...

The Data Security Myth

Dropbox Lied to Users About Data Security, Complaint to FTC Alleges | Threat Level | Wired.com

Yes, it seems the whole Internet is talking about this story. That said, here is the general rule of thumb we all should be aware of as a blanket statement of security about everything:

If you want your data to be 100% secure, here’s the solution:

Don’t have data.

Anything on or attached to the Internet could be accessed no matter what. This is especially true of anything you willingly give to someone else, no matter what they promise. The only way to be safe is to locally encrypt all of your data and never, ever, attach it to the Internet. Though, that is only as safe as someone taking your machine and breaking the encryption which, well, the government could surely do if they wanted to.

The bottom line is that the moment you even have data it is at some level of risk. So the real question is how much risk are you comfortable with?

For instance, I’m reasonably sure my hosting provider could read my IMAP based email anytime they want to. I’m also reasonably sure that, someone with the right skills could hack into my local machine from afar and read whatever they wanted. Therefore, I’m not at all surprised that a company that syncs data to the cloud that I allow it to and then to other machines has the ability to read that data and hand it over to authorities if pressed to do so under threat or law.

By connecting with the Internet in the first place I’m assuming some level of risk. Having my email hosted by a 3rd party I’m assuming another. Put any of my data in the hands of anyone else (Dropbox in this instance), well, that is yet another. 

Osama Bin Laden spent years not connected to the internet and encrypting his data. This still has not stopped our government from taking his machine and finding his porn stash.

I’m trading security for personal convenience in all of these cases and it’s a risk I have, thus far, been comfortable with in the instances I have done so. A big part of that comfort comes from knowing that most of our ideas about security are stories we like to tell ourselves and each other to help us sleep comfortably at night. The Internet knows much more about us then most of our friends do from the moment the cable guy flips the switch.

So, yes, back to the Dropbox thing…

Just be reasonably careful so you can be reasonably comfortable and know that there is no such thing as secure data.

Have a nice day!