The numbers are listed poorly and not put in the correct context, me thinks.
6.5 million documents is nothing compared to the user base of 3 billion, so that is something to keep in mind. Each number given is not clearly compared against the total user base, the total number of public documents or any other condition they listed.
Hell, I can’t even tell if my guess is even accurate. It’s really bad writing and I am not going to download the original report to find out more.
Marbles@discuss.tchncs.de
on 10 Dec 2023 16:26
collapse
After I read some info on their website, I suspect the company sells security software to companies to investigate their own google drive usage. I guess they are reporting accumulated meta information their customers shared.
I dug a little deeper as well and I agree. The author of the link that was posted here just summarizes “papers” released by various security companies. It’s not quality content, but it’s a living for him I suppose. Meh.
Right, Google isn't one to trust. So paid services and clear data handling practices.
Imgonnatrythis@sh.itjust.works
on 10 Dec 2023 18:02
collapse
Paid services doesn’t equal security though. I think box.com has pretty good security and is free. Microsoft paid onedrive is a little sketchy to me. Not a drive service, but 23andme is a good recent example of non ad based services not necessarily being more secure.
TORFdot0@lemmy.world
on 10 Dec 2023 17:05
collapse
If I want my files highly available and open for collaboration, I’d trust Google’s security over rolling my own.
How was that not expected? Give people somewhere to stick files that they don’t want to lose because of a hard drive crash or computer malfunction. Files that they absolutely want backed up somewhere not locally. Files that they may want to get access to while not at home… All those are going to be things like taxes, receipts, medical forms and data, scans of important documents, etc. like, that’s the point.
deaf_fish@lemm.ee
on 10 Dec 2023 15:34
nextcollapse
The first step towards societal change is to admit we have a problem. Studies like this are a necessary first step.
TORFdot0@lemmy.world
on 10 Dec 2023 17:00
collapse
The article is specifically about Business Workspace accounts. The concerning part was that then about 1/3 of the sensitive files were externally shared.
To be honest, the article reads like blogspam for an up-and-coming cyber security newsletter. The “report” is just marketing for a data governance software company.
People putting sensitive documents on their personal Google drive isn’t much of a risk if they follow best security practices securing their Google account.
We share loads of shit externally that are private, but the people we share them with are the people it is relevant too so that stát doesn’t do much.
If I show recruitment information to the recruiters we hire that is an external share of private information.
TORFdot0@lemmy.world
on 10 Dec 2023 18:28
collapse
Like I said it’s a marketing paper for a data governance software company. The numbers are to sell their product to corps that don’t know what their users are sharing, not that there isn’t a reason to share certain data externally.
CrimeDad@lemmy.crimedad.work
on 10 Dec 2023 15:23
nextcollapse
What is the security problem with Google Drive, bad user settings?
Imgonnatrythis@sh.itjust.works
on 10 Dec 2023 16:14
collapse
Please read ToS
CrimeDad@lemmy.crimedad.work
on 10 Dec 2023 17:20
collapse
Okay. I’m not seeing anything obviously problematic here. To which part are you referring?
Imgonnatrythis@sh.itjust.works
on 10 Dec 2023 17:59
collapse
Good for you. Up to your comfort level I guess.
Im not a fan of them looking at my data though. Even though they say “please” I’m still assuming they do (they do).
“We may review content to determine whether it is illegal or violates our policies, and we may remove or refuse to display content that we reasonably believe violates our policies or the law. But that does not necessarily mean that we review content, so please don’t assume that we do”
CrimeDad@lemmy.crimedad.work
on 10 Dec 2023 19:01
collapse
Okay. I thought there was a problem/feature with Google Drive that made it too easy for unauthorized entities to access my files. That’s the impression I get from the article in the OP. If Alphabet is checking my files for compliance reasons, as per the ToS, that is not really a security problem. Maybe there are vulnerabilities with their review process, but I don’t think anyone is making that claim.
bjoern_tantau@swg-empire.de
on 10 Dec 2023 15:46
nextcollapse
This article just reads as an ad for the scanning company.
Also, while it’s possibly true, it’s based off seriously small sample sizes.
key@lemmy.keychat.org
on 10 Dec 2023 18:59
collapse
And sampling bias.
Plus they pick and choose numbers for a more drastic headline. “Sensitive” data is a very broad category, I don’t know what criteria they used but that could be as little as someone’s name being mentioned with a “todo” note. The quarter of a percent mentioned as having a “critical” issue I venture is closer to what most people think of when they read the title. Infosec consultants have a bad habit of inflating numbers until actual risks are lost in the noise.
threaded - newest
TIL over 40% > 34.2%
When will we learn?
Normies are dumb as shit bro…stop expecting things from them.
We won’t and are encouraged to not.
How were they able to analyze 6.5 million files if 0.5% were publicly available? How did they get access to the 99.5% other files?
The numbers are listed poorly and not put in the correct context, me thinks.
6.5 million documents is nothing compared to the user base of 3 billion, so that is something to keep in mind. Each number given is not clearly compared against the total user base, the total number of public documents or any other condition they listed.
Hell, I can’t even tell if my guess is even accurate. It’s really bad writing and I am not going to download the original report to find out more.
After I read some info on their website, I suspect the company sells security software to companies to investigate their own google drive usage. I guess they are reporting accumulated meta information their customers shared.
I dug a little deeper as well and I agree. The author of the link that was posted here just summarizes “papers” released by various security companies. It’s not quality content, but it’s a living for him I suppose. Meh.
.
I would say don't trust free services in general. There are plenty of paid service providers that handle your data well.
TbF I pay for Google drive (but still don’t trust them)
Right, Google isn't one to trust. So paid services and clear data handling practices.
Paid services doesn’t equal security though. I think box.com has pretty good security and is free. Microsoft paid onedrive is a little sketchy to me. Not a drive service, but 23andme is a good recent example of non ad based services not necessarily being more secure.
If I want my files highly available and open for collaboration, I’d trust Google’s security over rolling my own.
Google’s non security you mean, since they can see all your files, and scan them, even zip files.
That’s not secure.
The other 60% were found to be Linux isos.
New study confirms nearly 100% of all data in all cloud storage services and hard drives is actually Linux ISOs. Scientists baffled
How was that not expected? Give people somewhere to stick files that they don’t want to lose because of a hard drive crash or computer malfunction. Files that they absolutely want backed up somewhere not locally. Files that they may want to get access to while not at home… All those are going to be things like taxes, receipts, medical forms and data, scans of important documents, etc. like, that’s the point.
The first step towards societal change is to admit we have a problem. Studies like this are a necessary first step.
The article is specifically about Business Workspace accounts. The concerning part was that then about 1/3 of the sensitive files were externally shared.
To be honest, the article reads like blogspam for an up-and-coming cyber security newsletter. The “report” is just marketing for a data governance software company.
People putting sensitive documents on their personal Google drive isn’t much of a risk if they follow best security practices securing their Google account.
We share loads of shit externally that are private, but the people we share them with are the people it is relevant too so that stát doesn’t do much.
If I show recruitment information to the recruiters we hire that is an external share of private information.
Like I said it’s a marketing paper for a data governance software company. The numbers are to sell their product to corps that don’t know what their users are sharing, not that there isn’t a reason to share certain data externally.
What is the security problem with Google Drive, bad user settings?
Please read ToS
Okay. I’m not seeing anything obviously problematic here. To which part are you referring?
Good for you. Up to your comfort level I guess. Im not a fan of them looking at my data though. Even though they say “please” I’m still assuming they do (they do).
“We may review content to determine whether it is illegal or violates our policies, and we may remove or refuse to display content that we reasonably believe violates our policies or the law. But that does not necessarily mean that we review content, so please don’t assume that we do”
Okay. I thought there was a problem/feature with Google Drive that made it too easy for unauthorized entities to access my files. That’s the impression I get from the article in the OP. If Alphabet is checking my files for compliance reasons, as per the ToS, that is not really a security problem. Maybe there are vulnerabilities with their review process, but I don’t think anyone is making that claim.
<img alt="" src="https://swg-empire.de/pictrs/image/f68bf337-d915-4142-9c05-42a515c1889f.jpeg">
This article just reads as an ad for the scanning company.
Also, while it’s possibly true, it’s based off seriously small sample sizes.
And sampling bias.
Plus they pick and choose numbers for a more drastic headline. “Sensitive” data is a very broad category, I don’t know what criteria they used but that could be as little as someone’s name being mentioned with a “todo” note. The quarter of a percent mentioned as having a “critical” issue I venture is closer to what most people think of when they read the title. Infosec consultants have a bad habit of inflating numbers until actual risks are lost in the noise.