Wednesday, October 12, 2016

Is the Cloud Safe? Probably Not.

Storing sensitive data on the cloud might not be a good idea.

I wrote before about "the cloud" and how the term got started from white-board drawings.   While the Internet has been a great boon to mankind, the powers-that-be are trying to use cloud computing to basically take away power from users of personal computers.

The Personal Computer was a revolution for mankind in that it allowed individuals to operate their own computers.  Prior to that time, the mainframe computer was an enormous beast, locked away in specially air-conditioned vaults and attended to by a small army of acolytes - much as today's server farms are.   If you wanted almighty data from the computer, you had to ask nicely of the computer nerds, or you wouldn't get anything.

The PC changed all that - allowing small companies and individuals to process their own data, at first just spreadsheets and documents.  With the Internet, this expanded to include data searching and online communication.   But the PC remained the center of power for the individual.

And we can't have that, can we?

Early on, "thin client" products were bandied about - stripped-down PCs which would operate off a central office server, often with no real storage (hard drive) in each PC.   I worked at an office who bought such a system.  It worked fine until the mirrored drives in the server crashed and it took a week to recover our data.   In the meantime, we had to run WordPerfect for DOS on floppy discs to get any work done.

Thin client puts all your eggs in one basket, which is fine, so long as someone is watching that basket.

Today, the same idea is being promulgate through "cloud computing" which is the same concept only using online servers to store all of your data or even run programs (which increasingly are referred to as "apps").   So instead of loading your word processing program on your computer and storing your files on your hard drive, they want you to subscribe to a word-processing app and then store all your documents in the cloud - on someone else's server somewhere out there.

And you can guess what happens if you stop paying the subscription fees.   Once again, we find corporations getting greedy, no longer content to just sell software but instead sell subscriptions.   And over time, the consumer will succumb to "subscription fatigue" as they pay more and more every month for everything from cable TV to XM radio to Pandora to online magazines, and now, for storage and software.  It starts to add up over time - to a lot of money.

The appeal to companies, such as Microsoft, is obvious.  You get a steady stream of income every month, even if you are not really doing anything.   Unlike the software upgrade, the consumer has no choice but to keep paying and paying every month, every year, for decades.

Older software that works doesn't need to be upgraded.  I run an older version of Quickbooks and it works just fine.  Since I have the installation DVD I can load it onto any machine I own.   The only downside is that I can't export files to other users, as Quickbooks makes sure to make older file types non-compatible with newer version.   And this is not by accident.

I wrote before about .DOCX documents and Microsoft's attempt to obsolete the very functional Word 2000 in favor of a newer version.   By making the documents incompatible with older versions of WORD, they force users to upgrade to the new version (or like I do, use the shareware OpenOffice suite to view and convert those documents to .DOC format).

Word 2000 works just fine, thank you.  And Windows 7 Ultimate beats the crap out of Windows 10, particularly on an older computer.   And that is the other part of the equation - many of us stopped upgrading our PCs ages ago as Internet speed turned out to be the real limiter of PC performance, not processor speed or hard drive access time.   So my old computer (and it is nearly a decade old, an eon in the computer business) will continue to soldier on for a few more years, well into my retirement.  It may in fact be the last computer I buy as a laptop or even phone might serve my needs in the future.

Of course, the smart phone is the ultimate cloud computing device, as they don't have a lot of memory to store data (even with a large SDRAM installed) or programs.   So much of what we do on smart phones is based on the cloud.   Although I found I could install 10,000+ songs on an SDRAM in high-resolution .wav format (MP3 sucks) with little difficulty.

The cloud won't go away anytime soon, as companies will continue to push and prod us into storing data there, arguing it is "safer" than a crash-prone hard drive.   And I know a lot of folks who have lost albums of data and their entire music collections as iPods or hard drives crashed and were unrecoverable.   Of course, they failed to back up their data redundantly, so part of the error is on their part.   Also, it is not a bad idea to just let data die sometimes.   Keeping lots of records and stuff might seem like a keen idea, but it can be awkward and difficult.   You really only need financial records back about 7 years or so.  Keeping your old paper-route ledgers is really kind of stupid at this point in your life.

But the question remains, is the cloud a safe place to store data?  And with recent "hacks" of e-mail accounts, you have to wonder if it is.  I recently read online about how Yahoo! had about 500 million accounts breached.  That's a lot of accounts.  And they took their sweet time telling people about it - like a couple of years.   I changed the password on my old dormant Yahoo! account immediately, of course.  There doesn't seem to be any indication of anyone tampering with my account.

Of course, others fall prey to common Yahoo! trolling e-mails, whose badly worded pleas scare consumers into thinking their account "will be closed by the security department!" unless they provide their username and password by return e-mail.   These clumsy attempts often work, and they get less clumsy over time.   Most of my friends who have Yahoo! accounts have fallen for this gambit at one time or another.

But getting back to my dormant account.  When I logged on, I was kind of shocked to see how much personal data I had put on the cloud.   Copies of my tax returns were stored in the e-mail account, as sent from my late accountant.  These included my address and Social Security number!  I also had uploaded backup copies of my Quickbooks files, which included a lot of financial data.   I quickly erased all of these e-mails, including responses in the "sent" files.   I also made sure to empty the TRASH file once the e-mails were deleted.

If someone had hacked into the account (through Yahoo!'s data breach) they might have been able to obtain a lot of financial information which could have been used for a tax refund hack (filing a false return in my name, using my social security number, to claim a refund) or some sort of bank account or credit card hack.

I also realized that there was no point in keeping this data in the cloud.   Old financial records are just that - old and obsolete.   I would not need them for anything in the future.   My current records on the hard drive were more than sufficient - and backed up onto two portable drives, two laptops, and three PC hard drives (a septuple redundancy) which is arguably more robust than the cloud (memory sticks or SDRAMs are another viable option).

The promise of the cloud is enticing.   You can keep all your data there and never have to worry about it.  You can access your data from any device, without having to load it onto each device and sync and update it.   But that promise is somewhat flawed on a number of fronts:
1.  Your data can be hacked or stolen, if the cloud server is not secure.   In the past, this seemed far-fetched.  But major companies such as Yahoo! are being hacked with regularity, so the idea that your data is "secure" with a big company is sort of flawed.  You may also be vulnerable to social engineering hacks if you are not careful.  Either way, your data can be compromised.

2.   The company can lose the data.  Servers crash and backup files can be corrupted.  I am sure if you read the Terms of Service for these cloud deals, the companies absolve themselves of any liability for your lost or stolen data.  If they didn't they'd be fools. 

3.  Companies go out of business.  As I found out the hard way with Webshots, companies can be sold and the new owners might decide to delete all your carefully manicured data.  Webshots took all my photo albums, stripped off the lengthy captions and comments, and then tossed them into a bucket in random order.   After a while, they deleted even that.  One reason I got off Facebook (and earlier, MySpace) was that they kept changing the user interface, which required reformatting and re-doing your page again and again with each "upgrade" - it simply wasn't worth it after a while.
So when you put all your eggs in the cloud basket, you are taking a risk that the data could be lost or stolen or simply abandoned.  While it may seem like a swell idea to back-up or sync data with the "cloud" it really ends up just being an enormous pain-in-the-ass to do.   Relying on the cloud exclusively seems rather foolish.

You may have documents stored in the "cloud" and not even know it.  Google's gmail seems particularly snarky in trying to get you to upload things to google drive.  If you click on an attachment, it offers this option and it is easy to click on it by mistake.   Also, things you delete from your e-mail account may end up in the "deleted files" section of google drive.  I was kind of shocked how much data I had stored on google drive - by accident - when I checked it out.

Over time, I am learning that the smaller footprint you have on the Internet, the better.   And for that reason, I may end up deleting my blog in the next year or so, once I am done writing it.  Of course, many posts will live on in perpetuity, thanks to 3rd-world click-bait artists who republish my content without permission.

Keeping a lot of data in the cloud, whether it is actual records and documents, or just a facebook page and e-mails, does have a risk attached to it.   Quite frankly, I am seeing less and less of a benefit to uploading data to the cloud.