Security

My Evolving Use of Cloud Storage

by

Last year I canceled my pay Drobo subscription. I still have the service but with a lot less storage. At the time I wanted to build my own “cloud” storage system.  In reality I wanted to take my data at home and make it syncable via the internet like a cloud storage provider to my devices were ever i was.  Originally I bought a Transporter that I had hopes would take a 1TB drive and let me sync data to my computers.  That dream lasted about a week.  Their sync software was problimatic for me.  Instead I opted for a Synology NAS DS412+.  The added app’s functionality and redundant storage allowed me to move all my data to the Synology and no longer rely on my aging Drobo(s) as my primary storage system.  The Synology also allowed me to move some multimedia functions i did on my mac mini off to the NAS.  So far I have been very happy.  The Synology Cloud Sync app gives me Dropbox like functionality with my personal stuff.  The other file access options the Synology offers gives me access to all my data.  To do that with any other provider would be prohibitivly expensive because of the amount of data stored on the NAS.

The timeing for this change to self hosting my data was perfect.  I couldn’t realistically do what I am doing now earlier because when I had Time Warner my upload speeds were horrible (1.5mb).  After I moved to Fios my upload speeds jumped to between 25-35mb.  I have no problems using the Synology.

The problem with the Synology is that as much as the NAS itself is designed to last and has some drive resiliance in it, I do not have an offsite backup.  I used to copy my data manually for a while but now a days that is not a good idea.  it is also not feasable with the amount of data i have now.

After leaving Dropbox I read more and more about the potential issues with public cloud providers.  Such as Dropbox knows what you upload and wont keep a duplicate copy of a file of music if others have it.  That means they can (and i believe they have) removed content if there is a DMCA request.  I am also increasingly uneasy about US based hosting providers and the easy the government can get access to data.  I am not a criminal and don’t really have anything to hide in what I am storing however those are not reasons why I should be ok with the ease of government access to my data.  I will talk about that more in another post.  In relation to cloud storage I am glad I do not use Dropbox, however I put myself in the same situation with another provider.

Because I have so much data and I need to really be thinking about a 321 backup sceme I started using Crashplan and Amazon Glacial.  Crashplan I recently canceled because I was having problems with my copy of data on my Drobo that i would sync to Crashplan.  The crashplan app kept thinking that the drobo was disconnected and would keep creating new copies of my data.  When it takes weeks to sync a backup using crashplan having a new copy get created every so often is not good.  With that issue and the fact that the Crashplan Synology app caused my Synology to perform super slow to the point that I uninstalled it I gave up on Crashplan and canceled it.

Amazon Glacial has been good so far.  The challanges with Glacial is that the cost per month varries by how much i use it.  It is also much more expensive than Crashplan for the amount of data i have.  Another challange is getting data out is expensive in the event of a major issue.  Thankfully i havent had to worry about that yet but it is a concern.  The most current concern I have is that Amazon is a US based company and my data is hosted on US servers.  For now I am living with that risk.  My rational side says I dont do anything to warrent the government to want my data however I would rather that not even be an option.

One alternative to Dropbox I have been looking at is Mega.NZ.  They don’t have any access to my data once it is uploaded.  They offer 50gig free.  It is good to replace dropbox for some files i have and to give my most important stuff an offsite backup but it is not enough to backup my music, videos, and photos.  Their 1tb option is doable for me but even that isn’t enough to backup everything.  For now I will continue with Glacial as my backup.  I am investigating working with a friend or two to replica sync our Synologies between each other.  The cost of that may not be worth it but it is an interesting idea.

I Finally Killed Off Google Doc’s

by

I have finally succeeded in killing off any remaining documents i had hosted in my personal google account.  This action was a bit harder than i expected it would be.  I won’t go into further details on a public post due to security concerns however i am glad that I was able to go through and move everything i still needed and delete everything I didn’t need.  Exporting data was easy to an offline file but moving things that others still needed to collaborate on was a challenge and requires giving out new URL’s unless i was moving the document to someone else in the same google work domain.  I wasn’t doing that so it was challanging.

This milestone was one of the last I need before I can delete my remaining google app’s id that i used to use as my main account.  The last milestone may be the most difficult but that will be the topic of another post, Android Apps.

 

Partial Goodbye Google

by

Today I took the next step in my exodus from Google services.  I deleted my old @powerz.org mail domain from Google Apps.  I had used it for several years before retiring it for a newer one about a year ago.  With my mail backed up elsewhere and after I finally got all of the services dependent on the domain moved I was able to delete my account.  it felt good, however my other Google Apps Domain is more of a challenge.  I still use some of the google doc’s associated with it and figuring out an alternative is my current challange.

A New Search Engine

by

As a continuation of my previous discussion on my recent aversion to all things Google over the past month I have been moving my default search engine elsewhere.  I have been a fan of startpage.com.  I have heard from people I know that their search results are not nearly as good as google but they don’t log your searches so I made them my default search provider on my computers.  I do use Yahoo sometimes as an alternative to Google.  They may be close to Google in the data retention but the advise I got was they are a bit more transparent and better at fighting requests to hand over data.  That is purely opinion but the opinions of people I trust.

My Sudden Allergic Reaction to All Things Google

by

I have recently had a technical dilemma.  I have been a user of many Google services over the years.  I have several Google Apps for Work domains.  I post private videos of my family on Youtube.  I have loved Google Voice long before Google owned it.  For most of the time I have used their services I have know there have been some questions about what they do with all the data collected.  From day one of Gmail you knew they were looking at your mail to give you ad’s.  At the time I brushed it off, especially since i didn’t really start using gmail for a few years after it came out.  After I did the lingering security questions were still there but because they provide services that really work well I didn’t question anything nor did I really care.  The cool aid was great.

The problem I am facing recently is I have read more specifically about what data Google collects and how long they store it.  Or rather how they don’t really say how long they store it.  There are many discussions on the topic, here, here, here, and many other places.  After reading a lot on the topic and talking with a few people I work with more knowledgeable on the subject than I am I decided the great user experience wan’t worth all I was giving them.

If was to move providers I needed first an email provider.  2nd I needed to stop using Google Voice.

Until very recently that was no small feat.  I didn’t want to rely on my mobile alone.  That is why I ported my mobile number to Google Voice in the first place.  Thankfully as good timing would have it the new IOS software offers wifi calling and handoff to computers for calls.  This is not nearly a replacement for google voice for me, but it made it easy to move back to one mobile for everything since as long as I had WIFI I know my number would work.  With my new iPhone 6 I would be able to solve my Google Voice dependency.  Next up of course is the bigger issue, my email hosting.  If just picking anyone I would have gone with Office 365 or some other cloud offering.  The problem was as I kept talking to people and reading more I have to say I wasn’t too happy with the US governments tactic’s on getting access to people’s accounts.  After that statement I know people are going to say if you don’t have anything to hide, why would you worry.  Well I don’t have anything to hide, but that’s not the point.  I would rather not know my government could relatively easily get access to my stuff with a court order that apparently happens more often than you would like.  I don’t think I am being paranoid guy about this.  To me it feels more like ignorance is bliss.  Since I do know how creepy stuff is apparently now a days I don’t just want to leave Google mail I want to ensure my data is safe where ever i put it.

I thought about my own server.  I just don’t want to deal with it.  The super secure Swiss email hosting provider was too expensive.  I opted for a well known general web hosting provider in Switzerland were data privacy laws are much more strict than in the US.

Next up for me is to goto the T-Moble store and port my number.  After that it is lots of mail copying to my new provider.

Deleting Facebook and Starting From Scratch

by

If you are a Facebook friend of mine and are wondering why suddenly you got a invite to be my friend again and can’t find all my old content here’s why.

I have been pondering my use of Facebook for over a year. It started last year when I took the entire month of July off from using social media. I read in an article somewhere and thought it was a good idea. It turns out I did not miss it as much as I thought I would. Once that month was over I started using it again but on a more limited basis. Over the past year I keep reading about the things Facebook can do with my content or is doing with my content. I wasn’t pleased. The new search functionality just spooked me. It’s not like I posted anything questionable but I just don’t like some of the business practices they’re doing with the information I put in the system. When I first started using Facebook it was treated as a personal area to post things to my friends only. Over time they keep doing things in semi-sneaky ways to make your data more public. It just makes me uneasy. I tried to remove old content but after much searching online it became apparent that there is no easy way to bulk delete anything. Most forum posts suggest just deleting your entire account and starting over. I didn’t want to do that but in the end I felt there was no other feasible choice if I wanted old content removed.

Everything finally came to a head today when I deleted my old account. First I exported all the data from my old account and verified that I wasn’t using Facebook authentication on any sites that were critical to me. Then I just remove the account. Apparently it takes 14 days for account to actually be deleted and then another month or so for all the data to be removed from their systems. After deleting the original account I went on and created a new one. I spent time inviting friends from the old account to the new one. I will be honest in saying that I did not invite 100% of the frames on the old one to the new account. I took this change as an opportunity to remove people I really don’t talk to anymore. I seriously thought about not signing up for an account again but in the end I did for two reasons. First, a lot of family loves getting photos of Teagan via Facebook. The second reason is more practical. I like having Facebook because it does enable me to stay in contact with people I don’t always get to see but I had issues about security and what they do with my data so I will continue to use it or treat anything I put there like I do with twitter. When I first started posting I didn’t do that and that was what bothered me.

Longer term MC and I are talking about how and if we continue posting photos to Facebook.  We have read some articles about what people (or Facebook themselves for that matter) can do with the photos and Face recognition and EXIF data. I would like to find a way to use my Flickr account to link to my Facebook wall with no data remaining on Facebook systems.

The bottom line is if you’re a friend of mine please don’t be offended if I don’t “like” post of yours or do lots of commenting on things you post to your wall or mine. I am just not doing that at all or very often going forward.

Security Overkill

by

I love reading articles from Bruce Schneier. I have read Secrets & Lies, and I am in the process of reading Beyond Fear on my Kindle now. He explains security and security concepts for computers and in the real world in a fascinating way. He also points out the absurity of some of the security practices that we see today. I love this article he pointed to that I read tonight. This isn’t the first time I have read articles about some of the absurd rules regarding calling in suspicious activity or banning taking of photos. My personal favorite was the news regarding Amtrak Police arresting a contestant in their own photo taking contest! As someone who a) deals with real world security and b) someone who likes taking photos of trains and planes this is really disturbing.

CIA cited as worst freedom of information agency

by

Umm, are we talking about the same CIA that I am thinking of? I would expect that CIA to I don’t know keep secrets. it is in fact a spy agency! I am not saying I agree with anything it may or may not have done now or in the past, but it is by definition a spy agency. I would expect it to be cited as the worst freedom of information agency. Not getting an award for being the most open agency for free flowing information. Get over it.

Technorati Tags:

Security Is Inconvenient

by

If anyone has every told you security is convenient for you, they are lying. Security is very inconvenient. The more secure something is the more difficult and or expensive it is to use. it is much harder to support a group of people you force hard passwords on vs a group you let set a password to anything they want. You know I am right. People give lip service to wanting more security, and when they are given it they don’t like how hard it is to use whatever system you secured.

Take for example something I read a few months ago that said AOL was offering a secure ID like FOB for people to enhance the security on how they log onto their accounts. I have used Secure ID’s for years (i haven’t used it in years, but I have used them long ago, they are not new) and it is not some new wiz bang system. Will the masses use it? probably not unless they are forced to. Do you really think that (i always use my dad as the example) my dad would carry around a keychain secure id to just log into AOL? He would screw it up and get frustrated inside of a week.

Westchester county in NY is trying to legislate securing Wifi networks. In principle it is nice that the county is trying to protect citizens, but come on! Do you really think a person or small business that is ignorant enough to put up an unsecured WIFI network will be compelled to register with the county and secure the system just because there is a law saying it. Hello people this won’t do anything but piss people off and generate some revenue for the county. Like I said before, security is a myth. You cannot legislate the population into security compliance. If you could people in rural areas won’t still leave their houses unlocked and keys in the car!

This of course will be the problem going forward with everything becoming digital. The more secure you try to make something, the less mainstream it will become, but the more mainstream something becomes the more secure it needs to be to protect the public.

The Security Myth

by

Security. I am a fan of it. Security is like a nice warm um well security blanket! No really. It is good, and most people take it for granted. The problem is allot of time security is this myth that people believe in that may not really exist. Take Wifi for example. I just used macstumbler while I am sitting at my desk at home. Do you know what I found? 8 wireless networks. One of them was mine. Of the other 7, I saw 4 open networks. Of those 2 had the default network names, and one was just named my network. That means that 50% of the networks around me where not just open for anyone to go into. That is crazy. I bet the people using those open networks don’t know they have a huge security hole on their network, or they don’t care. The network device manufacturer’s have a big problem. Make the setup of the devices too hard and people won’t buy them. Make them too easy (as they are most of the time now) and you have tons of unsecured networks. Having the majority of the people using this gear not know the mechanics of how the gear works does not help the situation. It is like having everyday people work on their cars instead of taking them to mechanic’s.

I don’t think most computer people will argue with the assessment I have made above. Or they can if they want. Wifi security has been discussed to death. Even with proper WEP or WPA encryption the system is still not safe. I know that. I have WPA setup on my wifi point. I know I can also add MAC address filtering, etc. I know better, but I still think I have secured the system enough. Have I really? I think for the most part yes. I think of WPA as the club. you can still steal the car (aka break into my network) but why would you waste time with my network or car when you can steal the guy down the streets car who left the door unlocked or just doesn’t have a club? I have a myth of security.

Another example of gaping security wholes is another growing wireless standard, Bluetooth. I have been a fan of it since I first read about it almost a year before the first mobile phone with bluetooth came out. And when it did, I bought one. A Ericsson (they were just Ericsson back then) r520. So for the record I am a fan of Bluetooth. I am a fan of wifi for that matter. I remember when I was at my first tech job back in 96 I got to play with a demo of a 1mbit (i think) wireless card and point from Raytheon. The problem is bluetooth has the same security myth. It also has the problem of the media blowing the issues into this huge security crisis. The simple fact is that most phones and other bluetooth devices were configured to be as easy to configure as the manufacturer could make them. That means allot of devices are setup to be discoverable by default. That means that if the bluetooth radio on a phone is on, someone else looking for bluetooth devices can see your phone if you are in range. To prove that, last week on Amtrak home from my trip I was able to view up to 4 other bluetooth devices from my seat. To protect yourself all you usually have to do is make a change in the default configuration of your device to not be “discoverable”. Do most people do this? Nope. But if you turn discovery off by default you have people complain that setting up partnerships are too hard. See the problem?

You have people then go around thinking all is ok, until they have a problem or someone tells them their phone is at risk of being broken into. First of all that may or may not be true given that you have to set passkeys, etc. For argument sake lets say it is an accurate assessment. These people then freak out and get mad at hardware vendors for delivering unsecured devices. How do you win?

Most of the time people live in the dream world that their stuff is safe. The crazy thing is that maybe 99% (or the vast majority) of the time people’s fantasy worlds are not broken. That perpetuates the myth that all is safe. Even if someone has been using their unsecured wireless internet connect for free for months.

The more I think about it, the more security myths I think about. And I am only thinking in terms of personal computer security. Don’t get me started on other society security concerns.

A perfect example is a few years ago my mom called me after she saw an Oprah on TV. She was calling to warn me that email I send wasn’t secure and that anyone can intercept and read it. She was shocked, but Oprah set her straight. I was like, yeah mom of course email is not secure. Old news. She was surprised that I knew that. It is scary that the general population assumes something like email is secure, and it isn’t. On the flip side can email be intercepted? Of course if it is not encrypted. Is most mail not encrypted? Yes. Will my mom have to worry about her neighbor reading her email or some stranger intercepting it? Probably not. It is very possible to do, but come on who really is going to try and sniff out her mail? its a real threat, but I don’t think most people won’t ever have to worry about it. Doesn’t mean I don’t think we should all get certificates and secure our mail. I would love to do that, but it is impractical in today’s world. So you see even I let the myth of my stuff is secure live on some level. We all do it, and if you don’t think you do, you are kidding yourself.