Reader Comments

Subscribe: RSS

View by: Time | Thread

• 

  Jimmy Bear Pearson, 9 Feb 2006 @ 9:42am

  
  

  Perhaps encrypted locally before stored remotely?

  The idea of my data stored in a system over which I have no control does bother me - as much as storing credit card data in merchants' systems bothers me.
  
  Perhaps if the data is encrypted in a 128-bit way before transmission to the Google servers? At least this would be some layer of protection.
  
  I would, in addition, never back up super-sensitive data or information to any server to which I could not have personal access.

  [ link to this | view in chronology ]

  • 

    Matt Bennett (profile), 9 Feb 2006 @ 10:28am

    
    

    Re: Perhaps encrypted locally before stored remote

    Well, if people are overly concerned, they don't have to use it. They key is that it's never forced on them.

    [ link to this | view in chronology ]

    • 

      Jonathon, 9 Feb 2006 @ 10:46am

      
      

      Re: Perhaps encrypted locally before stored remote

      Exactly, I appreciate what privacy advocates do in terms of raising concerns. However, google or whoever can offer any service and so long as they are open about what they can and do do with the info that they have. I had a better though a second ago, but it has now escaped me...

      [ link to this | view in chronology ]

  • 

    A Funny Guy / The Poison Pen, 9 Feb 2006 @ 10:45am

    
    

    Re: Perhaps encrypted locally before stored remote

    If you think 128 bit encryption will stop anyone who is determined to crack a code... you are sadly misinformed.
    
    You would need at least 4096 bit encryption and a passphrase of 10-15 unrelated words and number sequances for a strong pass key.
    
    Even this might be no problem to the new quantam computers in development which i strongly suspect the top echelons of world governments already have.
    
    

    [ link to this | view in chronology ]

    • 

      ?, 9 Feb 2006 @ 11:07am

      
      

      Re: Perhaps encrypted locally before stored remote

      4096? I'm using 8192 encryption on my quantam desktop computer.
      
      My pass word is 12,432,233.1 characters in length.
      
      What sucks is China just called and said that they want their "computer back". I'll be damned if they get this machine back. I haven't had to pay a single dime in heating costs all winter!

      [ link to this | view in chronology ]

    • 

      Anonymous Coward, 9 Feb 2006 @ 11:09am

      
      

      Re: Perhaps encrypted locally before stored remote

      setting aside obvious concerns about passphrase strength, your comments on bits is mistaken and oversimplified. some asymmetric algorithms are crackable at 128bits, others are not. symmetric algorithms at 128bit are not crackable. asymmetric approaches seem unnecessary to me for this application. only you know the passphrase, and so only your computer knows the key used for both encryption and decryption. data goes to google, they cant touch it because they dont know your password.
      
      of course, they might just use your google account password in which case it might as well not even be encrypted.

      [ link to this | view in chronology ]

      • 

        ?, 9 Feb 2006 @ 11:10am

        
        

        Re: Perhaps encrypted locally before stored remote

        Encryption is for pussies.

        [ link to this | view in chronology ]

      • 

        Trevor, 9 Feb 2006 @ 1:31pm

        
        

        Re: Perhaps encrypted locally before stored remote

        There are MANY tools out there for encryption, one I ran into had a clever soloution for relatively weak passphrases. The program used the sha-512 hash to generate the symetric key, butit ran the passphrase through 1000 times, this is computationally intensive and slows down a dictonary attack on the passphrase significantly. It is not perfect, but it makes things a bit more secure and with a decent (30 digit of so) passphrase can really slow down any would be cracker. Also, computing the sha 512 1000 times is not that bad for one passphrase, it just adds up for countless bilions of passphrases. This also gets around most rainbow tables, since they are computed for one run through a hash.

        [ link to this | view in chronology ]

    • 

      Dam, 9 Feb 2006 @ 12:00pm

      
      

      Re: Perhaps encrypted locally before stored remote

      but, realistically, is anyone with that kind of horsepower going to want to have a look at my tax returns, checkbook or pr0n? More power to them if they do.

      [ link to this | view in chronology ]

      • 

        Clay, 9 Feb 2006 @ 12:10pm

        
        

        Re: Perhaps encrypted locally before stored remote

        I really don't care if Google, or anyone else, wants to spend valuable time looking through my e-mails to my friends about the newest cell phone or MMORPG, or any other files like my Trillian logs or which games I have installed on my computer; I don't have anything to hide from anyone.

        [ link to this | view in chronology ]

    • 

      Aaron Friel, 9 Feb 2006 @ 2:04pm

      
      

      Re: Perhaps encrypted locally before stored remote

      Holy overestimates, batman!
      You don't read enough about cryptography, Poison Pen. 128 bit is still sufficient. 2^64 checks is still difficult, but given the sheer enormity of data and the possibility of highly obscure file formats, this may easily be enough to make it impossible for Google to read everyone's data. Remember, if everyone used 128 bit encryption and they tried to crack it, they'd have to crack everyone's key. That's multiple near bruteforce decrypting operations, thousands or millions possibly.
      10-15 unrelated words and number sequences? Typically, using a truly unique word, number, and symbol combination and hashing it is sufficient. This is what most encryption programs do, they don't accept keys under a certain size. And if you go over the size limit, then they are still hashed, and shrunk to the size they use. As an example, 15 words of 4 letters each is 60 letters, or 480 bits. Already, you're into the territory of Completely And Utterly Redundancy. Add in some numbers, and you don't actually increase the security of your key. E.x., with a 128 bit key, if your password is any longer than 16 characters—xxxxxxxxxxxxxxxx—you are wasting your time. With a 256 bit key, you can go up to 32 characters, and with a 512 bit key, you can go up to 64 characters.
      4096 bit key? Unless your password is 512 characters, it's completely pointless. And the only reason you'd ever use 4096 bit encryption is for public key encryption. AES has no mode for over 512 bits. Neither does any other block mode encryption.
      As for the rest of your BS about "new quantum computers," research labs are just barely able to factor integers using them. That said, they are capable of factoring integers at a rate that greatly exceeds, at least on paper, that of a traditional computer. But I'm not afraid of a computer that can't store more information than I can write on my hand, let alone perform bruteforce decryption on even something as short as a sentence. But even this is to no avail, because AES doesn't use integer factorization, and quantum computers may not give you any advantage in decrypting AES ciphertext.

      [ link to this | view in chronology ]

• 

  Chris H, 9 Feb 2006 @ 11:05am

  
  

  No Subject Given

  Not a chance in the World I would ever use this service. If Google says they won't use your data and only a few key people will have access why the need to hold on to it for up to 30 days?

  [ link to this | view in chronology ]

  • 

    Fantastical monkey, 9 Feb 2006 @ 11:36am

    
    

    Re: No Subject Given

    As said above, it will allow you to sync computers, when the other is offline.
    
    30 days should be enough time for you to do that, before it is deleted.
    
    Makes sense to me

    [ link to this | view in chronology ]

  • 

    samej71, 8 Jun 2006 @ 8:13pm

    
    

    Re: No Subject Given

    They only store it long enough to give you time to sync the other computer(s) with the data. It's *up to* 30 days, meaning it could be 30 minutes, 1 day, 1 week, or all the way *up to* 30 days. If you don't sync by then, then you'll have to start the process over again.

    [ link to this | view in chronology ]

• 

  Anonymous Coward, 9 Feb 2006 @ 12:20pm

  
  

  No Subject Given

  Just my opinion, but in light of recent events, you would have to be a MORON to voluntarily store huge amounts of corporate or personal info on a third-party system like this.
  
  And that "I don't ever do anything wrong, so I don't care" attitude is stupid and naive. It is clear that our government feels comfortable taking a wide range of actions against individuals (from wiretaps, to detainment, to torture) regardless of any evidence of wrongdoing. So, keep that head in the sand, specially when the electrodes are connected to your balls because a Bush henchman thinks your Word doc that contains the phrase "ladle in the bin" is a covert reference to bin Laden and warrants further investigation...

  [ link to this | view in chronology ]

  • 

    Moogle, 9 Feb 2006 @ 12:38pm

    
    

    Re: No Subject Given

    No, "I don't ever do anything wrong, so I don't care" is a perfectly good reason for one person to decide to use an opt-in service.
    
    It's never a good reason for a system to be forced on everyone, or any unwilling participant. In this case, it's no big deal, the paranoid simply need not use this service.

    [ link to this | view in chronology ]

    • 

      Anonyous Coward, 9 Feb 2006 @ 1:07pm

      
      

      Stupid and naive is no way to go thru life

      So, if you came home from work and found the FBI going thru your bedroom drawers, you would just shrug and say "no problems, I've got nothing to hide"?

      [ link to this | view in chronology ]

      • 

        Anonymous Coward, 9 Feb 2006 @ 1:16pm

        
        

        Re: Stupid and naive is no way to go thru life

        Actually, i would be less pissed about that than them getting data from google for a number of reasons. First, either way, I am innocent and they were mistaken to be going through my stuff. Secondly, It is at least possible for me to catch them doing it if theyre rifling my house, whereas google will just hand it over and no one will ever know. There is presumably a much higher burden of suspicion to invade someone's home than there is to demand their data from google. So I would be saying "you assholes, i havent done anything and wheres your #*($&$ing warrant, and im glad you didnt grab all my data instead"

        [ link to this | view in chronology ]

• 

  VHS, 9 Feb 2006 @ 12:57pm

  
  

  conspiracy?

  
  
  
  Google wouldn't turn over 10 days of random search history because they would have something much better to turn over (notice how the gov 'quietly' backed down from Google denying them the data)... because Google will now have 30 days of 'meaningful' data to relinquish.
  
  
  ...or this all could just be another conspiracy.
  
  
  
  

  [ link to this | view in chronology ]

• 

  Ben McNelly, 9 Feb 2006 @ 1:16pm

  
  

  The masses///

  The masses will always be led by the nose, the issue here is setting a dangerous habit for the future. As people become more and more used to thier online life using tools like this, they are none the wiser when thier 4th admendment right are violated. I am an avid google-ite, but the whole gmail, (and recently gtalk saving your chat hist "opt in" of course) + stuff like this worries me.
  
  - common sense, is never found in the masses. Look where everybody else is heading, and go the opposite way. or at least take it at an angle...

  [ link to this | view in chronology ]

• 

  Anonymous Coward, 9 Feb 2006 @ 2:02pm

  
  

  No Subject Given

  Why doesn't the NSA offer Internet search, email, and data transfer services and cut out the middleman?
  
  Hell, the could just nationalize the phone system and include unlimited, no warrant wiretap access in the EULA and privacy policy.
  
  That's where we are headed anyway.

  [ link to this | view in chronology ]

• 

  Phranq da tank, 9 Feb 2006 @ 2:48pm

  
  

  ALTs

  This is why I roll alts... you can just mail stuff to them so it doesn't take inventory space in the bank or in your travelers backpack...

  [ link to this | view in chronology ]

• 

  Chris H, 9 Feb 2006 @ 5:21pm

  
  

  No Subject Given

  Did I miss an important part in one of the articles? Where does the user get to set the encryption key for the file transfer?
  
  I would imagine this key would be set by Google. Another article I read said that there would be some people at Google who would have full access to your data.

  [ link to this | view in chronology ]

• 

  Paul, 9 Feb 2006 @ 11:24pm

  
  

  No Subject Given

  Anyone else see this as becomming the next big filesharing system?
  
  uh ya I'm just going to sync my copy of Scary Movie, and give the url to all my friends so they can uh, sync it too..

  [ link to this | view in chronology ]

  • 

    Anonymous Coward, 12 Feb 2006 @ 10:32am

    
    

    Re: No Subject Given

    You mean, you're going to go over to your friends house, set up a secure and private account on their personal computer with custom file access permissions—which they would never, in their lives, violate—and watch your copy of Scary Movie over there. Not in their presence either.<br><br>At least, that's what your lawyer might say.

    [ link to this | view in chronology ]