Dropbox-like Cloud Storage Service Shadow Drive Lowers Its Price - Slashdot
source link: https://hardware.slashdot.org/story/23/06/02/1310210/dropbox-like-cloud-storage-service-shadow-drive-lowers-its-price
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Dropbox-like Cloud Storage Service Shadow Drive Lowers Its Price
›
Shouldn't that be $5.30 per month instead of $9.60 per month
No? Not interested then, I will keep my vServers. Less storage, but I control the interface and I can put services on top of that. There is no way in hell I will put their app on my machines.
-
The host admin also controls the network interface. They also control the disk and the memory and the cpu scheduling.
Regardless of design, you're establishing trust at some point. Even when running on your physical servers, sitting right next to you within your own office. You're still trusting the hardware itself to be free from defect and intentional malicious construct, whether born by the OEM or by meddling during the original delivery chain of custody.
The security paranoia rabbit hole can go deep.
-
So? Ever thought that I may want this in order to be able to automate things on servers on my side without giving _them_ a backdoor in? Trust is not yes/no, it comes with a pretty strong aspect of "who?".
Other than that, you comment is pretty meaningless. Any competent security person already knows that.
-
theoretically security minded cloud storage like SpiderOak and its competitors means you don't have to trust the hardware that you are on. I think starting with a secure architecture and working you way from there is smarter than trying to think about security after-the-fact.
-
They seem to be using a modified Nextcloud client. It would be nice if they just offered standards, like S3, WebDAV, and other protocols than requiring yet more software to be installed. Even just using a Bog-standard Nextcloud client would be okay.
-
I guess that's OK, but you shouldn't trust Nextcloud with anything because they keep your keys server-side. (as far as I understand from the authentication scheme used and basic description on Wikipedia)
I think there are two criteria we should consider the most important:
1) client is widely available on many operating systems and architectures.
2) storage is client-side encrypted and a trust nothing architecture.Additional features, which are also desirable:
3) standards-based client
4) open client implementat
-
-
-
-
My issue is trusting somebody else's server with my data -not because I expect them to be insecure, but because I do not trust them to stay in business.
Shit happens, and the contract likely limits their liability to the amount paid for service, meaning if they go out of business, they owe me a refund for the rest of the month's service... but my data is just GONE. They have no obligation to even try to get it to me. I am S-O-L.
My data is what I control. If someone else controls it, it is not my data.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK