The Potential Of Google Sync To Be Used For Both Good And Evil
from the linking-up dept
When Google first launched its desktop search product over a year ago, some wondered if it would end up being a gateway to accessing data on your desktop from other devices, such as mobile phones. While Google hadn't said much about it, it now looks like they may be moving in that general direction. The company has launched a new product that turns the Google desktop product into a tool for linking and syncing data on different machines. Right now, it appears to just be computer to computer, but it's not hard to see how this could expand much further as well. What's interesting, though, and perhaps a bit problematic, is that Google is storing data on its own servers for about 30 days in order to do this -- rather than doing direct peer-to-peer. This has the advantage of allowing people to sync, even when a machine is offline. However, it also raises some questions. While some think that makes it compelling, as it will allow a number of new applications to be developed, others worry about it, in light of the recent attempt by the government to get access to Google data. This might be a case where they're both right. The feature has a lot of potential... but it will only go so far as people are confident that Google will (and can) keep their data private.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Perhaps encrypted locally before stored remotely?
Perhaps if the data is encrypted in a 128-bit way before transmission to the Google servers? At least this would be some layer of protection.
I would, in addition, never back up super-sensitive data or information to any server to which I could not have personal access.
[ link to this | view in thread ]
Re: Perhaps encrypted locally before stored remote
[ link to this | view in thread ]
Re: Perhaps encrypted locally before stored remote
You would need at least 4096 bit encryption and a passphrase of 10-15 unrelated words and number sequances for a strong pass key.
Even this might be no problem to the new quantam computers in development which i strongly suspect the top echelons of world governments already have.
[ link to this | view in thread ]
Re: Perhaps encrypted locally before stored remote
[ link to this | view in thread ]
No Subject Given
[ link to this | view in thread ]
Re: Perhaps encrypted locally before stored remote
My pass word is 12,432,233.1 characters in length.
What sucks is China just called and said that they want their "computer back". I'll be damned if they get this machine back. I haven't had to pay a single dime in heating costs all winter!
[ link to this | view in thread ]
Re: Perhaps encrypted locally before stored remote
of course, they might just use your google account password in which case it might as well not even be encrypted.
[ link to this | view in thread ]
Re: Perhaps encrypted locally before stored remote
[ link to this | view in thread ]
Re: No Subject Given
30 days should be enough time for you to do that, before it is deleted.
Makes sense to me
[ link to this | view in thread ]
Re: Perhaps encrypted locally before stored remote
[ link to this | view in thread ]
Re: Perhaps encrypted locally before stored remote
[ link to this | view in thread ]
No Subject Given
And that "I don't ever do anything wrong, so I don't care" attitude is stupid and naive. It is clear that our government feels comfortable taking a wide range of actions against individuals (from wiretaps, to detainment, to torture) regardless of any evidence of wrongdoing. So, keep that head in the sand, specially when the electrodes are connected to your balls because a Bush henchman thinks your Word doc that contains the phrase "ladle in the bin" is a covert reference to bin Laden and warrants further investigation...
[ link to this | view in thread ]
Re: No Subject Given
It's never a good reason for a system to be forced on everyone, or any unwilling participant. In this case, it's no big deal, the paranoid simply need not use this service.
[ link to this | view in thread ]
conspiracy?
Google wouldn't turn over 10 days of random search history because they would have something much better to turn over (notice how the gov 'quietly' backed down from Google denying them the data)... because Google will now have 30 days of 'meaningful' data to relinquish.
...or this all could just be another conspiracy.
[ link to this | view in thread ]
Stupid and naive is no way to go thru life
[ link to this | view in thread ]
The masses///
- common sense, is never found in the masses. Look where everybody else is heading, and go the opposite way. or at least take it at an angle...
[ link to this | view in thread ]
Re: Stupid and naive is no way to go thru life
[ link to this | view in thread ]
Re: Perhaps encrypted locally before stored remote
[ link to this | view in thread ]
No Subject Given
Hell, the could just nationalize the phone system and include unlimited, no warrant wiretap access in the EULA and privacy policy.
That's where we are headed anyway.
[ link to this | view in thread ]
Re: Perhaps encrypted locally before stored remote
You don't read enough about cryptography, Poison Pen. 128 bit is still sufficient. 2^64 checks is still difficult, but given the sheer enormity of data and the possibility of highly obscure file formats, this may easily be enough to make it impossible for Google to read everyone's data. Remember, if everyone used 128 bit encryption and they tried to crack it, they'd have to crack everyone's key. That's multiple near bruteforce decrypting operations, thousands or millions possibly.
10-15 unrelated words and number sequences? Typically, using a truly unique word, number, and symbol combination and hashing it is sufficient. This is what most encryption programs do, they don't accept keys under a certain size. And if you go over the size limit, then they are still hashed, and shrunk to the size they use. As an example, 15 words of 4 letters each is 60 letters, or 480 bits. Already, you're into the territory of Completely And Utterly Redundancy. Add in some numbers, and you don't actually increase the security of your key. E.x., with a 128 bit key, if your password is any longer than 16 characters—xxxxxxxxxxxxxxxx—you are wasting your time. With a 256 bit key, you can go up to 32 characters, and with a 512 bit key, you can go up to 64 characters.
4096 bit key? Unless your password is 512 characters, it's completely pointless. And the only reason you'd ever use 4096 bit encryption is for public key encryption. AES has no mode for over 512 bits. Neither does any other block mode encryption.
As for the rest of your BS about "new quantum computers," research labs are just barely able to factor integers using them. That said, they are capable of factoring integers at a rate that greatly exceeds, at least on paper, that of a traditional computer. But I'm not afraid of a computer that can't store more information than I can write on my hand, let alone perform bruteforce decryption on even something as short as a sentence. But even this is to no avail, because AES doesn't use integer factorization, and quantum computers may not give you any advantage in decrypting AES ciphertext.
[ link to this | view in thread ]
ALTs
[ link to this | view in thread ]
No Subject Given
I would imagine this key would be set by Google. Another article I read said that there would be some people at Google who would have full access to your data.
[ link to this | view in thread ]
No Subject Given
uh ya I'm just going to sync my copy of Scary Movie, and give the url to all my friends so they can uh, sync it too..
[ link to this | view in thread ]
Re: No Subject Given
[ link to this | view in thread ]
Re: No Subject Given
[ link to this | view in thread ]