The Potential Of Google Sync To Be Used For Both Good And Evil
from the linking-up dept
When Google first launched its desktop search product over a year ago, some wondered if it would end up being a gateway to accessing data on your desktop from other devices, such as mobile phones. While Google hadn’t said much about it, it now looks like they may be moving in that general direction. The company has launched a new product that turns the Google desktop product into a tool for linking and syncing data on different machines. Right now, it appears to just be computer to computer, but it’s not hard to see how this could expand much further as well. What’s interesting, though, and perhaps a bit problematic, is that Google is storing data on its own servers for about 30 days in order to do this — rather than doing direct peer-to-peer. This has the advantage of allowing people to sync, even when a machine is offline. However, it also raises some questions. While some think that makes it compelling, as it will allow a number of new applications to be developed, others worry about it, in light of the recent attempt by the government to get access to Google data. This might be a case where they’re both right. The feature has a lot of potential… but it will only go so far as people are confident that Google will (and can) keep their data private.
Comments on “The Potential Of Google Sync To Be Used For Both Good And Evil”
Perhaps encrypted locally before stored remotely?
The idea of my data stored in a system over which I have no control does bother me – as much as storing credit card data in merchants’ systems bothers me.
Perhaps if the data is encrypted in a 128-bit way before transmission to the Google servers? At least this would be some layer of protection.
I would, in addition, never back up super-sensitive data or information to any server to which I could not have personal access.
Re: Perhaps encrypted locally before stored remote
Well, if people are overly concerned, they don’t have to use it. They key is that it’s never forced on them.
Re: Re: Perhaps encrypted locally before stored remote
Exactly, I appreciate what privacy advocates do in terms of raising concerns. However, google or whoever can offer any service and so long as they are open about what they can and do do with the info that they have. I had a better though a second ago, but it has now escaped me…
Re: Perhaps encrypted locally before stored remote
If you think 128 bit encryption will stop anyone who is determined to crack a code… you are sadly misinformed.
You would need at least 4096 bit encryption and a passphrase of 10-15 unrelated words and number sequances for a strong pass key.
Even this might be no problem to the new quantam computers in development which i strongly suspect the top echelons of world governments already have.
Re: Re: Perhaps encrypted locally before stored remote
4096? I’m using 8192 encryption on my quantam desktop computer.
My pass word is 12,432,233.1 characters in length.
What sucks is China just called and said that they want their “computer back”. I’ll be damned if they get this machine back. I haven’t had to pay a single dime in heating costs all winter!
Re: Re: Perhaps encrypted locally before stored remote
setting aside obvious concerns about passphrase strength, your comments on bits is mistaken and oversimplified. some asymmetric algorithms are crackable at 128bits, others are not. symmetric algorithms at 128bit are not crackable. asymmetric approaches seem unnecessary to me for this application. only you know the passphrase, and so only your computer knows the key used for both encryption and decryption. data goes to google, they cant touch it because they dont know your password.
of course, they might just use your google account password in which case it might as well not even be encrypted.
Re: Re: Re: Perhaps encrypted locally before stored remote
Encryption is for pussies.
Re: Re: Re: Perhaps encrypted locally before stored remote
There are MANY tools out there for encryption, one I ran into had a clever soloution for relatively weak passphrases. The program used the sha-512 hash to generate the symetric key, butit ran the passphrase through 1000 times, this is computationally intensive and slows down a dictonary attack on the passphrase significantly. It is not perfect, but it makes things a bit more secure and with a decent (30 digit of so) passphrase can really slow down any would be cracker. Also, computing the sha 512 1000 times is not that bad for one passphrase, it just adds up for countless bilions of passphrases. This also gets around most rainbow tables, since they are computed for one run through a hash.
Re: Re: Perhaps encrypted locally before stored remote
but, realistically, is anyone with that kind of horsepower going to want to have a look at my tax returns, checkbook or pr0n? More power to them if they do.
Re: Re: Re: Perhaps encrypted locally before stored remote
I really don’t care if Google, or anyone else, wants to spend valuable time looking through my e-mails to my friends about the newest cell phone or MMORPG, or any other files like my Trillian logs or which games I have installed on my computer; I don’t have anything to hide from anyone.
Re: Re: Perhaps encrypted locally before stored remote
Holy overestimates, batman!
You don’t read enough about cryptography, Poison Pen. 128 bit is still sufficient. 2^64 checks is still difficult, but given the sheer enormity of data and the possibility of highly obscure file formats, this may easily be enough to make it impossible for Google to read everyone’s data. Remember, if everyone used 128 bit encryption and they tried to crack it, they’d have to crack everyone’s key. That’s multiple near bruteforce decrypting operations, thousands or millions possibly.
10-15 unrelated words and number sequences? Typically, using a truly unique word, number, and symbol combination and hashing it is sufficient. This is what most encryption programs do, they don’t accept keys under a certain size. And if you go over the size limit, then they are still hashed, and shrunk to the size they use. As an example, 15 words of 4 letters each is 60 letters, or 480 bits. Already, you’re into the territory of Completely And Utterly Redundancy. Add in some numbers, and you don’t actually increase the security of your key. E.x., with a 128 bit key, if your password is any longer than 16 characters?xxxxxxxxxxxxxxxx?you are wasting your time. With a 256 bit key, you can go up to 32 characters, and with a 512 bit key, you can go up to 64 characters.
4096 bit key? Unless your password is 512 characters, it’s completely pointless. And the only reason you’d ever use 4096 bit encryption is for public key encryption. AES has no mode for over 512 bits. Neither does any other block mode encryption.
As for the rest of your BS about “new quantum computers,” research labs are just barely able to factor integers using them. That said, they are capable of factoring integers at a rate that greatly exceeds, at least on paper, that of a traditional computer. But I’m not afraid of a computer that can’t store more information than I can write on my hand, let alone perform bruteforce decryption on even something as short as a sentence. But even this is to no avail, because AES doesn’t use integer factorization, and quantum computers may not give you any advantage in decrypting AES ciphertext.
No Subject Given
Not a chance in the World I would ever use this service. If Google says they won’t use your data and only a few key people will have access why the need to hold on to it for up to 30 days?
Re: No Subject Given
As said above, it will allow you to sync computers, when the other is offline.
30 days should be enough time for you to do that, before it is deleted.
Makes sense to me
Re: No Subject Given
They only store it long enough to give you time to sync the other computer(s) with the data. It’s *up to* 30 days, meaning it could be 30 minutes, 1 day, 1 week, or all the way *up to* 30 days. If you don’t sync by then, then you’ll have to start the process over again.
No Subject Given
Just my opinion, but in light of recent events, you would have to be a MORON to voluntarily store huge amounts of corporate or personal info on a third-party system like this.
And that “I don’t ever do anything wrong, so I don’t care” attitude is stupid and naive. It is clear that our government feels comfortable taking a wide range of actions against individuals (from wiretaps, to detainment, to torture) regardless of any evidence of wrongdoing. So, keep that head in the sand, specially when the electrodes are connected to your balls because a Bush henchman thinks your Word doc that contains the phrase “ladle in the bin” is a covert reference to bin Laden and warrants further investigation…
Re: No Subject Given
No, “I don’t ever do anything wrong, so I don’t care” is a perfectly good reason for one person to decide to use an opt-in service.
It’s never a good reason for a system to be forced on everyone, or any unwilling participant. In this case, it’s no big deal, the paranoid simply need not use this service.
Re: Re: Stupid and naive is no way to go thru life
So, if you came home from work and found the FBI going thru your bedroom drawers, you would just shrug and say “no problems, I’ve got nothing to hide”?
Re: Re: Re: Stupid and naive is no way to go thru life
Actually, i would be less pissed about that than them getting data from google for a number of reasons. First, either way, I am innocent and they were mistaken to be going through my stuff. Secondly, It is at least possible for me to catch them doing it if theyre rifling my house, whereas google will just hand it over and no one will ever know. There is presumably a much higher burden of suspicion to invade someone’s home than there is to demand their data from google. So I would be saying “you assholes, i havent done anything and wheres your #*($&$ing warrant, and im glad you didnt grab all my data instead”
conspiracy?
Google wouldn’t turn over 10 days of random search history because they would have something much better to turn over (notice how the gov ‘quietly’ backed down from Google denying them the data)… because Google will now have 30 days of ‘meaningful’ data to relinquish.
…or this all could just be another conspiracy.
The masses///
The masses will always be led by the nose, the issue here is setting a dangerous habit for the future. As people become more and more used to thier online life using tools like this, they are none the wiser when thier 4th admendment right are violated. I am an avid google-ite, but the whole gmail, (and recently gtalk saving your chat hist “opt in” of course) + stuff like this worries me.
– common sense, is never found in the masses. Look where everybody else is heading, and go the opposite way. or at least take it at an angle…
No Subject Given
Why doesn’t the NSA offer Internet search, email, and data transfer services and cut out the middleman?
Hell, the could just nationalize the phone system and include unlimited, no warrant wiretap access in the EULA and privacy policy.
That’s where we are headed anyway.
ALTs
This is why I roll alts… you can just mail stuff to them so it doesn’t take inventory space in the bank or in your travelers backpack…
No Subject Given
Did I miss an important part in one of the articles? Where does the user get to set the encryption key for the file transfer?
I would imagine this key would be set by Google. Another article I read said that there would be some people at Google who would have full access to your data.
No Subject Given
Anyone else see this as becomming the next big filesharing system?
uh ya I’m just going to sync my copy of Scary Movie, and give the url to all my friends so they can uh, sync it too..
Re: No Subject Given
You mean, you’re going to go over to your friends house, set up a secure and private account on their personal computer with custom file access permissions?which they would never, in their lives, violate?and watch your copy of Scary Movie over there. Not in their presence either.<br><br>At least, that’s what your lawyer might say.