Google experimenting with spy-resistant encrypted Google Drive




SpiderOak sounds good, and the price is right (it's competitive with Dropbox), but the privacy level seems to be "you can't verify anything we tell you, you just have to trust us" - ie the client software (that performs the encryption and handles keys) isn't open to inspection, so for all we can tell they're another honeypot operated by the Department Of Prying Eyes And Nosey Parkers (DOPE-ANP?) and outside the law. Their FAQ indicates they intend to move towards transparency as quickly as they can, I hope that happens - the service they'll offer at that point would be great!


And we should trust that there still won't be a backdoor in this because...?


Depending on what you store on Google Drive you could just use TrueCrypt and build a single encrypted file of your files.


Pure manipulation to create them idiots,(El detector de mentiras ) Google will do and continue to function as the government requested.


There needs to be a separation of powers here - business or personally identifiable metadata captured by any government agency must be encrypted and the Judiciary must hold the keys - the state police, FBI or NSA must request the keys from the Courts on the grounds of probable cause. Each citizen must have a public key and a private key issued at the rate of one a day, and any business records or personally identifiable information that needs to be retained for putative surveillance reasons or 'terrorist prevention' must be stored encrypted with the public key of the person.

The NSA or CIA can build a database of encrypted data only, and should approach the courts with a warrant to gain the private keys of a suspected individual for whom they've demonstrated probable cause, for the times required for their investigation, if they can demonstrate probable cause to a judge.

The judiciary must keep a track of the number of keys they issue, and a law must be put in place (or a financial charge for issuing keys must be made). If say, less than 1% of requests produce a prosecution in a 1 year period, sanctions must be enforced against the requesting agency.

If the USA can afford to build a massive database of everyone's transactions for the past 5 years, it can afford to build a system that faithfully preserves the constitutional rights of their citizens.

The problem with PRISM is that it ignores the separation of powers between the courts, the police and the prosecution - it has no legitimacy under the US constitution.


My thought exactly. Of all the people to say, "trust me."


Google would encrypt its files in a way that even it can't decrypt [them]


Google would claim to encrypt its files in a way that even it can't decrypt [them]


When you make your pass phrase and keyfiles, please make hard copies of them and file them with your attorney. These become privileged communications, and cannot be accessed by the government legally except under certain circumstances which are very rare. Disclaimer: I am not a lawyer I am not your lawyer and this is not legal advice.


It's better to hide them somewhere completely undisclosed, IMO. For example, get some stencils and spray them with invisible uv spray paint under a stairwell located somewhere without cameras.

Disclaimer: I am not a lawyer but I'm living on the edge and giving legal advice anyway and I'll sue your ass for wrongful prosecution.


I tried experimenting with fitting a key into a QR code; sadly, I was unable to get consistently recoverable results even with a small key. 

Sent from Mailbox for iPad


This topic was automatically closed after 5 days. New replies are no longer allowed.