# Is cloud storage insecure?



## Chip C

If all one's images are stored in the cloud, are they suspceptible to use/abuse by hackers?


----------



## Victoria Bampton

Hi Chip, welcome to the forum! Anything connected to the internet could potentially be hacked. That includes your own computer. Adobe's servers are probably a bigger target than your computer, but they also have security guys constantly looking for loopholes, so they're more difficult to break into.

Hackers are more likely to go after Adobe's customer database than their photo servers - it would be more valuable to them - so while I'd strongly recommend keeping local backups and not keeping anything highly confidential in the cloud, I wouldn't lose too much sleep over it.


----------



## Linwood Ferguson

It used to be that a target's value was highly relevant in deciding risk - a company like a bank would be a bigger target than say one who made bricks, and so hackers would not waste their time on the latter so much. In recent years, the spread of bot-nets means that one hacker can attach thousands of locations at once, looking for vulnerabilities.   They then benefit (often) by ransom, rather than using the info themselves - the brick company may be just as anxious to get its files back as a bank and maybe more likely to pay up as they are unregulated.  So I tend to look at things a bit differently than Victoria mentioned.

I think one must presume any given system may be hacked, and start asking yourself what the damage is to you and how to mitigate it.  While there are some photographers where theft of a photo (e.g. to be resold or reused) may be terrible, or an invasion of privacy, but for many (most) the issue is not so much that someone will get your photos, or resell them, but that they may make them inaccessible to you.

One aspect of the cloud is that many services automatically sync changes.  So for example, your own PC might be infected, corrupt your photos (encrypting, deleting, etc.) and in turn those copies may flow to the cloud quickly before you realize you have a problem.  Ransomware can be a real problem in this regard, often accidentally, or purposely ensuring that attached copies of your files get encrypted as well.

In this regard, while one should do proper diligence on the security of any cloud service, you should also just assume it might be hacked, or that your computer might be hacked, and be sure you take other precautions, e.g. to protect against ransomware, you must have multiple, versioned, OFF LINE backups.  To protect against theft (e.g. if you have a very private, or very valuable-for-reuse photo), consider doing your own encryption on your own computer, so anyone stealing it cannot make use of it (do NOT depend on encryption after it gets to the cloud, as that implies the cloud provider has the keys). 

There is another danger as well, and that is that services like Adobe might or might not take adequate care in moving the files around. You might trust your originals to such a vendor only to find that through simple mistake, not malicious intent, the files become corrupt.  Having good backups for this is the primary protection, but one also needs some way to NOTICE such problems.  The DNG checksum checks are good in Lightroom, though do not apply to other files.   Google "Bit rot" if curious.  Personally I think people should put more pressure on Adobe to address file integrity checks end-to-end (even starting with card ingestion), but that's another discussion.

Sorry -- long answer, but my recommendation is to assume you will one day get hacked (whether your PC or the cloud) and make sure you have protections to mitigate it.  Trying to decide if one very secure service, like Adobe, is more or less secure to say Dropbox or Google is an exercise in frustration -- they are all "secure" and they can all be backed.


----------



## LouieSherwin

Another important issue is what in terms of privacy are you giving up for the convenience  of  "free" or nearly free storage.  It is not at all clear to me what Adobe is doing or planing to do with all the metadata it now has access to from all the uploaded images. They have to pay for all that infrastructure some how and I do not believe that the subscription fees come close to doing that. 

You only have to look as far as the recent revelations about how Facebook has released the personal data of millions of users to third and fourth parties simply chasing increased advertising revenues to begin to understand the scope of the problem. 

My current position is to wait and see how this plays out over the next few years before blithely turning over my entire personal archives to any of these services. In the meantime I make selective use of various services, Adobe,  DrobBox, Flickr and my own webe site to share some of my images.  For all of these except Adobe I use Jeffery Friedl's Metadata Wrangler plugin to restrict exactly which metadata is included in the published images. For my cloud based backup I use Crash Plan with an encrypted vault. 

Just my two cents.

-louie


----------



## Linwood Ferguson

LouieSherwin said:


> For my cloud based backup I use Crash Plan with an encrypted vault.


Of course, you are trusting Crashplan still not to use your data, since their program knows your key regardless of how it is stored, and if you use their default encrypted feature their servers know your kwow the key and a hacker accessing them, at least in theory, can access all your data.

I think we should all be concerned at the ever growing value of cloud repositories in terms of their data content.  Absent any serious legal controls (and indeed absent the ability of legal controls to impact cross-border clouds), vendors are under incredible temptation to monetize that data.  Look at the current Facebook issues -- would we even care if it hadn't been a political issue, if it had been advertising for cars or beer?  

Adobe is just one, indeed Adobe is a bit late to the party compared to many others, and at least they have been up front about allowing opt-out of their data usage programs (though shame on them for opt-out instead of opt-in).  So many huge companies are opaque on a good day, liars on others.


----------



## Ian.B

I find it hard to trust clouds these days as they have been very unreliable this year by only returning 5 mm of rain  -- that's 60 mm less than average!! Only answer can be someone has hacked the clouds
Even the thirsty rain gauge is looking for the hackers

Sorry


----------



## Ian.B

sensible answer is don't trust just one cloud for everything


----------

