What I’ve Learned about The Cloud

Like most people who have been using computers and the internet, I’ve had a gradual creep of having more and more of my data in the cloud. I’m a long-term (aging?) Apple fan boy and have succumbed willingly to the ease of having my data accessible on any device anywhere. When learning about the Snowden revelations showing how governments have accessed data from the major cloud services though various back doors, my thought was “of course they have,” but it wasn’t enough to get me to reconsider how I used the cloud.

What did get my attention was when the news came that DropBox had appointed Condoleezza Rice to their board. I’ve been an avid DropBox user, and this news was enough to get me to start to look at alternatives. I work with NGOs that in some way or another are working to reduce violence in the world, and actively promote peace and individual privacy.  Condoleezza Rice has been a counter-force to all that in one way or another. This made me realise I was completely out of touch with the values of the companies running the various services I had been complacent about using.

So I started to look at my options for alternatives to DropBox. I decided it would be best to consult with some trusted colleagues. I wanted to make sure the choices I was making were sound AND also to think through how I advise organisations about their use of online services in the future.  So I got into a huddle with Misty Avila (Aspiration), Tin Geber (the engine room) and Niels ten Oever (Article 19) to discuss it all.  I’m really glad I did, as I got a huge sanity check. Here’s some of the wisdom that came out of that conversation:

  • Whenever data leaves a device under your control,  you are losing control of the data. If the data is ultra critical, perhaps it’s best not to put it on cloud services at all.
  • If you are going to use online services, use services that you trust. I realised that in the creep towards using the cloud, I hadn’t actually stopped to ask: ‘wait, do I actually trust these people?’
  • When looking at open source software, remember that it’s not just about being ‘open-source’ – it’s actually about trusting that the code is good (so check if it is audited by a trusted source auditor). Follow some common sense rules about software – is there a good developer community? Is there a strong user base? Is it still in development? Do people you know use it?
  • Get the balance of risk vs benefit right. Cloud services mean you can collaborate with others easily and there’s tons of other benefits that may outweigh the risk.
  • There are different layers to cloud computing. You have the server where your files are actually stored, the host software that is installed on the server and syncs the files to the host, and then the client software that syncs your files with your local machine. You need to trust who and what is controlling all three of those points.

So what are some options for the cloud? Many of the closed source options are all in one solutions:

I’ve mentioned why I’ve switched from DropBox (see Drop-DropBox.Com) . Google, Apple and Microsoft have all been implicated that their data was accessed by the NSA and GCHQ. To what extent they cooperated is still undetermined, but they are all currently putting a lot of effort into publicly protesting and lobbying for surveillance to end. That said, they are still big corporations operating within their own interests and not yours, but need you to trust them to hold your data on their servers.

Some open source type solutions:
  • OwnCloud –  You provide the server and then set up the OwnCloud software on it and also on your client machines. It has Android and iOS clients for mobiles and tablets. Owncloud can also host your contact info and calendars for syncing between all your devices.
  • SpiderOak – They are building their service around privacy, which says a lot. It’s an all-in-one solution – providing the server (2GB free – above that will cost you 10 USD for 100GB). It also has Android and iOS clients for mobiles and tablets. They are NOT 100% Open Source – but they are hosting the files in an encrypted folder only you have access to.
  • Tahoe-LAFS – They distribute your data across multiple servers in case one is attacked or compromised.  Will work on many of the popular Linux distributions.

After that conversation, I decided to go with OwnCloud as my desktop client and host software to keep things in sync. OwnCloud is not perfect, but it’s open source and works good enough for syncing my files. Plus it has a good user community, it’s under active development and people I know use it! I’m using DreamObjects for the server, as it’s a service that my webhost Dreamhost provides. I’ve used Dreamhost for over a decade and have always been happy with their customer service, and I trust them more than Dropbox to protect my data. If I didn’t have access to a server, I’d go with SpiderOak, based on my colleagues’ recommendations.

UPDATE: Sadly my experience with DreamObjects and OwnCloud was not very good.  After my files being erased three times, I decided DreamObjects and OwnCloud together weren’t actually reliable and switched to SpiderOak.  So far I am very happy with SpiderOak, which is solving several of the headaches I had with the DreamObjects/OwnCloud configuration, such as stalling while syncing files over 500 MB.

The most important elements of using cloud services are trust, reliability and simplicity,