The phrase, "All your base are belong to us" was a popular Internet meme back in the day, and is still around even today. In the video, an ominous alien proclaims that he owns all of the bases and that there is "no chance to survive." Today, it's probably safe for the overlord to say, "All your data are belong to us," because almost everything we have is stored in the cloud as we relinquish more and more control of our data to third parties.

There's no question that everyone loves the idea of being to access all of their data at any time. From being able to quickly download documents from OneDrive to being able to view images from Flickr, the ability to access and share our data is second nature to us now. Unfortunately, most people think that because the data is housed by a large company like Apple or Microsoft, and that access is protected by a really secure password, that their data can only be accessed by those that the user wants to allow access to.

That is a major fallacy, and this past weekend proved it.

Despite the latest in a string of data breaches, we still trust our data in the nameless, faceless cloud at an ever increasing rate. For example, according to research done in 2012, over 48 hours of video is uploaded to YouTube every MINUTE.

However that's data that people are willingly putting out on the Internet. What about the data that people think is private, or even worse, our phones are configured to automatically upload aren't aware is even syncing to the cloud? As an example, our phones are routinely configured to automatically upload pictures and videos to Apple's and Google's cloud unless explicitly disabled, and in many cases the files online aren't actually removed from the cloud when deleted from the device. This is great feature if you accidentally remove something, but can leave you exposed if you're unaware.

Even if the data is secure, there's also no guarantee that the company housing the data will keep your data secure from both internal and external threats. Do you read all of the the Terms of Service agreements before using an online service, and then again every time they're updated? If not, you risk companies slipping verbiage past you that takes away your ownership rights or worse.

The question to ask is whether we should trust our data in the cloud. The answer isn't as straight forward as it may initially appear, regardless of what side of the argument you fall on. If you believe we should trust the cloud, the photo leaks this weekend have to give you pause. On the other hand, if you believe all data should be housed yourself, there's still risks if it's available to the Internet, something the SynoLocker attack showed all too well.

The answer is somewhere in the middle. It's true that companies like Apple need to beef up their security, but in today's day and age, passwords are no longer enough to protect your data and two-factor authentication should at least be an option anywhere our private data is stored. Apple is telling people that iCloud has two-factor authentication, but according to their own documentation, it only prevents changes to an account, not the actual downloading of data contained in the account.

Storing data within your own "private cloud" using one of many different NAS offerings (we've reviewed many of the devices here) is a great idea too, but if it's available online, you're just shifting the security requirements to yourself. While you won't have to worry about an insider stealing your data, you still have to worry about hackers trying to take it.

A defense in depth strategy is the best way to protect your private data no matter where it lives, and that means in addition to protecting it with a strong password and two-factor authentication, "As security increases, usability decreases"important information should be encrypted as well. Backup companies like Crashplan figured this out a long time ago: When you setup your account, you create an encryption key so that the data on their servers isn't readable by anybody. If someone guesses your username and password and download your files, the only thing they have is an encrypted container. Without the decryption key, the file is useless. However the old saying that "as security increases, usability decreases" rings true here, and it's doubtful that many users will want to go through that extra step to access their data.

Dozens of celebs -- among them Jennifer Lawrence -- got a crash course in proper securing of data.

The initial uproar about people stealing nude photos from celebrities will soon die down and be forgotten. Most users will say, "That will never happen to me," and be on their merry way. And the amount of data we entrust to nameless, faceless third parties will continue to increase until it's true that, "All your data are belong to us."

Jennifer Lawrence image via moviepilot.com | Cloud image via Shutterstock

Report a problem with article
Previous Story

Bing is testing several new layouts

Next Story

Microsoft's best Xbox promotion yet can get you up to 2 free games

46 Comments

Please Login or Sign Up to post a comment.

No surprise, just that supposedly intelligent people have taken so very long to realize the anything in The Cloud is for public consumption. Any expectation of privacy in The Cloud is foolhardy.

Its easy to defeat the "electronic big brother" : choking!. Just store a bunch of random pictures in your could and it will choke the automatic system with some misleading garbage.

Use it at your own risk, I don't. We have our own 15 TB personal cloud, and never expose it directly to the internet.

Odom said,
If you don't expose it to the internet, then it's not a cloud.

If it is located in a single server then, it is not a cloud, and it is true for 99% of the so called cloud services.

That, my friends, is why I don't use the cloud at all where possible.

And really, putting "that" sort of content online, what did you think would happen? :p

I quite like BitTorrent Sync's motto: "no one can steel your data from the cloud if it isn't in the cloud" ...it's so true! ...I certainly wouldn't be putting sensitive data/inappropriate content in any "cloud"!

its the peoples fault, why the ###### would they put nude pictures just like that on the cloud, and if it was the automatic uploading it still their fault! they must know how the ###### they buy works, its ridiculous how people don't care to think ahead....

You really think it's fair to blame the victims of this crime? Do you blame people for owning TVs if their house gets burgled and the TV nicked?

Sure it's risky putting anything really private online but if you believe you have a private service and then someone else takes effort to break into that, you're not the wrong doer.

If they did not secure their home before being broken into, then yes I would. However, this is not the same thing Laura. This would be like storing your TV somewhere else and trusting someone else to secure it.

If something is inside your house it's pretty obviously not up for grabs, any theft is still wrong even if you could have locked the door and built a wall, gun turrets and moat around it. So how far do we go before we blame the criminal? Do we let them off if they were a pseudo friend or tricked their way past your security, since you're obviously just too dumb.

In any case I don't see any reason to assume that these photos were not secured, even if it wasn't the best security. The talk is about someone "hacking" their way into private accounts. Even if you had the crappiest password ever it doesn't make it ok for someone to exploit that. It's still wrong.

Obviously I (try to) live in reality, I don't put private stuff online. That doesn't mean it's ok if someone does and someone else hacks it. It's still wrong.

I wouldnt say its the peoples fault. They ARE the victims. But I do think its different to say, "You shouldnt store naked pictures of yourself online" while still feeling like they are a victim. Its like saying, "I am sorry your tv got stolen. I am. But you shouldnt put your tv out in your front yard shed at night."

Its sad though that these people had there private, vulnerable lives made public like they have... That is the crime here. Not the nude pics online. That was just ill-advised behavior. =(

Laura said,
You really think it's fair to blame the victims of this crime? Do you blame people for owning TVs if their house gets burgled and the TV nicked?

Sure it's risky putting anything really private online but if you believe you have a private service and then someone else takes effort to break into that, you're not the wrong doer.

It doesn't matter whether you're talking about a physical device that you own in your house or a piece of data, the rules are the same... If you don't want it falling into the hands of other people you make proper efforts to secure it.

Yes, in an ideal world bad things should not happen, and no the victim doesn't deserve it but uploading private images of that nature to a service that you in reality have no control over whatsoever can be described as a questionable course of action at best. On the Internet stuff gets hacked all the time. Expecting privacy is great, failing to account for the consequences if you get exposed (particularly serious matter for celebrities) is just playing with fire. You should never, ever assume anything that is out of your control is completely foolproof.

When was the last time anyone got embarrassed when their TV was stolen and displayed for the world to see? Common sense would dictate if you wouldn't want something made public (either voluntarily or in the event of a mishap, regardless how remote of a chance) don't do it in the first place.

Unfortunately by the time I found the likes of Richard Stallman, EFF, FSFE, FSF etc it was already too late, I had a dropbox account, a Microsoft account, a Google account, a Facebook, Twitter.... this is the shortlist, I was literally everywhere. I found out about those in the top line around 2011 and until 2013 I really didn't care about the privacy stuff. Then something clicked after Snowden revelations and really took seriously Stallman when he says if the code is closed you do not know what it's doing and must assume the worst. So I do, mostly everything I run is open source, deleted Facebook etc. I do still use cloud stuff for backups but I try to find the best provider without having to pay money and that is SpiderOak. tl;dr I didn't worry about the cloud, now I do. Opposite to OP

Lamp0 said,
I really like the title image. Is that an original piece?

No, it's from Shutterstock, a company we license images from. Thanks for pointing out that I forgot to give them credit for it though, I updated the end of the article to include that.

I will stick to my private cloud. Sadly my reality is unattainable for most. But I won't put my data in someone else's hands and hope for the best forever into the future.

Even if people do read the TOS they are at risk of companies slipping verbiage. If it became a common thing to read the TOS it's entirety then companies would muddy it up even more.

You can love it all you want, but I never upload anything that I find private. In the end no matter what people say, someone alwasy check it out.

warwagon said,

Of course it exists, that's why I recommend it.


Yeah, but he gave a link so we can check it out ourselves. :p

Hmmmm ...I think it is time to start to open up a new business - Celebrity Smartphone Etiquette. I could charge them 5K for a ten minute crash course. :)

my course is better and cheaper. I "destroy" their current smartphone and hand them an old flip-phone. cost would be about $500.

The hard truth is once data is stored on a system you don't control fully then that data is more vulnerable. Does this stop me sticking things on Dropbox? Of course not, some data is not sensitive and a service such as Dropbox is very convenient but would I still super sensitive stuff on it? Nope. Do I think I will be a victim of hacking like Jennifer Lawrence? Ha very doubtful but it can be hard to keep track of what has access to your cloud storage. If I lend my iPad to someone they can open Dropbox and see all my files. There is no option for secondary authentication which is a big problem.

I mostly use cloud storage for sharing files with friends and family and keeping a backup (I don't have the desktop client installed so I manually upload via a browser) of some things I want access to while away from my computer.

Steven P. said,
Jennifer Lawrence said that the leaked stuff was deleted from her device(s) which kinda makes it even more troublesome!

Yeah I can believe it as I believe iCould does not delete photos from your photo stream when you delete it from your device.

Of course we have no idea when this data was stolen though... could have been ages ago and obviously deleting data has no effect once its already been stolen.

Steven P. said,
Jennifer Lawrence said that the leaked stuff was deleted from her device(s) which kinda makes it even more troublesome!

Google auto backs up anything I take with my phone camera, but when I delete stuff it doesn't remove it from their online thing. It also doesn't allow you to select which images to back-up, it appears to be all or none.

Funny, when I delete a picture from the Photos I always get a message warning me that it deletes the picture(s) online and offline ( across all devices)

There's no proof that the data still exists on the servers; and any celebrity suggesting that they don't know how the images have been acquired (because they deleted the images) just demonstrate how little they understand what has happened.

The images could have been copied at any time - days, month or even years ago. The images weren't stolen last week just because that is when they were released.

The person who stole the images appears to have used the actual login credentials of the accounts... the very second the images was synced with iCould the image could have been downloaded by the other person and stored for a long time.

It's the equivalent of someone breaking into your house, photocopying your photos and then years later giving them out... destroying the originals clearly has no effect on the copies.

I read somewhere that a lot of his personal info like name and workplace was released along with the leak *asking for trouble* lol

Master of Earth said,
That guy who posted didn't blur out his windows explorer user name along his teammate. However, it's believe the main hacker is only 15 years ago.

There was no "main hacker". It was a group of people trading things over a long, long period of time. Many of the photos were taken in 2009. It's unknown when they were ripped from the various services.

The guy that posted the screenshot was just one of the ones trying to sell the collection. He didn't create it.

Rosyna said,

You must have missed some part of the story (There was no "main hacker". It was a group of people trading things over a long, long period of time. Many of the photos were taken in 2009. It's unknown when they were ripped from the various services.

you were only half right about (The guy that posted the screenshot was just one of the ones trying to sell the collection. He didn't create it).

You think this whole leaking private photo doesn't involve any hacker? The people who leaked it was using a tool to gain access those account which pretty much classified as hacking someone confidential account. The 15 years old teenager is the one who found the iCloud loophole and took advantage of it by guessing countless amount password in very short amount of time with an application. As a result,the picture was quickly passed around to the people who actually leaked it.

Edited by Master of Earth, Sep 4 2014, 3:56pm :

You said "main hacker" was 15 years old. There was no main hacker as many hackers (plural) got the images.

Secondly, these images were not gathered via any password guessing. At least not the iCloud ones. They were gathered via Security Questions that were easily answered because the targets were public figures and the data was on twitter, Facebook, wikipedia, IMDB, et cetera.

The "iBrute" vulnerability in Find My iPhone was not used in this attack.