[SOLVED] Cloud Security - A Contradiction in terms?
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Mega is/was supposed to be this ultra-secure encrypted cloud platform. You keep your password, we don't have it, so they said. But the Chinese Government could access it. Proton is supposed to be that way too, but I wonder now.
The fact is, whatever money there is in running a cloud service, there's more in selling secrets. If your ISP or job is hacked & stuff stolen, you probably feel the disruption, or get notification. But if a cloud server is hacked or compromised, who's to know? The hacker can play away for years until he strikes lucky.
So is anywhere secure in 'the cloud' or is it the biggest con of the 21st century? "You put your data up here cheap, and we'll hawk it to all comers."
I think there is a logical difference between data that is encrypted by you, not by the company that stores it, and data that is "uncrackable". Whether or not encryption can be cracked by a brute force attack depends on the power of the encryption algorithm. Maybe Mega isn't using the best encryption possible. But in many cases, decryption isn't necessary because courts or governments can simply require a company with servers on their territory to hand over clear-text data. End-to-end encryption will protect you from that at least because no company can hand over data it doesn't have access to.
if they create a password or encryption key for you, what ensures they will securely delete the copy they have?
you need to create you own private/public key pair and give out only the public half. keep the private half to yourself. and only use key generation and client software you can trust, such as that which has source available to willing experts you trust. also, only use binaries that you built from that source or got from willing experts you trust.
security is not some magic you buy from a store.
be sure no one has your password. if they do, abandon the account and never use it ever, again. create a new one and practice good security hygiene.
Given the amount of data I have, though, I'm better keeping it around here and not putting it in the cloud at all. I'm not into porn, spying, espionage of any sort or hacking.
In a word, you're saying the onus is on me and you wouldn't trust any of them. I'm disappointed in Mega, who have sold themselves very short after hawking themselves on their security. Mind you, I never upgraded from the free account, so I didn't buy. I also made it extremely difficult to link me to any person, living or dead
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.