<< Data was stolen from an Amazon Web Services-based storage bucket, which included more than 140,000 Social Security numbers >>

How about all of these 'data breach!!! data was taken OUT OF THE CLOUD!!!!' articles instead start with

"Data was PUT INTO Amazon Web Services, which is a sketchy private company with an extremely bad reputation owned by the world's richest man who is currently being blackmailed and who many Amazon users hope, against all the evidence, isn't a literal Bond Villain.."


If you put your company's secret data in the cloud, YOU ALREADY LOST CONTROL OF YOUR DATA

Cos it's in the Cloud.

That's what the Cloud is.

It's giving someone else control of your secret data.

That someone being someone who wants to rule the world.

You can kid yourself for a very long time that nobody who runs the Cloud is going to look at your secret data.

But it's a cutthroat business world, data is money, and you will never know if they did look.

They probably aren't looking! You hope.

@natecull If only there were mathematical systems in existence to ensure that your data were only accessible by authorized parties!

@digicana There..... aren't, though, that's the thing.

That's what I'm trying to get people to understand.

If you use purely cloud *storage*? Yes. You can encrypt data on your physical machine and then send it it through the Internet and store it in the Cloud.

If you use a cloud *compute* server? Hahaha lol no.

Your cloud server's RAM will have your decryption keys in it, because how else will it be able to compute?

Good luck. Maybe Secure Enclaves will save you. Maybe!


But see, the thing, is:

Cloud compute means we now have this MASSIVE concentration of all the world's data and compute in maybe three or four companies. All of whom want to have and keep VERY close relationships with US military and intelligence.

This is a very, very target rich environment for those agencies, should they want to... go fishing for, whatever.

It's like the perfect data crime. Who will know if you're scanning hypervisor RAM for keys? And the payoff? Near infinite.

@digicana If I were a US spy and I *wasn't* quietly talking to US cloud companies (through their national security channels, extremely classified, Top Men only) about how to massively sift all compute node RAM for keys, I'd be doing something very wrong.

Use case #1: 'What if ISIS is running secure chat over an AWS node? Omg we need to be able to listen to them! We need to get all their keys!'

Use case #2: 'What if we scale that up to more Bad People than ISIS?'

Use case #3: 'I don't like X'.


Now there are no doubt all sorts of internal rules, procedures, military honour, etc, preventing the NSA, CIA et al from just turning on the surveillance on everyone

And Jeff Bezos isn't currently on Team Trump. Apart from the blackmail and the eye-wateringly expensive divorce in process.

but on the other hand,

Trump happened.

I think it's fair to say a whole lot of safeties have failed in the US political and intelligence system, and we don't know who is running who right now.

@natecull Regardless of world events, AES remains politically neutral.

@digicana And once again, I ask:

How are you going to securely encrypt and decrypt AES, on a cloud compute server running a hypervisor whose code is classified, with the keys held in RAM connected to you don't know what?

@digicana Because AWS hypervisor code *is* classified, I believe. 'For security'. For someone's security, yes. Is it yours? Maybe!

@niconiconi @digicana

sure, but if your adversary *literally owns the physical computer*, their job of reading your RAM is a LOT easier.

It's just that for some reason nobody's threat model yet includes 'what if your tech infrastructure provider WAS your adversary?'

They certainly do if that provider is Huawei! But if it's American (and they're American, or even English-speaking non-US), they think it's fine.

Even if they also think the US President is literally owned by the Russian Mafia.

@natecull @digicana I meant it's possible that your can use these vulns for your own advantages. From this perspective the proliferation of scary side-channel attacks is not 100% bad. If everything runs on the cloud, users have nothing to lose, these vulns are actually giving some people a remote (but non-zero) chance to subvert massive concentration of three or four companies, and possibly even US military and intelligence. Here comes a new #cyberpunk plot.

@niconiconi @natecull I’m actually kinda curious how the big boys are handling all the speculative execution processor vulns. I mean no doubt they have mitigations, but I suspect it’s the nation states not the little guys who have effective tools to leverage these into workable exploits.

@natecull this has been my entire last couple of weeks at work. Provisioning a new server at work to store our accounting data (the easy part) then chasing back down the path to the end users' machines and disabling every fucking "helpful" cloud service that wants to subvert every control we put in place if you save a file in the wrong place or open it with the wrong program.

@natecull thats true, but its low grade information. You could lie and trick them. Even trick them into thinking that you believe something that you dont.

@Rich_Graham @natecull i mean, except we’ve already established via this data leak that it includes over 140,000 social security numbers so

Maybe the stuff /you/ are doing with AWS is low grade data, in which case thats fine! But clearly other people are /not/ and the only reason they thought putting 140,000 SSNs into the cloud was okay was because we’ve managed to divorce “the cloud” from “the actual real company you’re handing all your stuff to”

@Satsuma @Rich_Graham

What worries me the most about Cloud hype is that there's this whole cult of the Expertise Of Giant Companies that goes along with it. The value proposition being actively sold is 'it's actually more secure to give all your data to the biggest company possible than to hold it yourself!'

Which would be maybe fine IF being the biggest company meant being the most ethical? But we know that isn't how the market works.

@natecull @Rich_Graham yeah any company making money off of selling data should be considered like, inherently unsafe when it comes to data security and it’s absolutely wild that they aren’t

@natecull @Satsuma @Rich_Graham I have heard Eric Schmidt (I think?) of Google explicitly making that claim.

I ofcourse don't buy it.

@natecull @Satsuma @Rich_Graham

The people most responsible for writing shitty non-secure software tell us that we are not capable of of protecting the privacy they’ve already failed to protect.

And they are incentivized to fail at this.

And we keep falling for it.

And this behavior enables systemic persistence of this state via legislation like SOX, HIPAA, HITRUST, etc.

We can do better.


> If you put your company's secret data in the cloud, YOU ALREADY LOST CONTROL OF YOUR DATA. Cos it's in the Cloud. That's what the Cloud is. It's giving someone else control of your secret data.

Something I struggle with is what to think about personal backups. On the one hand, everything you said.

On the other, it's just encrypted data (no compute) and there aren't many options for off-site backups.

I currently don't have a good solution, or off site backups

@codesections Yeah, if it's encrypted (and encrypted locally) I think it's pretty safe.

It's mostly cloud compute and Software as a Service and Big Data Deep Learning as a Feature that I worry about, which are the big ones the corporate world are pursuing.

@codesections like literally, the hot new thing in antivirus is 'the antivirus server is in Microsoft's cloud, so all the metadata about every file on your system gets just sent to Microsoft and then they run <unspecified algorithms> on all of that and you'll be So Much Safer!'

and I'm like WHAT HOW DID WE GET HERE but, it's the new corporate thing

@codesections @natecull Personally, I don't see any problems with using other people's computers to store encrypted backups. If done right they can't actually do anything with it except loose it, which leaves you no worse off then you'd otherwise be.

@alcinnz @codesections @natecull On a practical level, I can recommend Tarsnap. Recovery is very slow, but I have a good deal of faith in the security of the service.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!