Cloud Data: Secure but not Private

These are difficult in this context indeed. I’ve chosen to use all-in-one buckets for anything I don’t mind losing (yes, stuff does get “lost” in icloud), or read by the [type any government agency here].
All other information is in my own network, accessed through a VPS (with VPN) and syncing to all my devices in the respective apps.

I do NOT have iCloud backup turned on, and use iCloud email for advertising, newsletters and so on only. My other email is run through a domain I own, and manage myself (also a VPS)

Yes it’s sometimes less convenient, and yes sometimes I wish I did not care about the safety of my personal so much, but hey, the time I spend patching my servers and securing the perimeter is a price I gladly pay. I learn a lot, and at least I know if I’ve lost all my photos it’s my doing and not someone else making a mess of things (looking at you iCloud for losing all my wife’s movies from 2010-2014 in a ‘backup error’)

We’ll probably find our opinions not that far different in the end, just different angles on the same issue. Iron sharpening iron is always good practice so I appreciate your thinking.

I think this is the main issue I have. It seems many, if not most services have encryption in transit and rest, but still hold the keys to that data. They can access it in unencrypted form. That I’m not happy about at all.

I think out of Notion, Workflowy, Roam, Obsidian, Evernote, Craft and Dynalist, Obsidian is the only one that offers zero knowledge encryption. Everyone else can see your data and of course pass it on to governments.

My experience has been that nearly every technological advance is good at the beginning and then deteriorates as it’s monetised and exploited. The internet was good in the 90’s, now it’s a danger zone. Smartphones where good but now have become addictions and ball and chains.

I wonder where cloud data will take us in 10 years? It’s encouraging to see on forums that I’m not the only one heading in the other direction. Using less cloud not more, leaving no emails on my servers more than a week, syncing at home on a local network not through the cloud. I’m even contemplating changing my work phone to a phone that only makes calls!

My father is 85 and has never used the internet. He doesn’t even have a computer nor a smartphone. Maybe we’ll all be longing for those days in the future. I often want it all to go away for a week!

1 Like

You can always use cryptomator to secure data in the cloud if you want to
It’s a great tool, and I have several vaults in my iCloud data folder to share with others in my family.
We have access to the data, Apple has access to a bunch of random characters

1 Like

How does this work if you want to access your data on iOS?

In 2013 Reuters reported that the NSA had paid $10 million to RSA to put a weaker algorithm into an encryption program. It is known that major communications providers assist the us government in tapping their networks. I have no doubt that if the government wants to see my data they do not have to ask anyone.

1 Like

Cryptomator for iOS app

1 Like

So are you saying that governments can hack encryption?

Governments have done things that weaken the implementation of encryption in specific products and common software components used in multiple products but there is no reason to believe that anyone has a significant attack against AES itself.

If it were the case that a government would have such an attack it would put them in a very interesting position: it would grant them an enormous tactical advantage over everyone else, but only for as long as nobody else would know about it. Any actions taken as a result of having broken AES would have to be such that nobody else could, by observing those actions, infer that AES had been broken.

(Fun fact: There has been at least one successful attack on AES that weakens it, but not significantly enough to be considered a problem yet. These kinds of attacks were anticipated by the designers of AES and its implementation was designed to be resilient to them. Ironically the attack is more of a threat to AES-256 than it is to AES-128.)

While I’m certain that the signals intelligence units of pretty much all major governments are poking away at major cryptographic systems and the ciphers they use, those systems are so good and in such widespread use that the attack on private data has shifted. What governments (and all kinds of bad actors) are really focussing on now is subverting endpoint devices (phones, tablets, computers) by exploiting software flaws, hardware flaws, and deliberately subverting software.

1 Like

But data on those devices that are encrypted should still be impervious to being accessed and read?

No, that’s why endpoints are being targeted so heavily now.

For example: My Macs have encrypted file systems and there is no known way for anyone to access the data on those Macs once they’ve been turned off, even if they have physical access to the Macs. However once they’re turned on and I’m logged in, any program running on the machine has access to the unencrypted data, so any malicious software or sufficiently buggy software can access pretty much anything it wants, completely bypassing the problem of defeating encryption. One of the tricks being used is for some bit of software to monitor the clipboard for things that look like passwords or BitCoin wallet keys and to silently exfiltrate them. (This is one of the reasons I was so happy that Apple introduced the “this bit of software just accessed the clipboard” notification on i(Pad)OS devices and also why I really, really want Apple to add it to macOS)


Doesn’t that then mean that the cloud is even more susceptible to attack as it’s online all the time?

These attacks would need to run the apps that the data was created in would they not? So for example any app that requires the use of a password to run should still be safe?

Looks like we might all have a computer that is online and a secure one that offline with all our important data on!

I think that it means that a cloud service is susceptible to a set of problems that probably overlaps partially with the set of problems that local data is susceptible to. Good cloud service providers are especially good at defending against issues that would afflict end users: They have 24x7 security operations teams, well developed change management processes, well developed patching regimens, and highly effective (and very expensive, trust me, I know) defensive systems that can detect and mitigate attacks that do make it through their normal defences.

On the other hand, you still have to trust them to do their jobs correctly and honestly.

The decision as to whether or not to use a cloud service is a complicated one that involves understanding (as best able) all of the risks one is subject to and benefits one gains both by using and by not using such a service. It’s really complicated and the answers differ for everyone, which is why I don’t dismiss cloud services out of hand.

Not really. Sandboxing is a good security control (both in the cloud and on personal systems) but sandbox escape vulnerabilities exist for every system that employs them.

Stealing passwords is another common attack method, as is exploiting vulnerabilities in the software itself.

One way of looking this is using a bank (cloud) vs. keeping all of your money in cash at your house (doing it yourself). Each carries benefits and risks and each involves different kinds of trust. Banks have very well established processes for mitigating nearly all of the risks incurred by using them (and they’re subject to many of the same ones that concern people with cloud data systems). Cloud data systems are trending that way but there will always be people who won’t use them no matter what, many of which they haven’t properly considered.

I think I’m getting too wordy in this topic, so I’ll just summarize by reiterating that the question of cloud vs not cloud involves more complexity than most people realize and that the answers are not as clear cut as most of us would like :slight_smile:


No. We know the ransomware that everyone is fighting today is based on tools developed by the NSA that they failed to protect. But I doubt anyone outside of a few people in the agency really knows what they may be able to access. The NSO can break into iPhones, maybe the NSA can too.

And AFAIK, you cannot be forced to give up your password if the government asks for it. OTOH, depending on how bad they want it you might be “asked” to stick around until everything is cleared up. Kevin Mitnick was arrested for computer hacking and served 8 months, after being held in solitary confinement for four and a half years waiting for trial.

But most of the information I try to protect has already been leaked by Equifax and/or some government agency. The rest is for sale by any number of data brokers. :frowning_face:

Actually they would not even have to hack the encryption, just access to the front-end (the app) would be sufficient to eavesdrop. Most e2e solutions are from app to backend encrypted, but that would not include the app itself, since you would not be able to do anything with it if you had everything encrypted even there.


I disagree. It does take more work but if privacy and control are important to youyou can be better at it than any company.


Only if the end users are not aware of and take appropriate precautions.

Correct, because if you can get the targets to give you the information it’s much easier. And current state of the art sifting, correlation, searching and pattern matching tools make handling vast amounts of data a lot simpler and easier. So gathering in the junk as well as the target is the primary mode of operation. The problem in part is what happens to the junk rejected this time around?

In 2013 the NSA’s Utah facility was estimated to have a storage capacity of between 5 zettabytes and 1 yottabyte. Sounds like they planned to keep everything.

If ever there was going to be a place where an artificial intelligence could spontaneously arise, this seems a likely spot.

(See The Last Question by Isaac Asimov.)

1 Like

Exactly my point. We have no clue what our how our data will be used in the future.


We’ve disagreed on this topic before and we’re not likely to agree on it any time soon. Everyone gets to make their own choices about the data they own, just like everyone gets to make their own choices about their own money.

I’ll only observe that information security is a field that’s evolving hourly and people who don’t devote their professional lives to it almost never even know what they don’t know. People who do devote their professional lives to it also don’t know what they don’t know, but are acutely aware of the implications and lie awake in bed at night pondering them :slight_smile:

It would be great if data could be made to self destruct after a certain time.

I think siphoning personal and sensitive data and storing it should be illegal or at least every person who’s data you store should be required to give permission for you to do so, including governments. Crazy I know, but then I’m also for each country to have an internal internet disconnected from the rest of the world. It would provide a modicum of security for citizen’s of that nation and ensure everything done comes under local law.