The Hidden Risks Of Cloud Computing

@1111: G3s can run 10.4 yet 10 year old PCs cant run vista. Also, leopard was made to work with G3s, but performance wasn't satisfactory to release as retail.

Now I'm not a fanboy because PCs are nice with their upgradability and the huge gaming library, but I would say macs are better with compatibility.

OMG! MoN!

@malibu66: One thing I use for remote access to files on my computer is use the "mini" CoreFTP SFTP server

And connect to it using WinSCP. It is limited in options, but is very easy to setup.

@FilterJoe: I'm sorry you got caught up in the masturbation circle known as Apple. They sit there and make fun of Microsoft for forced obsolescence, yet as you found, it happens on Apple.

In other news 10 year old PCs can still run Windows XP satisfactorily.

Microsoft Word can import ancient MS Word files.

Softmaker Office 2006 runs fine on Windows 98 computers.

Ironically I find the performance of script interpreted AJAX "cloud" applications so poor, that I can't use old computers as dumb terminals to the cloud, while they run native apps just fine.

Every time LH posts a new cloud computer app each of the risks mentioned here shows up in comments.

Thanks for taking the time to compile them all in one article.

aeronaut

Two negative comments about the cloud have been repeated a number of times in the comments:

1) Less control over personal data
2) Reduces my computer to a dumb terminal

Well, I am a real life example of someone who has MORE control over my data thanks to (nearly) reducing my computer to merely that of a dumb terminal. How's that?

I used to be a Mac user. Every 3-4 years my system became so obsolete that I was forced to buy a new Mac. So the old mac became less useful than a dumb terminal.

But it was worse than that - I stored some of my data in word processors which are no longer supported, and in HyperCard stacks. Hypercard was a bundled and strongly promoted part of the Mac O/S. My stacks are now readable, but not runnable, on my wife's 4 year old PowerPC-based mac that has an Os 9 partition. I even had a button on my main HyperCard stack that allowed the text to be exported to an ascii file - but that doesn't work as it is the HyperCard Reader on that system is "read only."

To add insult to injury, fewer and fewer software makers are supporting (the latest) versions of their software that will run on PowerPC-based Macs. So my wife will be forced once again to upgrade to a new Mac. Her legal copy of Pagemaker will not longer be able to run (she'll be required to buy an expensive upgrade if she wants to keep using it). OS 9 emulation is not part of the latest Mac OS so I'll lose access to my Hypercard stacks altogether . . .

I now keep most of my data on the web with services like Gmail, Dropbox, Evernote, etc. I can access the data from any of my 3 XP machines, from my wife's Mac, from my Blackberry, and even from a 10 year old Windows 98 machine that runs Opera 9.6 just fine (I brought this machine out of retirement thanks to the Cloud - it's a fine dumb terminal). If Google ever makes Gmail into something I don't like, I can download all my email using POP3. In fact, all web services I use have external data transfer options of some sort.

So, in my particular case - using the cloud has actually given me MORE control over my data, and greatly extended the life of my existing hardware, since they just need to be dumb terminals - not a modern machine capable of running the latest desktop software.

I know, I know - if I ran Linux I would have the ultimate control over my hardware and data. But Linux is not for everyone, and I personally don't want to invest the time figuring Linux out.

The key thing to do is backup. Most of these sites have no obligation to even notify you if they are shutting down. They could just pull the plug and poof there goes your data. I got burned by this a couple times, latest was dvdspot.com. They got bought by some company, company dropped the service. Put a notice on the website with a 15 day warning, no email to users. So if you don't check the site every couple weeks (which is possible) you lost everything. Fortunately i had a backup from a year previous but still lost information.

Most sites have some sort of export option (myspace and facebook being big exceptions to this). You should backup anything that is online and you find valuable. I've even gotten to the point of saving web pages to evernote in case the site goes down. Yes, I backup evernote as well, good thing with collecting stuff in there is if evernote went away everything is stored locally.

How would you like it if your bank kept its records on the Internet? Would you feel secure about your deposits?

I'm amazed that so many people are naive about the security of their personal or confidential data. The safest way to keep your data is to have it encrypted and backed up in more than one location, out of reach of anyone from the Internet.

GrantMcPhee

@moose:
..but you have the power to encrypt your own USB key with something like TrueCrypt, or your entire laptop drive for that matter. On the other hand, if the cloud doesn't want to make encryption as part of their solution when you are SOL there.

malibu66

Cloud is cool for everyone that lives in the US, Europe, or more developed countries with reliable systems. For the few billion more of us that live in countries without solid, reliable, Internet service, the cloud is just that, a bunch of water vapor. I can't even get reliable mobile phone service in many places; event the idea of using a Smartphone is a joke.

divots

@RosaElipster:
But the important problem is, these companies can and do change agreements on the fly with very little notice all the time. I can't count the times my telephone company pricing schemes have changed without me having to 'agree' first. This is assuming they haven't worded the agreement in some complicated way that gets them what they want without anyone smelling anything fishy in the first place. Agreements are written by highly paid lawyers, in lawyer-speak. I am not one.

malibu66

@paintbox:
Would you be interested in having the exact same functionality as dropbox, but on your own server somewhere? ie. via ssh to your house or business? I've done it.. I was thinking of writing an article on it.

malibu66

@Gina Trapani: I stand corrected.

I will continue to use cd's for my folders , cloud storage is for the birds. I always use the "what if" scenario. Think about it my rights are protected as can be in this day and age.

maruawe42

i couldnt vote for my biggest concern; it wasnt on the list.

Rain

justsomereportingguy

@TammyBogdan: Something that amazes me is a lot (probably most) desktop email clients aren't set with encrypted connection to the server. Most mail servers these days can recieve TLS connections. Most mail clients can be set for TLS connections. Why doesn't it try by default to connect vis TLS?

Thanks for keeping us thinking.

m.c.cookie

@1111: Thanks. Your comment reminded me of something called "Driveway" or "Driveaway" and similar sites, promising "free", promising "lifetime" or "forever" or some similar outrageous claim like that. Free storage comes and goes, mostly goes. If only they wouldn't lie about it. If only their marketing people weren't doing most of the talking.

And this reminds me of something else. I want to hear from the techs, the ones who maintain the servers, and the ones that companies use for cannon fodder at the helpdesk. I want to know what THESE people have to say about this wonderful lala land called "the cloud".

paintbox

@gover57: That's kindof how I operate as well, with variations of course. I have DVDRs and CDRs and a thumb drive to cover my back. Meanwhile there is a Dell lapper standing by when/if all these other things let me down. Or, if the Dell commits seppuku, then I still have these other things to give me some piece of mind.

paintbox

@atomicrabbit: You are in better shape than I am, way better. I have no mail server of my own, no local web hosting of any kind. In that sense, my ISP has me by the nuts.... for the moment.

Yeah, about people using "the cloud" as their one and only means of storage. They ought to be scared. If they aren't, I am scared for them. I really am.

I think it is absolutely WILD that people think there is a magical and giving storage fairyland somewhere out there, a place where there is no hardware, no server admins, no upkeep costs of any kind, and that it is up-scalable to infinity. That's what they want to believe, going by all the stuff I've read about "cloud" advocacy, and "cloud" symposiums etc.

I was such an eager beaver of an lh commenter, I didn't mention Dropbox. It has been handy for posting stuff that a person doesn't want in their own web space. I think that Dropbox is so good in fact, I will not bank on it anymore than I have on Gmail. They'll alter it somehow, in a way I don't like. If I let them, they'll get me hooked, then they'll take it away if I don't pay. But if I DO pay, they'll STILL change it in a way that I don't like. It is all too bad. But I'll enjoy Dropbox while it's in this form that I like so much. Happy Lifehacking.

paintbox

How many people are paying for some sort of non cloud-based ISP for internet access and actually use the pop/IMAP email instead of the web-based version?

I definitely had serious concerns during the earlier years of Web 2.0 and various cloud-type development. However, the ease and convenience seems to have just sucked me in!

I have found that, over the years, I have become more and more dependent on GMail. I (assume) I could use email via my isp with Thunderbird or something. I have also had a web-based service for email/fax/phone number for a number of years (which I pay for). But I have found myself consistently reverting to GMail for convenience...emails are (virtually) always available from any location. When Microsoft exchange goes down at a job, I still have access to my schedule, emails, etc. I can get to everything via my phone, PDA or computer.

I definitely need to increase my security measures...I would like to figure out KeePass or a similar program (I apparently locked myself out of the program the first two times out the box!). However, despite concerns I have about security, the amount of my info that is already out there (banking, government, medical, etc) independent of my desires and the convenience factor seems to keep drawing me into the cloud!

noaxis2

Where's the option for "ALL OF THE ABOVE" in the poll? Any sane person should be concerned about these things and as 'imajoebob' notes, these items are far from hidden.

Just because people choose to ignore them doesn't mean they are hidden.

SlappyFrog

Build your own server. I found some of the benefits right here on this website, thanks Gina (http://lifehacker.com/205090/geek-to-live--set-up-a-personal-home-ssh...). First, centralized data; all your data in one place at home. Everyone can log in and rock a little Ozzy or find instruction manuals or check out digital pics that everyone forgot even existed. Second, remote access. Ok, this takes some time but you might learn something. Third, encrypted web surfing from the 'Buck or B&N using SSH. Also somewhat complicated but cool. Fourth, share your printer for those of us still killing trees. Fifth, you're not as big a target when you're not Google, Amazon, Hotmail, whatever so your password can be your dog's name (although still not recommended). I suppose the downside if you need to get some Linux but the upside makes it totally worth it. With all the flavors of Linux you don't need to suffer command line either. Good times!

Mark

Hidden? HIDDEN??

C'mon. Anybody who doesn't need a copy of Computers For Dummies should know this stuff. It's basic, simple thinking. Everyone should be familiar with the model of manual financial records. You don't leave things out for people to see, or trust anyone else to secure them. But too many idiots seem to think it's fine if it's digitized, not printed.

If you don't want someone to see your credit card statement, lock it in your safe. If you don't want anyone to see your Quicken files, keep them on your hard drive, locked down with passwords and encryption. The same for your personal/business projects. All that info is just like a nude picture on the internet: if it's out there, everyone will eventually see it. No matter how secure you think it may be.

And by the way, that "Conspiracy Theory" about the Feds reading everyone's email has turned out to be Conspiracy Fact. From illegal taps installed at the major Internet switching computers to blanket interception and review of undifferentiated chunks of email traffic, we now know that Bush and Cheney DID do exactly what the heretofore whack jobs were warning us about.

imajoebob

@malibu66: I guess it just depends on the circumstance. I really wouldn't care who sees a resume or a report (should it be compromised) but you can lose a flash drive too.

Angry Numismatist

I use google docs and wikidot for workshops I give as well as classes I take -- they are powerful collaboration tools but I wouldn't trust sensitive data to the cloud

anechoic

@TheFu:
very interesting and good to know...do you have a link that verifies this?

anechoic

@delightt:
exactly! I often times am in major cities like Paris where a hotel has WiFi but only in the lobby and until 11PM at night...not good for working in the hotel room on a tight deadline

anechoic

You can read the TOS all day long, and it won't do you much good when they change it tomorrow.

opus684

@P_Smith: While I'm not saying "Teh cumulonimbus is safer", USB flash drives are FAAAAAR from being 100% guaranteed. Between hardware faults (they do happen), mechanical problems (crushed, lost, washed), data corruption (improper removal, virus), data accidents (oops, overwrote that file), they are far from 100%

Which is why backups are essential.

@Gina Trapani: Correction: both Yahoo AND Gmail both have deactivation policies like Hotmails. Gmail and Hotmail are nine months, and Yahoo is shorter: six months. My bad!

@delightt: People sit their in their cloud computing "orgasm" (and Paintbox called it) saying how great cloud computing is on netbooks... Except there is no internet on my overseas flight, I don't have a cellular modem (expensive) and it probably wouldn't work overseas, and I may not wish to pay for a hotspot, and there's no hotspots on the highway.

People sit there and jerk off thinking about Google maps and the like. But they are no use without an internet connection. Meanwhile MS Streets & Trips works offline. FeedDemon works offline, Wikitaxi works offline. MS Word (or Softmaker office) works offline and gives a better experience than google.

@paintbox: Yup, recycled dumb terminal. The thing that gets me is stuff like word processors, while better than nothing, online applications can't touch a native app for performance, etc.

And online apps aren't a charity, they are a business. They aren't providing it out of the goodness of their heart. As of right now they make money by ads. Ads are anoying so I block them. What if too many people block ads? Will I have to change to a subscription version? I'm content with "having" a given version of software for eternity.

" Gina Trapini has an ongoing orgasm for this dubious form of longterm data handling, that's easy to see. But we'll see what the drewlers have to say in a year or five."

Especially some of the companies that you have never heard of before. Why would I trust them? A number of online services have disappeared before, bringing with them all their users' data. I don't worry so much about Google or Microsoft going out of business overnight, but others I do.

And so true about the orgasm. From the original article:
Don't get me wrong: I personally am right on the cloud bandwagon with all of you. My web browser is the one app I run on my desktop at all times; I've entrusted the likes of Google, Apple, Amazon, and Yahoo with my data just like you have.

Yay group think?

All of the above! Plus, many of us travel + work places that don't have 24/7 internet connection (free or not!). I still carry everything around in my laptop and backup on an external. Impt current documents on a flash drive for easy retrieval.

delightt

@gravi_t: How is it a lie? Did you read the TechCrunch article linked above?

"HC accessed Gmail for a Twitter employee by using the password recovery feature that sends a reset link to a secondary email. In this case the secondary email was an expired Hotmail account, he simply registered it, clicked the link and reset the password. Gmail was then owned."

bodar

For me, I distinguish the Vital stuff from the Rest. Most is the Rest stays in the cloud. I wouldn't want to lose my bookmarks or archived non-sensitive document data so I have backups and syncs and exports but nothing's there that's going to kill me if it slipped out. I've got mirrors and syncs all over the shop, it sounds like a bathroom! For pure convenience 95% of my web logon data is in a web-based password service, but only the ones that if breached wouldn't really matter too much.

Vitals are different - they stay on my computer and encrypted drives. There are just a handful of passwords to remember for the critical docs and websites.

devo1d

my concern with cloud computing is when my internet isnt working.. or when I'm away from my desk.. I dont have the money for 3G data cards..

mynamesafad

@UnderLoK: AND you using gmail make any privacy concerned person think twice about emailing YOU.

TheFu

@l337_7r4d3r: Similar, but not the same boat here.

I inhaled ... er .... "successfully." I'm not a failure like our former President who only "tried."

TheFu

@JacquelineToad: Bad news. Google has already parsed, read and categorized all your email into a profile before you deleted it. This summary follows your profile everywhere. Nice.

TheFu

@Miranda: If you are connecting to a single email server and not one that is replicated, geographically diverse and on redundant hardware, then you have bigger issues.

AND you need to fire your Technical Architect, unless you are the business owner and refused to pay for the system(s) that your tech arch recommended.

TheFu

Thinking about using Cloud Computing? See what Seyfarth Shaw Law Firm says. about the risks here: http://www.seyfarth.com/index.cfm/fuseaction/publications.publications_detail/object_id/9275a22b-3998-494c-84d8-7d234e503d82/IssuesRelatedToCloudComputingArrangement....cfm

I'm a proponent of cloud computing **inside** an enterprise, but can't believe the companies who risk all their data with external computing and storage arrangements.

TheFu

Along the lines of companies going out of business, companies end-of-life online products all the time, taking your data with them.

Ben Lee

One thing about the server unavailability issue: I used to download my email like everyone else, and I can't be the only person who ever dealt with server downtime during which I couldn't access my new mail for a few hours or send anything new.

This is not a "cloud" problem. The only new wrinkle caused by my email being online is the inability to access my archives if the server goes down. I think this is ameliorated by my mail now being more effectively searchable, by it not being tied to a single hard drive (or relatively complex measures meant to mirror it on multiple computers), and by the conversation feature in Gmail.

I wouldn't go back.

Miranda

The only cloud app I used is gmail, and even then I use pop3 to download then delete as soon as its in my mail client. Also, I delete any contact that are left in there when I log in from work....that way at least if the account is comprised, they cannot get any contact info or get any passwords from previous emails. I do not feel comfortable using google docs (or similar projects). I using computer software not webapps.

JacquelineToad

@l337_7r4d3r

atomicrabbit

@paintbox: dumb terminal - makes it seem like we are headed to just accessing everything off of the mainframe again... sad. i prefer to keep my stuff local, since if the 'net goes down, i still have my stuff. anything i have out in the cloud is either minor in importance, or encrypted (in case of wrong hand getting it) and all of it i have local copies of anyways.

gover57

@atomicrabbit: regarding your pr0n issues - don't use google. use yahoo - they store your ip+search stirngs for way less time (3-4 months compared to google's 9-12 months). that or don't search it for a few months before running... or just say you're a healthy adult who is curious blah blah ..

gover57

@P_Smith: +1 All of my important apps and docs i need are with me whenever i need them on one of my two usb keys. One 2GB and one 4GB are all i need, along side my third option of archiving all my music nd photos to cd/dvd's biannually.

gover57

@paintbox: well said. I 100% wholeheartedly agree with you. Except I don't use GMail as a backup. I don't use it at all. I prefer my own hosting server which has IMAP (which I use with a local email client) and it has it's own web access! wow!

And I have a hotmail account that I've had since hotmail began that is just for bullshit email (not even personal email -- more like joke emails I get from people and a couple mailing lists)

In terms of files and documents, I have an SFTP server set up on my computer. So I can still access my files from ANYWHERE IN THE WORLD, while it continues to be available locally on my computer whenever I want. My information gets backed up once a day to two external hdds and I can organize my information however I want. So what if I don't have a fancy "Google Docs" web interface (which technically I do because Serv-U has a FTP web interface). At least I'll have access to my files if my internet goes down!

So many people rely on google apps, even some companies! it's scary. I'd love to see what you all do if something happens to google one day. Everyone will be running around like a chicken with it's head cut off, and I'll be sitting in front of my computer saying "what? what happened? Google-who?"

There are so many alternatives that people don't know about, but just because Google simply markets themselves really well, people are amazed and tend to look the other way at all the cons -- cough -- total and blatant lack of privacy being just one -- cough.

And just to add to this. I think using 3rd party web services to store your information is an excellent resource -- as a BACKUP -- and providing that the TOS is reasonable. Somewhere along the fucked-up way, people started using web services like GMail as the ONLY source of their information. No backups, no nothing. I don't understand the logic in that!

atomicrabbit

I've been using tt-rss instead of google reader, roundcube instead of gmail, identi.ca instead of twitter and tracks instead of remember the milk - each works great and they are all AGPL software that means I own the code and the data. Identi.ca even runs an AGPL url shortener that will give you the whole database as csv if you want it.

It's easy to won your data. Just get on with it.

"a hacker who used Gmail's password recovery mechanism to break into an employee's personal Gmail account."

Sorry to disappoint, but that is a lie.

I just don't see the appeal of "cloud computing". There is a 100% guarantee that my data and programs will be on my USB Flash RAM, but less than that on someone else's computer. Why take the risk?

The only advantages I can see to it are being able to use software I don't have, that won't fit on my device, or not having to carry a storage device at all. I don't know about anyone else's USB devices, but my 16GB stick weigh less than an ounce, and my applications are less than half of a GB.

On top of that, if there's any lag or interruption of the connection, you can't get work done and there's a risk of work not being saved. And as another thread today discussed, transmitted data can be intercepted.

I simply do not see any upside to "cloud computing" except for the sharing of data, such as sites like Flickr.

I almost forgot: Why is there no all of the above in the poll? Is that a pro-"cloud" bias by Ms. Trapani?

P_Smith

@l337_7r4d3r: you think? the majority of LH users are like you!

atomicrabbit

I can never run for public office because of my illustrious career of devious internet pr0n:(

Seriously though... Does the govt read your emails? Ridiculous. They most certainly do not.

Are you emails stores in a database, permanently, so they can be read anytime, at leisure? Certainly.

Are there a variety of neural network programs being run against the database coming up with potential "terrists"? Probably.


Hm... starting to think I shouldn't trust Guwgle with 90% of my digital life.

l337_7r4d3r

This is an excellent reason to get your own hosting, and use AGPL software. Why doesn't lifehacker every mention this stuff? It is a useful alternative. These are things that work. Don't like twitter, install laconi.ca, or use identi.ca and problem solved (with more features).

http://autonomo.us/wiki/AGPL_list - list of alternative services.

I like being in control of my own data and wouldn't put it at risk, but I must admit that I do use Gmail for my personal email and while I do back it up, it still makes me nervous.

@This is why.

I don't want my computer to be reduced to the role of dumb terminal. That's it in a nutshell. We're coming full circle, only we have new buzz words for where we've already been. People are happily outsourcing control over to this collection of servers known as "the cloud" which is just as awful a description as "information super highway". That alone suggests that people are happily ignorant of the bad longterm consequences.

My issue is, control. Local control. Anything in "the cloud" is merely an adjunct or an extension to what's going on here on MY desktop with MY data. I look at Gmail as my remote backup array, until they take it away. And they *will* take it away. They'll change it, and I'll have no say. They'll alter the TOS to say they can, if they haven't already.

There is too much about "cloud computing" that is out of my hands. Gina Trapini has an ongoing orgasm for this dubious form of longterm data handling, that's easy to see. But we'll see what the drewlers have to say in a year or five. I'll still be keeping local copies of my stuff, and local client versions of apps.

paintbox

well, the thing about cloud computing and storing data is also something to be re-think .. as we can use aps and access remote data we WILL soon enough be able to carry more important data in an easier faster way than today, problems with data access will really be what you choose to be publish and what you choose to keep it secret with you... My point is imagine in few years from now a watch that can carry like 4 terabytes, that uses biometrics to identify its owner and it communicates wireless in a 10Gb band.. than remote access sft that also communicate with your cell watch or whatever...
We got to remember that the main reason of using cloud (on this matter) is for having whatever whenever once we bypass with technologies that allow us to host our own stuff on real time that will be pretty much a choice of which service (app) you will choose to use..
predict the future will be complicate, cause you know ... its open..

The idea of encrypting email seems to be left out of these discussions. That makes sense. It is one more step to take provided your email client supports PGP. Yet people regularly use safety envelopes when paying bills, etc.

Until people start to think of plain text email as being akin to a post card (something anyone can read) and encrypted email being akin to the aforementioned safety envelope, the hand wringing around this issue will continue.

Privacy takes a bit of work and forethought to attain, yet it is expected.

I imagine very few people would purchase something on the web if the transaction was not done over SSL.

Why wouldn't you want your business correspondence equally protected? You don't have to be wearing a tin foil hat to understand that an upset former employee who was always so helpful with your password problems could cause you some serious problems.

Corporate espionage sounds so remote to most. But it doesn't have to be more than one angry employee looking to punish you for transgressions real or imagined.

TammyBogdan

@Kevincumbria: As far as I understand the latest Twittergate (not the first one, which was a weak password issue), was a reset email going to a shutdown Hotmail account.

Slate recently published an article about "fix[ing] your terrible, insecure passwords in five minutes."

http://www.slate.com/id/2223478/pagenum/all/

kettlewhistle

@RosaElipster:

I too am an avid cloud user and I do think 5-10 years from now, cloud use will be the norm. But a balanced perspective on the issue has to put out the issues that still need work.

I thought Gina's article did a reasonable job of highlighting some current issues, though I personally think security deserves more mention than it got. While those who leave comments on lifehacker are generally pretty sophisticated about their security (and therefore can navigate the cloud relatively safely), most people are not.

The computing ecosystem that the majority of people use - a Windows XP or Vista system combined with weak password management and casual use of credentials (i.e. letting multiple social services access your Gmail contacts) is going to lead to many problems over the next few years. There have already been numerous reports of people who get locked out of the Gmail account, for example, because it got taken over by someone else and used to spam their contacts or other illegitimate purpose - and then it's hard to get the Gmail account back.

I personally wish that two factor authentication became standard and easy (i.e. a Yubikey or some other USB-stick-like solution required in addition to a password), as it would in one stroke eliminate the vast majority of security issues for the average user. I think cloud providers should push this, or some other form of cloud-wide security solution - so that the number of security issues does not escalate.

While it is already possible to use extensive cloud services securely, it requires considerable sophistication on the part of users to do so.

For whatever it's worth, I extensively researched the state of the Desktop versus the Cloud a couple months ago and wrote the following post about it, which in one section describes an extensive list of pros and cons (If anyone thinks I missed any pros or cons, feel free to leave a comment and I can update the post):

http://www.filterjoe.com/2009/05/29/the-desktop-or-the-cloud/

When I read the statement that it's "probably true" that the government is not reading your email, I was going to comment the question, "What's your basis for believing that?". But I see the full post on your site says it "may be true" that your email isn't read. Important difference.

@TheRedWolf:
Yes, I was wondering the same after reading that? What gives LH? Why is hotmail worse than gmail?

I use the cloud to move files from home to work, but I would never entrust the cloud to hold the really important stuff. I'm not going to risk years and thousands of dollars of work on other people's hard drives.

My redundant drives work just fine.

@penguiniator:

Agreed. At least most cloud apps support exporting to multiple data formats. Many local apps do to, but so far the cloud apps seem to emphasize this more.

sean000

I treat Cloud apps the way I treat email: Never put anything out there that you wouldn't want your colleagues, your competitors, your mother, your kids, your dog, or your friends & neighbors to see. For most of us there is nothing to hide in 99% of the what we do on the computer. For the remaining stuff that should be kept private: keep it local, keep it encrypted if necessary, and keep it backed up.

Cloud apps are a huge convenience in my opinion. I have always worked from multiple machines ranging from PDA/Smartphones to laptops and desktops. I used to use a PITA syncing routine to keep all my machines up to date. Since then I've been using Google Docs for years (since it was Writely), GMail, Google Calendar, etc. I'm a user of Evernote, Wizehive, social sites like Facebook, etc. My first question when evaluating a new iPhone app is, "Does it sync to the cloud?"

It's good to be concerned about privacy with this stuff. It is healthy to be concerned about keeping your medical history, SSN, plots for world domination, bank account information, etc. private. Worrying about whether or not Google is spying on your Honey-Do list and your emails about what you did on your summer vacation is paranoia. Most of us just aren't as interesting as we like to think we are, but all of us are susceptible to identity theft.

So like it is with any technology that puts you out there on the Web: Use common sense and best security practices. If you put all of your stuff out there in the cloud without taking basic security precautions that include a backup plan (such as offline copies if the cloud is unavailable), you are your own worst enemy.

Sean

sean000

@jonny6pak: Agreed, but typical "cloud" TOSs go way beyond that. As I understand it, facebook or flickr can use your pictures any way they want--including commercially. That applies even if you delete the picture from their site. That bothers me.

AmphetamineCrown

Gina, to be fair the Twittergate hack was simply down to bad password choice by the Twitter employee rather than any major fault with Google Apps. Most cloud services I have been reviewing have robust security protect but is all to no avail if someone uses a weak password.

Maybe the hacker found the Twitter employee via her tweets about taking her cat Piddles to the vet and it's a good bet that Piddles would be the password. Sadly it's that simple!

Kevincumbria

@darylgriffiths:

Well, I think if your formula is solid, the chance of anyone figuring it out by guessing, (assuming you aren't telling anyone what it is) is pretty astronomical. The only thing better would probably be a random password generator, but those aren't very easily remembered. We only use them here for the stuff that absolutely MUST be locked down with no exceptions, and they are ridiculously long and cryptic.

A random password generator is great, but if you can't remember what they are, that means you're storing it in readable form somewhere, which is a gaping security hole.

The 5 years time thing I don't understand. If you've been using it for 5 years, you a.) should have it committed to memory by then probably, and b.) are long overdue for a password change. If it's an account you haven't accessed in 5 years, odds are the account is closed anyway.

Personally, I use a good formula for mine, and I change my passwords to a new unique formula at least twice a year. (Complacency and never changing passwords is another reason people get hacked.) It's a system that works well for me. It's probably not a good system for someone with hundreds of accounts that all need passwords. In that case, a single really good strong password for all of them is most likely the better solution.

You could always mix it up into divisions or something too. Like, one formula for banking / finance accounts, another formula for purely personal accounts, i.e. Netflix, TiVo, etc...... use a few different formulas based on what they're for. Then even if one thing gets hacked, at least your entire system isn't going down in flames.

2 cents

DiscoZombie

@burnblue: Exactly. There is a market for this, whether residing on a home network (slow upload speeds are a downer, though), or on a remote server leased/owned by the user.

Data Lock-in and Third Party Control are my primary concerns. I never used to care about things being open until I started working with web and iPhone developers. Everything is so closed off that potential meaningful use of data and systems become impossible at times and it almost seems to stifle potential innovation.

jonny6pak

and make sure your alternate email is not Hotmail. - Why is this, is Hotmail easier to hack into than Gmail?

TheRedWolf

@AmphetamineCrown: I want to preface that Iam not talking about the majorly scary points in many TOS docs that seem to grant rights in perpetuity through the universe. I've read so many misunderstandings regarding TOSs over the years. On a fundamental level, one must grant a license to these sites in order to legally publish the photo. Without a grant of license, they have no right to act as your online publisher with respect to anything you potentially own. For some reason, a lot of people see the general license concept as a transfer, which just isn't true. There is no transfer of copyright, I don't even see mechanical copyright grants in the TOSs. IMO, most of the TOS docs are not drafted in an understandable manner, which I feel is the first thing to fix with cloud computing.

jonny6pak

@RosaElipster: Thing is, this is not sensationalist FUD. There are so many concrete examples of problems that have cropped up in the cloud like the Twitter break-in, Kindle remote deletion, photos not actually getting deleted from Facebook when you delete them, etc.

I'm not saying that cloud computing isn't the next logical step. In fact, I said that I am a fan and user myself of several great web-based services.

What I am saying is that users need to know what they're getting into, and even perhaps there should be regulations and standard practices providers should adhere to, so that Joe Schmoe doesn't have to wade through pages of legalspeak in the TOS every time s/he registers for an account somewhere.

@DiscoZombie: Interesting. I'd take issue with the first point. When I d/l my mail from the server, it deletes it. I save local copies of certain important emails, but generally they get deleted. That isn't to say my mail host doesn't have some kind of backup, but I'm guessing it doesn't go back years the way my local file does.

The other issue is that when your house is searched, you know it. Under the Patriot Act, the same isn't true of a certain amount of rifling around in your cloud accounts. Knowing you are a person of interest strikes me as a good thing for self protection if, in fact, you are being investigated.

I'd also say you misunderstood the data lockout point. It's not being temporarily shut out of your data because of a power outage, it's the threat that suddenly flickr becomes a pay site and you can't access your pictures unless you start paying a monthly fee. Or that they suddenly decide they are only storing 6 months of photos and everything else is getting sent to the bit bucket in the sky.

I'll agree people have to be smarter about security and passwords, but I'm guessing the threat of detection for someone hacking into an online account is a lot lower than the threat of detection for someone trying to break into my main computer at home--largely because my main computer at home is behind physical security and an internet hacker can be anywhere.

I do agree, however, that people's view of privacy these days is totally messed up. I really wonder if the twitters and facebookers and flickr'rs understand the true impact of allowing the public to see and read the stuff they post. My litmus test is whether I'd be willing to put whatever it is that I'm thinking of writing or posting on a 50' billboard in Times Square. Most people, apparently, don't think that way.

AmphetamineCrown

All very interesting, being locked out is my biggest worry. I use thunderbird with IMAP to keep copies of my email but I haven't moved to google docs other types of online services like that because I don't know any way to automate the back of them like you can with Thunderbird.

Any tools that help out here?

The two biggies are calendar and docs but other things too like images and general data need to have automated backup.

I think that's an article waiting to happen. Living life online while automatically backing up everything locally.

EdnaEnemite

Data lock-in is the only one of these that causes me any concern. In general, Google's security measures seem appropriate, as do those of most reputable sites that I frequent. OK, they might not be hack-proof, but I understand that risk. As for data unavailability, I make sure to have local copies of mission-critical information, so unavailability would be inconvenient but not devastating. And legal protection--really? Sure, I'd be mad if my house were searched, but I'm not concerned about what might show up. Same with my online activities. I'd like to think that a judge would ask for some reasonable questions before allowing my stuff to be searched--and a whole lot in this country depends on reasonable judges.

sweetmonkey

One issue not directly mentioned is the same as for locally installed proprietary applications: applications orphaned because the vendor goes belly up. At least with locally installed software you can still use the program until you can migrate your data. What do you do if a so-called cloud company goes out of business and takes your data with it?

penguiniator

Great article, I've been somewhat anti-cloud for a while now.

MkFly

What I want is for everyone to have their own cloud. The server is a NAS-like device sitting up in your bedroom, that you can access from anywhere as long as you are connected to the 'Net. It would host both the web apps and the photos or documents or whatever data you're manipulating.

burnblue

ALL of those are reasons that I never use google when logged in and don't have a Gmail account. There's such a thing as a company having too much info about you, and the ease in which Telecomms bowed to the NSA make me very nervous about the cloud.

Oh, and the poll should include an "All of the Above" option,

@young.lukas: Exactly.

@DiscoZombie: Re your password system. It's not bad but still has a fairly major flaw it that once someone has discovered that your password for Google is, say, piano03oogle, they're going to be able to guess that your password for say Youtube is going to be piano03outube. Also, what happens in 5 years time, when you have to try and work out what age you were when you signed up for Google?!
I'm not kicking your idea out, but it's just that it's something I've been thinking about a lot recently.
Like I say elsewhere in this post, if you're weighing up the risk/benefit and you're happy with it, then that's fair enough. What is scary is people using something like just their first name, all in lower case every time for everywhere...

darylgriffiths

Your comments are perfectly valid but are the same old same old of the cloud-skeptics. Cloud computing is suffering the same nay-saying that internet banking did in the early days - it's all FUD about security, control, access etc.

In reality when using a cloud solution, provided you have carried out your own due diligence, your data is in fact more secure. Would you agree to the license agreement of a local copy of software that moved all your private data to an open network, no of course you wouldn't because you scrutinized the license agreement first. The same is true with the cloud - any vendor who doesn't give satisfactory assurances isn't going to last. One of the major benefits of the cloud is that YOU don't have to do anything, the security is taken care of for you and thanks to huge economies of scale the security will be far greater than you could ever afford locally.

Cloud computing makes huge technological and economic sense; the skeptics are simple prolonging the agony ( I include the oxymoron of 'Internal Clouds' in that description too) - in reality, there is no agony if you take the time to examine your cloud vendor thoroughly. But then again, when was the last time you read a license agreement before clicking 'I agree.'

RosaElipster

@DiscoZombie: The data lock-in / control is the issue for me.. Like the Twitter situation where you can't export more than a certain amount is just like data loss but that I'm the one losing the data, not them.

burnblue

Anyone besides me concerned about the rights they give up when pushing data up to the cloud? As far as I remember, you upload your pics to flickr, they gain certain legal rights to the use of those. Same with facebook and a bunch of other similar photo and social networking sites--take a good read through the TOS and you'll be shocked at what you are giving up. That bothers me. Not that I'm ever going to commercially sell my photos, but the idea that someone could potentially use them (or an image of me) in a way I dislike bothers me.

AmphetamineCrown

The biggest issue to me and one that I don't see changing anytime soon is actually bandwidth limitations. When you need to pay extra to Time Warner to get "Turbo" internet that provides upload speeds "up to" 1 Mbps, there really isn't any point in bothering with cloud services for non-trivial stuff.

@Gina Trapani:
So it's more of a separation between whether whatever company has your data will give it away to anyone in a lawyer's suit with sufficient fancy documents and whether that data can be easily reached by hackers?

young.lukas

@darylgriffiths: Ah, ok. I just clarified the poll responses to match my article subheds. Should show up soon from PollDaddy, thanks.

Like you (and quite often, on the back of your recommendations!!) I'm sticking a bit more stuff in the cloud.
I'm using different services so that I'm not totally screwed if one of them goes down but the flipside is that, by doing that, I'm also creating more access points for my security to be breached...!
I know some people are totally freaked out by the thought of having stuff stored in the cloud, but I take the view that I'm aware of the risks and am careful about who I sign up with. Even then there is still some risk, but I am aware of it and weighing that against the benefit of the availability of my stuff.
Some sensible precautions do have to be taken though, for sure. I advised someone the other day who kept their passwords online in a Google Docs spreadsheet (because they had 70+ passwords etc for different sites and accessed these from different places - work, home, parents, etc) to move them to Passpack. Now this is still in the cloud, but it has a much higher level of security attached. So, still some level of risk, but they were aware of the risk and went with the low risk of Passpack, which was certainly a safer bet than using Google Docs, even though they "always connect via https" to Gdocs!
(Gina, Passpack is worth a look by the way: www.passpack.com . I'm not affiliated with them in any way, other than that I'm a very happy user!)

darylgriffiths

everytime something about the cloud or streaming comes up the pros/cons almost always miss internet speed. I live in one of the largest cities in the world and i still get 3mbs internet speed. thats not fast enough to stream HD let alone move around large files.

Khamel

@Gina Trapani: I'm guessing that alot of people voting in the poll are confusing Privacy and Security. It took me a couple of seconds to mull it over and make sure I picked the one I meant.
I understand "privacy" to mean being able to keep my data private from anyone else who doesn't have my permission, or a court order, to view it.
Security, I read as cloud providers keeping my data secure or me accidentally/carelessly giving away my security details (password, etc).

darylgriffiths

I would venture to guess that the USB stick option is more vulnerable than the cloud-- loss, theft, etc. Also, there are an alarming number of laptops that get stolen every day.

I think that synchronization with the cloud is key; this way you can access your data when online or offline. Also it is up to us, as professionals and consumers, to push for higher levels of security and privacy in the products we choose.

As far as government invading our privacy...don't get me started on that one now...

@Gina Trapani:
Thank you.. my wife lost the last emails from her father this way. I installed a mail server in my house afterwords and have never gone back. I still have every email I want to keep from that day forward and I know that it is backed up properly. It's never going away unless I want it to.

malibu66

@whiteflea: The issue with Hotmail is that they shut down inactive accounts after a certain amount of time. So, if you don't log into your Hotmail account for longer than that period, it gets shut down. Then, all a hacker has to do is re-register your Hotmail account, request a password reset for any of your other accounts (Amazon, Ebay, etc), and s/he can reset your password at those other places.

@Angry Numismatist:
So you would rather give up your privacy then by a USB drive with one-touch backup?

malibu66

@young.lukas: Legal privacy protection is separate from security, no?

The email privacy issue and data-lockout issue are both really a wash.

They may need a search warrant to search your hard drive at your house, but why couldn't they also just subpoena your ISP or hosting account where your domain is located, thus also bypassing your house / search warrant requirement the same as going to the cloud company? I see no benefit to keeping your email local based on that point. It's not ever 100% local. It's sitting on a server somewhere, or has passed through one. Also, if they're going to the length of getting a subpoena, then there's probably something they want bad enough to get a search warrant also.

The data-lockout issue is also really a wash unless we're talking about sitting and reading through a bunch of old emails for nostalgia while your power / Internet is down. You can't check your non-cloud email when it's down either. You still need access to get anything new.

Privacy is an illusion. Want total privacy guaranteed? Don't use the Internet. Cloud email is no less private than desktop email. Neither are really completely secure and I wouldn't be putting in details like credit card numbers in either one. It amazes me how people get all worked up about privacy, yet have Facebook or MySpace accounts with ALL of the details of their lives right out there on the Net.

My only concern really with the cloud is loss of data. Stuff happens, and the explanation or excuse doesn't matter much if your data is toast. Email is fine, because the way I see it, it's email. If it gets lost, so what. If it was important, I would've saved a local copy. Docs on the other hand, are usually important if they're in digital form, otherwise they wouldn't need to exist, so I only keep those locally. The cloud may have 100s of servers and redundancy and all that, but when it's local, I KNOW how many backups I have and how current they are.

Security? Well, don't be a tool and use the same password for everything, and don't use easy to guess security answers or passwords. That type of security breach falls entirely on the user's lack of appropriate thinking. Create a password system instead. Like, pick some random object (your piano), plus your age reversed (if you're 30 then 03), plus the name of the account minus the first letter, (Google = oogle), so your password would be piano03oogle for that account. Use the formula for everything. It's easy to remember because it's YOUR formula, but hard to guess because it makes no sense to anyone but you. Make any formula you want that works for you.

DiscoZombie

I'll use the cloud only when I'm satisfied that I control my data.. By this I mean, I have contractual and trustworthy guarantees that my data is really deleted when I delete it, and that the only people who access my data are myself and any specific person that I allow. No, I am not even comfortable with mile-high analysis that my data is a part of, because that means that there is a back door open somewhere and some technician can drill into it if they want to.
Google and Facebook so far have yet to accomplish any of this.

malibu66

There must be an easier way to backup Gmail etc. rather than using a ye-olde Unix system that doesn't take account of labels or anything else. Surely?

YumaAmarynceus

Isn't privacy and security pretty much the same concern? In order to broach privacy, you have to get past the security, and to get past security is to broach the privacy.

young.lukas

If I don't want to pollute my Gmail account by hooking it up with things like Amazon, E-Bay, and the like, then what service do people recommend? I've been using Hotmail as my "spam" account for years, but I'm willing to change if there is a good alternative.

whiteflea

There are certainly some reasons why SaaS is they way to go. Lower startup costs, no need to lay out the cash upfront for expensive servers, rather pay yearly or monthly. Lower administration costs. SaaS is not platform dependent, employes can used what ever OS they like. For a small bootstrapping businesses, SaaS is the way to go. Once you hire your own IT staff, not contractors, it's time to ween off SaaS.

adp113

This is why I like my Palm. All of my info is synced from my online services (Gmail, Facebook, Exchange) to my local device. If the service goes down I have the most up to date version on my device and as long as the services are up I can connect seamlessly with them. Very helpful for contact and calendar management.

JerryA

I don't think it necessarily has to be one or the other. The cloud offers a huuuuge convenience and some protection against your own hardware failure. For private/personal documents keeping them on an encrypted HDD local to you may be a better option as someone has to have access + password to break that. So while maybe a resume goes to the cloud, my emo poetry stays locked away.

I mean my pr0n....

Angry Numismatist

I'm no conspiracy theorist or privacy alarmist. I also don't rely 100% on the web, but that's for other reasons. Anyone remember the dot com failure of what, 2000, or something? My biggest concern is putting all your eggs in one basket, and being as careful as you can without being paranoid.

magnoliasouth

I'm not sure if I would pick server unavailability or data lock-in. They both are part of my main concern about cloud computing: General loss of data, regardless of cause.

I would love to use Google Docs, for instance, but the thought of something happening and losing me that access is horrifying. At least on my own system I know I have appropriate safeties and backups.

kyre

Yeah, just had my hotmail account hacked. It's lovely to get phone calls and e-mails from everyone you've ever contacted (including co-workers) regarding my "recommendation" of an electronics website. Made me re-think online security for sure.

bluejimi

For me, it's really both data lock-in and privacy. In general, I'm not too worried about people spying on my data, but I also don't want to put all my documents up online for everyone to potentially see, and I certainly don't want to lose it all there when something goes wrong. I'll keep doing e-mail online, but most other things I'd still rather do non-cloud.

thebigcheese

I just carry around a flash drive that I keep all my documents on because I use three different computers throughout the day. Flash drives these days are cheap and come with massive storage. My personal one is 16gb but looks like I need a bigger one soon lol.

mayurolla

great article, interesting to read for me because i'm a multimedia designer.

I guess what worries me the most is security, how can i ever be sure that my data will be stored in a normal and a good way.

I had this argument about privacy once and that i refuse to give in on such things and i got some great things from that discussion. One of them is that your privacy will never change. Even now an archive has the same privacy issues as an online storage server..

Rbstijl

If you want ten reasons to avoid cloud computing, but in a more ominous tone than Gina's, go here:

http://www.techtangerine.com/2009/06/02/ten-reasons-why-cloud-computing-is-a-bad.../