# Adobe, security and backup



## Søren Reinke

*Hi there

What do we now about the security of Adobe's cloud hosting?

Adobe is not known for security, as seen here (take from www.haveibeenpwned.com):

In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, encryptedpassword and a password hint in plain text. The password cryptography was poorly done and many were quickly resolved back to plain text. The unencrypted hints also disclosed much about the passwords adding further to the risk that hundreds of millions of Adobe customers already faced.

The whole idea about giving all my raw files to their cloud, is not something that goes well with me.

What about backup of the data? Do they use raid, and backup in different geo locations?*


----------



## Johan Elzenga

You don't *have to* use the cloud version... Just stick to Lightroom Classic.


----------



## Wernfried

Have a look at Adobe General Terms of Use



> 2.3 *Storage.* When the Services provide storage, we recommend that you continue to back up your content regularly.



In general Adobe does not ensure anything.



> Unless stated in the Additional Terms [I did not find any additional terms for Lightroom service], we are not liable to you or anyone else for: any loss of use, data, goodwill, or profits ...



If you like to be on the safe side, just do not trust Adobe and make you own backups.


----------



## Søren Reinke

JohanElzenga said:


> You don't *have to* use the cloud version... Just stick to Lightroom Classic.


That is correct, and I most likely will.

Also going to try Capture One, to see if that suits my needs.

To me it seems like the Cloud version is for people who think an iPhone is an amazing camera.

To everybody else, who are pro's or amateurs who actually like it, the should stick with the folder version.


----------



## Gnits

I judged a competition last night and the winner, with a stunning image was shot with an iphone 6. I did not know that until the results were announced. 

The issues here are bigger than iphone v camera debate, but people who do not have an inventory of images, no current workflow , will be attracted to the options available in the new Cc.


----------



## Søren Reinke

Gnits said:


> I judged a competition last night and the winner, with a stunning image was shot with an iphone 6. I did not know that until the results were announced.
> 
> The issues here are bigger than iphone v camera debate, but people who do not have an inventory of images, no current workflow , will be attracted to the options available in the new Cc.


Gnits, i know the iphone can take good pictures no doubt about that. I have some wonderful pictures of my kids taken with my iPhone 6, yes it works, and in good condition it take nice shots. But really it cant compete in flexibility with my Nikon D500 with my Nikon 28-70 f/2.8 lense.

But what i mean is, the cloud version is not really what people using dSLR's want or need, it's more for the younger people running around making selfies with their phone, and things like that.


----------



## Gnits

Most 'younger people' running around with iPhones have never heard of Lightroom and will be perfectly happy with the solutions offers by Apple and Samung, et al. and their cloud solutions are not for the exclusive use of the vendors software.

Yes.. It is correct for Adobe to try and tap into that massive market.

For me, the concerns are related to the title of this thread in that with the new Lr CC Cloud Adobe insists that all of our digital assets are now handed over to the control of Adobe and we made the decision to upload them to Adobe servers.  

I would like to see more clarity on the terms and conditions surrounding how our data is managed, what happens in relation to international jourisdiction issues and how can we get our original data back.

I am concerned that effectively Adobe have told us that Lightroom Classic is a few steps away from Lightroom Legacy.

I think there is a place for a Lr solution which includes 'Cloud' features. Such an architecture may help provide multi user support, family user support, professional office shared options.

None of use mere mortals really know what way Adobe will steer the Lr ship.

Having been responsible for large scale enterprise data for large corporations, I fully understand the issues around data security and ownership.

I have made up my mind already that, for lots of reasons, I will not use a solution which requires me to transfer my digital assets to the cloud. I hope Adobe do not force me into such a decision and hope that future versions of Classic and Cloud will happily coexist, or that local content will work with the new Lr kid on the block.

So, I think the DSLR users can benefit from a cloud solution just as much as the phone users, but we will have to wait and see how Adobe wish to deliver such solutions.


----------



## Linwood Ferguson

Gnits said:


> I have made up my mind already that, for lots of reasons, I will not use a solution which requires me to transfer my digital assets to the cloud. I hope Adobe do not force me into such a decision and hope that future versions of Classic and Cloud will happily coexist, or that local content will work with the new Lr kid on the block.
> 
> So, I think the DSLR users can benefit from a cloud solution just as much as the phone users, but we will have to wait and see how Adobe wish to deliver such solutions.



I am in a similar boat as you.  I use the cloud, I have a backup of my photos in a cloud - but encrypted by me, managed by me.

What is frightening to me is that the majority of the population (especially younger, but not just younger) are becoming blind to risks of security and privacy. Even my wife thinks I am a bit nuts when I question why she just gave her phone number to some store clerk; she says "because they asked".  Same with all sorts of personal information.  Most people using facebook (etc) heavily likely have given over more information to them than they have to their doctor, lawyer or any combination.

What I worry about is that those actually concerned about security and privacy will become such a minority that Adobe and others will just write us off, and not try to retain us as customers.  We are too much trouble, we ask disturbing questions.

I think the "wait and see" is the right answer; nothing hanged YET, new Classic is better than old 2015.12.  But I fear for the trend.


----------



## jjespdk

But in the end... Adobe will have access to all our files and also to all our catalogues in the cloud. They will be able to search keywords, collections and folders across LR users. And at some point they will ask us to sell our images for us. We will get a penny for an image the Adobe customer downloads. They will sell it for a dollar. Its business. And in time we will accept it. But for now I am staying on the classic. And try to figure out how the escape should be at that time. But I have to admit that it is a clever way to create maybe one of the biggest stock photo agencies in the world..... But is it ok? Only if we just accept it.


----------



## Johan Elzenga

jjespdk said:


> But in the end... Adobe will have access to all our files and also to all our catalogues in the cloud. They will be able to search keywords, collections and folders across LR users. And at some point they will ask us to sell our images for us. We will get a penny for an image the Adobe customer downloads. They will sell it for a dollar. Its business. And in time we will accept it. But for now I am staying on the classic. And try to figure out how the escape should be at that time. But I have to admit that it is a clever way to create maybe one of the biggest stock photo agencies in the world..... But is it ok? Only if we just accept it.



These conspiracy theories are getting wilder with each message. Adobe Stock already exists. There is even a publishing service in Lightroom Classic for it. It contains millions of images already, because they didn't started it from scratch, but bought Fotolia. So now they created a brand new Lightroom, just to get more images in there? Get real!


----------



## Linwood Ferguson

@jjespdk, if we are going to do conspiracy theories, I think yours is too mild.  I think it's more like facebook, where they will use this to collect metadata, analyze faces, tie them to keywords from LR Face recognition, build one of the largest photo repositories to mine for information -- not sell the photos, but use the information.

But then again, we were just talking conspiracy theories, right?  Not reality.


----------



## jjespdk

JohanElzenga said:


> These conspiracy theories are getting wilder with each message. Adobe Stock already exists. There is even a publishing service in Lightroom Classic for it. It contains millions of images already, because they didn't started it from scratch, but bought Fotolia. So now they created a brand new Lightroom, just to get more images in there? Get real!



Johan, maybe you are right. But the new thing is that before we had to do something active to put images on Adobe Stock. We had a choice. With the new CC Cloud, we don't have to do anything. We just give Adobe access to our images, folders, keywords and collections...   I made my point. You don't agree, its all fine. I will go away for now. I am not going to buy the CC Cloud plan anyway.


----------



## jjespdk

Ferguson said:


> @jjespdk, if we are going to do conspiracy theories, I think yours is too mild.  I think it's more like facebook, where they will use this to collect metadata, analyze faces, tie them to keywords from LR Face recognition, build one of the largest photo repositories to mine for information -- not sell the photos, but use the information.
> 
> But then again, we were just talking conspiracy theories, right?  Not reality.



No of course not. It is only fiction! We would laugh if it would be real.


----------



## Johan Elzenga

jjespdk said:


> Johan, maybe you are right. But the new thing is that before we had to do something active to put images on Adobe Stock. We had a choice. With the new CC Cloud, we don't have to do anything. We just give Adobe access to our images, folders, keywords and collections...   I made my point. You don't agree, its all fine. I will go away for now. I am not going to buy the CC Cloud plan anyway.



CC Cloud is not new either. People have been synching images from Lightroom CC2015 to the cloud for three years. Did anyone look at those images and ask you to sell them through Adobe Stock? I didn’t think so.


----------



## clee01l

Søren Reinke said:


> To me it seems like the Cloud version is for people who think an iPhone is an amazing camera.


I think you have nailed the issue.


----------



## PhilBurton

Ferguson said:


> @jjespdk, if we are going to do conspiracy theories, I think yours is too mild.  I think it's more like facebook, where they will use this to collect metadata, analyze faces, tie them to keywords from LR Face recognition, build one of the largest photo repositories to mine for information -- not sell the photos, but use the information.
> 
> But then again, we were just talking conspiracy theories, right?  Not reality.


Except that it's not all conspiracy.  I have an extremely sparse presence on FB, mainly for professional reasons.  My wall is empty.  I have never upload any photos, any status updates, nothing.  Yet when I do follow a link that leads to FB, it's alarming how well the ads target me.  Clearly FB already knows a lot about me.

And it's worse with Google.  But that's another thread altogether.

Phil


----------



## Johan Elzenga

PhilBurton said:


> Except that it's not all conspiracy.  I have an extremely sparse presence on FB, mainly for professional reasons.  My wall is empty.  I have never upload any photos, any status updates, nothing.  Yet when I do follow a link that leads to FB, it's alarming how well the ads target me.  Clearly FB already knows a lot about me.
> 
> And it's worse with Google.  But that's another thread altogether.
> 
> Phil



Nobody denies that Facebook and Google are doing that. If a product is 'free', you are the real product. The question is whether that is what Adobe is really after too, and whether Lightroom is basically just a smoke screen to get there. I don't buy that.


----------



## stevevp

Ferguson said:


> @jjespdk, if we are going to do conspiracy theories, I think yours is too mild.  I think it's more like facebook, where they will use this to collect metadata, analyze faces, tie them to keywords from LR Face recognition, build one of the largest photo repositories to mine for information -- not sell the photos, but use the information.
> 
> But then again, we were just talking conspiracy theories, right?  Not reality.



I would absolutely agree with this. It's not about the photos, it's about the data.


----------



## PhilBurton

JohanElzenga said:


> Nobody denies that Facebook and Google are doing that. If a product is 'free', you are the real product. The question is whether that is what Adobe is really after too, and whether Lightroom is basically just a smoke screen to get there. I don't buy that.


Johan,

Of course we are the "product" on Facebook, Google, and LinkedIn, to name but a few popular sites.  The scary part is that most people aren't aware of how much privacy they willingly surrender.

I think it would be *an utter disaster *for Adobe's reputation if they were to use Lightroom as a sneaky way to collect people's private data.  And like you, I don't believe that is their intention or their strategy.

Phil


----------



## Johan Elzenga

We agree 100%, but as you can see, not everybody thinks this way:



stevevp said:


> I would absolutely agree with this. It's not about the photos, it's about the data.


----------



## Giblets

Just out of pure personal interest is there anywhere in Adobe's T&Cs relating to the Cloud that allow them to use the images that people upload as they see fit or conversely any mention that they will not use the uploaded images for any purpose?  As I am still on a perpetual version I don't have access to such cloud related T&Cs.


----------



## Johan Elzenga

Giblets said:


> Just out of pure personal interest is there anywhere in Adobe's T&Cs relating to the Cloud that allow them to use the images that people upload as they see fit or conversely any mention that they will not use the uploaded images for any purpose?  As I am still on a perpetual version I don't have access to such cloud related T&Cs.



As you should be able to make a decision to use or not to use their cloud offering based upon that information, it should be available to you as well.


----------



## Victoria Bampton

In your Adobe account, you can already choose to opt out of the machine learning stuff. Of course it largely defeats the object of their new tools, but it's good to know it's there.


----------



## jjespdk

Victoria Bampton said:


> In your Adobe account, you can already choose to opt out of the machine learning stuff. Of course it largely defeats the object of their new tools, but it's good to know it's there.



Thanks, I wasn't aware of this. Has now removed both options. And it also shows that Adobe has the exact same intensions as Google, Microsoft and Facebook, if you ask me. In a smaller scale maybe, but nevertheless... Big Data is a big business and it is for sale. I simply don't like the idea of others selling data I have provide, without even asking me... (not saying Adobe does this, but eventually they could. And even Adobe is for sale at some point, if the money is right)


----------



## Linwood Ferguson

jjespdk said:


> Big Data is a big business and it is for sale. I simply don't like the idea of others selling data I have provide, without even asking me... (not saying Adobe does this, but eventually they could. And even Adobe is for sale at some point, if the money is right)



A global problem is the prevalence of "opt out" as a viable mechanism for saying "we protect your privacy".  Then they bury the "opt out" deep within their system, and periodically "default it for your convenience" back to no.

I generally opposed regulation, but I sure wish that some of the privacy oriented countries would state clearly "opt in is the only acceptable data collection option".


----------



## Søren Reinke

*Hi there

What do we now about the security of Adobe's cloud hosting?

Adobe is not known for security, as seen here (take from www.haveibeenpwned.com):

In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, encryptedpassword and a password hint in plain text. The password cryptography was poorly done and many were quickly resolved back to plain text. The unencrypted hints also disclosed much about the passwords adding further to the risk that hundreds of millions of Adobe customers already faced.

The whole idea about giving all my raw files to their cloud, is not something that goes well with me.

What about backup of the data? Do they use raid, and backup in different geo locations?*


----------



## LouieSherwin

Being the skeptic that I am, the fact that Adobe has not "specifically" stated that they have no intention to do data mining on all of our photos leads me to believe that they either are or plan to do so. On the other hand since this is a "paid for" service it might make this less likely. 

Still without specifics it is hard to tell. As I recall hearing you cannot restrict the metadata for the uploaded images in LR-CC.  While this makes sense in the context of sharing photos among several devices it does not bode well for privacy. So until I know more I am unlikely to start uploading my entire photo library to Adobe.

As an aside: If you are interested in investigation what you can do to further protect your online privacy check out the privacy-paradox a step by step investigation into what you can to to start protecting your online privacy.

-louie


----------



## Hal P Anderson

I can see that some people would have a need for self-administered encryption of their images that seems totally incompatible with the way the Cloud will work. Journalists in countries with less-than-stellar human rights records come to mind. Companies in general don't have a good track record in resisting governmental fishing expeditions, and ceding control of your images could be potentially fatal.


----------



## ech1965

Giblets said:


> Just out of pure personal interest is there anywhere in Adobe's T&Cs relating to the Cloud that allow them to use the images that people upload as they see fit or conversely any mention that they will not use the uploaded images for any purpose?  As I am still on a perpetual version I don't have access to such cloud related T&Cs.



Legal Terms of Use | Adobe

§ 3 ( 3.3 more precisely )

And about Opt out for "machine learning",

Adobe machine learning FAQ

Regards
Etienne


----------



## Victoria Bampton

Thanks for sharing that link Etienne. I was about to look for that FAQ one myself.


----------



## ech1965

Victoria Bampton said:


> Thanks for sharing that link Etienne. I was about to look for that FAQ one myself.


You're very welcome !


----------



## jjespdk

ech1965 said:


> And about Opt out for "machine learning",
> 
> Adobe machine learning FAQ



"We use what we learn from all Adobe users to make our products and services better for everyone. For example, if you edit beach photos to look saturated and vibrant and another user edits wedding photos to have a soft focus and soft light, then our programs can learn those differences. Later, when a third user edits a beach or wedding photo, we can give them the appropriate style suggestions, based on what we learned from you and other users."

Interesting - and a bit scary....


----------



## Selondon

Søren Reinke said:


> the cloud version is not really what people using dSLR's want or need, it's more for the younger people running around making selfies with their phone, and things like that.



I'd disagree somewhat Soren. In my case, as 40+ year old (), having three young children, I neither have the will, nor the time to use Lightroom Classic and external drives. Ok, I'm only a hobbyist but the Cloud suits me - I like having access to all my Library. Luckily, from a Cloud point-of-view, I live in a major city and I can cull, edit and share on my daily commute..... and when I do need to fire up my computer, I want something that I don't have to spend time learning.

I'd rather spend any spare Photography time I have improving my shooting technique, rather than working out what kind of previews I am creating.

Also, you do see many younger people walking around with dSLRs/mirrorless cameras. They may have more time than myself but maybe they'd like the choice of a streamlined Lightroom?

Of course I under understand the frustrations regarding the ridiculous naming, the non-syncing of Keywords and worry about its future, but Lightroom Desktop isn't for everyone.


----------



## PhilBurton

Selondon said:


> I'd disagree somewhat Soren. In my case, as 40+ year old (), having three young children, I neither have the will, nor the time to use Lightroom Classic and external drives. Ok, I'm only a hobbyist but the Cloud suits me - I like having access to all my Library. Luckily, from a Cloud point-of-view, I live in a major city and I can cull, edit and share on my daily commute..... and when I do need to fire up my computer, I want something that I don't have to spend time learning.
> 
> I'd rather spend any spare Photography time I have improving my shooting technique, rather than working out what kind of previews I am creating.
> 
> Also, you do see many younger people walking around with dSLRs/mirrorless cameras. They may have more time than myself but maybe they'd like the choice of a streamlined Lightroom?
> 
> Of course I under understand the frustrations regarding the ridiculous naming, the non-syncing of Keywords and worry about its future, but Lightroom Desktop isn't for everyone.


So Adobe needs to "embrace the inevitable" and have multiple products or a highly configurable, optioned product.  By the way, multiple products could share a lot of the software code, which would simply the process of enhancements and bug fixes.

Phil


----------



## Selondon

PhilBurton said:


> So Adobe needs to "embrace the inevitable" and have multiple products or a highly configurable, optioned product.  By the way, multiple products could share a lot of the software code, which would simply the process of enhancements and bug fixes.
> 
> Phil



Hi Phil.....Maybe the code was too old for the kind of cloud interaction they wanted and new code had to be written. At the same time deciding to extend it to a larger market. Maybe LrCC v1.0 could be the first stage in this highly configurable product, optioned product?

Of course, it's all about money. I am not too happy with the cost compared to what I was paying them before to store my Photos in their Cloud (back on thread, they would be crazy to mess around with privacy - irrespective of photographs, most creative work is done on their products). But irrespective of the way they have handled the launch of the product, the product suits me.


----------



## PhilBurton

Selondon said:


> Hi Phil.....Maybe the code was too old for the kind of cloud interaction they wanted and new code had to be written. At the same time deciding to extend it to a larger market. Maybe LrCC v1.0 could be the first stage in this highly configurable product, optioned product?
> 
> Of course, it's all about money. I am not too happy with the cost compared to what I was paying them before to store my Photos in their Cloud (back on thread, they would be crazy to mess around with privacy - irrespective of photographs, most creative work is done on their products). But irrespective of the way they have handled the launch of the product, the product suits me.


Selondon,

I'm convinced, without proof but with my experience as a software product manager, that LR CC is the code base which will evolve into the future Classic.

Of course, Adobe is responsible to its shareholders.  But nothing is pre-ordained.  Their actions can *influence *a lot how much revenue Lightroom continues to generate now and into the future.

Phil


----------



## Roelof Moorlag

PhilBurton said:


> Adobe is responsible to its shareholders


That's the case these days indeed. And what about their customers?
In my opinion it should be customers first, personel second and shareholder third.


----------



## jjespdk

Roelof Moorlag said:


> That's the case these days indeed. And what about their customers?
> In my opinion it should be customers first, personel second and shareholder third.



I agree, but that is not how it works  Always the shareholders first.


----------

