Recent News: If VPNs are targeted, cloud accounts could be compromised too Massive brute force attack uses 2.8 million IPs to target VPN devices https://www.bleepingcomputer.com/news/security/massive-brute-force-attack-uses-28-million-ips-to-target-vpn-devices/
this post was submitted on 10 Feb 2025
31 points (97.0% liked)
Ask Lemmy
28210 readers
3415 users here now
A Fediverse community for open-ended, thought provoking questions
Rules: (interactive)
1) Be nice and; have fun
Doxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them
2) All posts must end with a '?'
This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?
3) No spam
Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.
4) NSFW is okay, within reason
Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either [email protected] or [email protected].
NSFW comments should be restricted to posts tagged [NSFW].
5) This is not a support community.
It is not a place for 'how do I?', type questions.
If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email [email protected]. For other questions check our partnered communities list, or use the search function.
6) No US Politics.
Please don't post about current US Politics. If you need to do this, try [email protected] or [email protected]
Reminder: The terms of service apply here too.
Partnered Communities:
Logo design credit goes to: tubbadu
founded 2 years ago
MODERATORS
I use immich with a public proxy as my forward facing solution.
The public proxy helps when I share photos behind a password.
I have a 3 2 1 backup policy with roughly 200tb of total storage. Then I backup in a remote location (6 timezones away) that I also own. The only time I'll lose access to my photos is if the entire world blows up.
Everything is secured using VPN tunnels. Data isn't encrypted at rest for me though, I'd rather assume the risk of someone getting my photos (physical and technical access) than having my encryption mess up. Both are equally low risk, but ones more disastrous.
Thank you for the strategy I appreciate very much all the best
if you absolutely don't want them online, then your 'offsite' part of 3-2-1 backup scheme is going to be something in a different city.. far enough away that the same 'disaster' wouldn't hit both there and your home. either a bank safe deposit box, or family member, or trusted friend.
if I choose to store them online/cloud encrypted / (edit: encrypt first then upload it) ... there’s always the potential for a very near future breaches or compromises
Does this matter? Say you upload your encrypted photo backup to Mega Upload (or whatever) and some unauthorized person gets a copy of your encrypted data. So? It's encrypted? They can't read or see the data?
Are you worried about state actors breaking the encryption?
Not directly the state actors really more to do with the consequences ie common hacks into state actors resources make the data open to misuse and the state actors do not take any responsibility if they are hacked, right!
When an AI system is given access to it , it can uncover hidden patterns or vulnerabilities that humans might miss. This ability can lead to consequences, such as exposing sensitive information or breaking security measures, especially if the data is encrypted or anonymized. AI might also exploit weaknesses in the data, resulting in data breaches, privacy violations, or malicious manipulation. AI could leak personal details or confidential information, leading to significant risks like reputational damage or financial loss. AI to operate beyond traditional oversight makes these risks harder to predict and control.
On one hand, if I choose to store them online/cloud encrypted / (edit: encrypt first then upload it), I face significant privacy concerns. While they might be secure now, there’s always the potential for a very near future breaches or compromises, especially with the evolving risks associated with AI training and data misuse.
Use symmetric encryption.
AES 256 should be safe until you die (edit: actually, it'll probably be safe for a long time after you die)
I mean, the most vulerable part is probably the device you encrypt/decrypt. If your adversary can compromise that and obtain the decryption keys, you're fucked anyways (they can just grab your files from the device at that point and skip the part of getting access to the cloud).
TLDR: Use an encryption program with AES 256 to encrypt the files, and upload to cloud, you're fine. Just don't piss off the NSA/FSB and have they come for your family photos.
My concern: If an AI system is granted access to it, AI can detect patterns or vulnerabilities that humans might overlook, leading to data breaches or exploitation.
How can I effectively balance these privacy, security, and physical risks to ensure the long-term safety and integrity of the FAMILY’S PERSONAL MEMORIES?
Imho you can't and you can. Let me explain:
You need to consider the value of your data for a stranger to steal. I mean, to break encryption one would first need to want to get your specific files and then have the time and money to do that. Unless you're some kind of personality or a criminal of some sort it is unlikely they would be worth the effort.
But what if there is a back door or if encryption stops working tomorrow?
That's a good question, even more so for us Europeans seeing our representatives pushing the idea of putting back doors in encrypted message apps... What will be their next target? Requiring every EU citizen to give some central bureau a copy of passwords and encryption keys even for offline storage and hard drives at home—because, you know, think of all the children! We would be allowed to scan every single file in the country so we can spot any pervert and punish them!
I store all my files encrypted (cloud and local as well) because I worry about unauthorized access (thieves, mostly edit: and data breaches obviously). But I also know here in my country, France, I'm required by the law to give a judge my password if they ask for it. That's fine (a judge needs to ask for it, and then I would obey) and that does not render encryption useless for me... at least for now.
So,
- Encryption does work. That doesn't put anyone above the law but it still is a great protection layer we should all be using.
- If one day politicians make it illegal to use encryption, or install backdoors, or if quantum computing happens, or AI take over our computers, or if aliens arrive from Planet Zyrklump with tech that make our encryption as useful as a pair of sneakers to an oyster... Well, that day, my personal data will stop being digital. It's already one of the reasons I stopped reading ebooks. I want privacy when I read—something I instantly get when I read a printed book. Up until the day it becomes illegal to read in print, I will read in print ;)
Thank you so much for sharing your personal insights and experiences
As for the encryption concern, I’m still at a crossroads regarding the fact that AI’s ability to operate beyond traditional oversight makes these risks more challenging to predict and control
If you don’t mind having to take an extra step to access them and probably not having the convenience of online sharing, you can encrypt your photos/videos before uploading them to online cloud storage.
Regarding the online cloud storage encryption concern, I’m still uncertain, as AI’s capacity to function beyond traditional oversight makes these risks more difficult to predict and manage
Thank you for that, I'm afraid I have mentioned the "encrypted" word in my post :
(ie. if I choose to store them online/cloud encrypted, I face significant privacy concerns. While they might be secure now, there’s always the potential for a very near future breaches or compromises, especially with the evolving risks associated with AI training and data misuse),
but haven't detailed/highlighted/clear enough
Yes "encrypt them first then upload them" is the situation I meant
p.s edited the post now
there’s always the potential for a very near future breaches or compromise
That is a goalpost that will never stop moving. There is always a potential threat and you can never reduce your risk to zero. Right now, encrypting the data yourself before uploading it is your best option outside of encrypting AND hosting the data yourself. You’re basically anticipating that the well-known secure encryption algorithms will eventually be broken, which is not impossible no doubt, but at the moment not likely. You also have to step back and figure out your threat model, in order to come up with an adequate solution.
Recent News: If VPNs are targeted, cloud accounts could be compromised too Massive brute force attack uses 2.8 million IPs to target VPN devices https://www.bleepingcomputer.com/news/security/massive-brute-force-attack-uses-28-million-ips-to-target-vpn-devices/
The attacks in that article pertain to edge devices in corporate networks that they are attempting to hijack to use as proxy/exit nodes. That’s not really related to getting cloud accounts compromised which is not the motive of those attacks. The primary goal is to gain control of those devices and sell/rent them to malicious actors (since traffic coming from known corporate addresses are mostly trusted). I doubt the attackers care about someone’s photos/videos in the cloud. Brute force attacks can be thwarted in several ways, and as the article mentions, just making sure those edge devices are updated and patched with the latest security updates will largely protect them. Besides, any corporation with a competent security team will be able to recognize if their network devices are being used maliciously.
While they might be secure now, there’s always the potential for a very near future breaches or compromises, especially with the evolving risks associated with AI training and data misuse
You're more likely to get a malware on your device and have it steal all your photos, more than AES 256 being broken.
I mean, encryption is not foul proof, but your device is more vulnerable than AES 256. If someone is going to steal your photos, they'll just infect your device(s) with malware, if that happens, it's irrevelent whether you used cloud or local storage, they'll get your data either way.
I completely agree. The potential for breaches is always there, and the goalpost for security is constantly moving. Encrypting data before uploading is a solid strategy, and while encryption algorithms may eventually be broken, Defining the threat model is key to finding the best solution which I cannot find and answer yet
Thank you for the link, do you think I ask the same question there as well or just read the posts there to gain more knowledge on the risks please