Chriss Miller
Programmer
- Aug 14, 2024
- 408
In https://powershell.one/tricks/filesystem/filesystemwatcher me and Steve Meyerson had a short exchange on cloud storage privacy in the context of using a cloud for version control of projects.
At one I said I do backup a folder tek-tips for most things I maintain tek-tips related:
Take a look at the second part with an asynchronous approach as the author admits the first simpler solution has a blind spot limitation, which the second asynchronous script does not.
It's not a full solution, but the idea once you have a script to invoke an action for any new, changed or deleted file you can use that to encrypt a new or changed file into a directory that syncs with a cloud drive or just your external drive. At this stage I'd even go for a multi staging process as the goal would be to monitor your project directories while you work on them and even just copying a file you just saved modified could easily fail and would need a retry, so a first staging directory could be just the new and modified files you generate from there into a folder you only use for the next step of encrpting and then forwarding the encrypted files to a directory snyced with a cloud or your external drive. Powershell also offers file en/decryption to do this and more.
Obviously for source version control a tool like Github is much more straight forward to use, which is not the only reason I don't want to elaborate on the details of a staged cloud usage. I'd like to make this a more general discussion also on the political and policy aspects of it.
First I don't hear about suspicion from Steven for the first time, I also know others, who boycott GitHub for their involvement with ICE. See articles like some of VOX.com, LA Times, Vice and more and also what GitHub themselves blog on it: https://github.blog/news-insights/company-news/github-and-us-government-developers/
So, you don't have to believe in conspiracy theories to know that not only US governments will ask and want access to anything in the context of crime investigations besides the threat of industry espionage, and in the bigger picture things like identity theft.
Cloud providers also address their concerns, like here:
Or take what pcloud writes about their privacy policies:
www.pcloud.com
You surely always have the thought about how a cloud provider could technically store something encrypted in ways they couldn't even decrypt your data themselves, whereas they also offer file and directory sharing temporary and permanent where the peer gets the access they can't have. Promising and roughly describing it may not convince you and even if that's not the neuraligic point of which you're concerned the most but the demand of government for access or their capabilities to get it even unbeknown by the cloud providers.
Putting a layer of your own encryption makes all these concerns futile. Besides you could even go one step further and split encrypted files to store half of it in cloud one and the other in cloud two. It becomes harder to get back at your original files, once you need that functionality of your backup, so it surely becomes important to also program the opposite direction of retrieving the encrypted (maybe partial) files and (merge and) decrypt them and test to ensure that works. Sharing with others also becomes a harder job, obviously.
Anyway, I don't like to hear the saying anymore, that there only exists Microsoft Azure, Amazon AWS, Google Cloud Platform and Oracle Cloud. Apples iCloud, works in part based on Google Cloud Platform, but not fully. And many more other cloud providers also don't just work as redistributer of the big 4, just with added services and interfaces. What's ture, I think that over 60% of all cloud storage goes into the big 4, but that still leaves room for others. You can also define your own "cloud" based on web hosting from a local trusted company, cohosting your own server, to name just some options. There's also software like owncloud, nextcloud and others to make more of it than just an FPT or SSH file/upload to rented disk space. Be it only to put a server somewhere at your parents or childrens house to have the safety of more than one place for your backups.
So , what's your take on this? What do you use? What do you know? What would you recommend?
At one I said I do backup a folder tek-tips for most things I maintain tek-tips related:
(costs also were a concern)
To follow up on that, first on the technical level: One basis to use is a powershell FileSystemWatcher, there's a similar thing in WMI, too, but why not start on the shoulders of something that's good to go and totally transparent: https://powershell.one/tricks/filesystem/filesystemwatcher.
Take a look at the second part with an asynchronous approach as the author admits the first simpler solution has a blind spot limitation, which the second asynchronous script does not.
It's not a full solution, but the idea once you have a script to invoke an action for any new, changed or deleted file you can use that to encrypt a new or changed file into a directory that syncs with a cloud drive or just your external drive. At this stage I'd even go for a multi staging process as the goal would be to monitor your project directories while you work on them and even just copying a file you just saved modified could easily fail and would need a retry, so a first staging directory could be just the new and modified files you generate from there into a folder you only use for the next step of encrpting and then forwarding the encrypted files to a directory snyced with a cloud or your external drive. Powershell also offers file en/decryption to do this and more.
Obviously for source version control a tool like Github is much more straight forward to use, which is not the only reason I don't want to elaborate on the details of a staged cloud usage. I'd like to make this a more general discussion also on the political and policy aspects of it.
First I don't hear about suspicion from Steven for the first time, I also know others, who boycott GitHub for their involvement with ICE. See articles like some of VOX.com, LA Times, Vice and more and also what GitHub themselves blog on it: https://github.blog/news-insights/company-news/github-and-us-government-developers/
So, you don't have to believe in conspiracy theories to know that not only US governments will ask and want access to anything in the context of crime investigations besides the threat of industry espionage, and in the bigger picture things like identity theft.
Cloud providers also address their concerns, like here:
I'm cautious with such accusations and whether it's just used to convince you to be better off at proton drive (in this case). Besides explaining how file sharing can work in ways they don't get access themselves:
Or take what pcloud writes about their privacy policies:
pCloud - Data regions
pCloud is the most secure encrypted cloud storage, where you can store your personal files or backup your PC or share your business documents with your team!
www.pcloud.com
You surely always have the thought about how a cloud provider could technically store something encrypted in ways they couldn't even decrypt your data themselves, whereas they also offer file and directory sharing temporary and permanent where the peer gets the access they can't have. Promising and roughly describing it may not convince you and even if that's not the neuraligic point of which you're concerned the most but the demand of government for access or their capabilities to get it even unbeknown by the cloud providers.
Putting a layer of your own encryption makes all these concerns futile. Besides you could even go one step further and split encrypted files to store half of it in cloud one and the other in cloud two. It becomes harder to get back at your original files, once you need that functionality of your backup, so it surely becomes important to also program the opposite direction of retrieving the encrypted (maybe partial) files and (merge and) decrypt them and test to ensure that works. Sharing with others also becomes a harder job, obviously.
Anyway, I don't like to hear the saying anymore, that there only exists Microsoft Azure, Amazon AWS, Google Cloud Platform and Oracle Cloud. Apples iCloud, works in part based on Google Cloud Platform, but not fully. And many more other cloud providers also don't just work as redistributer of the big 4, just with added services and interfaces. What's ture, I think that over 60% of all cloud storage goes into the big 4, but that still leaves room for others. You can also define your own "cloud" based on web hosting from a local trusted company, cohosting your own server, to name just some options. There's also software like owncloud, nextcloud and others to make more of it than just an FPT or SSH file/upload to rented disk space. Be it only to put a server somewhere at your parents or childrens house to have the safety of more than one place for your backups.
So , what's your take on this? What do you use? What do you know? What would you recommend?
