Well, vacations are over and the summer sun is once again setting behind us. On a completely unrelated subject, let's chat about Windows 8.1. I got busy installing the preview on a laptop the other day and I was relatively disappointed/flabbergasted about one of the first features that greeted me.
It does not seem to be possible to create offline accounts anymore like one could in Windows 8.
Once you couple that with the fact that Windows 8.1 and SkyDrive are tightly intertwined, a whole bunch of warning bells go off inside my brain. If I were Keanu Reeves, I would probably go "woah" in that way he does it... Anyway, why do I feel like this?
Well for one thing, your profile is now online, which means Microsoft can track you. When you log on, etc... I'm not a big fan of this. It's just like in the computer gaming world where companies like Electronic Arts are producing all their games (well, almost all) to be always online (in some fantastically lame attempt to combat piracy). Gamers over there are absolutely livid about the concept, particularly when it begins to translate into single player games where one must be online to be able to play. Now I can no longer play SimCity while in flight... Talk about an idiotic concept. Anyway, I'm sure there's a debate there, but this isn't the point of this blog.
No, today I want to talk about SkyDrive, how all your documents in Windows 8.1 get automatically uploaded to SkyDrive. Moreover, Microsoft (and read their EULA, it's in there) reserves the right to monitor content in SkyDrive to make sure it doesn't violate the EULA (so no nasty things allowed). This brings me to the story of the Liberal Arts student who took pictures of herself 'au naturel' as part of a study of the human form. Obviously, this wasn't meant to be gaudy or pornographic, but Microsoft deemed that content utterly inappropriate and promptly suspended her account. All of it, SkyDrive, Hotmail, etc... And even after complaining about it, Microsoft said the customer was violating their EULA and the decision would stand. I cannot claim to know how exactly this fracas panned out, but needless to say, I really hate it when corporations reach into peoples private lives to tell them what is acceptable and what isn't. In a way, it's a bit ironic since a lot of people are focusing on government while ignoring the fact that corporations have a LOT more access and control to their data and private lives.
And this is where this whole thing brings us. Microsoft has access to YOUR data. All your documents, all your pictures, everything under your profile is automatically uploaded to Microsoft (by default). Ask yourselves these questions: What if SkyDrive gets hacked? How much of your data does Microsoft analyse? How much access does the NSA have (for those wondering, the answer is 'all') . Are you getting worried yet? Well guess what, if you are a professional with regulatory obligations (i.e. lawyer, doctor, etc...), then you need to realize that all your sensitive data would end up outside your sphere of control and thusly, you are in violation of your regulatory obligations.
I assume many of you will point out that this feature can be turned off. This is true. Now, guess how many people out there will know where to go turn that feature off? Most computer users won't even realize it's happening and will be blissfully unaware that all of their data is now in the hands of Microsoft.
Anyway... Strangely enough, I like the SkyDrive feature and how it automatically backs up all of your data. This is good. What is bad is, now Microsoft (and by proxy, other influences) can now access your data.
And this is where encryption comes in (and the point of this blog). I love encryption. But not just any kind of encryption. I think features offered by services like Google or Amazon who promise you encryption to secure your data are full of crap. It's a lot like airport security. It 'looks' secure, but it really isn't. For one thing, Google controls the cryptographic keys, so if they want to access your data, they can just go ahead and do it. Let's tie this back to the NSA or to what happens if Google gets hacked and one skilled in the arts would quickly realize that there might as well not be any encryption. The only encryption that works is the one where the encryption happens on YOUR device using YOUR cryptographic keys.
SkyDrive and DropBox and all these nice services are really cool, but under the increasing threats to privacy, I would encourage everyone to thread carefully. Make sure you encrypt your data. Make sure the products you use ensure that you are in control of your cryptographic keys. Use products like CypherX (yes, I know, shameless plug, but it's a seriously good data protection product) and you'll be able to enjoy all the nice 'connected everywhere' features the future has in stores for you, without fear that your data will be seen by prying eyes.
