I run a few services (don't quite break even), and host my own blog, etc. I used to use AWS. However, I would spend almost $200/month.
So instead I now rent $200 of colo space from a data center. That gives me 5U of space per month. I bought my own servers. I can now host way more for absolutely no more marginal cost. Working on adding GPU instances for some AI projects.
So the most secure cloud for me is my own cloud.
I wish there was a service where I could purchase a computer that I never see from a company who I then pay rent to host in their data center. The computer is mine, and there is a strict contract indicating entry into / out of the cubby it's in.
For example, my data center won't open my cabinet unless I request it and there is a strict set of law as to what they can and cannot do with it.
Moreover, unlike AWS, they cannot 'terminate' my account. While they can stop the lease... the computer is my own and the contract specifies that I have X many days to remove it.
That would be true ownership. The idea that amazon can shut down an app in one day is what made me leave AWS for good.
Yes exactly, but instead of having to find a server, order it and ship it. the colo center also acts as a vendor of pre-built servers.
So instead of Amazon keeping thousands of servers ready for you to rent at any time, I'd keep servers ready for you to buy at anytime.
You pay $4000 say for the server. Now you own it. Then you pay me $100 / month.
We depreciate the server. If after three months you think you're done, we give you $3800 back. So your cost was $200/month. Same as AWS, except you own the server. Also, better for your taxes, because unlike cloud services, actual hardware depreciation is a tax loss.
Since you own the server at all times, and are just renting from me for the actual connection, you can decide to simply remove the server at any time (and then I keep the $4000, like a normal purchase). Or, if I decide I disagree with what you're hosting, I will pull the plug, but the server is yours.
Unlike amazon, since you own the server, I cannot seize it and terminate your data, as Amazon did with Parler, for example.
Moreover, unlike Amazon, the government cannot 'request' that they see what's on my disks or server. The government actually cannot compel me to turn over any incriminating data (fifth amendment) about myself, whereas they can compel Amazon to.
This arrangement gives you the same kinds of rights you get as a tenant in a normal rental situation, rather than the 'big multinational conglomerate owns everything' situation we have no.
Yes, you bought a server from me and are renting space to keep it in my facilities. Just because the seller and renter are the same doesn't mean the disks aren't yours. Whereas, on Amazon I don't own the disks S3 is on.
Yes! The essence of my piece was precisely this.
The obvious downside is that the average user can't/won't fiddle with all the intricacies of setting up and maintaining a server.
My dream goal is to provide a piece of software that gives users the ability to bypass the need of a server, while not relying on "third party clouds".
That's why I preferred to use the word "computer" instead of server :-)
This is a great example of the difference between "safe" and "secure".
Two locations is intrinsically less secure, not more. You're exposed to exfiltration from either site. It is, however, safer, because you need both sites to fail before you lose data.
I never thought of it that way but it's obvious now that you point it out. Physical access -duh! unless you can control both places (eg an office and a second office), but even then break-ins happen.
At least now I feel better about not having an "off-site backup" (I'm a "prosumer", not actually working in the feild).
But there’s also a difference between “secure” and “confidential”.
Many definitions of security include integrity and availability as a properties to protect - and storing data in multiple locations can definitely help protect both of those.
If you think of safety as defence against accidents and security as defence against attacks, there's a large natural overlap simply because "deliberately cause an accident" is the most obvious family of strategies for an attacker.
That said, this distinction between safety and security, between accident and attack, often gets lost in this sort of discussion, and for this particular thread, highlighting the difference, and how the two are sometimes at odds with each other, was more important than highlighting the overlap.
Here's the deal -is there an ecryption that's actually secure against state-level actors? Someone with the resources of the FBI etc?
Now, before you say "I don't do anything illegal so it doesn't matter, I'm only worried about corporations" think for a minute about how often companies do have ties (even informal ones -like friends) with people who work in agencies with those resources. You still run the very real and likely risk of a quid-pro-quo ("hey, if you can give us a way to peek into these encrypted drives we'll leave the listings out for you /wink").
In the year of Our Lord 2022 I really would not trust cloud encryption -strong or otherwise; at least not for me personally and my personal/hobby data. If I was working for a company that has a legal department with teeth behind me and I was storing things on the cloud for them? That would be a different ballgame.
>is there an ecryption that's actually secure against state-level actors
Any modern symmetric encryption is extremely likely to be safe against state-level actors for the observable future assuming your encryption key is not compromised and has enough entropy in it. Even with quantum computers you only need twice longer keys. Roughly, AES-256 would provide AES-128 level of security in the presence of practical quantum computers.
If you feel especially paranoid about potential backdoors in algorithms, you can chain several algorithms from different organizations (e.g. AES, Kuznyechik, ChaCha20, and SM4) initialized with different keys. Though such practice is frowned upon by cryptographers.
Unless some mathematics/cryptography genius finds a vulnerability in the AES algorithm, or we improve processing power by many orders of magnitude, AES-256 is going to be immune to nation-state actors for decades or even hundreds of years. Right now, trying to break something encrypted with AES-256 is pretty futile. Even if you pointed every processor in the world at breaking it, you're likely to reach the heat death of the universe several times before succeeding.
I had to go to the homepage of this site to get a clear idea of what Anita does, and what the nonsense in this article was talking about. Anita is a web app that is something between a notes app and a password manager. This article is talking about how you can store your Anita database locally, even though it's a web app. It really has nothing to do with a cloud at all in the technical sense, but I could see how the fact that the app runs in a browser might be perceived as "cloud-like" by people with no technical understanding.
I'm still working on the landing page, but you did get a rather good idea of what the app does. Essentially you can store in it any information, organized as you whish.
The article is indeed meant for very non tech savvy readers, that's why it's overly simplified. It is meant as a more in depth analysis of the "Secure" card on the landing.
I think some pre-configured "example projects" could make me more interested. Demo seems mundane, I get the idea but all the required fields are just annoying to get through.
Absolutely! Thanks for the feedback! That is in the pipeline, I'm adding few UI elements needed to make a compelling example and then there will be a demo project, and templates :-)
The statement "the most secure cloud is your computer ... because you have full control over your computer" is false. Many, many people have lost control of their own computer, either physically through loss or theft, or virtually through malware. There is nothing particularly secure about the machine that happens to be on your desk.
Fair, but... How many actors globally are trying to specifically break into the average person's machine and map out their home network, ports, services etc? How many American homes (or, well, citizens of other countries) have to worry about insiders and spies selling confidential info and stock tips?
Maybe this is a silly way of making my point, but I just think the average person's home is much less of a juicy target and has much less of an attack surface than a cloud provider. (edits for wording)
Ah, well, just that if you include "I lost my device" or "I left my bag at a cafe and someone took it", as the comment to which you were responding did explicitly, the "attack surface" gets a lot more realistic-looking, and that's worth balancing mentally. (I think this is important because I am the person who loses stuff)
That makes sense. Although now I'm curious what the average thief does with a device these days... I wonder if they even know how to get past a login screen, get your info and sell it? Or they just break it down for parts/pawn it off?
it might be the "most secure", but if you could see the amount of lint that's built up inside computer cases in my home, you couldn't call it the safest
> When it comes to data storage, security is a big concern. No matter what information you store, you want to make sure that it is safe and secure. Even trivial information is now worth a lot of money, and it is used to profile users. So you want to make sure that your data is safe
Tracking and profiling is rarely what people mean by data safety and usually instead refer to privacy. Privacy != safety. Beyond that, it doesn’t explain why you might want to keep your “data” safe from profiling. Most profiling is done on data that you can’t “own”. Eg. Facebook tracks you through tracking pixels and behavioral monitoring, and there’s no way to “own” that data - it’s never given to you the way your footprints on the beach are never yours.
I worry that lay-people without a technical understanding of things understand enough to see through the BS scare marketing tactics but not enough to understand that data security is important AND data privacy is important - for different reasons than usually mentioned.
Being tracked and profiled is both an issue of security AND privacy.
Being private (i.e. protecting privacy) ensures a higher level of security.
Being secure ensures a higher level of privacy.
Under many aspects, these are two very correlated concepts.
Say, for example, that a user makes it public where they live and when and where they were born. Now it's easier for a bad actor to perform an attack impersonating that user in online services (social hacking)
I get the idea, but being pedantic if a system can be compromised using only externally discoverable information and no additional factors, I don’t think it was ever particularly secure.
It’s really difficult to guarantee the secrecy of IRL factors. Privacy should be valued, but I think it’s hard to reason about any system that attempts to rely on it for security, so they shouldn’t be considered particularly secure.
> Being private (i.e. protecting privacy) ensures a higher level of security. Being secure ensures a higher level of privacy.
Both of those are only incidentally related for a subset of cases. Literal file storage is where security and privacy align. It’s hard to be secure and not private but it’s possible to be private and not secure.
The problem is that a lot of cases of privacy aren’t applicable to security. Like most tracking isn't targeting your address it’s targeting your purchases preferences. Most of the time you can’t own that data, so security is irrelevant. Most of privacy guidelines shouldn’t be around “save your files on IPFS” like the article said since then it’s literally open to everyone and anyone can see the requests for those files, even if google drive can’t sniff them. Is it secure to keep your files in a public p2p system on your personal desktop (which you have to ensure is virus free and doesn’t burn down) instead of s3/GDrive/etc? It would be less private but I wouldn't make strong security claims towards self hosting your files while opening it to the public internet.
Privacy guidelines should instead be “ad block and block tracking scripts” instead. Or “stop using social media publicly”. Much better privacy wins. But privacy is much more ambiguous what a win is. Most people don’t care about ad tracking. Government tracking is usually not a concern until it’s too late, and much harder. Privacy for most people is not letting grandma see your drunk social media posts in college. Or keeping a stalker from finding you. Despite that, “we” the technical community should push people to stop freely giving away data in return for nothing (eg stop tracking JS but keep using Dropbox because it’s useful). The goal is to minimize the size of the data bases that get built around you passively.
The article does not suggest to use IPFS, the article says that the better alternative is to give users the freedom to choose whatever they want to do with their data. And to give some perspectives the article then says that when the user is in control, the user can then choose any options, from something centralized such as Dropbox, to something decentralized such as IPFS, or even "vanilla" P2P communication.
The point is the freedom to choose, not the choice.
> This is because you have full control over your computer. You can decide what to do with it
"A little knowledge does much harm" as the saying goes.
You can decide what to do with it including screw up your security. End users, especially power users make the most risky decisions because of over confidence. How do you know I am not accidentally exposing NFS unsecured to the internet or exposing my pc to the internet but forgetting I have elastic search listening in all IPs, install random packages without checking and haven't updated my browser this year? Maybe I do everything right but don't have off-device backups, availability is also a security property.
I am not saying the cloud is better, I am saying the cloud is better depending on the threats you reasonably anticipate. Let's take emails as a common example, everyone and their mother use the cloud (that's where webmail lives), you trust your email provider be it gmail, proton or aol.com to not only access your private information but more or less take over most accounts and do a lot of serious damage to your life. Now if you trust google with gmail, why would you not trust them with gcp? Again, I am not pro-cloud, I am just laying out the concept of having a threat model.
Can you reasonably expect some threat actor to target or opportunistically compromise a security property you value with respect to spcific information? Is it more cost prohibitive for that threat actor to acheive their goals in a cloud VM or on your laptop?
Let's say your threat actor is someone you live with or someone that could harm you physically, that is different than someone doing a perimeter attack which is also different than someone targeting you with exploits and social engineering lures without even bringing up their specific capabilities.
In general, if you are hiding from the government of the cloud provider or you have reason to distrust the employees of the cloud provider (be it intent or competence) your PC might indeed be more secure. But realistically and objectively, a cloud provider will have better security both from defaults and monitoring perspective.
I use to share OPs sentiment but I repeated the terms "reasonably" and "reason" because the more I learned the more I realized how suspicion,intuition and hypotheticals are not enough to measure risk. You need a a vulnerabilty and exposure and you need motives and incentives for humans that will gain from exploiting them.
Yes, the NSA can hack my ec2 using a bunch of 0days but what they have to gain as a result if that is not worth burning a 0day or even the time and effort of a paid human. Even for bored kids showing off it isn't valuable (interesting) enough.
The only secure computer is one that's unplugged, locked in a safe,
and buried 20 feet under the ground in a secret location... and I'm
not even too sure about that one
-- Dennis Huges, FBI.
A bit apocryphal, but this was a famous quote thirty years ago, before there even was an internet. Much moreso now.
52 comments
[ 2.9 ms ] story [ 117 ms ] threadSo instead I now rent $200 of colo space from a data center. That gives me 5U of space per month. I bought my own servers. I can now host way more for absolutely no more marginal cost. Working on adding GPU instances for some AI projects.
So the most secure cloud for me is my own cloud.
I wish there was a service where I could purchase a computer that I never see from a company who I then pay rent to host in their data center. The computer is mine, and there is a strict contract indicating entry into / out of the cubby it's in.
For example, my data center won't open my cabinet unless I request it and there is a strict set of law as to what they can and cannot do with it.
Moreover, unlike AWS, they cannot 'terminate' my account. While they can stop the lease... the computer is my own and the contract specifies that I have X many days to remove it.
That would be true ownership. The idea that amazon can shut down an app in one day is what made me leave AWS for good.
https://en.wikipedia.org/wiki/Colocation_centre
So instead of Amazon keeping thousands of servers ready for you to rent at any time, I'd keep servers ready for you to buy at anytime.
You pay $4000 say for the server. Now you own it. Then you pay me $100 / month.
We depreciate the server. If after three months you think you're done, we give you $3800 back. So your cost was $200/month. Same as AWS, except you own the server. Also, better for your taxes, because unlike cloud services, actual hardware depreciation is a tax loss.
Since you own the server at all times, and are just renting from me for the actual connection, you can decide to simply remove the server at any time (and then I keep the $4000, like a normal purchase). Or, if I decide I disagree with what you're hosting, I will pull the plug, but the server is yours.
Unlike amazon, since you own the server, I cannot seize it and terminate your data, as Amazon did with Parler, for example.
Moreover, unlike Amazon, the government cannot 'request' that they see what's on my disks or server. The government actually cannot compel me to turn over any incriminating data (fifth amendment) about myself, whereas they can compel Amazon to.
This arrangement gives you the same kinds of rights you get as a tenant in a normal rental situation, rather than the 'big multinational conglomerate owns everything' situation we have no.
Can you clarify, are these the customer's disks at this point?
Two locations is intrinsically less secure, not more. You're exposed to exfiltration from either site. It is, however, safer, because you need both sites to fail before you lose data.
At least now I feel better about not having an "off-site backup" (I'm a "prosumer", not actually working in the feild).
Many definitions of security include integrity and availability as a properties to protect - and storing data in multiple locations can definitely help protect both of those.
If you think of safety as defence against accidents and security as defence against attacks, there's a large natural overlap simply because "deliberately cause an accident" is the most obvious family of strategies for an attacker.
That said, this distinction between safety and security, between accident and attack, often gets lost in this sort of discussion, and for this particular thread, highlighting the difference, and how the two are sometimes at odds with each other, was more important than highlighting the overlap.
Now, before you say "I don't do anything illegal so it doesn't matter, I'm only worried about corporations" think for a minute about how often companies do have ties (even informal ones -like friends) with people who work in agencies with those resources. You still run the very real and likely risk of a quid-pro-quo ("hey, if you can give us a way to peek into these encrypted drives we'll leave the listings out for you /wink").
In the year of Our Lord 2022 I really would not trust cloud encryption -strong or otherwise; at least not for me personally and my personal/hobby data. If I was working for a company that has a legal department with teeth behind me and I was storing things on the cloud for them? That would be a different ballgame.
Any modern symmetric encryption is extremely likely to be safe against state-level actors for the observable future assuming your encryption key is not compromised and has enough entropy in it. Even with quantum computers you only need twice longer keys. Roughly, AES-256 would provide AES-128 level of security in the presence of practical quantum computers.
If you feel especially paranoid about potential backdoors in algorithms, you can chain several algorithms from different organizations (e.g. AES, Kuznyechik, ChaCha20, and SM4) initialized with different keys. Though such practice is frowned upon by cryptographers.
Yes. AES-256.
One-Time Pads as well, but of course then you have the problem of how to securely store the pad.
I can already to that. Why do I need Anita?
I must admit I'm having a lot of fun with Dall-E! I'll probably write a post about my experience so far with it
Maybe this is a silly way of making my point, but I just think the average person's home is much less of a juicy target and has much less of an attack surface than a cloud provider. (edits for wording)
Tracking and profiling is rarely what people mean by data safety and usually instead refer to privacy. Privacy != safety. Beyond that, it doesn’t explain why you might want to keep your “data” safe from profiling. Most profiling is done on data that you can’t “own”. Eg. Facebook tracks you through tracking pixels and behavioral monitoring, and there’s no way to “own” that data - it’s never given to you the way your footprints on the beach are never yours.
I worry that lay-people without a technical understanding of things understand enough to see through the BS scare marketing tactics but not enough to understand that data security is important AND data privacy is important - for different reasons than usually mentioned.
It’s really difficult to guarantee the secrecy of IRL factors. Privacy should be valued, but I think it’s hard to reason about any system that attempts to rely on it for security, so they shouldn’t be considered particularly secure.
Both of those are only incidentally related for a subset of cases. Literal file storage is where security and privacy align. It’s hard to be secure and not private but it’s possible to be private and not secure.
The problem is that a lot of cases of privacy aren’t applicable to security. Like most tracking isn't targeting your address it’s targeting your purchases preferences. Most of the time you can’t own that data, so security is irrelevant. Most of privacy guidelines shouldn’t be around “save your files on IPFS” like the article said since then it’s literally open to everyone and anyone can see the requests for those files, even if google drive can’t sniff them. Is it secure to keep your files in a public p2p system on your personal desktop (which you have to ensure is virus free and doesn’t burn down) instead of s3/GDrive/etc? It would be less private but I wouldn't make strong security claims towards self hosting your files while opening it to the public internet.
Privacy guidelines should instead be “ad block and block tracking scripts” instead. Or “stop using social media publicly”. Much better privacy wins. But privacy is much more ambiguous what a win is. Most people don’t care about ad tracking. Government tracking is usually not a concern until it’s too late, and much harder. Privacy for most people is not letting grandma see your drunk social media posts in college. Or keeping a stalker from finding you. Despite that, “we” the technical community should push people to stop freely giving away data in return for nothing (eg stop tracking JS but keep using Dropbox because it’s useful). The goal is to minimize the size of the data bases that get built around you passively.
"A little knowledge does much harm" as the saying goes.
You can decide what to do with it including screw up your security. End users, especially power users make the most risky decisions because of over confidence. How do you know I am not accidentally exposing NFS unsecured to the internet or exposing my pc to the internet but forgetting I have elastic search listening in all IPs, install random packages without checking and haven't updated my browser this year? Maybe I do everything right but don't have off-device backups, availability is also a security property.
I am not saying the cloud is better, I am saying the cloud is better depending on the threats you reasonably anticipate. Let's take emails as a common example, everyone and their mother use the cloud (that's where webmail lives), you trust your email provider be it gmail, proton or aol.com to not only access your private information but more or less take over most accounts and do a lot of serious damage to your life. Now if you trust google with gmail, why would you not trust them with gcp? Again, I am not pro-cloud, I am just laying out the concept of having a threat model.
Can you reasonably expect some threat actor to target or opportunistically compromise a security property you value with respect to spcific information? Is it more cost prohibitive for that threat actor to acheive their goals in a cloud VM or on your laptop?
Let's say your threat actor is someone you live with or someone that could harm you physically, that is different than someone doing a perimeter attack which is also different than someone targeting you with exploits and social engineering lures without even bringing up their specific capabilities.
In general, if you are hiding from the government of the cloud provider or you have reason to distrust the employees of the cloud provider (be it intent or competence) your PC might indeed be more secure. But realistically and objectively, a cloud provider will have better security both from defaults and monitoring perspective.
I use to share OPs sentiment but I repeated the terms "reasonably" and "reason" because the more I learned the more I realized how suspicion,intuition and hypotheticals are not enough to measure risk. You need a a vulnerabilty and exposure and you need motives and incentives for humans that will gain from exploiting them.
Yes, the NSA can hack my ec2 using a bunch of 0days but what they have to gain as a result if that is not worth burning a 0day or even the time and effort of a paid human. Even for bored kids showing off it isn't valuable (interesting) enough.