Reason 962 to Avoid Cloud Photo and Video Storage: Strangers May Be Able to See Your Stuff

Reason 962 to Avoid Cloud Photo and Video Storage: Strangers May Be Able to See Your Stuff

If you store your videos and photos in the cloud, or at least in Google’s version of the cloud, you may want to think twice about that. A recent privacy breach may have sent your videos to the wrong person.

According to The Verge, the breach involved Google Takeout, a service that helps you download your data from the myriad services the company offers. It seems that it hit a snag where it was accidentally including videos that were not part of a user’s account in their Takeout download.

While the window was short and the bug has already been fixed, it was wide open for four days, between November 21st and November 25th, 2019. Affected users received an email that included the line “Unfortunately, during this time, some videos in Google Photos were incorrectly exported to unrelated users’ archives. One or more videos in your Google Photos account was affected by this issue. If you downloaded your data, it may be incomplete, and it may contain videos that are not yours.”

Cue every Google Photos user feverishly wracking their brains to think about when they last sent that sexy video to their significant other. Photos weren’t affected, and so no private photos seems to have been exposed. One of the users who received the email is the founder of a company that helps defend organizations against data breaches. Jon Oberheide posted the whole message on Twitter:

There wasn’t much fanfare from Google about this data breach, but it can’t be understated how serious it is. With more Pixel phones out there than ever before, there’s a whole army of people automatically sending their selfies, sexts, and family photos to the cloud with every click. Add on top of that regular users who upload their photos taken with other cameras or phones, and the .01 percent of users that Google claims were affected by this breach is still a sizable number given the company’s user base.

Google’s recommended fix for this really isn’t a fix. It says that users should delete their previous backups and download a new copy of their data. No word on what people should do if they already deleted their accounts when they thought they had all their data. Nor could the company, in a response to Oberheide, specify what videos had been downloaded.

Chalk one up for NAS units and hard drives.

Log in or register to post comments

13 Comments

Hunter Rose's picture

I'd recommend you rent a thunderbolt based LTO-7 or LTO-8 tape drive for a week. Perform a full backup to tape and put those tapes in a safety deposit box (in the next city over - helps to protect against natural disasters). This keep the chain of custody with you and you still have physical secure media.

Daris Fox's picture

I've a SAS based LTO-7 drive. Got a 6Gb/s card that was ripped out of a server when it was upgraded to 12Gb/s and the LTO I got on sale at the HP website for 800 off. I do a monthly back up to tape, and weekly is taken care by NAS to NAS (using Synology's own tools) over a OpnSense based VPN (studio->home).

You can pick up 6GbSAS HBA/RAID cards fairly cheap on Ebay or through bankruptcy auctions, just buy a server and sell the rest at mark up. SAS will also allow you to have a higher throughput/stability than Thunderbolt, which is notoriously flaky under Windows.

Spy Black's picture

Tape? I haven't dealt with tape backup since the 90s. Have you ever seen a tape unit mangle a tape up? While nothing's perfect, a mechanical hard drive is much safer storage system IMO. Good luck with your tape setup, and may you never have your drive eat one of your tapes.

Daris Fox's picture

Have you not used a LTO drive? They've got little in common with tapes of the 90s, and LTO-7 holds 6Tb uncompressed, and up to 15Tb compressed. They also write as fast at ~300Mb/s.

Also, LTO has been used in Enterprise for decades, so has to be reliable and safe to use. Especially in multi-stack libraries in racks as downtime is expensive..In my case if a tape burns, I still have the previous month and the hot/warm back ups on the NAS. I have three generations of backups on three different medias. So my data is relatively secure.

Spy Black's picture

Once bitten, twice shy. :-) I'm glad your system works well for you. I'm personally more comfortable with redundant mechanical hard drives. I should add they were not my tapes but company archives I had to deal with. The systems were always Russian Roulette.

Tom Weis's picture

In 2018/2019 there was a patent infringement lawsuit between Fuji and Sony - the only two manufacturers of LTO-8 tape - that caused the tapes to be unavailable. Was that resolved?

The LTO consortium started with 6 manufacturers, but dropped to 2 which does not inspire confidence.

Also, the LTO drives only support 2 generations of tapes. With constant improvements in tape storage density, one might be buying $5000 LTO drives every couple of years. No thanks.

Conversely, 5.25" drives are relatively cheap and ubiquitous, and the SATA interface seems to be essentially an open standard.

Hunter Rose's picture

As stated enterprises use these all the time for tiered backups strategies depend on their needs - I've had many customers run hierarchical storage management systems / strategies (SSD or SAS - 1st tier, replication to off-site RAIDed spinning disks as a 2nd tier, 3rd tier tapes, etc.). LTO is still used all over the place.

Yes the cost can be prohibitive for end users but if you are run a business (not just a hobby) its part of a full disaster recovery and business continuity plan - its up to you and you needs to decide if you need to implement one for you business.

In terms of end users using the tech - there are plenty of machines as Daris mentioned you can find used for way lower cost. I also provided rental as an option, its actually $180 a week to rent an external thunderbolt drive. Do this once a quarter or once a year. I'm sure folks spend more on more frivolous things.

So, for a home user use your primary drives as online workable storage, a RAID subsystem unit - as near line secondary and tape as off-site quarterly or annually.

In the end there is no solution that fits everyone but, I figured I chime in with an alternative option, hence my original post.

Jason Frels's picture

If you are using a 'free' Google service, someone or some computer is looking through your stuff all the time. This nothing new. It's what Google does and why they offer 'free' stuff.

This doesn't mean that cloud storage is bad. Probably more risky to not use some sort of back-up like this. If you are that worried, encrypt the files before you put them on cloud storage.

Spy Black's picture

Nobody's cloud is safe. Anyone who thinks Brand X is safe has their head in the clouds...

Just me's picture

There is no privacy on internet; this is just someone else computer.
Keep this in mind at each upload.

Matthew Lacy's picture

I thought I already read an article on this from Fstoppers. Might have been Petapixel though. Who knows? Anyway, this isn't Google's finest moment, but I wouldn't really expect much better from them.

Blake Parry's picture

this is why my files on cloud storage are encrypted

Tom Weis's picture

What are the other 961 reasons to avoid cloud storage?