Privacy concerns when sharing files on the Internet
The amount of internet users sharing their private data through third-party file sharing is rapidly increasing. Some even use these services to backup their data in the cloud. Although these services are very easy to setup and are available at a very low price, the cost of privacy may be too high for some to afford and it is very important to understand this cost before using these services.
Online file sharing and backup services
To fully understand the problem, you need to explore how these services work.
When you sign up for any service, you supply a user name and password and then install the application. As long as you're connected to the Internet, the files you drag into the local folder magically appear on all PCs, laptops, and mobile devices that also have that service installed and are attached to the same account. Some services also allow you to access your files using a browser from any machine.
Additionally, some companies may obtain private information like:
- Your name
- Credit card
- Number of computers you have and their type
Most of these servers use smart technology to reduce network traffic as well as the size of data you copy. For example, they won't store the same file twice. If you drop a picture of your summer vacation into the shared folder and your brother drops the same picture into his account, only once copy of the file is stored on their server. This method is called deduplication and is mostly used by large companies to save disk space.
Almost every online backup or file sharing service provider employ a blackbox approach - meaning clients never have to worry about:
- How files get to the other end
- How are files stored
- Where are the servers physically located
- Which encryption mechanism, if any, they use
- Who has access to those files
- Are backups of your data being made, and how secure are those back environments
Due to the blackbox approach specified above, it is almost impossible to guarantee the privacy of your data. Although most companies claim they use encryption to protect data, there can always be leaks or bugs in their software that can make your private data vulnerable to hackers.
Consider the scenario where a service provider allows you to search or modify documents on their server. There is no way to either search or modify any document unless that document is in clear. Assuming the document is encrypted; the software used to provide this service has to be able to decrypt it, allow you to modify and finally, encrypt it again before storing it to the disk. A small glitch in the software performing this task can make your files available to any hacker. Moreover, there is a very good chance developers of this technology can access your document while debugging the application.
Additionally, there is no way for a company to use deduplication if files are encrypted with different keys. This is because a file encrypted with two different keys will generate a completely different output and deduplication cannot be used.
It is common knowledge that financial, insurance and government institutions have secure networks and stringent rules on how to protect consumer data. One reason why their networks are relatively secure is because of laws that govern these industries, such as Sarbanes-Oxley. Unfortunately, no such law exists for companies that offer online file sharing or backup services, leaving consumers to trust them with their data.
Try searching Google for words like "privacy concern", "security breach" along with your favorite online file sharing service provider. It is very likely you will see several news articles showing when and how a group of hackers or disgruntled employees were able to steel user names, passwords and/or other personal information from their network.
The best way to protect your data is to prevent it from ever leaving your network and only allow individuals who are authorized. In short, you create a private cloud containing the networks that belong to you. For example, if you have 3 offices designate one of them as a central repository. Users should be able to access their files from these repositories rather than accessing them from a third party company on the Internet.
Synametrics Technologies offer two products that allow you to share files and back them up in a secure manner.
Both SynaMan and Syncrify are products, not service - meaning you install them inside your network and allow access to individuals who need them.
Consider a scenario where you have multiple offices in different physical locations. You can use Syncrify to backup files from different offices to a central location. Additionally, you can use SynaMan to share files with clients and other business partners. The following image depicts a typical network diagram where Syncrify and/or SynaMan is installed.
Whether or not you use these products over the Internet or within a LAN, files always stay under your control. In cases where you backup file from one office to another over the Internet, you can use SSL to encrypt the data transmission. Both Syncrify and SynaMan can also work over a VPN connection for added security.
If privacy is important to you, using an online service for file transfer or backup may turn out to be very costly. The best way to protect your important files from unauthorized access is to keep them within your network.