Why is it their business what I do with my personal information?

Security fears spark Linux drive in Iran

http://www.theage.com.au/articles/2004/09/21/1095651288238.html?oneclick=true

"Iran has become the latest country to edge towards ditching Windows in favour of Linux, even if its refusal to abide by copyright laws means that the country does not pay a penny to Bill Gates.

"Microsoft is a national security concern. Security in an operating system is an important issue, and when it is on a computer in the government it is of even greater importance," said the official."

I bristle at your use of "Poo Poo Poodle's Last Poo on the Rug." to downplay the significance of this breach.

In this information hungry age and for cloud computing to become a realized and viable technology the security of our information needs to be the first thought not the LAST!

Next .5% of how many documents total?
Funny how it has been downplayed again with the use of percent for all I know it could be 50,000 documents thats scary considering all the data that could be contained in these documents.

Maybe we should all share our My Documents folder with the P2P community its just a few stupid documents after all.

As for EPIC even as trivial and 'Techno-Blocking' as you portray them to be it is a necessary position and maybe if these corporations were as secure with OUR data as they are with their own EPIC wouldn't be needed?

thats My Rant/

@Murdats they don't care what stupid things you do with your information they care what other people do with it.

Just a note, there are apparently two Wills here now. That last post was not mine, not one or two before that on other topics. I haven't been active here of late, but it looks like I will need to alter my posting name after all.

The wish to shut down services because they feel they aren't secure. I can understand pressuring for more security, but why remove my ability to use a service I feel is secure enough for my needs, they are restricting my choices because they feel I should not have those choices

@will_ I suppose its bound to happen

@Murdats thats a valid point but it comes down to that the average user is pretty stupid.
You, I and heck probably 'most' err some :) of the other posters on this site can contain their data securely but it comes back to that part I put about sharing 'My Documents' folder to the entire P2p community.
I mean if they need news stories about the danger of sharing your root drive and exposing your IRS returns on news programs (true story btw) how many users are going to think or AssUme anything you do in a cloud app is going to be secure now despite the fact that this breach wasn't so bad (at least it only was for people you previously shared a file to before) the question is how much security is needed for these applications and no I don't think they need to remove the use of these apps but at the least provide a warning about the lack of security at least so the common user knows not to use it for important information. Or better yet get with the program and make them as secure as currently possible.

@will_ I suppose its bound to happen

@Murdats thats a valid point but it comes down to that the average user is pretty stupid.
You, I and heck probably 'most' err some :) of the other posters on this site can contain their data securely but it comes back to that part I put about sharing 'My Documents' folder to the entire P2p community.
I mean if they need news stories about the danger of sharing your root drive and exposing your IRS returns on news programs (true story btw) how many users are going to think or AssUme anything you do in a cloud app is going to be secure now despite the fact that this breach wasn't so bad (at least it only was for people you previously shared a file to before) the question is how much security is needed for these applications and no I don't think they need to remove the use of these apps but at the least provide a warning about the lack of security at least so the common user knows not to use it for important information. Or better yet get with the program and make them as secure as currently possible.

sorry about the dbl post the server told me the first one failed......

"Some developers will say there is no need... Microsoft provides tools for writing what it calls managed code."

Managed code just means that buffer overflows are not possible, protecting your data from being read is a much harder problem because it involves securing your protocol not the code.

Any developers that claim everything is OK because they use managed code don't know anything about securing web applications.

Joe, your website seems to be falling apart.

I like the new compression feature of removing the spaces from paragraphs. Makes the page download much faster.
I think it is important for a watchdog to keep an eye on this sort of thing. People do need to be aware of what big corporations like Google and Microsoft are doing with your personal data.
If you send an email to a friend through hotmail saying you are coming over to install OpenOffice for them, does it set off alarms in Redmond and cause a MS salesperson to contact them? I think there has been so much corporate abuse recently (think AIG, Enron) that this sort of oversight really is necessary.
For Google docs, yes they do have a big responsibilty to maintain some sort of service level agreement on privacy and security. Then someone has to hold them accountable to that. Otherwise how can you have any confidence in that service?

@smist08:

I agree about this oversight, but why limit it to "big corporations"? The bottom line is that anyone offering any kind of of remote storage should simply not be allowed to access the data in any other way than treating it as an opaque BLOB. No data mining etc.

However, just who is going to provide this kind of oversight. The UK government is planning to make ISPs keep all traffic for up to 12 months, and turn it over at request. This in response to EU law.

I wonder how long it will be before there is a widespread realisation of the depth to which we have surrendered privacy and civil liberties during our so call digital revolution?

(Incidently, I'm generally a devout sceptic and have no time for conspiracy theories, but this is something that is starting to deeply worry me.)

Google defends its own interests. So does Microsoft. Their money, their investors.

EPIC defends you and I. Our right to privacy, to financial security, to the legal right to be free from search without a warrent. I cannot believe an individual would defend a corporation's right to do whatever they want, over a citizens-rights group's efforts to protect us (with nothing to gain for itself). That's like defending Budweiser against Mothers Against Drunk Driving for mothers' efforts to create laws that protect teens from underage drinking and death. There is a limit to corporate freedom at the expense of the citizen. The Constitution was written to protect We the People, not We the Fortune 100.

And no, I have no vested interest in this, just shock that anyone would write this post.

Joe what the hell is your problem with Epic? This is EXACTLY the kind of thing that needs to be addressed before cloud computing becomes prevalent.

Afterall businesses are starting to use cloud hosted services and doc storage. The potential for intellectual property theft and espionage is huge.

Not only theft, but ransom. For example, everyone's Facebook and Twitter data is held in their own database and I do not think there is a way to export your data and move to another provider. They are both praying that this will stop people leaving when they try to monetise (once they work out how).

Google Docs is OK in this regard because they allow you to export in standard formats so I can switch from Google Docs to OpenOffice if I want.

We should not just trust that they will not use that data (or accidentally reveal it). Everything should be encrypted, then they really have to treat it like a blob.

If all the document formatting is done on the client side (which I think it might be), then it would be possible to write a plugin today which transparently encrypts your data. It would break all the collaboration features and mean you have to install a plugin to use it on another machine.

Boycott Novell's take on EPIC:

Electronic Privacy Information Center (EPIC): Got Microsoft?

http://boycottnovell.com/2009/03/19/epic-microsoft-ray-ozzie/

@billybob:

Valid point.

and it's why......
You won't see me using cloud services for anything more important than storing MP3's. via sky drive.

Assuming vendors continue to make personal computers with attached storage, and backup solutions for home use.

I don't even have a facebook account, and I think tweeting is almost a bigger waste of time than posting on this watch. I don't trust Google or Microsoft or any of the rest of their ilk with my personal data. And definitely not with my business info.

IRS improves cybersecurity, but still vulnerable to malware

http://www.nextgov.com/nextgov/ng_20090316_2528.php

"The IRS' Computer Security Incident Response Center identified and eliminated the increasing number of cyber threats that targeted agency networks, according to a review that the IG performed from October 2007 through September 2008. Based on incident data obtained from the center, the IRS responded to 661 malware incidents during calendar year 2007 and to 961 malware incidents in 2008.

The IRS requires system administrators to install antivirus software on all computers running the Windows operating system and to perform antivirus scans at least weekly. When an update of the antivirus software is released, the agency updates 96 percent of workstations within two business days and updates almost 100 percent within one week, according to the report."

Virus Attacks Men of Faith
Malware affects Church of England computer systems and e-mail communications

http://news.softpedia.com/news/Virus-Attacks-Men-of-Faith-106982.shtml

" Local media reports that the e-mail communication of the Bishop of Manchester has been hindered for the past 10 days by an unnamed computer virus. The blasphemous piece of malware has also infected other systems belonging to the Church of England (CoE).

While attempting to remove the virus, the technicians have discovered that the problem also extended to other systems. At least two more Bishops, of Bolton and Middleton, also had their computers corrupted, as well as the offices of the Diocese of Manchester and its Archdeacons. Messages being sent to the church's website have also been undelivered.

Looking back at Nigel McCulloch's past e-mail activity, the IT staff has concluded that many of the approximately 6,000 e-mails sent by the Bishop in the last 10 months may have not been properly delivered. It has also been noted that establishing precisely which e-mails got through and which didn't may prove impossible."
--------------------------------------------------
Window$, unsafe on any internet.

Websites of Three More Embassies Spreading Malware
Two Azerbaijan embassies and an Ethiopian one have been targeted by cybercrooks

http://news.softpedia.com/news/Websites-of-Three-More-Embassies-Spreading-Malware-106995.shtml

"Security researchers from Sophos anti-virus warn that a malicious IFrame has been injected into the website of the Ethiopian Embassy in Washington, D.C. In an unrelated incident, the Embassies of Republic of Azerbaijan in Hungary and Pakistan have had their websites compromised in a similar manner.

Meanwhile, independent Security Consultant Dancho Danchev warns that websites belonging to the Hungarian and Pakistani embassies of the Republic of Azerbaijan have suffered a similar fate.

It seems that the sites of permanent diplomatic missions are becoming common targets for malware distributors, most likely because people tend to trust them. At the end of January, we reported that the Web page of the Indian Embassy in Spain had also been compromised. Other similar incidents involved the websites of the U.S. Consulate in St. Petersburg, the French Embassy in Lybia, the Syrian Embassy in London, the Dutch Embassy in Moscow, or the Embassy of Brazil in India."

Crackers latch onto year-old Windows token vuln
Unpatched bug features in multi-stage attacks

http://www.theregister.co.uk/2009/03/18/windows_token_vuln/

"This is yet another example of a black-eye that Microsoft could have avoided. To repeat, the company had notice about this issue one year ago and despite evidence of proof-of-concept code, there is no patch for affected Windows users," writes security blogger Ryan Naraine, who doubles up as a security evangelist at Kaspersky Lab."
----------------------------------------------------
Escape the terrible malware problems of Window$. Try a free linux cd today at www.distrowatch.com

Get the sweaty monkey-boy off your back and out of your wallet.

@billyBob

I think client side encryption is a very good idea as long as its 128/256/or better but then people will complain when they can't retrieve their password or if a key file is used then they'll complain when their pc crashes and they can't access their document. oh well tough nuts.

Even with those 'limitations' I'm all for it and I think it should be standard practice with all important information yes even 'poo poo poodle stories' to do a client side encryption and thats just what we need for cloud computing to really take hold.

Though the next question still is do we really want it to and how long till you need to pay (and how much) just to use your computer daily.

You would not pay to use your computer (well maybe MS has that in mind). You would pay to store your stuff in a place that you can access from anywhere and collaborate with people anywhere. There is an additional service being provided which I would be prepared to pay for. It's just like you pay for internet access now.

There are some major benefits to the cloud method, and nothing stops you from making your own cloud. I have a few.

People are tight-fisted and do not care about their privacy or security so they will probably go for the free Google services. Good luck to them and their poo stories. If you want to store blobs then you should be prepared to pay for it, it's not like datacentres are free. The price looks like around $50 per year (per service?).

I hope there is strong competition in the market and standards developed so that I can pick and choose my provider and move when I do not feel they offer a good service anymore. Something like an OpenID extension should be able to always point to my store even if I move it. It already has the ability to store up to date contact information so it should be easy to add a pointer to a datastore. OAuth can let me control who accesses it and for how long.

Hi Billybob!
-
Cant fault anything youve posted, I would like though to help clarify your comment:
-
"You would not pay to use your computer (well maybe MS has that in mind)."
-
and just say, I think thats exactly what MS has in mind:
-
Patent No: 20080319910
Metered Pay-As-You-Go Computing Experience
-
http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220080319910%22.PGNR.&OS=DN/20080319910&RS=DN/20080319910

I wouldn't worry too much, I think the pay-to-play model only applies to people that rent botnets. According to the BBC you can rent 22,000 for a reasonable sum so it is not all bad and I think there is healthy competition in the market. Maybe Microsoft is planning to use patent law rather than security to beat Conficker?

LOL.
-
Talking of our "beloved" BBC. I did an article on my site quoting the 1990 Computer Misuse Act and highlighting how (IMO) they had fulfilled the criteria for being guilty of Sec(1) and/or Sec(3)
-
BBC on their site say that they havent broken the law because they had no criminal intent. Funny that the legislation does not mention intent and to be guilty you only have to knowingly commit the act, regardless of intention.
-
Maybe Microsoft is planning to use patent law rather than security to beat Conficker?
-
LOL, but then they wouldnt make any money out of that would they? Why not just let everyone suffer and then ask them to dig into their pockets for a new version of Windows? That way they can also keep all the 3rd party software houses and technicians happy as users flock to them to get help with more problems.
-
*DISCLAIMER* So that no odious individuals use my post to start another silly campaign of vulgarity, I would like to state that my comments are said in jest.

@Goblin, who says:
"Maybe Microsoft is planning to use patent law rather than security to beat Conficker?"
----------------------------------------------------
Micro$oft does not seem to be concerned at all with security issues, as example Windows Seven (VistaSP2a). In Win7, they even hosed over the UAC, until enough people posted about that, and made M$ fix it, sort of. Conficker, is most likely just another example of where the antivirus venders will be the ones to offer the most protection for windows users,long term, as the M$ patch for conficker does not offer complete protection from usb infections.

Goblin, the bloggers are now all talking about Win7, Internet Exploder 8, and WinMo, but again they fail by not covering the larger story. That is the next version of an OS past Win7. Will it be a complete new OS, not based on NT or Windows? If so this could be a way to correct many of the security features lacking or not installed by default in Windows, for M$. Not that I expect them (M$) to do a good job of it, but still I hope. Win7 is just another attempt to milk the public selling virtually the same old NT code, with UI changes installed to make users think they got something different for their money. Its still a virus magnet of the worse sort.

Win7 will make lots of money for the richest man in the world, no doubt. But Win7 is too little, too late as far as better security, it could even be a step or two backwards. In that regard, Win7 will most likely cause M$ to lose even more percentages of desktop users to alternative Operating Systems.

>Why is it their business what I do with my
>personal information?

They don't care what you do you with your personal information, they only care what other people do with your information (read ID theft) and pretend to be you.

I suppose you won't care about it until something happens to your bank account being zero and you go crying to the bank to get your money back. Now it's the bank's fault for not protecting you, right?

This Cloud computer concept is a little disturbing. Everyone keeps saying that it's the next big thing. While that may be true, there are too many disadvantages.
1. You are not in control of your own information. It's stored online as opposed to being on your computer. Security breaches, and downtimes of various degrees will prevent you from accessing your information. Google has had some problems lately with downtime in excess of 30 hours... Heck, even the US Gov doesn't trust Obama's personal emails going through RIM servers...

2. You need an internet connection. This is probably the biggest thing as now the path to your information has multiple points of failure. Just imagine if you're working on an assignment that's due the next day and you needed an important document that stored online and your ISP is down doing scheduled maintenance?

3. Your information is mined and sold to other corporations. Although none of the mined information is personally identifiable, it just sucks that corporations are making money off you.

4. Having access to your information is great, but do you trust the computer your using to access this information? For some reason, I've seen a lot of computers have the autocomplete username and passwords enabled. So that the next guy who uses it just needs to type in the first few letters of a username and bam, it auto-fills everything else. Wow...

5. As somebody said previously, corporations are doing this for their own best interests. They don't care about your data. So if they lose it and it's unrecoverable, oh well. Too bad for you because you didn't read the fine print that says their not responsible for anything.

I can see where this cloud computing is going especially with your health records. At first, access to your information will be free. Then when it catches on and everyone and their mother has their records online, they will start charging hospitals, clinics, and whatever a continually esculating fee to look at your health records. In turn, those hospitals, clinics and whatever will, in turn, pass that fee onto you... so in essence, you will be paying to access your own information. Nice.

Sorry about the triple post...