Ask HN: Who do you trust most with your data?

44 points by plg ↗ HN
1. Apple iCloud Documents

2. Dropbox Personal

3. Dropbox Business

4. Google Drive

I have bits and pieces on each service. I’m interested in decluttering. Which should I choose?

49 comments

[ 2.9 ms ] story [ 112 ms ] thread
I would point out that right now, you have your data divided across four different buckets, which means no one provider can completely compromise your data. Why would you want to end this arrangement?
The OP gave a specific reason: "I’m interested in decluttering."
P(your data compromised) = 1 - P(storage provider never hacked)^(number of storage providers)

All else equal, using more storage providers increases your risk of exposure, not decreases it. And for most classes of sensitive data, the loss of any of that data can still cause problems, e.g. imagine health records... if only 1/5th of your patient data was hacked, that would still be a very bad situation (and before anyone asks, yes people use Dropbox for this[1]).

[1] https://www.dropbox.com/static/business/resources/getting_st...

I think the issue is that you're assuming storage providers exist that will never get hacked, or that there's a scenario that entails your data being stored out on the Internet and not compromised.

I think we are in a "when, not if" world for security compromise.

As long as you encrypt all of your data before uploading it, trust isn't such a big factor.
Is there any software that can do this in a very user friendly way? Ideally after entering a key when installing the software, I would never know that encryption is happening.
Yes that seems quite nice (if you want to go that far). It also works well with the Dropbox (and others) sync engine because it encrypts individual files as opposed to making a large sparse bundle/volume file.

Don’t think it allows you to take advantage of delta-byte syncing though because while compression algorithms can now cater for the rsync-like delta sync functionality you find in some cloud storage clients my guess is that wouldn’t be optimal for secure encryption (but I don’t know it’s just a guess) - but if you aren’t changing the files a lot the speed degradation may be outweighed by your desired outcome.

It also works well for Dropbox shared folders in case you have the need to share folders with other people but still want this additional layer of encryption.

And of course since it’s open source it may make you feel more comfortable about the encryption.

...that said though, I actually do want to say that personally I'm always very conscious of what the tradeoff is.. I like to keep my files in a flexible format that's future proof and to be able to move it around and manipulate them in a fast way. The risk with something like Cryptomator, despite it looking pretty neat and being open source etc, that if people decide to not maintain it anymore then my files are stuck in an encrypted format that one would have to develop code (or use an old OS with an old version of Cryptomator) to access them.. so I'd prefer leaving my files in Dropbox (who encrypts my files on their/our side) and on full-disk encrypted hard drives instead. But each to their own of course!
I believe backblaze let's you backup with your own key, but you should confirm as I'm only ~95% positive.
It does mean of course that you can't search through your files while they are stored on the cloud or use any cloud-native editing tools on those files. For many, this is a reasonable tradeoff, but it means the encryption can't be totally transparent.
Password protection using 7Zip probably is the easiest solution.
odrive.com does this very well IMO.
iCloud can do this with Pages and Numbers.

Of course it works when you download the file too.

Looks like https://www.arqbackup.com/ might meet your needs. I haven’t used it personally though, my only reservation has been that it’s not open source.

The unofficial google drive linux CLI supports encryption with custom keys too.

I got burgled back in July and the burglars came somewhat close to getting everything, fortunately they didn't take my NAS. After discussing with friends, I did buy Arq and I've been _very_ happy with it.

I then went and bought 1TB of Google Drive and now all my photos and anything else is backed up onto both Google Drive and my NAS. It's all encrypted so yeah, should be safe enough. The handy thing about the 1TB Google space is that it's shared amongst all their products, so, I don't need to think about running out of Gmail space either.

The best I have found is "Duplicati" which runs in the background of your computer and can backup to all internet backends(I use it with ondrive and box), a NAS, or a USB stick/attached drive(pretty much anything). It is open source as well! It automatically (locally) encrypts all your files after compression and does it in blocks, making it quite space efficient. It also has versioning. https://www.duplicati.com/
Metadata is quite valuable, so i think trust is still a big factor.
what do you use?
As far as data that is stored "in the cloud", I primarily use tarsnap (with the data stored on AWS S3) as well as S3 directly.

Most of my (not at home) stuff is backed up to a server (that I own) at $work (ISP), though.

I'm still looking for the perfect solution (for me).

iCloud, as they mainly make their money from Apple hardware purchases.
AFAIK, Apple is the only one storing documents encrypted (with your own keys) at rest.
Dropbox. They are the only ones to not lose my data, randomly share my private things to the public, or have crappy clients.
They did have that pretty terrible bug where you could log-in to anyone's account with a blank password for a while though...
(comment deleted)
I switched to Mega (safer, bigger, e2e encrypted) and never looked back.
I don’t even trust myself with my data. It’s too easy to do something stupid. How could I possibly trust anyone more than that?
No one cares more than I do that I not be horribly maimed or obliterated in a high speed collision, but I trust certain vehicle manufacturers and airlines more than I do their competitors.
You appear to be answering a question of comparative preference, which is neither direct to my point, nor homologous to the question asked. The trust one places in a vehicle manufacturer or airline with one’s life is vastly different from the trust one places in a for-profit corporation with one’s data.

I’ll grant you that I initially read the Ask HN to be a question about personal/private data, rather than what appears on subsequent reading to be a more general kind of data storage question. Either way, it’s still a vastly different level of trust that doesn’t approach the severity of your example (in my mind).

Different people can mean different things when they speak of trust. What kind of trust are you looking for and what's most important to you? You want your data to remain highly private? available at all time? versioned forever? You want the provider to have decent support when you need it?

If you'll define what your requirements and priorities are you it will be easier to find the service that is best for you.

I'm mainly interested in:

1. high availability (can access it using many devices)

2. security (it's secure against intruders)

3. privacy (the company who hosts my data won't mine it for their purposes)

(comment deleted)
If only I could pay for a service as easy to use as Dropbox but have my personal data managed by a company such as Apple...
(comment deleted)
Long term, personal, and/or sizeable data, like my photos: my own hard drives, backed up every few months.

Stuff I work on daily: sync with a VPS I pay a small monthly fee for, using version control.

What would happen to your personal data if you got burgled?
Good point. One backup is onsite, one is offsite (that one only updated every few months).
Dropbox and Apple equally. But I work at Dropbox and I know how much effort goes into trust, security, privacy and compliance. Also for your interest the underlying infrastructure with its security measures etc is common between both Personal and Business products (one of the main differences with the business product is that it allows you to hook into your own enterprise security related systems such as IdM, DLP/CASB, SIEM, malware scanning etc as well as control security settings for the whole “team” (mandate 2FA, set password strength levels and device approvals etc)
> I know how much effort goes into trust, security, privacy and compliance

Yahoo had a security team that was completely bypassed by NSA by installing a kernel module [1] to get access to emails. With Condi in the board I wouldn't trust them that much.

[1] https://www.engadget.com/2016/10/08/reuters-yahoo-email-scan...

I find myself inclined to trust Dropbox because they really seem to have their 'shit' together. It's one of the most reliable 'cloud' tools that I've used so far.

But I share the concern about Condi on the board, and I'm curious if others can weigh in on how justified that concern is.

Ideally, of course, I'd like to hear someone from Dropbox to say something about this, but I can understand how they wouldn't touch this topic with a ten-foot pole.

I sync my photos, iPhone backups, and documents to iCloud Drive.

My documents folder is backed up by Google Drive.

For the specific services listed in the post, I trust them in the order listed, but just these — Apple iCloud and Dropbox. I don't like the idea of Google (or anyone else) scanning my data, even though the security practices may be good.

I store the really sensitive information encrypted using a volume (which appears as a file when not mounted and when uploaded) created by Veracrpyt [1] (a replacement for TrueCrypt). I use a long pass phrase to encrypt this volume. For slightly less sensitive information, like photos, I store them on SpiderOak.

I avoid putting sensitive information anywhere unless it's encrypted before the upload starts (on my end). I also prefer paying for services.

I would strongly recommend using client side encryption, and checking out the options others have mentioned.

[1]: https://www.veracrypt.fr

Tresorit - https://tresorit.com/

How anyone can trust Dropbox, the sort of US based cloud company that appoints people like Condoleezza Rice to the board is beyond me.

Stopped trusting Dropbox after they were caught mimicking OS X administrator prompt: https://news.ycombinator.com/item?id=12463338 - no matter how much they talk about good intentions, that shows company core values to me.

Stopped using and trusting iCloud after Apple was forced to pass it to some shady Chinese provider in China (I live in China).

I just run a small home DIY NAS with a simple RAID 6 config for Time Machine and phone backup.