How Clean Is Your Cloud? Here’s How To Find Out: A blog about how to understand the security and privacy of your cloud.
In the past few years, there has been a lot of talk about cloud computing as the next big thing. The current buzz is that it will do for software what electricity did for labor—make it cheap and available everywhere. Google, Apple, Amazon and Microsoft are all touting their own version of cloud computing. Even our local cable company Comcast is getting into the act by putting its software on a remote server so customers can share their photos with friends.
It’s not hard to see why this kind of technology is so attractive to companies like Google or Comcast—they get to charge customers monthly or yearly fees instead of just one-time sales. But how do you know if your cloud service provider is protecting your personal information?
How to know if your cloud provider is secure, and what you should be looking for.
I was recently on a panel at SXSW with some of the biggest cloud providers in the world. A friend came up to me afterwards and asked how she could know if the cloud providers were safe and secure. I had to confess, I didn’t have a great answer for her.
I’m not sure that most people realize that when they adopt a cloud service, they don’t just bring their data — they actually bring all of their security obligations, too. The “security question” is often answered with a vague statement like “We work really hard to keep your data safe…” That’s not an answer — it’s an evasion.
The good news is that there are some things that you can look for to judge whether your provider is taking security seriously, or is just faking it. The first thing that you should do is ask for a copy of their Security Policy and Information Protection Policy (if they call it something else, don’t worry; it will usually look like a cross between a binder and the Magna Carta). A lot of providers may not have one; if
The cloud is everywhere. It’s how you stream your music, how you back up your files, and how you store and share photos with friends and family. But do you know where and how your cloud data actually lives?
These issues aren’t just important for protecting yourself from hackers and thieves. Privacy is a human right, but our digital privacy is increasingly at risk. Our data has become a powerful tool for governments to track us, spy on us, or even arrest us. Corporations also collect huge amounts of personal data, often without our knowledge or explicit consent. We should all be asking ourselves: what information do I choose to share online? And with whom should I share it?
In the past few years we have seen Edward Snowden’s revelations about mass surveillance by the U.S. National Security Agency (NSA), Google scanning Gmail accounts for targeted advertising purposes, and Dropbox leaving customer encryption keys exposed on the Internet for four hours. While these stories have created awareness about the dangers facing our private information in the cloud; it’s hard to find good information about what companies are doing to protect their customers’ data from such abuses.
The Electronic Frontier Foundation (EFF) believes that people deserve secure cloud services that will protect their privacy from prying eyes –
In the early days of cloud computing, companies like Amazon and Google were understandably focused on doing one thing well: selling you server space. As a result, they didn’t add in security features like encryption or activity logs as default options. This was bad for privacy and security, but it made sense at the time — after all, this was a new industry with new infrastructure.
Unfortunately, we can no longer say those days are behind us. For example, if you have an Amazon account, you have access to a suite of services called AWS (Amazon Web Services). Many of these services still don’t give you any visibility into what they’re doing with your data by default. To add insult to injury, some AWS services actually make it harder to use basic security features!
In this blog post we’ll highlight one example where encryption is turned off by default. We’ll also show how we used Amazon’s API to learn how many people are affected by this problem — and how few people are encrypting their data.
The Internet of Things (IoT) is a network of physical objects that use sensors and APIs to connect and exchange data over the Internet. The “things” in IoT can refer to a wide variety of devices such as heart monitoring implants, biochip transponders on farm animals, electric clams in coastal waters, automobiles with built-in sensors, or field operation devices that assist firefighters in search and rescue. These devices collect useful data with the help of various existing technologies and then autonomously flow the data between other devices.
The IoT market is expected to grow from $157B in 2016 to $457B by 2020. That’s a compound annual growth rate (CAGR) of 28%. So why are we not seeing widespread adoption? Sure, there are a few consumer products like Nest Learning Thermostat and Dropcam Pro Wi-Fi Wireless Video Monitoring Camera available today but we have yet to see widespread adoption of true industrial IoT applications.
The main reason for this slow adoption is security. Security has become the biggest concern for enterprise customers when it comes to bringing new solutions into production environments. This concern is valid because IoT security flaws create new attack vectors that weren’t present before the emergence of IoT. In particular,
When you use a service like Gmail or Dropbox, you trust them to protect your data and keep you safe. So how do you know which services are secure, and which ones aren’t?
The EFF has just released a new tool that can help. Our new Security Checkup tool helps you quickly understand the security of your Google account and provides tips to improve it.
Security Checkup starts with an overview of your account, showing if you have turned on two-factor authentication (which we strongly recommend), if your password is strong enough, and whether any suspicious activity has occurred on your account recently. It then goes into more detail on specific topics like account recovery options, contacts, apps and devices connected to your account, permissions granted to those apps, and how Google shares your data with advertisers. The tool also points out any recent actions you may want to know about—for example, if new devices have connected to your account.
Security Checkup is designed so that most people can get through it in just a few minutes. But there is a lot of information here; we hope this tool will be useful for people who want a deeper understanding of their own security and privacy online.
When you interact with a website or mobile app, it’s sending your personal data to servers owned by the company that runs the site. Those servers may be in your state or across the ocean. They may be run by a small startup or a multinational corporation. But in any case, you probably don’t know who is running those servers, where they are located, and what happens to your data once it’s there.
It’s time for that to change.
That’s why EFF has launched Panopticlick 2.0, a tool that tells you how unique and trackable your browser is based on the information websites can see about you. By telling you how unique and trackable your browser is, we hope to raise awareness of online tracking, and empower users like you to make more informed decisions about the software and services you use.
A Unique Fingerprint
What makes Panopticlick different from other browsers? It starts with our custom font rendering engine. When we render fonts on screen, we typically do so using system fonts—the same fonts that appear in most other browsers. As a result, every browser looks pretty much the same when it renders text on screen. But system fonts don