Welcome!

Open Source Cloud Authors: Elizabeth White, Zakia Bouachraoui, Liz McMillan, Pat Romanski, Yeshim Deniz

Related Topics: Agile Computing, @CloudExpo

Agile Computing: Article

Cloud Computing & Privacy: Would You Trust Amazon?

Do you trust [the computer landlord] not to let the bad guys (such as the police) into your machine?

David Crossland's Blog

The Guardian recently posted an article quoting Richard Stallman on cloud computing. If a user wants to use network applications in freedom, they can do their own computing on their own computer with their copy of a freedom-respecting network-accessed program if their computer is a network server. Is this a good idea? Yes, I think so.

While this is not the common vision of “cloud computing,” I think that is what critics of “cloud computing” like autonomo.us should be enabling people to do.

Amazon offers a popular “elastic cloud computing” virtual server hosting service, where users upload a GNU/Xen-Linux system disk image which is booted but for which bandwidth, storage disk and processing power is ‘elastic’ - can scale arbitrarily, and on demand. I have not used this service, but I hear it is very simple to use with a pre-configured disk image.

I wonder if putting a system disk image together for services like this, consisting of only free software suitable for the common tasks people use proprietary cloud computing for, and that is configurable with a simple ‘installation wizard,’ would be a good way to provide a practical alternative to cloud computing?

These common tasks seem to be e-mail (Microsoft Hotmail, Google Mail) calendars (Google Calendars) collaborative authoring/spreadsheets (Google Docs) task management (37signals BaseCamp) and blog/status/photo publishing (Blogger/LiveJournal/WordPress, Twitter/identi.ca, Flickr/Picasa, and omnipotent Facebook). The programs behind WordPress and identi.ca seem to show the way forward with “federation” features that allow users to run their own programs while benefiting from the ‘network effects’ typical of centralised services.

Running your own cloud usually means renting a virtualized computer. Or renting a physical computer, or renting space in a telehouse rack with your own physical computer, or leaving your desktop computer turned on 24/7 and connected via residential DSL with a static IP address as Chris does - but I don’t think there is any real difference in terms of freedom here.

This is typically seen as very complex, but I think services like Amazon make it much easier than it used to be.

Renting a computer brings up another issue though, which Richard Stallman brought up with me when I asked him about this: “Do you trust [the computer landlord] not to let the bad guys (such as the police) into your machine?”

I am not sure how to answer that question, and my uncertainly is summarized as: would you trust Amazon?

A small personable and ‘trustworthy’ ISP seems just as vulnerable to haxor attacks or surveillance requests from the state as a large corporate ‘faceless’ ISP to me.

I also wonder about why any bad guys would want access to a personal network server any more than a laptop. Simple vandals trawl the net for unpatched servers (and laptops…) but a personal network server would have a simple authentication lock that would adequately prevent such vandals from accessing out of date server programs.

Obviously the state wants to get into machines to fight crime, and as I’m not a criminal that’s okay - but it also wants access to fight political dissent, and as an activist I am wary about that. But the simplest, cheapest and most common way for the police to get into a machine and to stifle the operator’s dissent is to seize it. People who meet active stifling of their political network activity, say like The Pirate Bay, adequately mitigate that with backups in multiple jurisdictions, so that when any server is seized, another is put online within in a few days.

If the state wants to have covert access without disconnecting the machine, that also seems straightforward, although more expensive; the way the UK surveillance law works, citizens made complicit in surveillance activity (eg, being forced to reveal crypto passwords) face up to 2 years in jail if they tell anyone about it. And police ask ISPs for things without forcing them and ISPs routinely bend over; I suppose thats the difference between a small personable company and a backstabbing corporate one. And for unlawful forced access, I think it is impossible to totally secure against that, since individuals acting alone have annually gained illicit root access to governmentally-secret computers the last 30 years.

But getting into machines covertly seems unnecessary; the tap is better done ‘upstream’ at the network switch. And it's well known that spy agencies have total access to all network traffic with systems like Echelon and Carnivore. (So if I was involved in political dissent forcefully opposed by the state, then probably I would avoid using computer networks. The Unabomber did alright that way… ;-)

I agree it is good to mention this issue when publicizing the problems of cloud computing. But it seems to me that in the current political climate the answer to the question is always, “I do not trust the computer landlord not to let the bad guys (such as the police) into my rented machine, just by asking.”

Yet avoiding cloud computing with programs you control but on servers you rent does not do anything to help resolve this.

Creative Commons License
This article by David Crossland, except the quotations and unless otherwise expressly stated, is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.

More Stories By David Crossland

David Crossley is a post graduate MA Student in Typeface Design at the University of Reading in the UK.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
The platform combines the strengths of Singtel's extensive, intelligent network capabilities with Microsoft's cloud expertise to create a unique solution that sets new standards for IoT applications," said Mr Diomedes Kastanis, Head of IoT at Singtel. "Our solution provides speed, transparency and flexibility, paving the way for a more pervasive use of IoT to accelerate enterprises' digitalisation efforts. AI-powered intelligent connectivity over Microsoft Azure will be the fastest connected pat...
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Druva is the global leader in Cloud Data Protection and Management, delivering the industry's first data management-as-a-service solution that aggregates data from endpoints, servers and cloud applications and leverages the public cloud to offer a single pane of glass to enable data protection, governance and intelligence-dramatically increasing the availability and visibility of business critical information, while reducing the risk, cost and complexity of managing and protecting it. Druva's...
BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for five years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe.
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
DSR is a supplier of project management, consultancy services and IT solutions that increase effectiveness of a company's operations in the production sector. The company combines in-depth knowledge of international companies with expert knowledge utilising IT tools that support manufacturing and distribution processes. DSR ensures optimization and integration of internal processes which is necessary for companies to grow rapidly. The rapid growth is possible thanks, to specialized services an...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...