Snowden says Dropbox, Condoleezza Rice are Hostile to Privacy

Snowden says Dropbox, Condoleezza Rice are Hostile to Privacy

Snowden calls Rice "...the most anti-privacy official you can imagine."

Edward Snowden is not a fan of Dropbox, calling the cloud storage company a "wannabe PRISM partner."

One of Snowden's primary points of ire is the appointment of former Secretary of State Condoleezza Rice to the Dropbox board of directors. "[Dropbox] just put...Condoleezza Rice on their board...who is probably the most anti-privacy official you can imagine," said Snowden in an interview with The Guardian. "[Rice is] one of the ones who oversaw Stellar Wind and thought it was a great idea."

Started in 2001 after the September 11 attacks, Stellar Wind was an NSA program that saw mass quantities of metadata -- including emails -- collected from US citizens. The program was shut down in 2011.

Cloud storage companies like Dropbox weren't the force in the last decade that they are now, and data mining from their servers -- willing or otherwise -- seems to be the next privacy frontier.

But Snowden does see a solution to the cloud problem, even if it's not perfect. "I think what cloud companies need to pursue in order to be truly successful is what's called a 'zero knowledge' system, which means the service providers host and process content on behalf of customers, but they don't actually know what it is."

Snowden then points to SpiderOak as a Dropbox alternative, as the former keeps encryption on the user side instead of having complete control over your data.

While SpiderOak could still be forced to turn data over to the authorities, it would require traditional means (a warrant), and is by and large not open to the same metadata-mining perils as other cloud services.

Dropbox issued a response to Snowden's claims, saying it would "resist" any PRISM-like programs to protect its users.

"Safeguarding our users' information is a top priority at Dropbox. We were not involved in PRISM, and would resist any program of its kind. We've made a commitment in our privacy policy to resist broad government requests, and are fighting to change laws so that fundamental privacy protections are in place for users around the world. To keep our users informed, we also disclose government requests in our Transparency Report."

Source: The Guardian

Permalink

Typo in title, it says pirvacy instead of privacy.

OT:
I don't use dropbox, but if I will I guess I'll remember SpiderOak as an alternative.
Not that I have anything to hide ofcourse, I use my basement for that.

Is that a poor wordplay on privacy and piracy simultaneously? Or just a terribly obvious spelling error?

EDIT: Sigh, never mind. Forget I said anything. I don't want to come home to an inbox full of hate and how wrong I am.

Sniper Team 4:
I get that Snowden is upset about all of these things, and he does make some very good points about a lot of them, but I'm finding it really hard to listen to anything he says given that he's staying in Russia right now, a country that would probably kill him if he did any of these things there. What are his thoughts on that country, and what they are doing in Ukraine right now?

See, this exactly is what's so bad about the whole Snowden debate.

Who. The. Hell. Cares?

- Yes, the russians would most likely kill him, as would certain people in the US if they got their hands on him. Don't know if there's a death sentence in the cards for high treason, but still.
- The russians have all but confirmed that they would do exactly the same as the US if they had the chance.
- Ukraine has nothing to do with either the US or russia spying on anyone, be it citizen, friend or foe.
- Snowden has no clue about the russian way of doing things. He got the stuff about the NSA out because he happened to work for them and has a conscience. He doesn't work for russian intelligence services.

So, with that out of the way:
What does ANY of that have to do with whether dropbox is trustable or not? Why are you (by accident or malice, I don't care) trying to shift the discussion to something unrelated?
This is getting soooo on my tits. Countering a valid argument with completely unrelated questions.

Guybythestreet:
Is that a poor wordplay on privacy and piracy simultaneously? Or just a terribly obvious spelling error?

Terribly obvious spelling error! But I've fixed it.

Happy Friday!
-Devin

Sniper Team 4:
I get that Snowden is upset about all of these things, and he does make some very good points about a lot of them, but I'm finding it really hard to listen to anything he says given that he's staying in Russia right now, a country that would probably kill him if he did any of these things there. What are his thoughts on that country, and what they are doing in Ukraine right now?

Why does where he's staying have anything to do with what he's saying? The reason he's staying in Russia is to get the hell away from the US authorities who are after him for blowing the lid on all the illegal shit they were doing to their own citizens, that doesn't mean he supports the Russian policies or is in any way pro-Russian. Even if he was pro-Russian, that would be strange considering their stance on privacy, but it still wouldn't change the truth of what he says or what he revealed.

It is revealed that the US's own security services are actively and illegally spying on their own citizens, and you find it hard to listen to because the guy who revealed it had to run away to Russia? I just don't understand the connection you're making here... ???

Once again, Snowden is correct. However, I find it strange that he details SpiderOak specifically. While it is certainly a better cloud storage provider than Dropbox, there are much better solutions when it comes to privacy. SpiderOak's codebase is proprietary and the source is not available. You have to simply trust them that their clients do exactly as they say. Yes, they do have a partially open API, but when it comes to privacy especially in today's society, any proprietary implementation is not good enough. There's a reason that encryption standards like AES and whatnot are totally open and that the best security software is open source - those with the knowledge and interest can inspect the code and if they want compile it themselves. SpiderOak, MEGA, BitTorrent Sync etc... are all proprietary and because of that not only do you have to trust that the client is doing as is told, but that the server backend is secure. For instance, under current laws as we saw with Lavabit, if any server is hosted in the USA (as Dropbox, SpiderOak and many others are) they can be compelled with a gag order to compromise their own system. Especially if the client and server software are proprietary, it is even easier to force such a company to add a vulnerability and harder for others to detect.

Instead, there are other solutions that have zero-knowledge (ie client side encryption) setups, but implemented in a totally open manner. Mozilla's Sync is a great example, for instance. The entire codebase is open, there are multiple levels of encryption and security in its implementation including zero-knowledge client side encryption, but what's more is that the user can choose to either use Mozilla's cloud Sync server, or run their own - which is also free and open source software!

Instead of SpiderOak, users should look to Kolab ( http://www.kolab.org ) and OwnCloud ( http://www.owncloud.org ) for user-friendly cloud storage that is Free and Open Source, privacy focused, and under user control. Users can install and customize the software on any web-servers they may own or have hosted, or they can purchase hosting that comes with pre-fabbed installs. For instance MyKolab ( http://www.mykolab.com ) is run by some of Kolab's primary developers and offers personalized email/groupware/cloud storage for a fee, hosted on their Swiss servers. OwnCloud has a bunch of recommended hosting providers in many countries ( http://owncloud.org/providers/ ), for those who don't want to install the software on their own locally hosted or web servers. Having things not only be FOSS, but with full control over not only the client but also the server and its location is important for privacy.

SpiderOak's FAQ says that one day they'd like to open source their client, but it is "not that easy". If that day comes when they open source the client and offer a FOSS server implementation that can be hosted elsewhere, then I'll give them another look. However, for now I think anyone concerned about their privacy or who just wants to vote for a freer, more private, Internet, should either use FOSS exclusive cloud storage like OwnCloud and Kolab, or stick to other ways of sharing files - being drawn into the ease of the "cloud" comes with its own costs!

Note: Pydio is also another project that some may be interested in checking out. Also, it is important to note that OwnCloud, Kolab and whatnot are designed for a wide variety of usages and it is up to the administrator to decide how they wish to configure them. For instance, if client-side encryption or other "zero knowledge" principles are paramount, you can choose to enable such things and make mandatory connection with a capable client required. However, given that unlike most major cloud storage providers, the user can own, control, and configure the server, many users feel confident enabling convenience features that a proprietary server out of their control would lead to vulnerability.

Meh, I'll stick with my "encrypted USB drive on my keychain" strategy for now. The Fifth Amendment should protect me from having to decrypt it, right? Wait, goddammit...

There's really no winning this battle >_>

Whoracle:

Sniper Team 4:
I get that Snowden is upset about all of these things, and he does make some very good points about a lot of them, but I'm finding it really hard to listen to anything he says given that he's staying in Russia right now, a country that would probably kill him if he did any of these things there. What are his thoughts on that country, and what they are doing in Ukraine right now?

See, this exactly is what's so bad about the whole Snowden debate.

Who. The. Hell. Cares?

- Yes, the russians would most likely kill him, as would certain people in the US if they got their hands on him. Don't know if there's a death sentence in the cards for high treason, but still.
- The russians have all but confirmed that they would do exactly the same as the US if they had the chance.
- Ukraine has nothing to do with either the US or russia spying on anyone, be it citizen, friend or foe.
- Snowden has no clue about the russian way of doing things. He got the stuff about the NSA out because he happened to work for them and has a conscience. He doesn't work for russian intelligence services.

So, with that out of the way:
What does ANY of that have to do with whether dropbox is trustable or not? Why are you (by accident or malice, I don't care) trying to shift the discussion to something unrelated?
This is getting soooo on my tits. Countering a valid argument with completely unrelated questions.

I think it's just a matter of people wanting to avoid unpleasant thoughts (let's face it, Dropbox is really convenient, and the thought that it's a potential accomplice to unconstitutional mass surveillance is unpleasant), and "well, he's with the dirty Soviets" is just a convenient avenue for ignoring those thoughts.

It's kind of like how people use "well, my boss is an asshole" to ignore legitimate criticism from management.

I read this earlier today somewhere else. At the time that article was written Spider Oak's sites couldn't be accessed.

That doesn't really make me consider it a suitable replacement for more known Cloud saves such as Dropbox.

Dropbox isn't good for piracy... is anyone really surprised? It should be common sense to not store sensitive information where it can be reached at all. We need our cloud storage to be reliable in order to access data whenever we need it, but when it comes to privacy it's actually pretty bad regardless. Password experts are constantly saying that passwords are dead and that we're fighting a losing battle where more complex passwords can be compromised. Hiding sensitive information in a remote location is a bad idea regardless. If they really want it they are getting it.

RanceJustice:
[stuff about things]

I'd advise against OwnCloud. I use it at the moment on my own server, but its encrypton is broken by design. It encrypts on the server, and the decryption keys are on the server, too, so if that gets compromised, your encrypted data is dodo'ed.
Take a look at seafile instead. Horrible interface, but it encrypts client side.

As for Kolab: I love it, I use it myself, but their pgp module is kinda betaish atm and it's NEVER a good idea to encrypt and/or sign in the browser/via a web interface anyways. So better learn to use PGP in a local client, and grab a GnuPG smartcard for your private keys. That way you don't need to care where your data lies, since it's encrypted anyways.

Also: If you encrypt, then encrypt EVERYTHING. If you don't, you might as well not bother. If you only encrypt sensitive stuff, then an attacker has to only look for encrypted stuff to know what's worth breaking out the quantum decryption CPU for.

dyre:
[snippage]

I think it's just a matter of people wanting to avoid unpleasant thoughts (let's face it, Dropbox is really convenient, and the thought that it's a potential accomplice to unconstitutional mass surveillance is unpleasant), and "well, he's with the dirty Soviets" is just a convenient avenue for ignoring those thoughts.

It's kind of like how people use "well, my boss is an asshole" to ignore legitimate criticism from management.

Yeah, thing is: it's not only the convenience of dropbox. I hear such arguments all the time, be it with the palestine/israel thing, US in iraq etc.

"Clean your own house first before you judge others." is just wrong. I might do the same shit as my neighbor, but that doesn't mean what he does isn't wrong. It doesn't make me pointing his flaws invalid either, it just makes me a hypocrite. Doesn't change the facts. And people use this excuse all the time, which is why I tend to explode when I hear such BS.

And finally, I'm going to own up to all my talk. Below's my GnuPG pubkey, even though no one's going to use it. If you want to PM me and encrypt said message, use that. Just to own up to my talk from above.

Damn, this is going to kill Dropbox's stock price.

Snowden strikes me as an incredibly intelligent person. And he's likable.

I like Snowden and I respect what he does, I'm not really sure what his problem is with Secretary Rice, I've always had a strong respect for her, and while I'm open to hearing if she's done something wrong or really been anti-piracy, but I would like more evidence rather them just what feels like a personal opinion said by someone who's personal opinion might be blown out of proportion. In any case though it's quite an interesting interview.

I've been kinda hesitant about continuing dropbox after all the crap that's been spewing all over recently but I dunno what else to use atm. Dropbox gave me 15 gigs for no apparent reason for free and it's mobile app is pretty damn decent as well. Anyone know anything about MEGA's service? They've 50 gigs for free accounts and they have mobile apps too so I've been thinking about switching over.

Yopaz:
I read this earlier today somewhere else. At the time that article was written Spider Oak's sites couldn't be accessed.

Possibly because they were getting so many visitors?

prpshrt:
I've been kinda hesitant about continuing dropbox after all the crap that's been spewing all over recently but I dunno what else to use atm. Dropbox gave me 15 gigs for no apparent reason for free and it's mobile app is pretty damn decent as well. Anyone know anything about MEGA's service? They've 50 gigs for free accounts and they have mobile apps too so I've been thinking about switching over.

There not bad the only problem is that you might get some level of time-outs when trying to download large files *1+ gig* but besides that I've had no problems with it and have been using it for about six months now.

Product Placement:

Yopaz:
I read this earlier today somewhere else. At the time that article was written Spider Oak's sites couldn't be accessed.

Possibly because they were getting so many visitors?

I would say that's quite likely the reason. That still doesn't make it reliable though. I would say that a cloud service coming to a halt because the*If it is reliable I expect it to be STABLE. Or wouldn't you agree?

Yopaz:

Product Placement:

Yopaz:
I read this earlier today somewhere else. At the time that article was written Spider Oak's sites couldn't be accessed.

Possibly because they were getting so many visitors?

I would say that's quite likely the reason. That still doesn't make it reliable though. I would say that a cloud service coming to a halt because the*If it is reliable I expect it to be STABLE. Or wouldn't you agree?

Well, every server, no matter how good, has a breaking point. It's best to compare them to a telephone operator who has to handle too many phone calls at the same time. That's why things like DDOS attacks are so effective.

Now, I just heard about this company for the first time, as I read that article, so I was wagering that many people were in my situation. Therefore I assume that Spider Oak may have been experiencing a server overload, from having too many people visiting and registering an account, at the same time.

Snowden might be right, but does it really matter for average people who have nothing to hide? I don't really give a crap if someone sniffs around my 30 gigs of mp3 files that i keep in my dropbox account. The only thing i care about is that it gave me 50 gigs with my smartphone purchase and a bunch more for no apparent reason.

Unfortunately for Snowden, most Americans wouldn't be as well-spoken, or even acknowledge what he's saying.

He makes an argument, people should respond by proposing a counter-argument that breaks his points down instead of outright dismissing them because he went against their current government, or because he's living in another country altogether.

None of that should matter.

We're running up on the advent of a society where privacy is hard to define. When we can get sattelite images of our own homes, google maps of our streets and such as examples of losing privacy, the only way to be honestly secure is to keep any information you don't want getting out off the Internet completely. The only secure PC is the one not plugged into any network.
Its a by-product of being so connected together. I'm not arguing for anti-privacy, I'm a firm believer in our right to reasonable expectations of such but I'm also able to see how we're trading some of our privacy away for convenience. Freedom of information has its own price, and if that price turns out to be privacy as a whole, is it worth paying?
I don't have a definitive answer for that, nor am I certain that is the ultimate truth. All I know is we're less likely to have as much privacy now than we did 20 years ago because of technology.

Product Placement:

Yopaz:

Product Placement:

Possibly because they were getting so many visitors?

I would say that's quite likely the reason. That still doesn't make it reliable though. I would say that a cloud service coming to a halt because the*If it is reliable I expect it to be STABLE. Or wouldn't you agree?

Well, every server, no matter how good, has a breaking point. It's best to compare them to a telephone operator who has to handle too many phone calls at the same time. That's why things like DDOS attacks are so effective.

Now, I just heard about this company for the first time, as I read that article, so I was wagering that many people were in my situation. Therefore I assume that Spider Oak may have been experiencing a server overload, from having too many people visiting and registering an account, at the same time.

Sure, I agree. It doesn't make me feel confidence regardless of the reason though. Are you intentionally missing my point or do you just don't get it? People rush towards Spider Oak because of this news. I understand that. Spider Oak can't handle heavy network traffic and the servers go down for some time. Yes, I understand that, it's basic knowledge.

The question is: Do I want to trust files I might have to access on short notice to a cloud provider that can't handle heavy traffic? No, I do not. Personally I have several backups on hard drives, memory sticks and cloud because none of those options should be trusted completely.

Yopaz:
The question is: Do I want to trust files I might have to access on short notice to a cloud provider that can't handle heavy traffic? No, I do not. Personally I have several backups on hard drives, memory sticks and cloud because none of those options should be trusted completely.

Actually, the question I got from you was...

I would say that a cloud service coming to a halt because the*If it is reliable I expect it to be STABLE. Or wouldn't you agree?

Whether or not you want to trust them, well that's entirely up to you.

However, since you were asking earlier if I agreed or not, I was giving you an explanation as to why I wouldn't flat out agree. I study and work in the field of internet protocols and am vastly aware of how easy it is for a crash to occur.

You showed up during a time where the company had just gotten a high profile shout-out that would probably vastly increase net traffic for a short time. They were also probably not aware that Snowden was about to recommend them in the world media and thus were caught off guard. Tons of high profile sites and services that have to handle money and therefore need to be very secure have had this happen to them. I would also like to point out that every time I've checked the site, it has been running smoothly and thus whatever issue they were having seems to have been resolved.

What you got was essentially a busy signal and now you consider them an untrustworthy service, which I understand although find a rushed and unfair opinion.

Product Placement:

Yopaz:
The question is: Do I want to trust files I might have to access on short notice to a cloud provider that can't handle heavy traffic? No, I do not. Personally I have several backups on hard drives, memory sticks and cloud because none of those options should be trusted completely.

Actually, the question I got from you was...

I would say that a cloud service coming to a halt because the*If it is reliable I expect it to be STABLE. Or wouldn't you agree?

Whether or not you want to trust them, well that's entirely up to you.

However, since you were asking earlier if I agreed or not, I was giving you an explanation as to why I wouldn't flat out agree. I study and work in the field of internet protocols and am vastly aware of how easy it is for a crash to occur.

You showed up during a time where the company had just gotten a high profile shout-out that would probably vastly increase net traffic for a short time. They were also probably not aware that Snowden was about to recommend them in the world media and thus were caught off guard. Tons of high profile sites and services that have to handle money and therefore need to be very secure have had this happen to them. I would also like to point out that every time I've checked the site, it has been running smoothly and thus whatever issue they were having seems to have been resolved.

What you got was essentially a busy signal and now you consider them an untrustworthy service, which I understand although find a rushed and unfair opinion.

OK, so you did miss my point here and I apologize for not making it clear what I meant.

There's two kinds of reliable in this discussion. Do I trust the company's integrity? Yes, I do and I like the fact that they are trying to give a decent alternative to the other cloud providers who are basically security holes.

Do I consider a service that comes to a halt due to increased traffic to be a reliable place to store files I may need instantly to be reliable? No.

So I did not EVER doubt their security. I did not EVER say it was a terrible company. All I said is that as it is I do not want to rely on them. That may change in the future, but considering that I sometimes have urgent need of my files I will hold off switching providers.

Please, make an effort to understand if you want to argue further. Because so far it seems like you're dead set on disagreeing whether you understand what I am saying or not. Oh wait, this is the internet, this is what we do. We disagree and miss obvious points on purpose because we can. Please go on, I'll just keep in mind that you're not worth discussing anything with.

Im glad I stopped using dropbox. I will reccomend my friends do the same.

Additionaly, the norwegian website Jottacloud guarantees privacy (barring warrant) and unlimited cloud storage for $60 a year if anyone is interested.

kasperbbs:
Snowden might be right, but does it really matter for average people who have nothing to hide? I don't really give a crap if someone sniffs around my 30 gigs of mp3 files that i keep in my dropbox account. The only thing i care about is that it gave me 50 gigs with my smartphone purchase and a bunch more for no apparent reason.

Thats still a violation of the 4th amendment. And if they can take one of your rights, you can be damn sure they wont stop there.
Theres a famous WW2 quote

First they came for the Socialists, and I did not speak out-Because I was not a Socialist.Then they came for the Trade Unionists, and I did not speak out"-Because I was not a Trade Unionist.Then they came for the Jews, and I did not speak out-Because I was not a Jew.Then they came for me-and there was no one left to speak for me"

Plus people have fought and died for those rights.

Sorry for double post, I claim tablet in my defense.

kasperbbs:
Snowden might be right, but does it really matter for average people who have nothing to hide? I don't really give a crap if someone sniffs around my 30 gigs of mp3 files that i keep in my dropbox account. The only thing i care about is that it gave me 50 gigs with my smartphone purchase and a bunch more for no apparent reason.

*sigh*
There's just two kinds of people who say they have "nothing to hide".
1. People who don't care all that much about the subject but still feel entitled to their (logically uneducated) opinion.
2. Stupid people.*

*Now, I am VERY well aware of the fact that calling people "stupid" in a discussion usually disqualifies you as a troll, so I'm not using that lightly. However if one does care about the whole affair and does the research to inform himself, yet still comes to this conclusion. Well, I don't feel bad calling those people stupid. Just like someone who says "I'm into maths" and then says 2+2=5.

Fortunately it's not hard to show people that haven thought that one through.
Just ask them for their credit card details, passwords and personal photos. Suddenly they do have something to hide. ;)

Oh, and replying with "But you are not the government" is equally uneducated, with all the scandals about the NSA spying on potential love interests, sharing nude pictures they find on computers and basically breaking laws like clockwork.

History has proven that having "nothing to hide" is a poor way of thinking.

Yopaz:
Please go on, I'll just keep in mind that you're not worth discussing anything with.

You know. I was being polite but you don't have to worry about me talking to you from now on.

Product Placement:

Yopaz:
Please go on, I'll just keep in mind that you're not worth discussing anything with.

You know. I was being polite but you don't have to worry about me talking to you from now on.

You were ignoring everything I said. In what way is that polite?

 

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here