It's amusing to watch some of the fallout regarding the "discovery" that a third-party GMail backup tool was doing something bad. Well, not that someone had built a phisher for gmail account info (that was totally inevitable considering how many different google tools are tied to that account info), but that folks are generally shocked and surprised. Really? i bet they're also shocked that if they leave their wallet on an outside table at a Starbucks for a few hours, it's not there when they get back.
It's like people never, ever heard of security before. Oh sure, they talk a great game about double key authentication and using RSA tokens and all, but still, they have no problem signing up with Plaxo, oh, and here's the account and password for these other non-affiliated sites so that you can scrape whatever info you want out of it. Yay! *groan* And i'm not beating up Plaxo here. Feel free to substitute whatever friend feed/social network/stalking service that asks you for this info. Personally, whenever i see one of these "convenient" services, i pretty much know to avoid doing anything serious with said service. (Mind you, Yahoo and Google both offer ways to get some of that information securely, by passing authentication back to them and using abstracted identifiers. These systems mean that the third party site never needs or should ask for your password. Sites that do that are slightly more trusting because they're demonstrating a minimal sense of security right from the start.)
Thus bringing me to one of the bigger issues i have with the Cloud model that's oh so popular these days. Yep, that there Google Docs sure is purdy, ain't it? Likewise, it sure is handy having your documents somewhere's like Amazon S3 so's as you can always gets to them, t'ain't it? To bad you lost control over all that data.
Oh, yeah, see, that's the problem with using remote services like that. You don't own or control any of it. You're quite literally at the mercy of the rest of the planet. Perhaps Google has a bad hair day and loses your data. Perhaps the DHS decided that your documents were "of interest". Perhaps one of those countless third party tools you've tried out compromised your account info (What? They promised that "We don't keep your info"? See, that's what people in the computer security business call "lying to you".) Could be any reason, really, but now your data is no longer your data. How, exactly, does that make you feel? See, for me, that's about the same as finding out that my toothbrush had recently been replaced by a Black Mamba. While it sure does get the blood moving, that's probably not the best thing when there's venom coursing through it.
Now, probably the simplest way to avoid that is to not keep deadly asps in my bathroom, and likewise, i pretty much make sure that important stuff ISN'T easy to get to. For instance, i keep a 2GB TrueCrypt partition on nearly every machine i use where i store stuff like Firefox profile info, mail, and important documents. i'll note here that while i do have a great number of online accounts, the bulk of them aren't what i'd consider "critical" accounts and can be shunted at nearly anytime with little effect to me). The idea of tossing any of that information unshielded into any sort of "cloud" puts me in the same sort of mindset as the previously mentioned experiments in herpetological dental practices.
i'll spend about $100 on a 500GB drive, $20 USB2 connection, and about $20 for a firebox. Yeah, it's not as easy to remember to do a monthly image backup, but it's one helluva lot more secure.
Save This Page
Drill a couple of holes in that firebox and run in USB/Power.
Or cast the drive into the hollow of a cinder-block.
(I recommend switching to cheap NAS in both cases)