Take Care With The Clouds!

You can be processing your data on someone else’s computer

In a couple of recent articles, we have seen how Apple and Microsoft (and Google, for sure!) have access to your devices and data. But another related topic deserved a separated analysis: the so-called “software as a service”, or simply SaaS.

If you use Office 365, Google Docs, Webex, and the like, you are using software as a service, that is, a service running on a computer located at perhaps thousands of kilometers away from where you are. With it, you can be typing some text on Word for Microsoft 365, or editing a photo on Instagram, but those files are not being processed on your device; they are on some server somewhere in the world: perhaps at Microsoft’s headquarters in Seattle, or in Johannesburg; or even in Beijing. The activity of computing is done by a third party, not by your own machine.

This has, indeed, some pros: you don’t need to use your own device to process those files, specially, if you don’t have a powerful PC or are using a mobile device. Moreover, you can open such files from any device and from anywhere, and collaborative work is much easier. But using someone else’s computer (the “cloud”) has also its downsides: when you use SaaS, cloud datacenters are storing and having authorization to read and edit your files. And all this is happening outside your device: you will neither know if your files were accessed or changed nor by whom. In fact, you won’t even know where they are, because you are not the server administrator, but Google, Microsoft, Amazon, etc., and they keep secret their datacenters’ location. Amazon’s, for example, is kept on a highly confidential internal document, that was disclosed by WikiLeaks. With this, one could risk having files about, e.g., controversial political subjects or industrial secrets, stored and processed in countries where privacy or political rights are not necessarily a paradigm.

Furthermore, because those cloud servers host services and databases from many enterprises, they have become an attraction point for hackers. It happened recently with Microsoft Azure, where a vulnerability allowed outsiders to have full access to databases held by thousands of enterprises, including Coca-Cola, Exxon Mobil and Citrix. This failure was exploitable for at least several months, possibly years.

Another consequence is they can ban you from their servers for whatever reason, as they did in the past with WikiLeaks and Parler. And they will do this not only to organizations dealing with political issues, but against anyone: a designer named Dustin Curtis had his Apple ID, App Store and iCloud accounts blocked for weeks because of a mistake in his Apple Card billing. So, goodbye family photos, doctoral thesis, work project! It’s “their computers, their rules!”

And how to identify if you are running a SaaS? One hint is to look for the cloud term. Unfortunately, today it is employed quite loosely, but when you read that such or such app has a “Cloud” name or functionality, beware! Because, as says Richard Stallman, companies don’t like to tell you what they are doing:

If “cloud computing” has a meaning, it is not a way of doing computing, but rather a way of thinking about computing: a devil-may-care approach which says, “Don’t ask questions. Don’t worry about who controls your computing or who holds your data. Don’t check for a hook hidden inside our service before you swallow it. Trust companies without hesitation.” In other words, “Be a sucker.” A cloud in the mind is an obstacle to clear thinking.

Why all this secretiveness? Why would big corporations bother to set up a network of servers to process your files for free? Because they found out that our files are a gold mine: they can establish your profile with your consuming habits, political opinions, health issues, social relations and all the rest. And then, they use or sell it for other companies and governments—including intelligence agencies. Otherwise, how can Big Tech make billions of profit year after year? Certainly not only with online ads!

To prevent such risks, one should always avoid to store and process files in the cloud as much as possible. If you really need to use a cloud server, encrypt your files on your device before uploading them to the cloud. Here is an article that could help. A great, free and easy to use encryption program is VeraCrypt. You’ll find a tutorial here. Give preference to store your files locally and keep a backup of them on removable hard disks or flash drives, and run your software on your computer. All this could look a little old-fashioned, but this way you won’t depend on the humor of some Big Tech company to be able to use your files.