Probably, almost every reader of the course today uses cloud storage, such as Dropbox, Google Drive, Yandex.Disk or iCloud. There are a lot of cloud storages today, and I would need several chapters of the course just to list them and give a brief description.
I will deliberately omit the question of choosing a cloud storage, let me just say that I and my colleagues use Mega. There are several reasons for this: the presence of encryption at the device level, open source code, including the open source code of all applications, two-factor authentication, the reputation of the creator of the Kim Dotcom service.
You can also find criticism of Mega in the network, for example, that when encrypting files sent to the server, JavaScript is loaded to you, which is not only responsible for encryption, but can also be changed or disabled. This is true, but it is definitely better than the complete absence of such protection, and besides, it is better to download applications code of which is laid out on GitHub.
Why do I omit the choice? We still recommend using third-party tools to encrypt data in cloud storages, and therefore it is not so important where your encrypted documents are located. Mega is not the most profitable option for those who need to store a large amount of information, the prices of many competitors are noticeably lower.
This chapter will focus on threats when using cloud storage. I want all readers to understand the risks when working with cloud storage before we go to encryption.
Irrevocable loss of files
It seems that cloud storage works like a clock and only we can delete data. But this is not the case, for example, once an error in the Dropbox desktop application led to the irretrievable deletion of user files.
According to the messages on the forums, many people have lost irretrievably the data that has been collected over the years. Including relying on similar situations, we recommend having two clouds, one of which will be used as a backup storage.
Tip
Do not store data only in one cloud, use at least two storages.I’m using Google Drive as my second repository. The reasons are a high level of stability, the ability to download pretty large files via a browser and two-factor authentication. There I only store encrypted backups.
Erasure via computer
Developers of cryptographers understand that it’s not very effective from the point of view of obtaining a ransom to encrypt data on a computer if the user has a backup in the cloud storage. Therefore, once they are in the computer, malware often tries to delete or encrypt the information stored in the cloud.
Some services offer protection against such attacks, for example, OneDrive in 2018 made data recovery available to all clients. It protects not only against deleting documents, but also against their encryption, allowing you to recover deleted files and file options before encryption. In the case of mass deletion of files, an email notification will be sent to the user.
We recommend that you use not an installable application for backup cloud storage, but a browser without saving the password for accessing the cloud. Thus, it will be possible to access data only by entering the password and passing two-factor authentication.
Imaginary deletion
When we delete a file in the cloud, we hope that it is deleted and no one else can restore it (although the example of OneDrive described above should seem to convince you in the opposite result). But this, of course, is not so, and the point is not even that no one will use safe deletion algorithms, but the fact that sometimes files are not deleted at all.
For sure, it can’t be checked and proven, except for some error, and such an error occurred in Dropbox. In 2017, users began to complain massively that they had unexpectedly recovered files that had been deleted years before.
The company acknowledged the problem, and in general this bug is not as terrible as the previously described bug with permanently deleting data, but it showed that the deleted information had been stored for years and you shouldn’t have believed the companies. The solution in this case is to encrypt data before uploading to the cloud, which we will teach you as part of the course.
Search engines
It is the most dangerous, in my opinion, threat, which led to big problems for a number of users and companies. About it we have already described in detail in the chapter on the dangers of search engines, be sure to read this material.