Is the cloud secure?

K8y

Does Graphene have an opinion on saving data to the cloud? It seems like it would undercut graphene's security and privacy, since the cloud is not protected by graphene, right? And so much easier to hack into?

Does graphene make someone's cloud more secure compared with stock pixel cloud?

DeletedUser95

K8y

Cloud providers aren't inherently guaranteed to be insecure nor secure. It's really just a case of trust. You can't see what actual security practices they take and just have to take their word for it.

Having said that you'd be correct GrapheneOS doesn't make a cloud provider any more secure than it already is.

You could say it might help make your interactions with your cloud provider more secure and protected though thanks to extra hardening and exploit mitigations. Whether it be a actual app on the device or a website thanks to the vanadium browser which vanadium is what I use to handle most of my cloud provider interactions.

Cloud services aren't inherently bad. There are legitimately good reasons to use them. It's just a lot of trust you have to put into them which is why it's generally better to avoid unnecessary cloud services if possible.

Also please note I don't speak for anyone but myself.

K8y

DeletedUser95
I suppose the cloud provider would quickly hand over data if they got a subpoena, whereas if a journalist had things stored internally on her graphene phone they couldn't do that?

secrec

K8y Generally, if you don't control your data yourself, then you probably should assume that anyone could gain access to it through various methods of hacking, social engineering, threats, or legal attacks.

Try Nextcloud for cloud storage, its a "cloud" system that you can host on your own equipment.

Roger

K8y right, the law would require them to hand over the data. Which is why you encrypt it, so it doesn't matter who has access to the encrypted data, only who has the keys (which should only be you in this example).

K8y

secrec Try Nextcloud for cloud storage, its a "cloud" system that you can host on your own equipment.

Is it secure? Wouldn't it be easier to hack someone hosting their own cloud, compared with multi million dollar companies investing in state of the art security?

Roger Which is why you encrypt it, so it doesn't matter who has access

Is data encryption on graphene stronger than on stock encryption?

Probably9857

K8y Wouldn't it be easier to hack someone hosting their own cloud, compared with multi million dollar companies investing in state of the art security?

Of course. On the other hand, large companies do get hacked, and are much more likely to be targeted than the average person self-hosting their photos or whatever. It all depends on your threat model. Also if the multi-million dollar company is who you're trying to keep your data private from...

K8y Is data encryption on graphene stronger than on stock encryption?

It's the same encryption. However, this isn't the encryption Roger was referring to. He's talking about encrypting your data with some other tool before uploading to a cloud service.

trilogy6202

K8y Is it secure? Wouldn't it be easier to hack someone hosting their own cloud, compared with multi million dollar companies investing in state of the art security?

Well not necessarily I would say. A self-hosted cloud can easily be implemented in a very secure way. What many people do is to install Wireguard on their router and only connect to the their cloud / homelab through that. In that setup you have zero open ports on your router and zero publicly exposed services.

secrec

K8y Is it secure?

Its not just a community project. Its a big time commercial system with lots of money involved. Look into it.

And no, it wouldn't be "easier" to hack into a self hosted system. Its the same security protecting it as long as you maintain it. Your suggestion is basically the same as asking if its easier to hack grapheneos than factory. And not only is it just as secure (possibly more if you're competent at locking things down), its also far far less of a TARGET. No hackers know its even THERE. They certainly know that google is there, so its a way bigger target.

Eirikr70

Of you face strong threats i would recommend that you don't backup on the cloud but only on an encrypted personal support.

kopolee11

Using the default backup system, Seedvault, is a secure way to store your data with a cloud services like Nextcloud. That is because your information is end to end encrypted, whether the cloud is on your own computer or someone else's.

You can also use apps like Cryptomator which do something similar. The key is not to trust the server, but instead trust the encryption, which only you have access to.