into the picture and I really do not appreciate it.
How would you feel if a private company would give away free surveillance cameras to the store operators in return for telling them how many people walked through their doors? Or how would you like your real-estate agent CC'ing all your house purchase documents to a fax service hosted in another country just because it got to fax you for free? This is the state of ignorance that I am talking about. It all starts rather innocently with using gDrive to store some photos, but then bit by bit it weasels its way in and establishes new "privacy norms", where apparently privacy is a new currency - jeez, are you serious? Really? You would let someone observe you taking a shit in return for a free roll of tissue paper? This is wrong. The fact it's an established practice doesn't make it any more right, leave alone ethical. Sober up.
> You would let someone observe you taking a shit in return for a free roll of tissue paper? This is wrong.
Holy slippery slope, Batman! There are plenty of reasonable arguments against Facebook, Gmail, etc etc. You went straight past all of them into tinfoil-hat territory without a second glance.
Arguments about surveillance cameras, free toilet paper, and other nonsense have absolutely no place in discussions about privacy on the web. None.
Man, I totally agree with you! That state of ignorance you are talking about reminds me of Brave New World (Aldous Huxley)... that is (almost) what is happening nowadays.
And I am literally laughing out loud with the 'taking a shit' thing. =)
The problem is not when Facebook sends you targeted ads. It is when third parties access your information to target you in other ways.
Think of the Girls Around Me app. Or employers who want to look at people's FB. Or governments who want to spy on their own people. (Anyone who thinks that the USA doesn't should look at the history of the FBI. And you'd be amazed what can get twisted out of shape during lawsuits.) The 21st century has not had any serious demonstrations of how this can be abused. But it is just a question of time.
And that's just generic. Consider for a moment a spear phishing attack. I am trying to attack target company X. I find all of the FB accounts that I can for employees of X. I then find all of their friends. I now target their presumably less careful friends, and when I find one I then send a targeted phishing attack at the person I really want from their friend. (I do something like promise vacation photos, and then show what appears to be an internal server error, but actually is a malicious page. The target gets compromised, thinks it is a bad URL, moves on...)
Girls Around Me was a Foursquare app. And in any case, it only used public information. Facebook offers finely grained privacy controls that allow you to control what third parties can and cannot access- they do a far better job of it than Apple and Google do, IMO.
Obviously, illegitimate access is an entirely different topic.
My understanding was that Girls Around Me used Foursquare to identify people, then connected to Facebook for information such as pictures, interests, etc.
And yes, it "only" used public information. But Facebook has pushed people to make more public than they would really be comfortable being known by the creep who is trying to figure out the right pickup strategy to use.
You're OK with targeted advertising, but you're probably not OK with any number of other things Facebook and others may one day do with your personal information. Or if _you_ are, I think many, many people are not. They use Facebook because it's a great product that all their friends use.
If privacy is a new currency, you certainly don't get to set the exchange rate.
Actually, what continues to shock me is the level of sanctimony achieved by online privacy advocates. You willfully ignore the benefits of data sharing and cloud services, benefits embraced by millions of people and corporations every day, resulting in massive savings of time and money. You assume that everyone who stores anything online is "ignorant" of the ramifications, whereas in reality they are making an informed economic decision. Really the only ignorance I see here is when people issue frothy prophecies of a digital doomsday like this one, simply because the prevailing trend runs counter to their own personal philosophy.
> How could any business person in a sane state of mind choose to share its data with some 3rd party company.
Every company has to share its data somehow. You probably aren't your own ISP, or web host, or even land lord. Your company's health insurance provider knows all of your employees and even which ones are sick. Your employees likely have information on their phones and laptops about your company. Etc etc.
Google Apps (when you pay for it) comes with serious privacy agreements and certifications. Enough for government use even. Unless you have an amazingly competent team, I'd trust that Google is able to keep your data more secure than you are.
Not to mention proper support for two-factor authentication, which most smaller email systems don't have (especially in-house corporate setups.) Shared services can devote more resources to security because they're splitting the result over a greater number of users.
RSA has been selling such systems for years. My friend's container shipping company of 15 people has it. It really comes down to having a qualified IT person on board, rather than the availability of a technical solution.
I'd still bet on Google's security setup for its Apps customers over your friend's company. Also a consideration, Google would cost only $900 a year for 15 users, which is a considerable savings over dedicated staff.
I recommend Google Apps all the time. It's almost certainly better than what they're using now and is very good at not having problems.
There's no question such solutions have been available, but the reality is that most companies haven't implemented them.
Even if a company is aware of TFA, it's still probably cheaper and faster to get it via Google's products than implement a solution in-house using RSA, etc.
To be blunt when I tried SpiderOak I found your client to be clunky, ugly, and a bit confusing to setup. One of Dropbox's best features and the reason it appeals to the mass market is that their client is the best. It's fast, light, and easy to use.
I get ostracised IRL for saying things like that, and downvoted to oblivion in the net.
I'm glad to see your comment is doing ok. Good sign?
I remember the 90s when most people wouldn't even buy online because they were asked stuff like credit card numbers or just personal information. Group dynamics really are an incredible thing.
What are you talking about? Users have complete control over who they share their documents with in Drive. How is it 'evil' to provider a better UI for what people can already do (email documents to one another)?
Err... He is talking about Google having access to your files, not whoever else you choose to share them with.
Any company that deals with sensitive data probably already does not use any sharing service. If necessary you could write a custom sync app that encrypts on upload to gDrive and decrypts on download. I have worked for a company that had implemented automatic encryption on emails, including attachments (at least with it's largest clients).
Thanks camiller, I misread the post I was replying to.
In that case, my response is that that sounds awfully paranoid. Earning and maintaining our users' trust is far more valuable to us than stealing some hypothetical secret business data that someone has stored in Drive, and new engineering employees (like myself) go through extensive privacy training to ensure we don't/can't do anything that would be a breach of our privacy policy. As it turns out Googlers have the same concerns about privacy as everyone else here, and we design all of our user-data storage systems with privacy as a key design goal.
it's evil what they'll do with your files. one likely step is fishing expeditions by ICE looking for people who have illegal copies of movies or songs on their gdrive.
Hundreds of thousands of apps on App Store and Android Market says you're wrong. It's true that many of them require an online account, but many don't. Excluding that, there's still lots of free software.
I have been looking (for years) for a "good" online storage/sync solution that allows me to store my documents using my own private key. TrueCrypt etc don't reach the "set it, and forget it" level.
But when you think about how much more expensive storing those documents will be for these companies (as each copy of the same document will be encrypted with a separate private key), and how much value these companies will miss out on because they won't be able to scan our documents, it's understandable why I may never find such a solution.
Provides a pain-free encrypted layer on top of free cloud storage services like DropBox. BoxCryptor encrypts individual files, then stores the encrypted files in DropBox. If your DropBox account is compromised the adversary will only get useless encrypted files. Uses EncFS. Has clients for Windows and Mac. The Android and iOS clients are amazing.
To me, the most surprising thing about BoxCryptor is that it's easier to use than DropBox--not an easy feat.
Pretty much ANY online service that provides sync has decided not to use private keys. The same goes also with tasklist apps. They are either only web-based (and obviously readable at the server) or use the sync without encryption to provide web access. http://timegt.com is using private key for encrypting sync data but it came with the cost of not having any web access to your tasks!
The same with dropbox etc, private key encryption renders any server-side magic like web access very complex.
Not sure if it's exactly what you're looking for but you could consider tarsnap.com, which is an online storage company heavily focused on user security/privacy. It's been around for many years now and is run by HN's cperciva (IIRC), who seems to be quite knowledgeable with all things security.
And if someone were working on this (or hoping to) how could they reach you to let you know about a beta/alpha? (genuine question, I've been thinking about something similar).
"How could any business person in a sane state of mind choose to share its data with some 3rd party company"
How many businesses actually own dark fiber and use it for 100% of electronic communications? Unless you're DoD, you're most likely choosing to share your data with some 3rd party company. And if you are DoD, you're so big that you may as well be.
Businesses have been carrying information through AT&T, the U.S. Mail, couriers, Western Union, etc. for decades without batting an eye. Why should Google and Facebook be different?
(edit) It is really shocking how absolutely mind-bogglingly ignorant people are when it comes to their data privacy matters. How could any business person in a sane state of mind choose to share its data with some 3rd party company. Business plans, emails, everything. And Google actively promoting such behavior and endorsing ignorance - this goes well beyond "evil." It is one of the greatest disservices to the state of the digital culture of our times. So, yeah, great to see more of the same. Yay to the gDrive!