ALERT!!!!! Massive privacy glitch compromises photos/videos of google photos and google drive users!
It had to happen... and things like that will happen again and again!
The next big privacy glitch or breach always is just around the corner!
For those of you using any kind of online synching or online data backup method to save their photos and data to "the cloud" please keep in mind
"the cloud is just someone else's computer!"
You might think... well, no big deal it's just photos... are you sure?
Maybe there are screenshots on there of some private keys or seed phrases of your crypto wallets.
Possibly you've taken shots of your pii (personal identifiable information) like drivers license, social security, passport or some other id document.
Some might have other compromising stuff synched/back upped there.
Ideal for identity theft and some other shenanigans that are daily business in the cyber space.
I can only repeatedly and strongly recommend that you question your privacy measures on a regular basis including possibly not using such services because of the inherent breach and glitch risks with third parties.
If you feel the need to use such features like data, photo, video synch services at least consider using a trustworthy commercial provider whose general source of income is not to sell collected data by tracking or like in this case peoples willingly provided data.
If you can use local data backup and synching on own devices that only you control you should probably rather skip on the "free" offerings of the known internet giant like google and others!
Please checkout the ars technica article linked here
and the "breaking news" video from "The hated one" on this issue:
Btw... please consider subscribing to his channel to keep up to data with infosec, opsec, privacy issues and news! I highly recommend his very helpful content!
What had happened?
Google has disclosed a nightmare of a security and privacy bug affecting Google Photos users: for a time, it was possible for private videos to be downloaded by unrelated users. The bug happened through Google Takeout, a service that lets you download archives of your Google Data. Apparently, the wrong videos were included in these user-generated archives, resulting in the users getting local copies of somebody else's videos.
Google has been sending emails to affected Takeout users. In the email, which was first spotted by 9to5Google, Google writes, "Some videos in Google Photos were incorrectly exported to unrelated user's archives. One or more videos in your Google Photos account was affected by this issue. If you downloaded your data, it may be incomplete, and it may contain videos that are not yours." Google writes that the bug happened "between November 21, 2019 and November 25, 2019."
Source ars technica
So, what do you think? Are you affected by this recent issue? Check your googlemail mail account to see if google thinks that your data was compromised!
Shoot me a comment if you like!
Cheers!
Lucky
That bug really sounds like a nightmare. Personally, I think this fault did not affect me (at least, I have no knowledge of that), but I do not even want to think about the people who saw some sensitive data compromised.
Hello! Thank you for your comment!
Yes, it's very sad to see that people are actually powerless when it comes to the modern age cyber cyclops.
But wait... are they really powerless? Not really actually. It's quite easy even to close google-, Facebook-, Twitter-accounts and adjust some internet usage habits to improve operational security and privacy.
The core issue imho is the fact that people are used to turn a blind eye or to roll eyes when it comes to the latest "glitches", breaches and hacks.
It has become normal for them to accept that especially the big guns in the cyber economy have their breaches, privacy issues, hacks and on top things like Cambridge analytica scandal's.
One has to give 'em that... they did a great job desensitizing the users, regulators and the legislators... Ok, for the latter they additionally fix a lot with some strategically smart placed monetary incentives and compensation.
Btw... in this case, the users that were affected by this "bug" were informed by google via email. Check your "googlemail.com" inbox if there is a mail from google!
Cheers!
Lucky
Okay. I see that I have not received any message in the mail so I should not be among those affected.
👍
@tipu curate
Had not been paying attention to the news lately so thanks. And indeed, clouds are computers that belong to someone other than those of whom the content belongs.
Hello @machnbirdsparo!
Thanks for your comment!
Nope... this hasn't made headlines in mainstream news so far, besides the ars technica article on the "outer rim" to mainstream stuff.
Cheers!
Lucky
I hope to be prepared when it does. You seem like you will.
Thank you for your comment!
Regarding this I am prepared. I even use google drive in a special niche (off "main-site" secondary location with IT equipment) but I only sync pre encrypted files (local data backups).
For the average user I cannot recommend any of these "free" synching offerings because of what I wrote in the article. But if you have a little more of an IT background and you keep in mind certain aspects, like only synching encrypted data to such services for instance, imho you can use these.
But for an simplistic view on this, most will be better off not using any of these privacy raping, having a low priority on being good data custodians with some integrity for their users, offerings.
I know, it's simply tempting to use some of these easy to use and operational almost flawless offerings of some of our internet giants like google, amazon, apple and so on.
...but the third party risks (service providers collecting usage data, tracking, profiling, users in many cases basically even have to give up ownership of their data, hacks/breaches) are unbearable and uncontrollable.
So to me it makes more sense to advice in direction of a self-controlled backup/synch solution on site or with a few more trustworthy cloud service providers that do not have tainted their business model to sell gathered user information/data.
Depending on the individual data backup and data retention needs users can pick up an off the shelve solution for data backup, that usually is somewhat end user friendly almost on the level "Granny/Gramps proof". ;-)
I've helped a bunch of friends and family and even some smb's with such low end, low maintenance, cost effective "shoot and forget" solutions. Some even, because of their data sharing needs cloud based. Some of these little "pro bono", on the side projects have proven to be very reliable and some are in use for a decade and more with very little adjustments (capacity adjustments, patching and so on).
For example integrating a little NAS solution for instance is really a piece of cake for most but in some cases even a local USB connected drive does the trick sufficiently.
Cheers!
Lucky
Dear @doifeellucky
Data and privacy protection is indeed something that we should all pay attention to. Thanks for this post. I wasn't aware of this google glitch.
The truth is, that most people I know (including me) would rather believe that files in the cloud are safer comparing to same files being stored on our local computers. Most likely it's easier to hack to my laptop than it would be to hack to google.
ps. I've been watching this youtube channel for quite sometime. Solid recommendation :)
Solid read. Few solid upvotes on the way :)
Yours, Piotr
Hello Piotr,
thanks for your comment.
Can't agree with the "safer in the cloud than on own local devices" argument. No need to make data backup devices internet accessible or vice versa. Even some cheap out of the box soho file server will do the trick nicely without having any third party risks. This latest google issue shows quite impressively what can go wrong with such providers. Murphy's law...
If there is a need to share data between devices in different locations at least consider using a paid cloud service that is not "living" off of selling other peoples data and also consider to encrypt your data that is placed "in the cloud".
Cheers!
Lucky
Hi @doifeellucky
I figured that you may disagree. However when I see level of safety of computers belonging to my friends and family (and myself :P) then I wonder data stored in clouds wouldn't be indeed more safe than stored on our own discs. Keep in mind, that majority of population knows very little about computers ;)
It's surely much easier to hack into personal computers. Wouldn't you agree?
ps. Would you perhaps consider posting next time within project.hope hive and setting up 20% beneficiary to ph-fund? That will help me with your content discovery. And I will gladly upvote your posts with some solid upvote. Let me know :)
Yours, Piotr
To listen to the audio version of this article click on the play image.
Brought to you by @tts. If you find it useful please consider upvoting this reply.