The Potential Of Google Sync To Be Used For Both Good And Evil

from the linking-up dept

When Google first launched its desktop search product over a year ago, some wondered if it would end up being a gateway to accessing data on your desktop from other devices, such as mobile phones. While Google hadn’t said much about it, it now looks like they may be moving in that general direction. The company has launched a new product that turns the Google desktop product into a tool for linking and syncing data on different machines. Right now, it appears to just be computer to computer, but it’s not hard to see how this could expand much further as well. What’s interesting, though, and perhaps a bit problematic, is that Google is storing data on its own servers for about 30 days in order to do this — rather than doing direct peer-to-peer. This has the advantage of allowing people to sync, even when a machine is offline. However, it also raises some questions. While some think that makes it compelling, as it will allow a number of new applications to be developed, others worry about it, in light of the recent attempt by the government to get access to Google data. This might be a case where they’re both right. The feature has a lot of potential… but it will only go so far as people are confident that Google will (and can) keep their data private.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “The Potential Of Google Sync To Be Used For Both Good And Evil”

Subscribe: RSS Leave a comment
Jimmy Bear Pearson (user link) says:

Perhaps encrypted locally before stored remotely?

The idea of my data stored in a system over which I have no control does bother me – as much as storing credit card data in merchants’ systems bothers me.

Perhaps if the data is encrypted in a 128-bit way before transmission to the Google servers? At least this would be some layer of protection.

I would, in addition, never back up super-sensitive data or information to any server to which I could not have personal access.

Jonathon says:

Re: Re: Perhaps encrypted locally before stored remote

Exactly, I appreciate what privacy advocates do in terms of raising concerns. However, google or whoever can offer any service and so long as they are open about what they can and do do with the info that they have. I had a better though a second ago, but it has now escaped me…

A Funny Guy / The Poison Pen says:

Re: Perhaps encrypted locally before stored remote

If you think 128 bit encryption will stop anyone who is determined to crack a code… you are sadly misinformed.

You would need at least 4096 bit encryption and a passphrase of 10-15 unrelated words and number sequances for a strong pass key.

Even this might be no problem to the new quantam computers in development which i strongly suspect the top echelons of world governments already have.

? says:

Re: Re: Perhaps encrypted locally before stored remote

4096? I’m using 8192 encryption on my quantam desktop computer.

My pass word is 12,432,233.1 characters in length.

What sucks is China just called and said that they want their “computer back”. I’ll be damned if they get this machine back. I haven’t had to pay a single dime in heating costs all winter!

Anonymous Coward says:

Re: Re: Perhaps encrypted locally before stored remote

setting aside obvious concerns about passphrase strength, your comments on bits is mistaken and oversimplified. some asymmetric algorithms are crackable at 128bits, others are not. symmetric algorithms at 128bit are not crackable. asymmetric approaches seem unnecessary to me for this application. only you know the passphrase, and so only your computer knows the key used for both encryption and decryption. data goes to google, they cant touch it because they dont know your password.

of course, they might just use your google account password in which case it might as well not even be encrypted.

Trevor says:

Re: Re: Re: Perhaps encrypted locally before stored remote

There are MANY tools out there for encryption, one I ran into had a clever soloution for relatively weak passphrases. The program used the sha-512 hash to generate the symetric key, butit ran the passphrase through 1000 times, this is computationally intensive and slows down a dictonary attack on the passphrase significantly. It is not perfect, but it makes things a bit more secure and with a decent (30 digit of so) passphrase can really slow down any would be cracker. Also, computing the sha 512 1000 times is not that bad for one passphrase, it just adds up for countless bilions of passphrases. This also gets around most rainbow tables, since they are computed for one run through a hash.

Clay says:

Re: Re: Re: Perhaps encrypted locally before stored remote

I really don’t care if Google, or anyone else, wants to spend valuable time looking through my e-mails to my friends about the newest cell phone or MMORPG, or any other files like my Trillian logs or which games I have installed on my computer; I don’t have anything to hide from anyone.

Aaron Friel says:

Re: Re: Perhaps encrypted locally before stored remote

Holy overestimates, batman!
You don’t read enough about cryptography, Poison Pen. 128 bit is still sufficient. 2^64 checks is still difficult, but given the sheer enormity of data and the possibility of highly obscure file formats, this may easily be enough to make it impossible for Google to read everyone’s data. Remember, if everyone used 128 bit encryption and they tried to crack it, they’d have to crack everyone’s key. That’s multiple near bruteforce decrypting operations, thousands or millions possibly.
10-15 unrelated words and number sequences? Typically, using a truly unique word, number, and symbol combination and hashing it is sufficient. This is what most encryption programs do, they don’t accept keys under a certain size. And if you go over the size limit, then they are still hashed, and shrunk to the size they use. As an example, 15 words of 4 letters each is 60 letters, or 480 bits. Already, you’re into the territory of Completely And Utterly Redundancy. Add in some numbers, and you don’t actually increase the security of your key. E.x., with a 128 bit key, if your password is any longer than 16 characters?xxxxxxxxxxxxxxxx?you are wasting your time. With a 256 bit key, you can go up to 32 characters, and with a 512 bit key, you can go up to 64 characters.
4096 bit key? Unless your password is 512 characters, it’s completely pointless. And the only reason you’d ever use 4096 bit encryption is for public key encryption. AES has no mode for over 512 bits. Neither does any other block mode encryption.
As for the rest of your BS about “new quantum computers,” research labs are just barely able to factor integers using them. That said, they are capable of factoring integers at a rate that greatly exceeds, at least on paper, that of a traditional computer. But I’m not afraid of a computer that can’t store more information than I can write on my hand, let alone perform bruteforce decryption on even something as short as a sentence. But even this is to no avail, because AES doesn’t use integer factorization, and quantum computers may not give you any advantage in decrypting AES ciphertext.

Anonymous Coward says:

No Subject Given

Just my opinion, but in light of recent events, you would have to be a MORON to voluntarily store huge amounts of corporate or personal info on a third-party system like this.

And that “I don’t ever do anything wrong, so I don’t care” attitude is stupid and naive. It is clear that our government feels comfortable taking a wide range of actions against individuals (from wiretaps, to detainment, to torture) regardless of any evidence of wrongdoing. So, keep that head in the sand, specially when the electrodes are connected to your balls because a Bush henchman thinks your Word doc that contains the phrase “ladle in the bin” is a covert reference to bin Laden and warrants further investigation…

Moogle says:

Re: No Subject Given

No, “I don’t ever do anything wrong, so I don’t care” is a perfectly good reason for one person to decide to use an opt-in service.

It’s never a good reason for a system to be forced on everyone, or any unwilling participant. In this case, it’s no big deal, the paranoid simply need not use this service.

Anonymous Coward says:

Re: Re: Re: Stupid and naive is no way to go thru life

Actually, i would be less pissed about that than them getting data from google for a number of reasons. First, either way, I am innocent and they were mistaken to be going through my stuff. Secondly, It is at least possible for me to catch them doing it if theyre rifling my house, whereas google will just hand it over and no one will ever know. There is presumably a much higher burden of suspicion to invade someone’s home than there is to demand their data from google. So I would be saying “you assholes, i havent done anything and wheres your #*($&$ing warrant, and im glad you didnt grab all my data instead”

Ben McNelly (user link) says:

The masses///

The masses will always be led by the nose, the issue here is setting a dangerous habit for the future. As people become more and more used to thier online life using tools like this, they are none the wiser when thier 4th admendment right are violated. I am an avid google-ite, but the whole gmail, (and recently gtalk saving your chat hist “opt in” of course) + stuff like this worries me.

– common sense, is never found in the masses. Look where everybody else is heading, and go the opposite way. or at least take it at an angle…

Anonymous Coward says:

Re: No Subject Given

You mean, you’re going to go over to your friends house, set up a secure and private account on their personal computer with custom file access permissions?which they would never, in their lives, violate?and watch your copy of Scary Movie over there. Not in their presence either.<br><br>At least, that’s what your lawyer might say.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...