Dear Friends,
I just wanted to take a moment to sincerely thank you everyone for your incredibly thoughtful and detailed responses for the films in general, while I find myself in a difficult situation when it comes to safeguarding the PERSONAL FAMILY PHOTOS and VIDEOS.
- On one hand, if I choose to store them online/cloud encrypted / (edit: encrypt first then upload it), I face significant privacy concerns. While they might be secure now, there’s always the potential for a very near future breaches or compromises, especially with the evolving risks associated with AI training and data misuse.
The idea of the personal moments being used in ways I can’t control or predict is deeply unsettling.
- On the other hand, keeping these files offline doesn’t feel like a perfect solution either. There are still considerable risks of losing them due to physical damage, especially since I live in an area prone to earthquakes. The possibility of losing IRREPLACEABLE MEMORIES due to natural disasters or other unforeseen events is always a WORRY.
How can I effectively balance these privacy, security, and physical risks to ensure the long-term safety and integrity of the FAMILY’S PERSONAL MEMORIES?
Are there strategies or solutions that can protect them both digitally and physically, while minimizing these threats?
I use immich with a public proxy as my forward facing solution.
The public proxy helps when I share photos behind a password.
I have a 3 2 1 backup policy with roughly 200tb of total storage. Then I backup in a remote location (6 timezones away) that I also own. The only time I’ll lose access to my photos is if the entire world blows up.
Everything is secured using VPN tunnels. Data isn’t encrypted at rest for me though, I’d rather assume the risk of someone getting my photos (physical and technical access) than having my encryption mess up. Both are equally low risk, but ones more disastrous.
Thank you for the strategy I appreciate very much all the best
if you absolutely don’t want them online, then your ‘offsite’ part of 3-2-1 backup scheme is going to be something in a different city… far enough away that the same ‘disaster’ wouldn’t hit both there and your home. either a bank safe deposit box, or family member, or trusted friend.
if I choose to store them online/cloud encrypted / (edit: encrypt first then upload it) … there’s always the potential for a very near future breaches or compromises
Does this matter? Say you upload your encrypted photo backup to Mega Upload (or whatever) and some unauthorized person gets a copy of your encrypted data. So? It’s encrypted? They can’t read or see the data?
Are you worried about state actors breaking the encryption?
Not directly the state actors really more to do with the consequences ie common hacks into state actors resources make the data open to misuse and the state actors do not take any responsibility if they are hacked, right!
When an AI system is given access to it , it can uncover hidden patterns or vulnerabilities that humans might miss. This ability can lead to consequences, such as exposing sensitive information or breaking security measures, especially if the data is encrypted or anonymized. AI might also exploit weaknesses in the data, resulting in data breaches, privacy violations, or malicious manipulation. AI could leak personal details or confidential information, leading to significant risks like reputational damage or financial loss. AI to operate beyond traditional oversight makes these risks harder to predict and control.
On one hand, if I choose to store them online/cloud encrypted / (edit: encrypt first then upload it), I face significant privacy concerns. While they might be secure now, there’s always the potential for a very near future breaches or compromises, especially with the evolving risks associated with AI training and data misuse.
Use symmetric encryption.
AES 256 should be safe until you die (edit: actually, it’ll probably be safe for a long time after you die)
I mean, the most vulerable part is probably the device you encrypt/decrypt. If your adversary can compromise that and obtain the decryption keys, you’re fucked anyways (they can just grab your files from the device at that point and skip the part of getting access to the cloud).
TLDR: Use an encryption program with AES 256 to encrypt the files, and upload to cloud, you’re fine. Just don’t piss off the NSA/FSB and have they come for your family photos.
My concern: If an AI system is granted access to it, AI can detect patterns or vulnerabilities that humans might overlook, leading to data breaches or exploitation.
If you don’t mind having to take an extra step to access them and probably not having the convenience of online sharing, you can encrypt your photos/videos before uploading them to online cloud storage.
Regarding the online cloud storage encryption concern, I’m still uncertain, as AI’s capacity to function beyond traditional oversight makes these risks more difficult to predict and manage
Thank you for that, I’m afraid I have mentioned the “encrypted” word in my post :
(ie. if I choose to store them online/cloud encrypted, I face significant privacy concerns. While they might be secure now, there’s always the potential for a very near future breaches or compromises, especially with the evolving risks associated with AI training and data misuse),
but haven’t detailed/highlighted/clear enough
Yes “encrypt them first then upload them” is the situation I meant
p.s edited the post now
there’s always the potential for a very near future breaches or compromise
That is a goalpost that will never stop moving. There is always a potential threat and you can never reduce your risk to zero. Right now, encrypting the data yourself before uploading it is your best option outside of encrypting AND hosting the data yourself. You’re basically anticipating that the well-known secure encryption algorithms will eventually be broken, which is not impossible no doubt, but at the moment not likely. You also have to step back and figure out your threat model, in order to come up with an adequate solution.
Recent News: If VPNs are targeted, cloud accounts could be compromised too Massive brute force attack uses 2.8 million IPs to target VPN devices https://www.bleepingcomputer.com/news/security/massive-brute-force-attack-uses-28-million-ips-to-target-vpn-devices/
The attacks in that article pertain to edge devices in corporate networks that they are attempting to hijack to use as proxy/exit nodes. That’s not really related to getting cloud accounts compromised which is not the motive of those attacks. The primary goal is to gain control of those devices and sell/rent them to malicious actors (since traffic coming from known corporate addresses are mostly trusted). I doubt the attackers care about someone’s photos/videos in the cloud. Brute force attacks can be thwarted in several ways, and as the article mentions, just making sure those edge devices are updated and patched with the latest security updates will largely protect them. Besides, any corporation with a competent security team will be able to recognize if their network devices are being used maliciously.
deleted by creator
While they might be secure now, there’s always the potential for a very near future breaches or compromises, especially with the evolving risks associated with AI training and data misuse
You’re more likely to get a malware on your device and have it steal all your photos, more than AES 256 being broken.
I mean, encryption is not foul proof, but your device is more vulnerable than AES 256. If someone is going to steal your photos, they’ll just infect your device(s) with malware, if that happens, it’s irrevelent whether you used cloud or local storage, they’ll get your data either way.
I completely agree. The potential for breaches is always there, and the goalpost for security is constantly moving. Encrypting data before uploading is a solid strategy, and while encryption algorithms may eventually be broken, Defining the threat model is key to finding the best solution which I cannot find and answer yet
Recent News: If VPNs are targeted, cloud accounts could be compromised too Massive brute force attack uses 2.8 million IPs to target VPN devices https://www.bleepingcomputer.com/news/security/massive-brute-force-attack-uses-28-million-ips-to-target-vpn-devices/
Thank you for the link, do you think I ask the same question there as well or just read the posts there to gain more knowledge on the risks please
