Keep those keys!
While cybersecurity isn’t my day job, it is something that I have been interested in since I was old enough for the Internet to exist and if you couldn’t tell already from the last 10 minutes or so of today’s show it is also something I am pretty passionate about.
It’s obviously not a typical topic for the show, but I wanted to see if I could Fix this one for even one person. Especially people on the younger side who grew up in a world of globally hosted cloud services.
I want to keep things simple so here is my analogy: when it comes to storing your stuff, generally you have 2 choices. You can store it yourself in your house, or you can store it somewhere “secure” that you don’t own. Think a bank safety deposit box like you might see in the movies.
If you have a safe in your house, you *should* be the only one with the keys to it. But, if you lose the keys or something happens to your house (like it burns down) and you lose the safe and everything in it, that’s on you.
If you have a safety deposit box, you are leaving the security of that box up to the bank. They should be putting it in their vault and have plenty of fire extinguishers around. BUT that also means that the bank has a key to your box, you are just trusting them to not go rooting through your stuff. Nobody else should have a key to your specific box, that is the “end to end encryption” everyone is always talking about. But the bank still does. And they may stick to that trust, but there is always that chance. (Or someone breaks into the bank and steals the keys to everyone’s boxes, yours included. Cybercrime!)
Same goes for Apple. If you have an iPhone or iPad, you have the convenience of just hitting the toggle for iPhoto Cloud and having your pictures backed up to the cloud, safe and secure should anything happen to your phone. And (ideally) nobody else will have access to your personal photos unless you want them to. BUT Apple is still playing the bank here. Once your photos are on their service, they can do whatever they want to within the confines of the user agreement (you did read the whole thing, right?)
It’s not all bad news though. There are places that are safe (online redundant cloud storage) and secure (true, user-owned encryption where the provider can’t see your data either). Check out ProtonMail and their associated cloud drive. Or Mega, which is only for cloud storage. Both services have no access to your data themselves, so no scanning your data for whatever they feel like looking for that day.
If you’ve made it this far through this post already, enjoy this music to keep your day going.
