Weblog entry #91 for dkg

universally accessible storage for the wary user
Posted by dkg on Wed 9 Jan 2013 at 01:12
Tags: none.
A friend wrote me a simple question today. My response turned out to be longer than i expected, but i hope it's useful (and maybe other people will have better suggestions) so i thought i'd share it here too:

Angela Starita wrote:

I'd like to save my work in a location where I can access it from any computer. I'm wary of using the mechanisms provided by Google and Apple. Can you suggest another service?
Here's my reply:

I think you're right to be wary of the big cloud providers, who have a tendency to inspect your data to profile you, to participate in arbitrary surveillance regimes, and to try to sell your eyeballs to advertisers.

Caveat: You have to trust the client machine too

But it's also worth remembering that the network service provider is not the only source of risk. If you really mean "accessing your data from any computer", that means the computer you're using to access the data can do whatever it wants with it. That is, you need to trust both the operator of these "cloud" services, *and* the administrator/operating system of the client computer you're using to access your data. For example, if you log into any "secure" account from a terminal in a web café, that leaves you vulnerable to the admins of the web café (and, in the rather-common case of sloppily-administered web terminals, vulnerable to the previous user(s) of the terminal as well).

Option 0: Portable physical storage

One way to have your data so that you can access it from "any computer" is to not rely on the network at all, but rather to carry a high-capacity MicroSD card (and USB adapter) around with you (you'll probably want to format the card with a widely-understood filesystem like FAT32 instead of NTFS or HFS+ or ext4, which are only understood by some of the major operating systems, but not all).

Here is some example hardware:

Almost every computer these days has either a microSD slot or a USB port, while some computers are not connected to the network. This also means that you don't have to rely on someone else to manage servers that keep your data available all the time.

Note that going the microSD route doesn't remove the caveat about needing to trust the client workstation you're using, and it has another consideration:

You'd be responsible for your own backup in the case of hardware failure. You're responsible for your own backup in the case of online storage too, of course -- but the better online companies are probably better equipped than most of us to deal with hardware failure. OTOH, they're also susceptible to some data loss scenarios that we aren't as individual humans (e.g. the company might go bankrupt, or get bought by a competitor who wants to terminate the service, or have a malicious employee who decides to take revenge). Backup of a MicroSD card isn't particularly hard, though: just get a USB stick that's the same size, and regularly duplicate the contents of the MicroSD card to the USB stick.

One last consideration is storage size -- MicroSD cards are currently limited to 32GB or 64GB. If you have significantly more data than that, this approach might not be possible, or you might need to switch to a USB hard disk, which would limit your ability to use the data on computers that don't have a USB port (such as some smartphones).

Option 1: Proprietary service providers

If you don't think this portable physical storage option is the right choice for you, here are a couple proprietary service providers who offer some flavor of "cloud" storage while claiming to not look at the contents of your data:

I'm not particularly happy with either of those, though, in part because the local client software they want you to run is proprietary, so there's no way to verify that they are actually unable to access the contents of your data. But i'd be a lot happier with either wuala or spideroak than i would be with google drive, dropbox, or iCloud.

Option 2: What i really want

I'm much more excited about the network-accessible, free-software, privacy-sensitive network-based storage tool known as git-annex assistant. The project is spearheaded by Joey Hess, who is one of the most skilled and thoughtful software developers i know of.

"assistant" (and git-annex, from which it derives) has the advantage of being pretty agnostic about the backend service (many plugins for many different cloud providers) and allows you to encrypt your data locally before sending it to the remote provider. This also means you can put your encrypted data in more than one provider, so that if one of the providers fails for some reason, you can be relatively sure that you have another copy available.

But "assistant" won't be ready for Windows or Android for several months (builds are available for Linux and Mac OS X now), so i don't know if it meets the criterion for "accessible from any computer". And, of course, even with the encryption capabilities, the old caveat about needing to trust the local client machine still applies.

 

Comments on this Entry

Posted by Anonymous (67.204.xx.xx) on Wed 9 Jan 2013 at 01:49
I'd think OwnCloud and SparkleShare would be among FLOSS options. What do you think of those?

[ Parent | Reply to this comment ]

Posted by dkg (2001:0xx:0xx:0xxx:0xxx:0xxx:xx) on Wed 9 Jan 2013 at 02:20
[ Send Message | View dkg's Scratchpad | View Weblogs ]
Thanks, those definitely deserve some discussion!

sparkleshare looks quite interesting. I like that it uses git as a backend, but using git for this in the normal mode (not as git-annex does) would usually mean that the service provider has full access to the cleartext of the data you're storing. I don't think that's healthy.

Also, sparkleshare is a F/LOSS client -- but it still needs you to choose a host for the service, (and be willing to trust the service provider). I'm not prepared to host reliable git repositories for all my friends (especially when i don't know how much data we're talking about). And while there is sparkleshare.net, their web site looks nearly derelict beyond the first page, and i don't see a way to sign up with them. I'm not prepared to suggest any of the standard git hosts (which are commonly used for public data) for storing my friends' and allies' private data.

Maybe someone else can suggest a workaround for this, or various git hosting provider who might be politically-oriented toward privacy?

owncloud also looks pretty awesome, and i confess i'm remiss in not having reviewed it at all. However, owncloud's latest tarball (version 4.5.5) contains over 280K lines of php and another 170K lines of javascript. oof! that's a lot of code, and i'm already inclined to be skeptical of PHP for a variety of reasons (lest i be accused of being a faddish hater: i have written PHP for years, maintain tools written in PHP, and deal with it regularly; this has only served to reinforce my skepticism about the language).

And while i'm glad to see owncloud server in debian wheezy, I'm a bit concerned that the owncloud sync client doesn't seem to be in the debian repositories at all; i'd expect a free software tool that is going to be reasonably maintained to be in a distro as broad as debian.

That said, i appreciate what the OwnCloud folks are trying to do, and i would be happy to revise my estimate if i ever have time to evaluate it and try to understand it better. I'm happy to see the claim for support of encryption, for example.

If you're an OwnCloud maintainer or advocate, i'd love to hear more from you here about what i should have suggested to my friend specifically.

[ Parent | Reply to this comment ]

Posted by Anonymous (38.109.xx.xx) on Wed 9 Jan 2013 at 18:05
- owncloud is a breeze to install
- you can own the cloud
- has clients for most platforms
- has web front-end to access your files (if you don't have a client or not willing to sync say 2TB of movies to your smartphone)
It is not fair to say "no" before even try it

[ Parent | Reply to this comment ]

Posted by Anonymous (217.212.xx.xx) on Thu 10 Jan 2013 at 13:17
Not really a breeze to install - the upstream releases are fast, frequent, often backwards-incompatible, make lintian freak and it's taking pkg-owncloud a while to catch up.

Probably still worth a try and I'd be interested in dkg's review, but I've used it a while and share the scepticism.

[ Parent | Reply to this comment ]

Posted by Anonymous (66.69.xx.xx) on Wed 9 Jan 2013 at 01:57
I haven't followed it in some time, but Tahoe (https://tahoe-lafs.org/trac/tahoe-lafs) might be a good fit for this use case.

[ Parent | Reply to this comment ]

Posted by dkg (2001:0xx:0xx:0xxx:0xxx:0xxx:xx) on Wed 9 Jan 2013 at 02:25
[ Send Message | View dkg's Scratchpad | View Weblogs ]
Would you really recommend this for a user who wants their data accessible from any computer? Don't you need a pretty serious level of technical proficiency and administrator privileges to even get tahoe up and running?

Maybe Tahoe is much more streamlined now than it was when i looked at it (admittedly quite a while ago), but i'm pretty dubious about its utility for normal humans skipping between machines at the moment.

[ Parent | Reply to this comment ]

Posted by Anonymous (85.210.xx.xx) on Wed 9 Jan 2013 at 10:42
Wouldn't the simplest solution, that requires trusting no-one, be to store your data on a lightweight laptop, or perhaps a smartphone running a community ROM such as CyanogenMod

[ Parent | Reply to this comment ]

Posted by dkg (216.254.xx.xx) on Wed 9 Jan 2013 at 15:37
[ Send Message | View dkg's Scratchpad | View Weblogs ]
This is why i suggested the MicroSD + USB combination -- she can use that with her laptop, or (if she has other computers that she trusts enough to use) she can have the same data available on each (assuming she's only using one of them at a time, anyway).

[ Parent | Reply to this comment ]

Posted by Anonymous (93.57.xx.xx) on Wed 9 Jan 2013 at 11:26
Doesn't "where I can access it from any computer" really mean "I must be able to download my files from a web page and use them without special software"?

What happens if your friend uses git-annex assistant to send her files to dropbox encrypted? Wouldn't dropbox.com access be useless?

[ Parent | Reply to this comment ]

Posted by dkg (216.254.xx.xx) on Wed 9 Jan 2013 at 18:26
[ Send Message | View dkg's Scratchpad | View Weblogs ]
Derek LaHousse wrote me the following comment, and said i could share it:
You mentioned Spideroak and Wuala, and complained about their proprietary client software. I would like to point you at Tarsnap (http://www.tarsnap.com/). It is by no means convenient, as users must compile their own binary on any system. But it encrypts locally and the code is open (but not Open, unfortunately).

[ Parent | Reply to this comment ]