Harry's Log

Jul 4

Is Google Drive Safe? Is Cloud Safe?

I just had this weird experience.

I was just browsing the web, and suddenly I saw this message on one of the Chrmoe tabs, “hxxxxx has opened the document” where “hxxxxx” is my gmail account username.


How can this be?

I immediately tried to talk to the other “person” who opened the doc with my account. But, when I sent him a message, he did not respond, and (at least in appearance) he just fled. ”hxxxxx has opened the document. me: Hi. Who are you? hxxxxx has left." This whole thing took about 20~30 seconds.

I have multiple laptops and probably a dozen devices from which I could have logged on. But, I cannot imagine any of those devices automatically opening this particular google docs document at this moment.

I tried to think of a plausible explanation, any explanation. Maybe, somebody in my office was trying to use my computer? Maybe, one of my other computers accidentally “woken up” and my chrome browser happened to be on front? Maybe, my local google-drive was going through some scheduled maintenance? Myabe, google docs has a bug? Etc. etc…. But, none seemed to make sense.

I trust the cloud. Well, I trusted the cloud. I put a lot of information on the cloud, especially on google docs (or, google drive, or whatever it is called these days). I even put some passwords (for non-critical services) on google docs. I have a lot of confidential and/or private information on the cloud. (And, I’m not just talking about family photos, and what not.)

While I was writing this blog, the same thing just happened again with the same document (simply because this doc was currently open and visible). Somebody (with my account) opened the doc again.

This is really disturbing.

Is my gmail password compromised?

I cannot even begin to think what I would have to do if somebody accessed my account and all my private information. It would be virtually impossible for me to go through all compromised services and change passwords, etc. Even figuring out what exactly has been compromised (e.g., by going through all emails, etc.) would be impossible. I have grown to be complacent. I’ve trusted the cloud too much.

Your system is only as secure as the weakest link. The recent move by Google in moving my docs to the “drive” makes me really quizzy. It simply introduces one more point of failure. It simply makes the system more complicated with more and more moving parts. If I lose my laptops or my other devices such as Android phones/tablets (which essentially force you to log on), then what happens? It used to be, if you lost your phone the biggest risk was losing your contact information. (Ironically, address book service was one of the first most successful cloud-based services.) Now, if you lose your phone, you are risking a lot more, and the really disturbing part is, you don’t even know what exactly is the risk. (I just remembered, some of my online payment information was also tied to this email account, such as Google Wallet and Amazon, etc. What happens to these payment accounts?)

Simple is better.

Often, the weakest part of the whole system is the users, or the people. That is, “me”.

I can no longer trust the cloud since they are making it messier and messier, since they are making it more and more complicated, and since I cannot understand what the heck is going on.

I can no longer trust myself.