Do people of reasonable technical ability store their private data on the Internet (if so, for what gain?)

From this thread on the Apple ng, today...
https://nordvpn.com/wp-content/uploads/2019/09/cloud_security_meme.png

o Who's cloud?, by Alan Browne
https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/_8wjSpmImrE

Arlen Holder wrote:
From this thread on the Apple ng, today...
https://nordvpn.com/wp-content/uploads/2019/09/cloud_security_meme.png

o Who's cloud?, by Alan Browne
https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/_8wjSpmImrE

Why not?
All it takes is to FTP encrypted data to an un-published
oddball-named folder. Oddball in that the name uses hex representation
of otherwise un-useable characters (say, space and other non-printing
characters).

"Robert Baer" wrote
| Arlen Holder wrote:
| From this thread on the Apple ng, today...
| https://nordvpn.com/wp-content/uploads/2019/09/cloud_security_meme.png
|
| o Who's cloud?, by Alan Browne
|
https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/_8wjSpmImrE
|
| Why not?
| All it takes is to FTP encrypted data to an un-published
| oddball-named folder. Oddball in that the name uses hex representation
| of otherwise un-useable characters (say, space and other non-printing
| characters).
|

That's a big topic. First, your use is not that of people
with "reasonable technical ability", which would probably
be most realistically described as someone who can set
up a Google Drive account, not someone who knows
how to encrypt files, or even thinks of it. People are
not storing commercial databases. They're storing things
they don't consider high security.

There are also security issues, privacy issues, ownership
issues... Peoples' opinions about those things are not
necessarily connected with their technical expertise. Look
at all the geeks with gmail accounts, who use Chrome. They
don't care about privacy or even security. They see all those
modern conveniences as just a giant nipple. They want to
suck milk and don't care who Mom is, as long as the milk is
easy to get and free.

Probably the most insidious effect of "cloud" is one that
most geeks don't even notice. It's a complex, calculated,
longterm strategy to own your life. It really is different to
let them hold your stuff. And it has legal ramifications. It's
like an extreme version of AOL. AOL tricked people into
thinking they were the Internet. Steve Case created a
sleazy trick. I remember the first time I logged on, I was
blocked by a message: "Want a new credit card?" There
were two buttons: Yes. Ask Me Later.
Huh? I soon learned that snake oil and pickpocketing were
the standard on this new Internet thing.

Cloud services today are far more widespread and intrusive.

Just yesterday I had two related experiences:

1) A friend who's a teacher was trying to access papers
sent to her by college students. Except they weren't sent.
They're on Google Drive. Links were sent. The students have
no idea what the difference is. They know how to type and
they know to write papers. They're unaware that Google is
actually middlemanning academia. I managed to figure out
how to download the paper, but by then my friend had lost
patience and wrote back, asking the student to email the
actual paper. It remains to be seen whether they can manage
that.

2) My brother was just released from rehab. He had a stroke.
I called him. He said his email wouldn't work. Hmm. After some
time I figured out the problem. He uses gmail. Google had
locked him out of his own email account, allegedly due to
lack of use. They had switched his settings to block non-Google
software/devices from getting his email! Worse, there was no way
to get in without having a cellphone where they could send
a security code. That, of course, has nothing to do with security.
A hacker could send them any old cellphone number. Google
was just holding his email hostage until they also got to know his
cellphone #! I gave them the number of a Tracphone that I
rarely turn on, got the code, got him back into his email. There
I was giving my phone number to a company I've come to view
as the root of all evil, and there was no way around it. If I
didn't, my brother wouldn't be able to see 2 months worth
of email.

That's the problem with cloud.

On 28/04/2020 15.02, Mayayana wrote:

Cloud services today are far more widespread and intrusive.

Just yesterday I had two related experiences:

1) A friend who's a teacher was trying to access papers
sent to her by college students. Except they weren't sent.
They're on Google Drive. Links were sent. The students have
no idea what the difference is. They know how to type and
they know to write papers. They're unaware that Google is
actually middlemanning academia. I managed to figure out
how to download the paper, but by then my friend had lost
patience and wrote back, asking the student to email the
actual paper. It remains to be seen whether they can manage
that.

There is another possibility they can do: send the homework as google
docs ;-) :-p

Oh, I have used it. It is fantastic if you don't mind much about
privacy. Two people on different continents can work on the same
document, seeing instantly what the other one writes/changes and making
comments; and further, one using Windows 7 and the other using Linux.

The alternative was working in turns on the document and emailing them,
one using an old Word version, the other using LO.


2) My brother was just released from rehab. He had a stroke.
I called him. He said his email wouldn't work. Hmm. After some
time I figured out the problem. He uses gmail. Google had
locked him out of his own email account, allegedly due to
lack of use. They had switched his settings to block non-Google
software/devices from getting his email! Worse, there was no way
to get in without having a cellphone where they could send
a security code. That, of course, has nothing to do with security.
A hacker could send them any old cellphone number. Google
was just holding his email hostage until they also got to know his
cellphone #! I gave them the number of a Tracphone that I
rarely turn on, got the code, got him back into his email. There
I was giving my phone number to a company I've come to view
as the root of all evil, and there was no way around it. If I
didn't, my brother wouldn't be able to see 2 months worth
of email.

That's the problem with cloud.

Rather the problem with public cloud systems.

--
Cheers, Carlos.

"Carlos E.R." wrote

| Oh, I have used it. It is fantastic if you don't mind much about
| privacy.

I think that's an underappreciated aspect of successful
but deeply sleazy companies like Google, Apple and Facebook.
They put a lot of effort into usability. And in general, that's
all people care about. If it's easy and has cute icons, people
will use it.


|Two people on different continents can work on the same
| document, seeing instantly what the other one writes/changes and making
| comments; and further, one using Windows 7 and the other using Linux.
|

I've never understood that logic. I've never written anything
with anyone else. I can't imagine why anyone would. In this case,
my friend makes notes to highlight problems in the paper and then
sends it back for revision. Even that wouldn't benefit from real-time
sharing.

| That's the problem with cloud.
|
| Rather the problem with public cloud systems.
|

Yes, I suppose you're right. Commercial cloud
services. But even that isn't quite right. There are
ways to use services commercially that are OK.
For instance, hosting website files on the webhosting
server. Getting email through a reputable company.

But cloud has been marketed as not being those things
but rather specifically being commercial online services,
often free, from big tech companies who have turned
to datamining/ads as a new business model. In general,
when we talk about cloud, that's what we're talking about.
The very idea of cloud in the public imagination is those
services. There's always the marketing vs the actuality.
In a similar way, people used to use software. Now,
suddenly, everyone's solving the world's problems with
"AI". No difference. But most people would say software
is a procedural tool and AI is....well... it's a super-smart
miracle that can do anything and may have no need
for humans soon.

Mayayana wrote:
[...]

2) My brother was just released from rehab. He had a stroke.
I called him. He said his email wouldn't work. Hmm. After some
time I figured out the problem. He uses gmail. Google had
locked him out of his own email account, allegedly due to
lack of use. They had switched his settings to block non-Google
software/devices from getting his email! Worse, there was no way
to get in without having a cellphone where they could send
a security code. That, of course, has nothing to do with security.
A hacker could send them any old cellphone number. Google
was just holding his email hostage until they also got to know his
cellphone #! I gave them the number of a Tracphone that I
rarely turn on, got the code, got him back into his email. There
I was giving my phone number to a company I've come to view
as the root of all evil, and there was no way around it. If I
didn't, my brother wouldn't be able to see 2 months worth
of email.

I can understand your (and your brother's) frustration, but AFAIK,
that scenario can't be true, unless your brother forgot his Google
Account password or/and enabled 2-Step Verification for that account.

If he had his password, he could just log into his Google Account
(*not* Gmail) and fix his access/security problems.

Many people who use Gmail 'forget'/are not aware that they also have a
*Google* account and that Gmail is just one of the many possible
services *under* (read: associated with) that account.

That does not mean that Google does not have stupid policies - because
they have - but with one's password one can recover from these
situations and a phone number is *not* needed, unless one has enabled
2-Step Verification. Been there, done that, got the T-shirt! :-)

BTW, if there ever is another time where a phone number is 'needed',
you/he might try to use a 'landline' number. Many services are able to
give the 'security-code' in a voice message instead of by SMS. (IIRC,
WhatApp is one such service, i.e. when the SMS fails, they just play a
voice message.)

That's the problem with cloud.

Personally I do not consider e-mail to be 'cloud', but *Gmail* can
probably be classified as 'cloud', because they normally keep all your
e-mail, not just your recent e-mail.

Do you consider your normal MSP (Mail SP) to be 'cloud'?

On 28/04/2020 15.40, Mayayana wrote:
"Carlos E.R." wrote

| Oh, I have used it. It is fantastic if you don't mind much about
| privacy.

I think that's an underappreciated aspect of successful
but deeply sleazy companies like Google, Apple and Facebook.
They put a lot of effort into usability. And in general, that's
all people care about. If it's easy and has cute icons, people
will use it.

I don't care about icons :-P

But I do care about *easy*, because the other participant considers even
copying a file difficult. Change something from one menu position to
another, and he is stuck.


|Two people on different continents can work on the same
| document, seeing instantly what the other one writes/changes and making
| comments; and further, one using Windows 7 and the other using Linux.
|

I've never understood that logic. I've never written anything
with anyone else. I can't imagine why anyone would. In this case,
my friend makes notes to highlight problems in the paper and then
sends it back for revision. Even that wouldn't benefit from real-time
sharing.

Well, I thought the same as you, till I tried. And non intentionally, as
each of us were making the plan at the same time, we noticed we saw
changes from the other side instantly.

Like "we will route via this city on the morning" to "not in the
morning, remember we have to do that".

It turned to a chat.



| That's the problem with cloud.
|
| Rather the problem with public cloud systems.
|

Yes, I suppose you're right. Commercial cloud
services. But even that isn't quite right. There are
ways to use services commercially that are OK.
For instance, hosting website files on the webhosting
server. Getting email through a reputable company.

I should have said "free public cloud systems". Another one with a
contract and in a country with firm privacy laws is quite another thing.


But cloud has been marketed as not being those things
but rather specifically being commercial online services,
often free, from big tech companies who have turned
to datamining/ads as a new business model. In general,
when we talk about cloud, that's what we're talking about.
The very idea of cloud in the public imagination is those
services. There's always the marketing vs the actuality.
In a similar way, people used to use software. Now,
suddenly, everyone's solving the world's problems with
"AI". No difference. But most people would say software
is a procedural tool and AI is....well... it's a super-smart
miracle that can do anything and may have no need
for humans soon.

I doubt Google does datamining on the contents of google docs. But they
might.


--
Cheers, Carlos.

"Frank Slootweg" wrote

| I can understand your (and your brother's) frustration, but AFAIK,
| that scenario can't be true, unless your brother forgot his Google
| Account password or/and enabled 2-Step Verification for that account.
|
| If he had his password, he could just log into his Google Account
| (*not* Gmail) and fix his access/security problems.
|

No. He had his password. TBird said login failed.
So I went to the website. I entered his username
and password. It told me that due to a period of
non-use they had disabled "insecure apps". There
was no option to answer a secret question. They
provided two options: Provide a phone # for a
code to be messaged to or provide a second email
address. In the latter case they would "consider the
request and let me know"!

You may have not seen it if you're logging in with
something like an Android phone or Chromebook. He
was using Mozilla software on Windows.

And of course, none of this has anything to do with
alleged security concerns. They could see that he was
accessing his email from the same place he always had.
It showd in his account settings.
And providing a phone # doesn't confirm his ID. But they
insisted it might have been hacked and so they needed
a phone # before I could access the account settings
to turn off the anti-non-Google setting that was blocking
TBird.

If you use gmail and were not aware of that you might
want to get a backup email address. While I was in the
settings I also disabled other things like linking youtube
viewing history to gmail. (?) Those can't even be disabled.
The options are Cancel and Pause. What does pause mean?
I assume it means that Google is going to flip the setting
back without asking. Their behavior is outrageous. Yet
people put up with it.

| Personally I do not consider e-mail to be 'cloud', but *Gmail* can
| probably be classified as 'cloud', because they normally keep all your
| e-mail, not just your recent e-mail.
|
| Do you consider your normal MSP (Mail SP) to be 'cloud'?

As I wrote in my response to Carlos, cloud is really a
marketing scheme for an online services model that takes
control from you and rents you your own data, devices and
software. It's a scheme to train people to believe that
they don't have any reasonable expectation to control
their data or even to buy software.

In that respect, I regard gmail as cloud. I regard Google
docs as cloud. I don't regard my own email as cloud. Some
of it is from the webhost and some is from my ISP. Both
are paid for. Neither tries to pull the kind of sleaze that
Google does. Neither is claiming the right to read my email,
keep copies, or secretly "log me in" so that I can be tracked
online via browser or offline via phone.

There was an interesting 60 Minutes episode Sunday.
60 minutes is an American news magazine TV show. It
was all about a company called Bluedot that's been making
deals with spyware companies to create vast, informative
data troves. They provided tracking of people in California
to see whether people are obeying lockdown orders. The
state of CA is paying for the data. They
claim it's "anonymized", of course. What I found interesting
was that Bluedot, in their claiming to respect privacy, claim
they're only getting location data from advertiser spyware
on phones. They almost certainly get it from Google and
Apple, too, as well as the phone service companies like
Verizon, AT&T, Sprint, but none of the parties wants people
to think that.

I was struck by how odd that was. They're trying to
reassure the public about privacy by claiming that your
phone company is not selling your location data, and your
phone OS maker is not selling your data. Don't worry, only
the numerous spyware apps on your phone, tracking your
location and personal data, which you probably don't even
know are installed, are selling your personal data! But maybe
they say that because the spyware apps can at least
claim that you agreed to that by "installing" their app. And
much of it is the same thing, anyway. If you have a Samsung
phone with Verizon service, Google and Verizon can track you.
If you use Waze then Google can track you. If Waze shows
ads those may be Google/Doubleclick. These things can't
be realistically separated. And it wouldn't make sense to
think that any of those companies is going to pass up the
chance to make a side income from selling personal data.

On 4/28/2020 7:04 AM, Frank Slootweg wrote:
Mayayana wrote:
[...]

2) My brother was just released from rehab. He had a stroke.
I called him. He said his email wouldn't work. Hmm. After some
time I figured out the problem. He uses gmail. Google had
locked him out of his own email account, allegedly due to
lack of use. They had switched his settings to block non-Google
software/devices from getting his email! Worse, there was no way
to get in without having a cellphone where they could send
a security code. That, of course, has nothing to do with security.
A hacker could send them any old cellphone number. Google
was just holding his email hostage until they also got to know his
cellphone #! I gave them the number of a Tracphone that I
rarely turn on, got the code, got him back into his email. There
I was giving my phone number to a company I've come to view
as the root of all evil, and there was no way around it. If I
didn't, my brother wouldn't be able to see 2 months worth
of email.

I can understand your (and your brother's) frustration, but AFAIK,
that scenario can't be true, unless your brother forgot his Google
Account password or/and enabled 2-Step Verification for that account.

Google also offers 10 backup codes for those of us who do use 2FA. In my
case I've needed and used them when my phone or texting was down. Also
when I open my account on a strange device and didn't want my regular
password remembered since the backup codes can only be used once. I
always carry a few in my wallet for emergencies. (They are easily
disguised in case I lose my wallet)...

Mayayana wrote:
"Frank Slootweg" wrote

| I can understand your (and your brother's) frustration, but AFAIK,
| that scenario can't be true, unless your brother forgot his Google
| Account password or/and enabled 2-Step Verification for that account.
|
| If he had his password, he could just log into his Google Account
| (*not* Gmail) and fix his access/security problems.
|

No. He had his password. TBird said login failed.
So I went to the website. I entered his username
and password.

*Which* 'website'? The Gmail website or the Google Account website?
Two *related*, but totally different animals! That was/is the point
I'm making in the part you snipped. (I hope you read and understood it.)

It told me that due to a period of
non-use they had disabled "insecure apps".

Disabling and enabling "insecure apps" (actually 'Less secure app
access' (https://myaccount.google.com/lesssecureapps)) is a *user*
setting in the *Google* (*not* Gmail, *not* Thunderbird) account.

No offense, but I think you just did the 'wrong' thing in the 'wrong'
place. Quite an understandable 'error' and the kind which happens to a
lot of people in these groups.

BTW, if your brother is using IMAP, he can use OAuth2 instead of
"insecure apps". If he's using POP3, he can use (Google) App Passwords.
Yes, other cans-of-worms, but those are Google's ways! :-(

There
was no option to answer a secret question. They
provided two options: Provide a phone # for a
code to be messaged to or provide a second email
address. In the latter case they would "consider the
request and let me know"!

You may have not seen it if you're logging in with
something like an Android phone or Chromebook. He
was using Mozilla software on Windows.

That's my setup as well. Thunderbird on Windows (8.1) and access the
Google Account or/and Gmail web-mailer via Internet Explorer or Google
Chrome.

And of course, none of this has anything to do with
alleged security concerns. They could see that he was
accessing his email from the same place he always had.
It showd in his account settings.
And providing a phone # doesn't confirm his ID. But they
insisted it might have been hacked and so they needed
a phone # before I could access the account settings
to turn off the anti-non-Google setting that was blocking
TBird.

Yes, as I said/confirmed Google does have stupid policies.

[...]

"Frank Slootweg" wrote

| It told me that due to a period of
| non-use they had disabled "insecure apps".
|
| Disabling and enabling "insecure apps" (actually 'Less secure app
| access' (https://myaccount.google.com/lesssecureapps)) is a *user*
| setting in the *Google* (*not* Gmail, *not* Thunderbird) account.
|

And that's what they turned off. And that's
what I re-enabled. And then it worked. And now
his email is working again. To reiterate:

They disabled non-Google access (which they call
less secure apps), giving the excuse that the account
hadn't been accessed for awhile. I then *had to* give them
a cellphone number and accept a text message in order
to get into the settings. It wasn't an option. I looked
through the alternatives repeatedly before deciding I'd
have to give them a phone number.
Maybe it would have worked to buy a Chromebook.
Maybe it would have worked for him to install Chrome.
I don't know. Those options are absurd.

By your own description they must have been the right
settings because that's where I turned off the blocking.
You know better than I do if you use gmail, but I know
what they did in this case. Maybe it's a new trick. I
don't know. I feel like I need a shower now just talking
about actually visiting the bowels of Google's lair.

Mayayana wrote:

They disabled non-Google access (which they call less secure apps),
giving the excuse that the account hadn't been accessed for awhile.
I then *had to* give them a cellphone number and accept a text
message in order to get into the settings. It wasn't an option. I
looked through the alternatives repeatedly before deciding I'd have
to give them a phone number.

I must admit that I'm glad to hear that Google makes it difficult
to enter someone's account without the proper credentials...

"Carlos E.R." wrote

| I doubt Google does datamining on the contents of google docs. But they
| might.
|

I assume. That's their business model. And they lie.
So it would be crazy for them not to datamine everywhere
possible. And it's certain they'll lie about it. Remember
the streetview incident? They were caught collecting
any possible data from private wifi as they drove around.
Then they lied about that and said it was an accident.
Then they lied and said it was a "rogue engineer". They
just lie.


https://www.theregister.co.uk/2012/0...ogle_slurp_ok/

It's an amoral corporation, run and staffed by people who
think they're amazing geniuses, who prefer to have their
cellphone tell them what they should do today, who think
they're helping the world, and most of them are game-addicted
geeks with the emotional age of about 11. Eric
Schmidt was supposed to be the staff adult, but he was worse.
We had a very morally questionable person managing a lot of
naive, savant children.

Schmidt tried to run Hillary's campaign in 2016. His plan was
to virtually steal the election by doing something like was done
with Brexit -- use datamining to engineer every individual vote.
In the process he even planned how they could exploit young
people to do the work, pay them a pittance, and fire them
all at the soonest possible moment. Yet another example of
a faulty personality who thinks he's so smart that democracy
and other peoples' rights are an obstacle to him helping
the world. (Sound familiar? Billy Gates... Lord Jobs...)

http://www.itwire.com/government-tec...n-in-2014.html

Some might say the means would have justified the end to
keep Trump out. But as bad as Trump is, I can't see justifying
such dishonest, mean-spirited sleaze in order to keep him
out. And I'm not even sure Hillary would have been so much
better. Like Biden, she worked for the banks. But she was
also arrogant, seemingly believing it was her turn to be hotshot.
Politics? Who cares? Democratic values? Who cares? She just
wanted a turn at being boss and no doubt would have
continued her husband's tradition of plutocracy masquerading
as progressivism. Which is why she lost. The youth, especially,
saw through the scam.

"123456789" wrote

| They disabled non-Google access (which they call less secure apps),
| giving the excuse that the account hadn't been accessed for awhile.
| I then *had to* give them a cellphone number and accept a text
| message in order to get into the settings. It wasn't an option. I
| looked through the alternatives repeatedly before deciding I'd have
| to give them a phone number.
|
| I must admit that I'm glad to hear that Google makes it difficult
| to enter someone's account without the proper credentials...

I don't see where you get that. He had a password and
was accessing the account from the same IP address he's
always accessed it from. I'd call that crdentials.
They acknowledged in the settings that the location of
his computer was one historically used. That is his location was
known from past usage. So he had his username, password,
and he was logging in from the same IP he'd always logged
in from. And they chose to define that as a likely hack.

My phone number/location was new, unknown to Google
and not near where my brother lives. Yet they accepted that
as a security test. That's not credentials. It's just mickey mouse
excuses for spyware and data collection.

You could have done the same thing if you'd known his
password. A phone number means nothing. Probably
someone in China could get into his account by providing
a phone #. You call that security?

If you don't mind the hassle of having to get a text and
enter a code every time you check your email, and they
know your phone number is you, then that may be idiocy but
at least it's increased security. Demanding any old phone
number is nothing more than sleazy datamining. What would
have been *really* protecting his account would have been
if they'd set up secret questions, like everyone else does.
Even the IRS will let me in if I can answer the secret questions.
Like what was your first pet's name. That's a safe way to
allow people access and to let them get in if they've
forgotten their password.
But Google doesn't seem to have any such function. Why?
Because they're looking for excuses to tie their tracking of
your phone location and usage to your email ID.

Mayayana wrote:
"Frank Slootweg" wrote

| It told me that due to a period of
| non-use they had disabled "insecure apps".
|
| Disabling and enabling "insecure apps" (actually 'Less secure app
| access' (https://myaccount.google.com/lesssecureapps)) is a *user*
| setting in the *Google* (*not* Gmail, *not* Thunderbird) account.

And that's what they turned off. And that's
what I re-enabled. And then it worked. And now
his email is working again. To reiterate:

They disabled non-Google access (which they call
less secure apps), giving the excuse that the account
hadn't been accessed for awhile. I then *had to* give them
a cellphone number and accept a text message in order
to get into the settings. It wasn't an option. I looked
through the alternatives repeatedly before deciding I'd
have to give them a phone number.

It's still vague! I don't care what 'they' did or did not do. I only
care about what *you* did or did not do.

Another try:

When you had not given the phone number yet, could you log into the
*Google* account (*not* Gmail, *not* Thunderbird) or not?

If you could log into the Google account, you could have re-enabled
'Less secure app access' yourself.

If you could not log into the Google account, why not?

So nevermind Thunderbird and Gmail, concentrate on accessing and using
the *Google* account.

Maybe it would have worked to buy a Chromebook.
Maybe it would have worked for him to install Chrome.
I don't know. Those options are absurd.

As I said, those 'options' are not needed. Internet Explorer and
probably any other somewhat decent browser would have worked fine.

By your own description they must have been the right
settings because that's where I turned off the blocking.
You know better than I do if you use gmail, but I know
what they did in this case. Maybe it's a new trick. I
don't know. I feel like I need a shower now just talking
about actually visiting the bowels of Google's lair.

Again, it's not about them, but about you. We *know* the 'Less secure
app access' setting was wrong. What we don't know is *why* *you* could
not *fix* it, because - as I said - it's a normal user settable setting.