Your Own Gravity Your Own Gravity     Categories     About     Feed    

Cloud Services Security

Glenn Fleischman on Smile’s TextExpander and security:

Scown says Smile stores snippets at rest in unencrypted form on database servers operated by Compose.io, an IBM company. The company evaluated using solutions in which data is always encrypted except during the moments items are needed for syncing or updating, and found the other security elements—such as how passwords were restricted—were lacking in its evaluation.

Daring Fireball on TextExpander snippets stored on their servers:

This is my primary concern about TextExpander 6. I see some amount of risk, and no benefit, with storing my text snippets on Smile’s servers.

I don’t know if TextExpander snippets are a rich source of valuable data for hackers, though they certainly could be if users embed things like passwords or other sensitive information in them. But this brings up a larger issue which very few people think about, even in light of the recent FBI vs. Apple encryption battle, and that is knowing how your data is stored when you save it to one of these “cloud” services, such as Google Docs, Dropbox, One Drive, Box, et. al. I have sort of stressed about this for years, and have balked at signing up for some services because I felt I did not understand how they protected my data once it was out of my hands and on their servers.

If you haven’t thought this through before, consider a simple example: you have a product idea. You might be concerned about others finding out about it while you develop it (there are, of course, many startups in “stealth mode” just for that reason). So let’s say you put your thoughts down in a document and back it up to Dropbox (or other service – this is simply an example). Can an admin who works at Dropbox read your document? Or, in the course of Dropbox complying with some request from a law enforcement agency to hand over data, could someone whom you never anticipated read your document? Note that these services typically secure the connection between your device and the cloud, and therefore encrypt your data while in transit, but your data is often stored in an unencrypted format on their servers. It is not just hackers who may be able to read your stuff.

Now consider how a lot of people save their passwords in documents that they store using these services. It is a very short step from there to having your data compromised by just one nefarious employee.

This is very important stuff to think about if you are concerned with the security of your sensitive information. Not unrelated is that it is ultimately the key thing at stake in the FBI vs. Apple brouhaha.

Categories    Apple    Technology    Encryption