Why do some people say to avoid putting data in the cloud? You’ve probably seen them online. “Cloud storage is too dangerous,” they say. “Do you even value your privacy? What about the hackers?”
Meanwhile, most of your friends and colleagues are just fine storing files in Dropbox. Perhaps your job requires that you use Box. Why should you keep all your financial information offline when your finance adviser saves all the documents you give them onto Google Drive?
You’re left feeling that regular people see no problem with using cloud storage and those that do are simply paranoid. Well, that’s not true. There are valid reasons to avoid storing so much information online. It’s just hard it to convey the dangers in a way that hits us in our guts rather than our heads. Meanwhile, the convenience of having data safely backed up and accessible across many devices is very easy to see.
But at the end of the day, we’re giving up a lot more than we’re getting when we use the cloud.
First, What’s the “Cloud”?
The cloud is a very ambiguous term. In a broad sense, it means a web service that runs on someone else’s server. But that definition could apply to virtually any website. Instead, I’m referring to many of the modern web services that have popped up throughout the last decade. These are sites that function more like applications that run on your computer, but instead they run on a “cloud” of computers located somewhere else.
This list includes general cloud storage providers such as Dropbox and Box, specific alternatives such as Google Photos and iPhotos, social networks such as Facebook and Twitter, web apps like Google Drive and Office 365, streaming services like Netflix and Spotify, and the list goes on and on. Basically, if there’s something you used to do offline on your own device that you now do online, where you’re depending on someone else’s computers — that activity is cause for concern.
1. Every Action Leaves a Trail
Many of us grew up thinking that everything on the web was anonymous and nothing ever goes away. Both are false. I write for the web, and there is plenty of content that I can no longer access because a site deleted old articles or has since shut down. I have social media profiles that have since gone away. Does some of this information still exist on a server somewhere? Without a doubt. But much of it is information that no one will ever see online again.
Likewise, nothing we do on the web is anonymous. In order to connect to the web, we generate an IP address. Every website we visit can see that IP address. That’s not all. Here’s a look at all the information every web browser and many sites can see about you.
That’s a lot of information, and we haven’t yet started talking about cloud services. I first want to establish how the mere act of getting online and viewing information also requires providing information. But this data doesn’t necessarily tell anyone who you are, nor does it have to be stored. Though many sites and ads do track this information using cookies. Thanks to them, a trail forms that can show most of the places you’ve visited across the web. Once you start creating accounts (something nearly every cloud service requires that you do), the bigger the trail.
2. Nothing You Do Is Private
In order to show you a webpage, a server has to receive certain information about you. It may even have a vague idea of where you’re connecting from. But this information does not have to be stored.
When you create an account, things change. The whole point of creating an account is to retain certain data in order to display it again later. This may be all the messages you’ve sent, the music you’ve listened to, your credit card information, or your shopping history. If this information wasn’t stored, the service wouldn’t function as expected.
This is different from the way things work offline. While someone can intercept a letter, no one tracks and stores every letter you’ve sent in the mail. Similarly, while people can measure roughly how many listeners a radio station has, no one’s paying attention to what stations you specifically are listening to. When you pay cash, no one has a log of the places you shop or the things you buy (credit cards, in contrast, keep up with this info whether you use them online or off).
Some of these accounts may reveal your identity, while others don’t. Still, once someone has certain details about you, it’s not hard to piece the rest together.
Knowing an email address or a username can be enough to associate two accounts together and assume they’re the same person. If you stay automatically logged into the same accounts, cookies or your web browsing history (which some browsers can now sync online) can quickly piece your identity together. You may be surprised how easy it is to find out who you are and what you do.
3. We All Have a Data Profile
Details about us are regularly bought and sold. Facebook, for example, doesn’t just use the data it gathers from our using its services or what it finds using cookies to track us all over the web. The company also purchases information about our offline habits to fill in the gaps about us. That’s because what keeps the company in businesses is knowing more about its users and being able to target them better than anyone else.
When companies collect this much information about us, other people don’t have to. Law enforcement, intelligence agencies, hackers, and others can all approach these sources, through legitimate or illegitimate means, to find out more about us than they could ever hope to do on their own. People are now capitalizing on Facebook’s business strategy to target voters and manipulate elections all over the world.
This problem isn’t limited to services with public data, such as Facebook and Twitter. Amazon, Google, and Dropbox each store different but very intimate details about each of us. Someone with access to these accounts can figure out where we live, where we go, who we like, what we eat, the things we buy, and the cards we use.
You may not have a problem with Google knowing every app you’ve installed on your phone, but do you want to share that aspect of your life with the NSA? The information some of these companies know could cause some of us great hardship if revealed, including costing our jobs.
4. Terms of Service Can (and Do) Change at Will
We expect the people we interact with face-to-face to stick to their word. We don’t see these companies in person, so all we have are their terms of service. They reserve the right to change these words at any time.
This isn’t okay in our personal relationships, nor is it acceptable in most contractual affairs. If you sign a mortgage document, you know what you’re getting. The same is true when you lease a car, pay for repairs, or hire a photographer.
This expectation goes away when we boot up our computers. The end user license agreements that come with most non-free applications, and the terms of services required for any online service, aren’t static. They can change at the provider’s whim. Web writers express outrage whenever Dropbox or Google make noticeable changes to their terms of service, but this doesn’t have much impact when companies know the vast majority of their users aren’t paying attention.
5. The Future Is Uncertain
Do you use your smartphone as your camera? Do you automatically back up your images usng Google Photos?
Google is an advertising company. It provides free services in exchange for insight into our interests and habits, so that it can show us ads. But the kind of data it collects goes far beyond a magazine knowing our street address and sharing that information with similar periodicals. Google knows every search we enter into the URL bar, every website we visit, every contact we’ve sent an email to, and the content of all of those emails.
What does Google do with that data? What will Google do with it? Years ago Google was primarily a search engine that used our data to deliver better results. Then it expanded into email, where it now uses our data to organize our inbox and try to predict our replies.
With YouTube, Google uses our data to show us videos it thinks we’re more inclined to like. This filtering can limit what we’re exposed to and lead us down a rabbit hole of watching progressively hardcore and niche material. This is already having impacts on elections all over the globe.
The company wants to sit us all inside of driverless cars. Once the technology is ready for prime-time, you can expect to see Maps integration baked in. What will Google do with all the information it gains from knowing our every trip? What is Google doing with the information we store in Google Drive? And what will it do in the future when it decides to expand into a new area?
Can you opt out? Unfortunately it’s all or nothing. Once Google has your data, it has your data.
6. We’re Not Just Giving Away Our Own Data
Do you have a kid? Do you follow them around with your smartphone, snapping and recording their every move? I hear you. I’m a young parent myself, and with the ability to easily send photos to relatives, it’s hard not to. But when every photo automatically uploads to Google’s servers, that company now has your kid’s data. It has performed facial recognition scans, and its algorythms have deduced your relationship to your kid.
Your kid is already online, being profiled and monitored, without any consent or through any action of their own. And we can only imagine what products, services, or worse that information could be used for ten, twenty, or thirty years from now.
This isn’t just about children. You may not even have an account with a website, but if your friends do and tag you in a photo, the company now has information about you. Another company may launch later and build a face recognition service that learns people by scanning whatever pictures it can find on the web. Your face is now in that database, not because of your actions, but because of someone else’s. And it’s not like they were being reckless.
They were simply sharing photos with others the way most of their peers do. It’s the way these systems are designed, and the business models built around them, that have made all of our data up for grabs.
What Can You Do?
In some aspects, there isn’t much you can do. You don’t have control over whether your dentist backs up records online or if a friend uploads a photo of you to a service you don’t even use. But unlike with Equifax, which recently lost credit information for a massive portion of the US population, you do have a choice over whether you use many of these sites. You don’t have to use Dropbox, Twitter, or even Google.
Should you? At the rate data breaches are happening, if you haven’t already been burned by one, it’s likely only a matter of time before a company gets hit in a way that leaves you vulnerable. Avoiding many of these services is a way to reduce the chances of that happening.
That said, I wouldn’t go so far as to say you should never use a cloud service. When you do, try to use products from a company you can trust, even though there isn’t an easy way to determine who they are. You will have to do some degree of research. Try checking out some of the reviews that come from the Electronic Frontier Foundation, which advocates for our civil rights online. I personally like companies that embrace free and open source values, because that’s a big sign they’re not trying to control your data or hide what they’re doing. At the very least, gloss over an overview of the terms of service before accepting.
Even if you do manage to avoid all cloud services and never create an account anywhere, that doesn’t mean you can avoid tracking altogether. Some internet service providers are now adapting their business model to include monitoring everything their customers do so that they can sell this information. Unlike Facebook or Google, you have to do business with an ISP in order to even get online.
For the situation to truly change, that will require a big shift in public perception. We often don’t know what we’ve lost until it’s gone. We’re gradually eroding our concepts of what is ours, what others should be able to see, and what’s an acceptable risk. If we don’t start treating the way companies collect our data, and what they do with it afterward, as unacceptable, they’re not going to stop doing it, nor will government regulators pressure them to.
Ultimately, not using their services (when that’s an option) is the clearest signal we can send.
Do you believe the benefits of cloud storage outweigh the costs? Are you happy with the current direction of the web? Are you perfectly comfortable with an ad-based and tracking-based economy?
Image Credit: shalunx13/Depositphotos