Being 'in the cloud' was helpful with a hard drive failure

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
Topic Author
lightheir
Posts: 2415
Joined: Mon Oct 03, 2011 11:43 pm

Being 'in the cloud' was helpful with a hard drive failure

Post by lightheir » Thu Aug 23, 2012 10:44 pm

Had my first laptop hard drive failure. Actually the drive didn't fail completely, but it started to gradually slow in performance and get louder and louder, until one day, it literally hung the whole system while searching for data. Upon reboot, Win7 went into hard drive 'scan' mode and warned of some failing sectors. As of now that laptop/HD still works, but hangs for prolonged periods of time every 10 or so minutes. Weirdest thing - the computer was only 2 years old - I have a 7 year old laptop for DVDs in my garage whose HD still works perfectly.

Since that's my only computer, I quickly purchased a replacement laptop. I was expected a data migration nightmare as it usually has been in the past, but for the most part, my crucial data was all ready to go immediately - because almost of all of it was in the cloud. In fact, even without the time to take off bloatware, reinstall Office, etc., I was up and running at least 95% near instaneously. The only software that I really, really had to install immediately was Keepass for my password access - the cloud had all the rest of my files. As such, I could leisurely take the following week whenever I had the time to reinstall the rest of the software I needed, which was mainly drivers for stuff like scanners, printers, and Garmin GPS device.

It did make it much easier as well that I actually had the foresight (amazingly so, in my opinion) to have stored the install files for all my drivers on an external HD in a separate "install" folder, so I didn't have to go digging for a lot of them. (My laptop was only 2 years old so most of the software was up to date.)

This experience has confirmed at least for me, that my earlier decision to rely less and less on my local HD and more and more on the cloud was good for my purposes. Of course, it's all for moot if I get hacked like that guy on that famous Wired article, so I've been trying to ratchet up security on the cloud as much as possible, such as activating the double authentication on Gmail, and using a completely separate account for other crucial emails/documents with a whole separate set of authentication and which doesn't ever get opened unless I'm on my home computer.

Ideally, I'd like to operate completely off the cloud, but unfortunately, the reality of still needing peripherals like a printer, scanner, as well as local HD backup to cover cloud failures, makes that still an impossibility - although I'd have to say that for my crucial data, I'm pretty close, and could be 95%+ ready to go with no custom installs on a brand new computer based upon what I just experienced.

User avatar
tadamsmar
Posts: 8584
Joined: Mon May 07, 2007 12:33 pm

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by tadamsmar » Fri Aug 24, 2012 1:13 am

Be careful about the security of your cloud storage.

There are lots of fully filled out 1040 forms (SSN and all) that can be pulled up with the right google search.

Not sure of the details. Seems to involve unsecure ftp directories.

richard
Posts: 7961
Joined: Tue Feb 20, 2007 3:38 pm
Contact:

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by richard » Fri Aug 24, 2012 5:28 am

tadamsmar wrote:Be careful about the security of your cloud storage.

There are lots of fully filled out 1040 forms (SSN and all) that can be pulled up with the right google search.

Not sure of the details. Seems to involve unsecure ftp directories.
There's a tremendous amount of information out there, including SSN and other sensitive data. For example, look up yourself at http://www.spokeo.com to get an idea (getting full information will cost, but the free information gives an indication). Approximately none of that relates to the type of cloud storage the OP is describing. Which isn't to say you shouldn't be careful.

ataloss
Posts: 887
Joined: Tue Feb 20, 2007 3:24 pm

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by ataloss » Fri Aug 24, 2012 6:48 am

yeah I clicked on my name and see a photo of my neighborhood and an estimate of house values

jebmke
Posts: 9993
Joined: Thu Apr 05, 2007 2:44 pm

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by jebmke » Fri Aug 24, 2012 6:56 am

ataloss wrote:yeah I clicked on my name and see a photo of my neighborhood and an estimate of house values
The estimate is probably an assessed value. These are generally public record. I have been looking these up online for over a decade.
When you discover that you are riding a dead horse, the best strategy is to dismount.

richard
Posts: 7961
Joined: Tue Feb 20, 2007 3:38 pm
Contact:

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by richard » Fri Aug 24, 2012 7:14 am

lightheir wrote:Of course, it's all for moot if I get hacked like that guy on that famous Wired article, so I've been trying to ratchet up security on the cloud as much as possible, such as activating the double authentication on Gmail, and using a completely separate account for other crucial emails/documents with a whole separate set of authentication and which doesn't ever get opened unless I'm on my home computer.
There are three security issues I worry about - someone getting access and erasing the account, losing access (e.g., forgetting password or error at server) and someone getting access to sensitive info.

I'm not sure if two factor authentication is adequate, although it's certainly better than one factor

Woz recently said he lost info due to server errors, although that may have been unclear instructions. Amazon has a new backup service which looks good.

Perhaps encrypt info locally before sending it to the cloud?

User avatar
tadamsmar
Posts: 8584
Joined: Mon May 07, 2007 12:33 pm

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by tadamsmar » Fri Aug 24, 2012 7:59 am

richard wrote:
tadamsmar wrote:Be careful about the security of your cloud storage.

There are lots of fully filled out 1040 forms (SSN and all) that can be pulled up with the right google search.

Not sure of the details. Seems to involve unsecure ftp directories.
There's a tremendous amount of information out there, including SSN and other sensitive data. For example, look up yourself at http://www.spokeo.com to get an idea (getting full information will cost, but the free information gives an indication). Approximately none of that relates to the type of cloud storage the OP is describing. Which isn't to say you shouldn't be careful.
Maybe I missed something in the OP, I still don't see where the OP describes the type of cloud storage he was using.

Out of curosity, my stepson called ten people who had 1040s that he located via Google. One of them was an computer security expert. That indicate that even knowledgeable users can make mistakes. Also, among the ten he contacted, some had had repeated problems with identity theft and still had never discovered that their 1040 was indexed on google.

My stepson thought that at least part of the problem was that people were using free storage provided by their internet service provider (ISP) as backup storage. I don't know if the ISP were representing this as cloud storage or if the victims were just confused.

jebmke
Posts: 9993
Joined: Thu Apr 05, 2007 2:44 pm

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by jebmke » Fri Aug 24, 2012 8:05 am

richard wrote:
Perhaps encrypt info locally before sending it to the cloud?
This should be done without question. You can trust the backup provider to do this or you can do it yourself.
When you discover that you are riding a dead horse, the best strategy is to dismount.

brianH
Posts: 328
Joined: Wed Aug 12, 2009 12:21 pm

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by brianH » Fri Aug 24, 2012 8:44 am

For encryption with cloud storage, I recommend AxCrypt (free-Windows). http://www.axantum.com/axcrypt/ Once installed, you can right-click a file and encrypt it with a password. Decryption is just as seamless - just click the .axx file, and AxCrypt will decrypt it, and place a copy in your temporary files location that will be deleted (secure delete) once the opening program (e.g. MS Word, PDF Viewer) is closed. This allows it to work with auto-sync cloud services (Dropbox/Google Drive), because you don't want to decrypt the file in the sync'd folder and have that move to the cloud.

Note: If you are creating a new file, save it to a non-sync'd folder and encrypt it before moving the encrypted version to the sync folder.

richard
Posts: 7961
Joined: Tue Feb 20, 2007 3:38 pm
Contact:

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by richard » Fri Aug 24, 2012 9:48 am

tadamsmar wrote:Maybe I missed something in the OP, I still don't see where the OP describes the type of cloud storage he was using.

Out of curosity, my stepson called ten people who had 1040s that he located via Google. One of them was an computer security expert. That indicate that even knowledgeable users can make mistakes. Also, among the ten he contacted, some had had repeated problems with identity theft and still had never discovered that their 1040 was indexed on google.

My stepson thought that at least part of the problem was that people were using free storage provided by their internet service provider (ISP) as backup storage. I don't know if the ISP were representing this as cloud storage or if the victims were just confused.
I've never seen a report of this type of problem from any of the popular cloud storage services, which is what I read the OP as using.

There are much easier means of identity theft. Reportedly, sufficient information (such as social security numbers, mother's maiden name, etc.) is available at very cheap rates from multiple sources.

richard
Posts: 7961
Joined: Tue Feb 20, 2007 3:38 pm
Contact:

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by richard » Fri Aug 24, 2012 9:50 am

jebmke wrote:
richard wrote: Perhaps encrypt info locally before sending it to the cloud?
This should be done without question. You can trust the backup provider to do this or you can do it yourself.
A good security motto is "trust no one."

User avatar
Epsilon Delta
Posts: 8090
Joined: Thu Apr 28, 2011 7:00 pm

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by Epsilon Delta » Fri Aug 24, 2012 11:46 am

tadamsmar wrote: My stepson thought that at least part of the problem was that people were using free storage provided by their internet service provider (ISP) as backup storage. I don't know if the ISP were representing this as cloud storage or if the victims were just confused.
So just what do you mean by "The cloud"? Why do you exclude ISP services? "The cloud" is nebulous and means different things to different people.

User avatar
tadamsmar
Posts: 8584
Joined: Mon May 07, 2007 12:33 pm

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by tadamsmar » Fri Aug 24, 2012 2:43 pm

Epsilon Delta wrote:
tadamsmar wrote: My stepson thought that at least part of the problem was that people were using free storage provided by their internet service provider (ISP) as backup storage. I don't know if the ISP were representing this as cloud storage or if the victims were just confused.
So just what do you mean by "The cloud"? Why do you exclude ISP services? "The cloud" is nebulous and means different things to different people.
Well, people are using "clouds" without knowing that everyone has access to the info and google is indexing it. Maybe the ISP did nothing wrong, the user should have known the FTP directories were not secure.

Dealmaster00
Posts: 105
Joined: Sun Jan 22, 2012 4:09 pm

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by Dealmaster00 » Fri Aug 24, 2012 3:01 pm

Hi lightheir - you are indeed correct, backing up to "the cloud" is helpful and does have it's advantages (which do not seem to be touched upon in this thread yet). It tends to be easier for many to backup to another drive online than to install a second hard drive or an external hard drive, or backup to optical media. Also, because the backup is remote, and not local, this makes the backup secure against things like theft, flooding, or other local destructive vehicles.

There is a higher security risk with backing up online rather than locally, as many have pointed out. You can always choose to not backup sensitive information via the web, or encrypt it locally before sending. While having a backup of your data is usually quite sufficient, it is always safest to have multiple backups of different types if you really do not want to lose your data.

Mudpuppy
Posts: 5890
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by Mudpuppy » Fri Aug 24, 2012 3:35 pm

tadamsmar wrote:
Epsilon Delta wrote:
tadamsmar wrote: My stepson thought that at least part of the problem was that people were using free storage provided by their internet service provider (ISP) as backup storage. I don't know if the ISP were representing this as cloud storage or if the victims were just confused.
So just what do you mean by "The cloud"? Why do you exclude ISP services? "The cloud" is nebulous and means different things to different people.
Well, people are using "clouds" without knowing that everyone has access to the info and google is indexing it. Maybe the ISP did nothing wrong, the user should have known the FTP directories were not secure.
I think you are confusing clouds with public FTP servers and web servers. A "cloud" service is usually a network-based file server farm (perhaps geographically distributed) with user-based authentication. Google isn't indexing any of that without the username and password. Web servers and public FTP servers on the other hand are open to everyone, no username or password needed, so Google can index those.

Sidney
Posts: 6736
Joined: Thu Mar 08, 2007 6:06 pm

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by Sidney » Fri Aug 24, 2012 3:38 pm

Dealmaster00 wrote: it is always safest to have multiple backups of different types if you really do not want to lose your data.
This is what I do. I do not use the same software to run both the online and local backup. If the software has a glitch that corrupts the data, you run the risk of having two corrupted backups that are useless.
I always wanted to be a procrastinator.

Topic Author
lightheir
Posts: 2415
Joined: Mon Oct 03, 2011 11:43 pm

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by lightheir » Sat Aug 25, 2012 6:27 am

Mudpuppy wrote:
tadamsmar wrote:
Epsilon Delta wrote:
tadamsmar wrote: My stepson thought that at least part of the problem was that people were using free storage provided by their internet service provider (ISP) as backup storage. I don't know if the ISP were representing this as cloud storage or if the victims were just confused.
So just what do you mean by "The cloud"? Why do you exclude ISP services? "The cloud" is nebulous and means different things to different people.
Well, people are using "clouds" without knowing that everyone has access to the info and google is indexing it. Maybe the ISP did nothing wrong, the user should have known the FTP directories were not secure.
I think you are confusing clouds with public FTP servers and web servers. A "cloud" service is usually a network-based file server farm (perhaps geographically distributed) with user-based authentication. Google isn't indexing any of that without the username and password. Web servers and public FTP servers on the other hand are open to everyone, no username or password needed, so Google can index those.

OP here. To clarify - I'm using Google Drive as my 'cloud' backup, with the double-authentication (use your cell phone for a second time-sensitive changing numerical 2nd password unless you're on a 'trusted' computer that you specify). I also have Crashplan, but that's really my 'armageddon' backup and rarely accessed for actual current usage.

I figured that given how crucial it is for Google to maintain high security levels, they were a good bet for my personal files. So far, that bet has been a good one, although I am fully aware that it remains absolutely possible that a full hack or server meltdown could happen and I could lose everything. As it stands, the odds of that happening are way, way lower than the risk of me losing my files on a local HD - I know this from experience, as I have managed to retain almost zero of my computer files over 10 years old despite a high level of computer awareness and regular backups, whereas my unintentional cloud backups (early day unplanned stuff that was sent to email) have survived, to my surprise. The big killer for me was computer and software upgrades - I was losing a lot of data every time I did a computer+software upgrade. I still have a cache of 5" floppy disks (like 100 of 'em) that have data that I can't easily access because I no longer have a functional floppy drive, a handful of DVDs that degraded over 7 years and are no longer data reliable, and other assorted storage like assorted zip drive media that is obsolete. Yes, I could retrieve the data off them if it was crucial to me, but reality is that it isn't, and it's not worth the effort. Still, it would be nice to have some of those old files for posterity (like some writing I did in the past). As said, I was surprised when I logged into an old email account that I had only used intermittently to keep alive, and on doing an attachment search, found a cache of files from 10+ years ago that was still fully functional and easy to access. THe nice thing about Google Drive/Gmail for data backup is that the web auto-updates - no more data losses from hardware or software obsolescence. This cloud strategy has worked for me for the past 6 years, despite going through 3 separate computers and hard drives.

I do still have local HD backups, but I actually consider then less crucial than my cloud backups as of now. This may change if Google gets hacked in a major way, but as of now I trust my cloud backup more than my local HD backup.

The reality for me, is that 99% of my computer files are not so crucial that they need to be locked down like Fort Knox. I don't want to lose family pictures, videos, and even old financial records, but reality is that even if a lot of those were accessed/leaked to the public transiently in a hack, it wouldn't affect me much. The real stuff that could cause me immediate, big-time damage, would be a compromise of my CURRENT, active online banking and financial passwords, and those I've got locked down in Keepass with a strong private password used only for Keepass and which is never accessed outside of home. Yes, there are definitely scenarios where someone could hack my Gdrive account, grab my old tax return, and cause havoc in my life , but I'm willing to take that risk, which at least for now, is far, far exceeded by the possibility of someone breaking into my home (and I live in a nice neighborhood) and making off with my paper filebox which contains these returns and more - all in unencrypted paper form.

Actually, I've taken steps to scan/shred almost all my paper files with sensitive information, and have moved almost all of them to digital form specifically to avoid a theft of sensitive papers. That's been working well for me as well - armed with my Fujitsu Scansnap (a sheet-feed scanner), I've replaced pretty much all my paper docs with digital copies save the ones that can't be destroyed like social security cards, passport, etc. and it still bugs me that someone could swipe all of these if they busted into my house and stole my safe.

I've been pretty happy with my backup system as of late. It sounds like overkill when I write it out, but in reality, it's pretty much no fuss. External HD backup that's used regularly and nearly permanently connected to my laptop, 2nd external HD backup that is stored separately and only used every quarterish to backup mainly my family photos/videos, Crashplan online backup, and Google Drive backups (which get periodically downloaded in bulk to my local HD and stored in a TrueCrypt archive) about every quarter in case the whole cloud goes down. The external HD backup isn't as sweet and simple as one might think - those HDs are CHOCK full of aggregated information over 10 years, most of which I do NOT want on my active computer's internal laptop as it would clog the whole HD. So on getting a new computer, it's not as easy as just copying the whole contents of the external HD to the new laptop. In fact, it's pretty hard for me to select which files I want to migrate or not from the old computer. The cloud has been helpful in that I don't have to be permanently connected to that HD, but still can access any files I need, even on that new clean install computer with fresh new HD without clutter.

My last caveat - the Crashplan thing works great for the most part, but be careful when you have to upgrade your computer - it's surprisingly easy to inadvertently 'delete' your online backup files when you transfer Crashplan control to your new computer. I didn't want to port all my old files to my new laptop since I like starting 'clean', but it does make the Crashplan backup a bit more complex as the software marks your old laptop files as 'missing' (but they're still online until you deselect them.)

Topic Author
lightheir
Posts: 2415
Joined: Mon Oct 03, 2011 11:43 pm

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by lightheir » Sat Aug 25, 2012 6:41 am

richard wrote:
jebmke wrote:
richard wrote: Perhaps encrypt info locally before sending it to the cloud?
This should be done without question. You can trust the backup provider to do this or you can do it yourself.
A good security motto is "trust no one."
I agree with this, but at the same time, it's too easy to extend this into the point of just giving up completely on perfectly reasonable online storage solutions. It's more useful to try and best understand the risk/returns of the scenarios, and then to plan your needs accordingly.

I've seen way too many instances of people who adopt this theory to just go full paranoia about anything online, refusing to store any files whatsoever online and going through heroic efforts to have a Fort Knox local storage with multiple RAID backups, when in many cases these same folks haven't given enough thought to the password strength of their crucial online banking or email accounts, which is in effect giving aways the keys to the kingdom while locking down the stuff of low value.

I also can't fully reconcile the choice to fully withdraw from online storage due to the risks involved of getting hacked with the choice to continue to use banks. If you're so untrusting of online storage of any form that you refuse to store any data whatsoever of your own in the 'cloud', shouldn't you also be seriously questioning the security of your bank deposits, which are stored in data form no differently than a lot of these online storage sites (at least the ones with solid security - not the open FTP etc. sites.)?

User avatar
magellan
Posts: 3471
Joined: Fri Mar 09, 2007 4:12 pm

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by magellan » Sat Aug 25, 2012 7:28 am

lightheir wrote:If you're so untrusting of online storage of any form that you refuse to store any data whatsoever of your own in the 'cloud', shouldn't you also be seriously questioning the security of your bank deposits, which are stored in data form no differently than a lot of these online storage sites (at least the ones with solid security - not the open FTP etc. sites.)?
IMO, the reason you don't have to question the security of your bank deposits is because consumers are protected from online banking fraud by federal law. So while the headache cost could be high, in the end there's no risk of loss. The same can't be said for cases of non-bank online fraud or the loss of valuable data.

Jim

Topic Author
lightheir
Posts: 2415
Joined: Mon Oct 03, 2011 11:43 pm

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by lightheir » Sat Aug 25, 2012 9:49 am

magellan wrote:
lightheir wrote:If you're so untrusting of online storage of any form that you refuse to store any data whatsoever of your own in the 'cloud', shouldn't you also be seriously questioning the security of your bank deposits, which are stored in data form no differently than a lot of these online storage sites (at least the ones with solid security - not the open FTP etc. sites.)?
IMO, the reason you don't have to question the security of your bank deposits is because consumers are protected from online banking fraud by federal law. So while the headache cost could be high, in the end there's no risk of loss. The same can't be said for cases of non-bank online fraud or the loss of valuable data.

Jim
The laws are there, I agree, but still, the reality is that if you have your bank password stolen, and someone uses it to clean out your account, in a lot of situations, you are on the hook for it. It's more opaque when it comes to someone remotely hacking your account, but you could envision a process in which a hacker compromises your account password (a la the Wired article), gets into your bank access and cleans out your account. FDIC and other financial rules would doubtfully come into play despite what we hope.

User avatar
magellan
Posts: 3471
Joined: Fri Mar 09, 2007 4:12 pm

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by magellan » Sat Aug 25, 2012 10:17 am

lightheir wrote:FDIC and other financial rules would doubtfully come into play despite what we hope.
You'l have to come up with some proof for that assertion. The Electronic Funds Transfer Act, Regulation E is the law that provides the protection I'm talking about.

I've spent a fair amount of time looking and haven't been able to find any documented cases of unreimbursed online bank fraud against a consumer bank account, other than cases where the fraud was done by a relative. This compares to hundreds of documented cases of fraud against business bank accounts that aren't covered by Regulation E.

My takeaway from this is that the law works, and banks are not trying to push costs of online banking fraud onto consumers. They are pushing these costs onto businesses, but that's a different matter.

Jim

ataloss
Posts: 887
Joined: Tue Feb 20, 2007 3:24 pm

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by ataloss » Sat Aug 25, 2012 1:51 pm

The big killer for me was computer and software upgrades - I was losing a lot of data every time I did a computer+software upgrade. I still have a cache of 5" floppy disks (like 100 of 'em) that have data that I can't easily access because I no longer have a functional floppy drive, a handful of DVDs that degraded over 7 years and are no longer data reliable, and other assorted storage like assorted zip drive media that is obsolete.
I migrated data from 5.25 floppies and zip drives to cds then to hard drives. Fortunately most of the fiels from the old days were small. :D
The estimate is probably an assessed value. These are generally public record. I have been looking these up online for over a decade
you can look at the assessed value for my house if you know which county to look in- not a huge hurdle but with spokeo you can find an inaccurate estimate w/o any previous information about location. although my neighbor's house is listed at 1/2 of market value based on assessment, mine and the one on the other side are listed at a large multiple of either assessed or market

Mudpuppy
Posts: 5890
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by Mudpuppy » Sat Aug 25, 2012 2:22 pm

ataloss wrote:
The estimate is probably an assessed value. These are generally public record. I have been looking these up online for over a decade
you can look at the assessed value for my house if you know which county to look in- not a huge hurdle but with spokeo you can find an inaccurate estimate w/o any previous information about location. although my neighbor's house is listed at 1/2 of market value based on assessment, mine and the one on the other side are listed at a large multiple of either assessed or market
Not only are the assessed values public record, so too are the deeds. All you need to do to find the deeded owner of any property here is to go to the assessor's webpage and look up the address, which lists deed numbers under the assessment record. Then go over to the county recorder's webpage (conveniently linked to on the assessor's webpage) and enter in the deed number to get the names on the deed. It works in reverse too. If you know a name, you can go to the recorder's webpage to look up the deed and get the address. Then you can go to the assessor's webpage to look up the assessed value and other property information.

I think people just don't understand the amount of information that is available about them on their county/city government websites because of public records requirements, and that's why they get surprised by how much public record aggregators like Spokeo "know" about them.

Topic Author
lightheir
Posts: 2415
Joined: Mon Oct 03, 2011 11:43 pm

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by lightheir » Sat Aug 25, 2012 2:51 pm

magellan wrote:
lightheir wrote:FDIC and other financial rules would doubtfully come into play despite what we hope.
You'l have to come up with some proof for that assertion. The Electronic Funds Transfer Act, Regulation E is the law that provides the protection I'm talking about.

I've spent a fair amount of time looking and haven't been able to find any documented cases of unreimbursed online bank fraud against a consumer bank account, other than cases where the fraud was done by a relative. This compares to hundreds of documented cases of fraud against business bank accounts that aren't covered by Regulation E.

My takeaway from this is that the law works, and banks are not trying to push costs of online banking fraud onto consumers. They are pushing these costs onto businesses, but that's a different matter.

Jim
There was a thread on this very forum not too long ago. I don't have the exact circumstances, but there was a pretty convincing argument that if you somehow had a weak password and/or someone got into your account and cleared it out, the bank would not necessarily reimburse your losses for the negligence on your part. As I recall, actually examples were used - it may have been on another website - I'll see if I can come across it.

User avatar
magellan
Posts: 3471
Joined: Fri Mar 09, 2007 4:12 pm

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by magellan » Sat Aug 25, 2012 3:20 pm

lightheir wrote:... there was a pretty convincing argument that if you somehow had a weak password and/or someone got into your account and cleared it out, the bank would not necessarily reimburse your losses for the negligence on your part.
Maybe it was a discussion about non-bank financial institutions, like Vanguard or Fidelity, which aren't bound by Regulation E. For those accounts, where the protections aren't statutory, but instead are based on institution specific policies with lots of fine print, I agree that more caution makes sense.

In fact, in an effort to balance risk and convenience, I only access non-bank financial accounts (eg Vanguard or Fidelity) from a dedicated computer, while still using my laptop to access credit card and bank accounts for convenience.

I actually stopped using a Vanguard Advantage account, despite its great convenience, and instead switched to a local credit union checking account with a free online bill pay service. These security vs convenience tradeoffs are personal and not one size fits all, but this approach seems to strike a good balance for me.

Jim

Topic Author
lightheir
Posts: 2415
Joined: Mon Oct 03, 2011 11:43 pm

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by lightheir » Sun Aug 26, 2012 6:36 pm

I didn't search in depth at all (ok, a grand total of 20 seconds on Mr. Google), but there's at least 'some' risk to having your bank accounts compromised. Probably not as bad as losing your entire account unless it's egregious negligence, but there's still some real risk. This more involves loss/theft of ATM codes/cards (like the PIN.)

From: https://www.privacyrights.org/fs/fs32-paperplastic.htm

How much can I lose from debit or ATM card fraud?

To limit your potential loss, unauthorized use of your debit or ATM card must be reported within two days. The Federal Reserve Board (FRB) (http://www.federalreserve.gov) outlines the EFT Act’s timetable for potential loss:

Your loss is limited to $50 if you notify the financial institution within two business days after learning of loss or theft of your card or code. But you could lose as much as $500 if you do not meet the two-day deadline.

If you do not report an unauthorized transfer that appears on your statement within 60 days after the statement is mailed to you, you risk unlimited loss on transfers made after the 60-day period. That means you could lose all the money in your account plus your maximum overdraft line of credit, if any.

See http://www.pirg.org/consumer/banks/debit/fact.htm

User avatar
Quidnam
Posts: 443
Joined: Fri Jun 22, 2007 10:11 am
Location: New York, NY

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by Quidnam » Sun Aug 26, 2012 8:29 pm

lightheir wrote:I still have a cache of 5" floppy disks (like 100 of 'em) that have data that I can't easily access because I no longer have a functional floppy drive, a handful of DVDs that degraded over 7 years and are no longer data reliable, and other assorted storage like assorted zip drive media that is obsolete.
This takes me back... Some ten years ago I worked for my university's IT support center, and I ended up being more or less personally responsible for keeping the "Data Recovery Service" running on campus. This service wasn't primarily for hard drives -- if somebody had a serious hard disk failure there wasn't much we could do apart from send it to an outside firm for a cleanroom-based data recovery (assuming the data was important enough for the person to pay for such a pricey, open-ended process).

So at the time the focus was on recovering data from already-obsolete floppy diskettes. I remember being ceaselessly amazed at just how many people were using floppy disks even then -- on a thoroughly "wired" campus with lots of other options available. Half of the job was educating people that floppy disks were *not* a particularly durable or reliable storage medium for keeping important data. They're particularly susceptible to magnetic loss, of course, and the media tends to degrade over time even under "normal" conditions. And aside from these risks, a good number of them would run into different kinds of physical trouble -- such as getting gunked up either directly or from a dirty or malfunctioning floppy drive on another computer.

There were quite a lot of horror stories, to be sure -- some very smart people who chose to put the only copy of their thesis or dissertation on a timeworn 3.5" floppy (which they often referred to as a "hard disk"), only to have a panic attack when the first I/O error popped up. The good news was that we could usually help them out by creating a low-level disk image and extracting all of the data surviving from the uncorrupted sectors -- our success rate was usually pretty good for Word documents and other text-based data files (though they were sometimes riddled with garbage segments). If the floppy disk was physically messed up, we could sometimes save the day by taking it apart, cleaning the disk media, and putting it into a new housing.

After a few years of doing this, I could only conclude that for some folks, the ability to hold a diskette in one's hand created a powerful (and false) sense of safety and security that was difficult to overcome through "public education" efforts on the part of IT people. In the end, I'd have to say Apple became the real hero by starting the slow march away from floppy drives in the marketplace.

In sum, I'd be very surprised if there is much recoverable data remaining today in that drawer full of 5.25" floppies...

User avatar
magellan
Posts: 3471
Joined: Fri Mar 09, 2007 4:12 pm

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by magellan » Mon Aug 27, 2012 7:05 am

Dropbox users might want to give this a look: Dropbox Two-Factor Authentication Available

Jim

User avatar
tadamsmar
Posts: 8584
Joined: Mon May 07, 2007 12:33 pm

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by tadamsmar » Mon Aug 27, 2012 9:24 am

Mudpuppy wrote:
tadamsmar wrote:
Epsilon Delta wrote:
tadamsmar wrote: My stepson thought that at least part of the problem was that people were using free storage provided by their internet service provider (ISP) as backup storage. I don't know if the ISP were representing this as cloud storage or if the victims were just confused.
So just what do you mean by "The cloud"? Why do you exclude ISP services? "The cloud" is nebulous and means different things to different people.
Well, people are using "clouds" without knowing that everyone has access to the info and google is indexing it. Maybe the ISP did nothing wrong, the user should have known the FTP directories were not secure.
I think you are confusing clouds with public FTP servers and web servers. A "cloud" service is usually a network-based file server farm (perhaps geographically distributed) with user-based authentication. Google isn't indexing any of that without the username and password. Web servers and public FTP servers on the other hand are open to everyone, no username or password needed, so Google can index those.
I don't think your information is completely correct. I use FTP servers. I can set directory protections. It's not possible to get to certain directories without my login credentials. (But I personally don't use these directories for backing up sensitive information.)

Mudpuppy
Posts: 5890
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: Being 'in the cloud' was helpful with a hard drive failu

Post by Mudpuppy » Mon Aug 27, 2012 2:01 pm

tadamsmar wrote:
Mudpuppy wrote:
tadamsmar wrote:
Epsilon Delta wrote:
tadamsmar wrote: My stepson thought that at least part of the problem was that people were using free storage provided by their internet service provider (ISP) as backup storage. I don't know if the ISP were representing this as cloud storage or if the victims were just confused.
So just what do you mean by "The cloud"? Why do you exclude ISP services? "The cloud" is nebulous and means different things to different people.
Well, people are using "clouds" without knowing that everyone has access to the info and google is indexing it. Maybe the ISP did nothing wrong, the user should have known the FTP directories were not secure.
I think you are confusing clouds with public FTP servers and web servers. A "cloud" service is usually a network-based file server farm (perhaps geographically distributed) with user-based authentication. Google isn't indexing any of that without the username and password. Web servers and public FTP servers on the other hand are open to everyone, no username or password needed, so Google can index those.
I don't think your information is completely correct. I use FTP servers. I can set directory protections. It's not possible to get to certain directories without my login credentials. (But I personally don't use these directories for backing up sensitive information.)
Notice I said public FTP servers. One can do user-authenticated FTP as well, but public FTP servers allow anyone to log on without a password and view the public directories. Of course, one can mix public and user-authenticated FTP, in which you can protect directories (mark them as private), but that wasn't what I was talking about at all.

Post Reply