Features - QOTW: Do you upload photos to the cloud?

[Saracen]

yes because what has been uploaded has no value to myself or anybody gaining unauthorised access to my account.

I agree with that, provided there's no crossover possibilities.

One potential risk is that if a mobile device has the ability to upload, that the end up uploading domething you didn't intend to by accident, especially if folder-syncing. If you don't have software, or account/password details, on the device, then short of a malware infection, it won't get uploaded by mistake.

Ultimately, this sort ofcquestion always comes down to a balance between the risk of compromise and the possible damage if it happens, on the one hand, and the benefits and convenience on the other hand.

I have one mobile device which contains, among other things, backups of a secure online facility containing client company board meeting minutes, bid proposals, etc. They are there at the company's request, for their benefit, and with their knowledge, but part of the implication of my contract is that, ehole a tisk is inherent in having those files on the device, I do have a legal duty of care to keep them secure. If any mistake on my part, such as putting the wrong file in the wrong place, or having the wrlng settings on the upload software, resulted in a contract loss I could potentially find myself on the wrong end of a lawsuit ... and one that could and likely would cost me my house if I lost.

And that's just one of the potential business risks.

There's nothing "paranoid idiot", as Torashin put it, about not taking unnecessary and potentially hugely expensive risks for little or no gain.

Clearly, that's not a risk most people will run, and clearly, the risk is very small. But small or not, it's a potentially ruinously expensive, life-wrecking risk I simply don't need to run. And yes, I run encryption software, etc. So it's not likely to happen, but nor am I likely to have a fire that burns my house down, but do I want to be without home insurance that covers fire? Hell, no. The benefits (saved premiums) don't justify the risk (loss of home I worked for years to get). Ditto uploading to the cloud. It's just not worth it for me.

[Jowsey]

Like a lot of people here I use Dropbox for any pictures on my phone. Which, by there very nature are unimportant. Its normally pictures of my stupid cat in a sink or my girlfriends puppy eating flowers. If people want to crudely steal my information they will be highly disappointed with Dany and Logan. If I want to take a picture to keep it will be on my DSLR. These don't go on a could system. Backed up on my computer and the 'photo' hard drive. A USB hard drive used only backing up photos. Its probably power about an hour a year then back in its little baggy it goes!

I also keep a backup of photo's on my work laptop ( thanks work ) not that they knew. As a second 'wild card' redundancy. And if I have pictures that are truly amazing, I'll probably print and frame them !!

Though I don't look down on people who use cloud storage. I myself use google music, which is an excellent little product. It's just not necessary for my long term data storage needs. Probably.

[jonah]

never trusted it for this. So I just feel glad I was cautious.

[LSG501]

yes because I'm not famous or stupid enough to take naked images on my phone and then allow them to upload to the cloud

[deejayburnout]

I do backup my pics on Google Drive but none of them are nudy ones.

[tomthum]

Why would i make it easy for G.C.H.Q. OR N.S.A. THE CLOUD SUPPLIES THEM WITH BACKDOORS
We are not all stupid celebrities whom Half a Brain and to much money???????
Tom G

[Tallflip]

I backup to the cloud but secure the account and don't take pictures that would be a problem should they get into the hands of others.

[Agent]

Yes, encrypted.
£1.30 / month for 100gig off offsite backup is too cheap not too.

If they can break the encryption on it (32 character, random alphanum with special characters) then I'd be impressed.

[MrComputerSaint]

I've got an external hard drive that I'm going to start uploading stuff to that. But uploading to the cloud, no.

[crossy]

Yes, encrypted.
£1.30 / month for 100gig off offsite backup is too cheap not too.
If they can break the encryption on it (32 character, random alphanum with special characters) then I'd be impressed.

Curiosity got the better of me - is that encryption done on the client or at the server end? Reason I ask is obviously that if it's server-side encryption then you're still vulnerable to getting snooped. If it's strong client-side encryption (on non-US resident servers!) then the system you're using sounds like one I should perhaps be looking at.

Good point about the password (says the guy who continually gets moaned at because he's got a 64 character, utterly random WLAN password), remembering of course that the "celebrities" concerned in the break in apparently had relatively easily guessed passwords.

[Numenor]

I never store anything online that I would have reservations about being made public. Random amusing pictures are fine. Personal photos are not. For backups I stay traditional, using a hard drive dock and/or a DVD burner. Essentially I do not want Google (or Apple, though I've never had an Apple device) to have too many of my eggs in their basket. Google have my emails, so I don't want them to have my photos, PC backups, phone contacts and be able to link them all together in one big hackable super-database.

[Agent]

Curiosity got the better of me - is that encryption done on the client or at the server end? Reason I ask is obviously that if it's server-side encryption then you're still vulnerable to getting snooped. If it's strong client-side encryption (on non-US resident servers!) then the system you're using sounds like one I should perhaps be looking at

Client. My word, always client.

Options are many, but for simplicity, Truecrypt and 7-Zip.

7-zip is actually AES256 (relevant) so pretty strong. You can even put archives within archives and use different passwords if you like.

If you want simplicity, https://www.boxcryptor.com/

[Betty_Swallocks]

I upload from my phone to Photobucket but I always have a copy backed up on my hard drive.
I really can't understand why businesses, whose data is crucial to their continued existence, would trust their data to a cloud based service.One good DDOS and their business is history.

[crossy]

Client. My word, always client. Options are many, but for simplicity, Truecrypt and 7-Zip. 7-zip is actually AES256 (relevant) so pretty strong. You can even put archives within archives and use different passwords if you like.

If you want simplicity, https://www.boxcryptor.com/

Thanks for that, useful info. I must admit to being a bit more "comfortable" with systems where either you're responsible for encryption or the FAQ says "client side" and "we cannot recover your password, or data if you lose your password". Upside - I guess - of the self-selected encryption is that you decide what your content to allow a data burglar to have access to.

Personally I liked Truecrypt - hopefully it comes back. And there's other systems - such as B-Folders - that use AES256, so I'm happy with it's level of security.
For info Wuala (client side encrypted) claims:

Currently, Wuala uses AES- 256 for encryption, RSA 2048 for signatures and for key exchange when sharing folders, and SHA-256 for integrity checks.

I see this as being somewhere between the convenience/insecure of Dropbox and the kind of scheme you have with local (/user) encryption.

I upload from my phone to Photobucket but I always have a copy backed up on my hard drive.
I really can't understand why businesses, whose data is crucial to their continued existence, would trust their data to a cloud based service.One good DDOS and their business is history.

Erm no. A DDOS just means you can't access your data while the DOS is running - and we're talking about hours at worst, not days. Secondly, you need to make a clear distinction between personal and business oriented cloud services. Personal CS's are open to all, so a DOS attack can hit them hard, although surely the fact that your data is spread over many locations makes it easier for the cloud's load balancer to deal with the attack? A business CS will know where their clients are coming from IP-wise, making it easier to reject the attack packets unless they're also IP spoofing too. Then again, if that's the case then there's other measure that the CS provider can use to filter off the bad traffic - I'd like to be able to go into more detail, but it's really not my area of expertise, and there's probably a couple of good reasons not to say any more anyway.

[DevDrake]

All my nude selfies are online, of course ;D

Just a simple win

I dont use Cloud as i dont trust them, i never did.

[bobharvey]

only rubbish ones by autosync. Nothing I care about.