Sorry, your drive failed the inspection - Google tightening hosting of files that violate ToS

[williamcll]

Under new regulations google will flag and review files uploaded to google drive like on a youtube video.

 

Quotes

Quote

As explained in a new blog post, Google will take active steps to identify files hosted on its platform that are in breach of either its Terms of Service or abuse program policies. These files will be flagged to their owner and restricted automatically, which means they can no longer be shared with other people, and access will be withdrawn from everyone but the owner. “This will help ensure owners of Google Drive items are fully informed about the status of their content, while also helping to ensure users are protected from abusive content,” the company explained.

 

As explained in the latest blog post, there is a system to request a review of a decision if someone feels a file has been restricted unfairly, but it’s unclear how the process will be handled on Google’s end and how long it might take. TechRadar Pro asked Google for comment on the potential for the new policy to cause disruption to regular users and for clarification over the review process. The company provided the following statement: "Google Drive is constantly working to protect the security and safety of our users and society while always respecting privacy. Similar to how Gmail has long kept users safe from phishing and malware attacks, bringing these same protections to Google Drive is critical in ensuring Drive remains as safe as possible for all users.” However, no information was forthcoming on the potential for content to be misclassified.

 

My thoughts

Isn't this a privacy violation? Then again you could say all the cloud uploading sites are like this.

 

Sources

https://www.techradar.com/news/google-drive-could-soon-start-locking-your-personal-files

https://workspaceupdates.googleblog.com/2021/12/abuse-notification-emails-google-drive.html

[Chiyawa]

Meh.

 

Looks like we need our own private cloud storage. It's easy to set it up these days. Since LTT did a video on setting a NAS PC, why not teach us further on how to get that NAS PC to personal cloud storage PC?

[Sauron]

7 minutes ago, williamcll said:

Isn't this a privacy violation?

Technically not if the flagging is done automatically and no data is preserved elsewhere about your documents.

 

you can probably get around this by just changing your file's extension...

[8tg]

The whole cloud storage thing is cool if you need your stuff across multiple devices, but it’s also distinctly a service of that weird era where HDD’s were getting phased out and SSDs were expensive.

[manikyath]

it's a double edged sword...

yes, it's really touchy with regards to privacy.

but on the flip side, the amount of pirated content hosted on google drive should be scaring the big wigs beyond belief.

 

the problem here is that google cant claim 'they have no idea what users have in their personal onedrive' in the same way some more security-oriented platforms can, because their platform is obviously not user-side encrypted.

 

Just now, Sauron said:

Technically not if the flagging is done automatically and no data is preserved elsewhere about your documents.

 

you can probably get around this by just changing your file's extension...

file extension doesnt mean anything if they just read the headers of the file itself to figure out what it is.

that said... a passworded .7z archive will probably slip right past this..

 

or in other words: this is just a way for google to protect themselves against the lawsuits from movie companies, because they will actually deploy the lawyers in a way that scares google.

[Sauron]

10 minutes ago, manikyath said:

file extension doesnt mean anything if they just read the headers of the file itself to figure out what it is.

A lot of automatic scans like this don't bother doing that, but sure, encrypted archives are the next step if changing the extension doesn't work.

[Radium_Angel]

I got hit by this a year or so ago, trying to upload a small program I had written for myself, very frustrating.

So, I zipped it, password protected it, and it slid right past.

 

[RejZoR]

Just in time for Proton to launch their ProtonDrive, a fully encrypted service. You can host whatever you god damn want and no one has any say on it because it's all end to end encrypted.

 

@manikyath

Just encrypting the 7z archive won't help, you need to also encrypt file names. In which case that might be the flag and not allow it. That was the case for GMail back when I was still using it. First it didn't allow to send EXE files in ZIP archives and then it also didn't allow them in 7z. Even if it was password protected. You also had to encrypt filenames in archive and then it worked.

[Doobeedoo]

There's OneDrive

[Kilrah]

5 minutes ago, James Evens said:

One does not simply open there home network to the internet.

One port on one machine is not "your home network" (unless you don't know how to set it up).

[jagdtigger]

1 hour ago, williamcll said:

Isn't this a privacy violation?

If the storage isnt physically in your home and not running opensource SW forget about privacy.....

[Lightwreather]

3 hours ago, Chiyawa said:

Looks like we need our own private cloud storage. It's easy to set it up these days. Since LTT did a video on setting a NAS PC, why not teach us further on how to get that NAS PC to personal cloud storage PC?

Nextcloud ftw

[StDragon]

Just password protect a large dataset titled porn.zip and the internet will torrent it for you. See? Cloud storage for free.

 

And yes, financial "porn" is a thing for Excel power users. What else were you expecting in that document?

[jagdtigger]

6 minutes ago, StDragon said:

What else were you expecting in that document?

A video?  (You can actually embed files into an excel file.)

[SolarNova]

And this is why you encrypt ur files and give out the key only to those u intend to share it with.

[tkitch]

4 hours ago, RejZoR said:

Just in time for Proton to launch their ProtonDrive, a fully encrypted service. You can host whatever you god damn want and no one has any say on it because it's all end to end encrypted.

 

@manikyath

Just encrypting the 7z archive won't help, you need to also encrypt file names. In which case that might be the flag and not allow it. That was the case for GMail back when I was still using it. First it didn't allow to send EXE files in ZIP archives and then it also didn't allow them in 7z. Even if it was password protected. You also had to encrypt filenames in archive and then it worked.

Encrypted cloud storage already does exist, depending on what you need:

https://tresorit.com/

 

[Radium_Angel]

4 hours ago, Kilrah said:

One port on one machine is not "your home network" (unless you don't know how to set it up).

I'm willing to bet the number of people who *DO* know how to set that up properly, vs the number that *DO NOT*, is very small.

Se misconfigured Amazon Web Buckets in the news for examples.

[jagdtigger]

5 minutes ago, tkitch said:

Encrypted cloud storage already does exist, depending on what you need:

Huh, i pay about half of what they asking for the b2 bucket that stores my backups. Files encrypted on the nas locally before leaving (even the filename) so the provider is 100% in the dark.

[Brooksie359]

6 hours ago, manikyath said:

it's a double edged sword...

yes, it's really touchy with regards to privacy.

but on the flip side, the amount of pirated content hosted on google drive should be scaring the big wigs beyond belief.

 

the problem here is that google cant claim 'they have no idea what users have in their personal onedrive' in the same way some more security-oriented platforms can, because their platform is obviously not user-side encrypted.

 

file extension doesnt mean anything if they just read the headers of the file itself to figure out what it is.

that said... a passworded .7z archive will probably slip right past this..

 

or in other words: this is just a way for google to protect themselves against the lawsuits from movie companies, because they will actually deploy the lawyers in a way that scares google.

Yeah I mean I was wondering if this was to protect against cp showing up on their servers. Didn't that happen to another large company recently? Regardless it's likely to scan for any type of illegal content. 

[WhitetailAni]

Huh.

They didn't flag my Super Timmy Wii ISO, which is mostly Nintendo code.

[suicidalfranco]

what? you still haven't setup your own nextcloud?

[WolframaticAlpha]

6 hours ago, James Evens said:

One does not simply open there home network to the internet.

just do a port forward to a share on a raspi?

46 minutes ago, James Evens said:

But a big step into your network. 

With a storage VPS for like $5 per month there isn't a need to open any port and with the right tools you can keep them synced.

you really need a special type of VPS to get this kind of thing, cuz most of them aren't that economical for storage(correct me if I am wrong)

 

Also, guys, just use mega if you care so much. 

[williamcll]

11 minutes ago, suicidalfranco said:

what? you still haven't setup your own nextcloud?

I'm sure filezilla is enough for me.

[CTR640]

Quote

Isn't this a privacy violation?

Bruh, we're talking about Google. They don't give a rat's ass about your and my privacy. If they want, they will kidnap you and plug your butt for marketing reasons.

[Kisai]

7 hours ago, williamcll said:

 

 

Quotes

 

My thoughts

Isn't this a privacy violation? Then again you could say all the cloud uploading sites are like this.

 

Sources

https://www.techradar.com/news/google-drive-could-soon-start-locking-your-personal-files

https://workspaceupdates.googleblog.com/2021/12/abuse-notification-emails-google-drive.html

Short answer: Yes, it is a privacy violation

Long answer: All the NSWF artists are freaking out now. Again.

 

Realistically, Cloud storage shoots themselves in the foot, especially under enterprise/corporate use if they do this, since this means that Google could see competitors documents. Google at no point should ever be able to determine what a file is.

 

They can however get a hash of what it is from someone else. Abuse images, spam, etc that are flagged by email filters that point to google drive storage can be determined what it is from that.

 

But ultimately there are things that Google Drive, Dropbox, etc are being used for that they shouldn't be used for:

1. Shopify and similar links. If you are selling digital documents, you should be using either S3 or paying $100/mo for a real server somewhere that you control.

2. Enterprise storage. Why are you storing anything on Google Drive, Microsoft OneDrive, Dropbox at all? The point of "OneDrive" may have some special application for Windows, but ultimately pictures of your house and kids should be separate from pictures of security and safety concerns being emailed to your boss.

 

And let's go one further since we are here. Mega, rapidgator, katfile, etc are cloud storage lockers, only used for piracy, and make their money off of selling you "high speed" access and larger file lockers full of pirate materials. There are not very many choices out there to share files that are intended to stick around for long periods of time, just a lot of crappy services that offer crappy service.

 

google, and dropbox are well aware that their services get used as dumpsites for piracy and illegal content.  Many of those "Free tv" kodi apps in fact piggyback off cloud storage links.

 

So on one hand, yes, I agree they shouldn't be blocking anything from being stored in your account, but on the other hand, piracy, spam and abuse images disproportionately affect the service, wasting bandwidth, and allow criminal activity to proliferate if they don't do something.

 

How would this be resolved?

 

Well number 1, don't have the limit on gsuite accounts. Assume that that if someone has gone through the effort of acquiring a name and setting up gsuite, that this is a small business account and not a dumpsite. But also, 2, require responses to abuse@ the domain to be addressed. For non-gsuite accounts, age-out shared links that google finds in search that haven't been whitelisted as intentional. For example, a lot of ML on github links to google drive for the models, and if you aren't logged into google when you download them, the links will "not exist" or give error messages. Legitimate use, would require people to be logged in to download those files, but not everyone is going to have a google account. Likewise, how do you download these files to the headless Linux systems with no web browser?

 

Because it does seem like that google is stuck somewhere between wanting to prevent their system from being abused, but having to violate privacy to actually scan an account for things.