Discussion:
The security of Mozy
(too old to reply)
curious guy
2009-09-24 03:12:29 UTC
Permalink
Raw Message
I am thinking of using the Mozy paid backup service as my primary
backup system. I have some concerns.

What country are the Mozy servers located in? How well are the
privacy right of individuals protected in that country?

Can Mozy employees look at my files? Would it be safe for me to
backup financial and medical information on Mozy without encrypting
it? Does Mozy check to see if I have copyrighted materials in my
backup set?

I have a large number of nude pictures. I think they are all legal
but I am not totally sure. I keep these pictures in TrueCrypt
containers. If I backup my container files to Mozy, will they notify
law enforcement that I have encrypted data?
Arno
2009-09-24 03:29:24 UTC
Permalink
Raw Message
Post by curious guy
I am thinking of using the Mozy paid backup service as my primary
backup system. I have some concerns.
What country are the Mozy servers located in? How well are the
privacy right of individuals protected in that country?
Can Mozy employees look at my files? Would it be safe for me to
backup financial and medical information on Mozy without encrypting
it? Does Mozy check to see if I have copyrighted materials in my
backup set?
I have a large number of nude pictures. I think they are all legal
but I am not totally sure. I keep these pictures in TrueCrypt
containers. If I backup my container files to Mozy, will they notify
law enforcement that I have encrypted data?
I would say your concerns eleminate the use of any online storage
service without encryption. However (unless you are british), using
encryption is not enough to generate probable cause, especially as
many users will encrypt exactly because of similar concerns.
So encrypt away, by now encryption is not a secret technology
anymore.

A possible larger risk is that you could accidentially backup
something to such a service, while a crypto container is open.

(Incidentially your pictures are likely not really a concern,
I have talked to law-enforcement expets and the pictures they
are concerned with are something no sane person could ever
find apealing or even look at without a serious risk of
nighmares.)

Still, best bet is to never use online storage without encryption
if you can help it. Sometimes you cannot. For example I have all
my email comming into rented virtual servers. The admins of the
base machines can look at it. But this would open them up to
personal criminal prosecution, if they do, since looking at
email withouy p[ermission is strictly forbiddent in the country
the servers and companies are located.

Arno
2312
2009-09-24 06:21:37 UTC
Permalink
Raw Message
In comp.sys.ibm.pc.hardware.storage curious guy
Post by curious guy
I am thinking of using the Mozy paid backup service as my primary
backup system. I have some concerns.
What country are the Mozy servers located in? How well are the
privacy right of individuals protected in that country?
Can Mozy employees look at my files? Would it be safe for me to
backup financial and medical information on Mozy without encrypting
it? Does Mozy check to see if I have copyrighted materials in my
backup set?
I have a large number of nude pictures. I think they are all legal
but I am not totally sure. I keep these pictures in TrueCrypt
containers. If I backup my container files to Mozy, will they notify
law enforcement that I have encrypted data?
I would say your concerns eleminate the use of any online storage
service without encryption. However (unless you are british), using
encryption is not enough to generate probable cause, especially as
many users will encrypt exactly because of similar concerns.
So encrypt away, by now encryption is not a secret technology
anymore.
A possible larger risk is that you could accidentially backup
something to such a service, while a crypto container is open.
(Incidentially your pictures are likely not really a concern,
I have talked to law-enforcement expets and the pictures they
are concerned with are something no sane person could ever
find apealing or even look at without a serious risk of nighmares.)
Or he has flagrantly illegal child porn in there and is trying
to find out whether he is likely to get caught if he uses Mozy.
Still, best bet is to never use online storage without encryption
if you can help it. Sometimes you cannot. For example I have all
my email comming into rented virtual servers. The admins of the
base machines can look at it. But this would open them up to
personal criminal prosecution, if they do, since looking at
email withouy p[ermission is strictly forbiddent in the country
the servers and companies are located.
Arno
2009-09-25 01:52:13 UTC
Permalink
Raw Message
Post by 2312
In comp.sys.ibm.pc.hardware.storage curious guy
Post by curious guy
I am thinking of using the Mozy paid backup service as my primary
backup system. I have some concerns.
What country are the Mozy servers located in? How well are the
privacy right of individuals protected in that country?
Can Mozy employees look at my files? Would it be safe for me to
backup financial and medical information on Mozy without encrypting
it? Does Mozy check to see if I have copyrighted materials in my
backup set?
I have a large number of nude pictures. I think they are all legal
but I am not totally sure. I keep these pictures in TrueCrypt
containers. If I backup my container files to Mozy, will they notify
law enforcement that I have encrypted data?
I would say your concerns eleminate the use of any online storage
service without encryption. However (unless you are british), using
encryption is not enough to generate probable cause, especially as
many users will encrypt exactly because of similar concerns.
So encrypt away, by now encryption is not a secret technology
anymore.
A possible larger risk is that you could accidentially backup
something to such a service, while a crypto container is open.
(Incidentially your pictures are likely not really a concern,
I have talked to law-enforcement expets and the pictures they
are concerned with are something no sane person could ever
find apealing or even look at without a serious risk of nighmares.)
Or he has flagrantly illegal child porn in there and is trying
to find out whether he is likely to get caught if he uses Mozy.
Only people with soemthing to hide want/need encryption?
Not true, as is well known to anybody that bothers to find out.

Arno
Post by 2312
Still, best bet is to never use online storage without encryption
if you can help it. Sometimes you cannot. For example I have all
my email comming into rented virtual servers. The admins of the
base machines can look at it. But this would open them up to
personal criminal prosecution, if they do, since looking at
email withouy p[ermission is strictly forbiddent in the country
the servers and companies are located.
2312
2009-09-25 05:11:48 UTC
Permalink
Raw Message
Post by Arno
Post by 2312
In comp.sys.ibm.pc.hardware.storage curious guy
Post by curious guy
I am thinking of using the Mozy paid backup service as my primary
backup system. I have some concerns.
What country are the Mozy servers located in? How well are the
privacy right of individuals protected in that country?
Can Mozy employees look at my files? Would it be safe for me to
backup financial and medical information on Mozy without encrypting
it? Does Mozy check to see if I have copyrighted materials in my
backup set?
I have a large number of nude pictures. I think they are all legal
but I am not totally sure. I keep these pictures in TrueCrypt
containers. If I backup my container files to Mozy, will they
notify law enforcement that I have encrypted data?
I would say your concerns eleminate the use of any online storage
service without encryption. However (unless you are british), using
encryption is not enough to generate probable cause, especially as
many users will encrypt exactly because of similar concerns.
So encrypt away, by now encryption is not a secret technology
anymore.
A possible larger risk is that you could accidentially backup
something to such a service, while a crypto container is open.
(Incidentially your pictures are likely not really a concern,
I have talked to law-enforcement expets and the pictures they
are concerned with are something no sane person could ever
find apealing or even look at without a serious risk of nighmares.)
Or he has flagrantly illegal child porn in there and is trying
to find out whether he is likely to get caught if he uses Mozy.
Only people with soemthing to hide want/need encryption?
Never ever said anything like that. I JUST said that you
have no idea whether what he has in his is legal or not.

Its just a tad unlikely that any jurisdiction would be using a search warrant
whenever they notice anyone using encryption with a remote backup.

Even the frogs arent THAT gung ho.
Post by Arno
Not true, as is well known to anybody that bothers to find out.
Having fun thrashing that straw man ?
Post by Arno
Post by 2312
Still, best bet is to never use online storage without encryption
if you can help it. Sometimes you cannot. For example I have all
my email comming into rented virtual servers. The admins of the
base machines can look at it. But this would open them up to
personal criminal prosecution, if they do, since looking at
email withouy p[ermission is strictly forbiddent in the country
the servers and companies are located.
Arno
2009-09-25 17:28:39 UTC
Permalink
Raw Message
Post by 2312
Post by Arno
Post by 2312
In comp.sys.ibm.pc.hardware.storage curious guy
Post by curious guy
I am thinking of using the Mozy paid backup service as my primary
backup system. I have some concerns.
What country are the Mozy servers located in? How well are the
privacy right of individuals protected in that country?
Can Mozy employees look at my files? Would it be safe for me to
backup financial and medical information on Mozy without encrypting
it? Does Mozy check to see if I have copyrighted materials in my
backup set?
I have a large number of nude pictures. I think they are all legal
but I am not totally sure. I keep these pictures in TrueCrypt
containers. If I backup my container files to Mozy, will they
notify law enforcement that I have encrypted data?
I would say your concerns eleminate the use of any online storage
service without encryption. However (unless you are british), using
encryption is not enough to generate probable cause, especially as
many users will encrypt exactly because of similar concerns.
So encrypt away, by now encryption is not a secret technology
anymore.
A possible larger risk is that you could accidentially backup
something to such a service, while a crypto container is open.
(Incidentially your pictures are likely not really a concern,
I have talked to law-enforcement expets and the pictures they
are concerned with are something no sane person could ever
find apealing or even look at without a serious risk of nighmares.)
Or he has flagrantly illegal child porn in there and is trying
to find out whether he is likely to get caught if he uses Mozy.
Only people with soemthing to hide want/need encryption?
Never ever said anything like that. I JUST said that you
have no idea whether what he has in his is legal or not.
And why should I make sure? Any (sane please) reason?
Crypto is out there and anybody can use it. Somebody
asking for help is far likely to actually have something
illegal than others.
Post by 2312
Its just a tad unlikely that any jurisdiction would be using a
search warrant whenever they notice anyone using encryption with a
remote backup.
In civilized countries they actually do not get a warrant on
that reason alone and even with a warrant cannot force
disclosure of the keys.
Post by 2312
Even the frogs arent THAT gung ho.
The french do not worry me, they are all bluster. I am really
concerned about the brits though. They are heading fast in
a very, very dangerous direction. And thay can lock you up
if the _think_ you have something encrypted that they want
to see. Even if they are wring (which you have absolutely
no chance proving in many cases).

Arno
2312
2009-09-25 18:32:32 UTC
Permalink
Raw Message
Post by Arno
Post by 2312
Post by Arno
Post by 2312
In comp.sys.ibm.pc.hardware.storage curious guy
Post by curious guy
I am thinking of using the Mozy paid backup service as my primary
backup system. I have some concerns.
What country are the Mozy servers located in? How well are the
privacy right of individuals protected in that country?
Can Mozy employees look at my files? Would it be safe for me to
backup financial and medical information on Mozy without
encrypting it? Does Mozy check to see if I have copyrighted
materials in my backup set?
I have a large number of nude pictures. I think they are all
legal but I am not totally sure. I keep these pictures in
TrueCrypt containers. If I backup my container files to Mozy,
will they notify law enforcement that I have encrypted data?
I would say your concerns eleminate the use of any online storage
service without encryption. However (unless you are british),
using encryption is not enough to generate probable cause,
especially as many users will encrypt exactly because of similar
concerns.
So encrypt away, by now encryption is not a secret technology
anymore.
A possible larger risk is that you could accidentially backup
something to such a service, while a crypto container is open.
(Incidentially your pictures are likely not really a concern,
I have talked to law-enforcement expets and the pictures they
are concerned with are something no sane person could ever
find apealing or even look at without a serious risk of
nighmares.)
Or he has flagrantly illegal child porn in there and is trying
to find out whether he is likely to get caught if he uses Mozy.
Only people with soemthing to hide want/need encryption?
Never ever said anything like that. I JUST said that you
have no idea whether what he has in his is legal or not.
And why should I make sure?
Never ever said you should.
Post by Arno
Any (sane please) reason? Crypto is out there and anybody can use it. Somebody
asking for help is far likely to actually have something illegal than others.
Mindlessly silly.
Post by Arno
Post by 2312
Its just a tad unlikely that any jurisdiction would be using
a search warrant whenever they notice anyone using
encryption with a remote backup.
In civilized countries they actually do not get a warrant on that reason alone
What I said in different words.
Post by Arno
and even with a warrant cannot force disclosure of the keys.
That varys with the jurisdiction.

Even you should have noticed what the US has got up to in Abu
Grabe etc, let alone with rendition in egyptian jails etc etc etc.
Post by Arno
Post by 2312
Even the frogs arent THAT gung ho.
The french do not worry me, they are all bluster. I am really
concerned about the brits though. They are heading fast in a
very, very dangerous direction. And thay can lock you up if the
_think_ you have something encrypted that they want to see.
Not for very long.
Post by Arno
Even if they are wring (which you have absolutely no chance proving in many cases).
Yes, terrorism has produced some real legal downsides.
chrisv
2009-09-28 14:32:09 UTC
Permalink
Raw Message
Post by Arno
I am really
Post by Arno
concerned about the brits though. They are heading fast in a
very, very dangerous direction. And thay can lock you up if the
_think_ you have something encrypted that they want to see.
Not for very long.
That's comforting. Not.
2312
2009-09-28 17:46:44 UTC
Permalink
Raw Message
Post by chrisv
Post by Arno
I am really
Post by Arno
concerned about the brits though. They are heading fast in a
very, very dangerous direction. And thay can lock you up if the
_think_ you have something encrypted that they want to see.
Not for very long.
That's comforting. Not.
If you don't like that, you're always free to never ever go anywhere near that soggy little island.
curious guy
2009-09-25 15:53:19 UTC
Permalink
Raw Message
Post by Arno
However (unless you are british), using
encryption is not enough to generate probable cause, especially as
many users will encrypt exactly because of similar concerns.
Does it matter how many gigs one has? If someone has more than X gigs
would courts grant search warrants? If so, what is the value of X?
Arno
2009-09-25 17:29:56 UTC
Permalink
Raw Message
Post by curious guy
Post by Arno
However (unless you are british), using
encryption is not enough to generate probable cause, especially as
many users will encrypt exactly because of similar concerns.
Does it matter how many gigs one has? If someone has more than X gigs
would courts grant search warrants? If so, what is the value of X?
Depends on about every detail for the situation, e.g. which country,
which judge, ...

Arno
Rod Speed
2009-09-25 18:25:52 UTC
Permalink
Raw Message
Post by curious guy
However (unless you are british), using encryption is not
enough to generate probable cause, especially as many
users will encrypt exactly because of similar concerns.
Does it matter how many gigs one has?
To some extent. Clearly the authoritys are more likely to
be suspicious of the larger amounts, just because they
would normally be video, not just your banking details etc.
Post by curious guy
If someone has more than X gigs would courts grant search warrants?
Its never that black and white.
Post by curious guy
If so, what is the value of X?
They would never be stupid enough to announce the value if there was one.
curious guy
2009-09-25 15:53:19 UTC
Permalink
Raw Message
Post by Arno
(Incidentially your pictures are likely not really a concern,
I have talked to law-enforcement expets and the pictures they
are concerned with are something no sane person could ever
find apealing or even look at without a serious risk of
nighmares.)
Can you give some more details about what pictures are illegal? I
once heard a female US senator say that she wanted to eliminate all
child porn even if it was just European children playing nude on the
beach.

I get the impression that many law enforcement people think that any
nude picture of someone who MIGHT be under 18 is child porn. I saw an
episode of "Law and Order: Special Victims" in which they called a
picture of a boy in a bathing suit, child porn.
Arno
2009-09-25 17:45:45 UTC
Permalink
Raw Message
Post by curious guy
Post by Arno
(Incidentially your pictures are likely not really a concern,
I have talked to law-enforcement expets and the pictures they
are concerned with are something no sane person could ever
find apealing or even look at without a serious risk of
nighmares.)
Can you give some more details about what pictures are illegal? I
once heard a female US senator say that she wanted to eliminate all
child porn even if it was just European children playing nude on the
beach.
Oh, you are in the US? Well, then the issue might be a bit insane.
And I cannot really give you conclusive advice.

Just a data-point: In Germany child porn needs to first be porn,
and there "nude pictures" do not qualify. And "child" is somebody
under 14 years of age. Although lately they added a law about
"youth porn", with a lot more general provisions, purely for
political reasons and against practically all expert advice. It
also has the "appears to be underage" clause in it and criminalizes
depicting of "sexual poses". It is widely expected to be found
unconstitutional as soon as they try to punish somebody for
possession, for example bacause the term "appears" does not
qualify as legal specifier.
Post by curious guy
I get the impression that many law enforcement people think that any
nude picture of someone who MIGHT be under 18 is child porn. I saw an
episode of "Law and Order: Special Victims" in which they called a
picture of a boy in a bathing suit, child porn.
Well, this is a real problem. Completely stupid of course, as
protecting children is about protecting children and not some
puritan ideas of "moral". The "might be" is the clue here: It
is not about protecting anybody, but about preventing you from
having something.

Well, anyways, I can only advise you to find out what the laws are
in your place. And no, having "encrypted data", regardless of amount
should not be enough probable cause for a search warrant. In addition,
I think currently they cannot force you to give up your keys, although
that changes from time to time it seems.

Arno
2312
2009-09-25 18:36:16 UTC
Permalink
Raw Message
In comp.sys.ibm.pc.hardware.storage curious guy
Post by curious guy
Post by Arno
(Incidentially your pictures are likely not really a concern,
I have talked to law-enforcement expets and the pictures they
are concerned with are something no sane person could ever
find apealing or even look at without a serious risk of
nighmares.)
Can you give some more details about what pictures are illegal? I
once heard a female US senator say that she wanted to eliminate all
child porn even if it was just European children playing nude on the
beach.
Oh, you are in the US? Well, then the issue might be a bit insane.
And I cannot really give you conclusive advice.
Just a data-point: In Germany child porn needs to first be porn,
and there "nude pictures" do not qualify. And "child" is somebody
under 14 years of age. Although lately they added a law about
"youth porn", with a lot more general provisions, purely for
political reasons and against practically all expert advice. It
also has the "appears to be underage" clause in it and criminalizes
depicting of "sexual poses". It is widely expected to be found
unconstitutional as soon as they try to punish somebody for
possession, for example bacause the term "appears" does not
qualify as legal specifier.
Post by curious guy
I get the impression that many law enforcement people think that any
nude picture of someone who MIGHT be under 18 is child porn. I saw an
episode of "Law and Order: Special Victims" in which they called a
picture of a boy in a bathing suit, child porn.
Well, this is a real problem. Completely stupid of course, as
protecting children is about protecting children and not some
puritan ideas of "moral". The "might be" is the clue here: It
is not about protecting anybody, but about preventing you from
having something.
Well, anyways, I can only advise you to find out what the laws are
in your place. And no, having "encrypted data", regardless of amount
should not be enough probable cause for a search warrant. In addition,
I think currently they cannot force you to give up your keys,
There are plenty that can in some specific situations, most obviously at
the border customs inspection. If you refuse to disclose the keys so they
can check what you have, they just refuse you entry into their country etc.
although that changes from time to time it seems.
Yes, your original is just plain wrong.
Rod Speed
2009-09-25 18:23:00 UTC
Permalink
Raw Message
Post by curious guy
Post by Arno
(Incidentially your pictures are likely not really a concern,
I have talked to law-enforcement expets and the pictures they
are concerned with are something no sane person could ever
find apealing or even look at without a serious risk of nighmares.)
Can you give some more details about what pictures are illegal?
Essentially just child porn and stuff like snuff movies etc.
Post by curious guy
I once heard a female US senator say that she wanted to eliminate all
child porn even if it was just European children playing nude on the beach.
Yeah, there are a few loons that are that bad, but there
isnt even a single legal jurisdiction thats as bad as that.

There are however some who are into child porn that exploit that 'loophole'

There's also real legal grey areas like
http://www.google.com.au/search?q=%22Bill+Henson%22+controversy&meta=cr%3DcountryAU

You can also get the police executing a search warrant about something like
that youtube video where someone in eastern europe is swinging around a
baby very dramatically indeed in a crazy type of exercise routine, even tho the
video has appeared on the national news etc. Cant find a link to that currently.
Post by curious guy
I get the impression that many law enforcement people think that
any nude picture of someone who MIGHT be under 18 is child porn.
Its much more complicated than that, most obviously with nudist colonys etc.
Post by curious guy
I saw an episode of "Law and Order: Special Victims" in which
they called a picture of a boy in a bathing suit, child porn.
Frank Merlott
2009-10-10 11:45:16 UTC
Permalink
Raw Message
Post by curious guy
I am thinking of using the Mozy paid backup service as my primary
backup system. I have some concerns.
What country are the Mozy servers located in? How well are the
privacy right of individuals protected in that country?
I do not know where their servers are, but according to Mozy website, their
HQ are located in the USA, therefore they are subjected to USA law as well.
Post by curious guy
Can Mozy employees look at my files?
Higly likely
Post by curious guy
Would it be safe for me to
backup financial and medical information on Mozy without encrypting
it? Does Mozy check to see if I have copyrighted materials in my
backup set?
I do not think they would have the time to check on people's files,
but they may come across your files OR FILE NAMES and view them while
doing server maintenance, checking logs,etc...
Post by curious guy
I have a large number of nude pictures. I think they are all legal
but I am not totally sure. I keep these pictures in TrueCrypt
containers.
If you are downloading pictures from the internet you should be careful
about the internet traces left in your hard disk and consider full disk
encryption with Truecrypt too.

False child porn charges are very common in places such as the UK or
Australia,
fake child porn is widely used by western governments to destroy privacy
rights.

Some Governments such as the UK introduced last year a new law by which
cartoon possession became illegal,
increasing the number of so called "child porn" images by a ten fold and
giving extra
powers to the police to control the flood of new child porn images that
they had created themselves
with the new law.

If you need to hide your data out of your home in case of a police raid by
some fascist Government in search
fake child porn, I recommend you get a very small USB thumbdrive, encrypt
it with Truecrypt then hide that
thumbdrive somewhere far from your computer room, ideally somewhere that
needs screws to be opened and it is
not likely to be taken away in case of police raid (ie not the computer),
such as inside your TV, inside your
hifi, inside a fan, etc...

Example of where to back up your data:

Loading Image...
Post by curious guy
If I backup my container files to Mozy, will they notify
law enforcement that I have encrypted data?
No they will not, since holding encrypted data is not illegal, but holding
pictures that they may "believe" to be illegal will most likely be
reported.




----------------
Mozy Privacy policy:

http://mozy.com/privacy

"Legal Requirements

Decho does not disclose Personal Data, including the data you back up with
the Service, unless disclosure is necessary to comply with an enforceable
government
request such as a warrant.

"Cookies and Passive Data Collection

Decho automatically receives and records information on our server logs
from your browser,
including your IP address, cookie information, and the page you request."


--
Privacylover: http://www.privacylover.com

Loading...