Comment by peoplefromibiza
4 years ago
controversial opinion: as much as everybody knows that China isn't exactly championing the western way of life and western democratic standards, I keep my private files in a Chinese cloud (backups are kept private in a NAS in my house).
Why?
Because they are not in contact with our authorities and, frankly, the chances my private files will be of any interest for Chinese authorities are close to zero.
Not that I have nothing in particular to hide, but as this example proves once again, if life damaging mistakes can happen, they will happen.
You are very naïve.
In a recent comment thread I noted that my father’s generation went from fighting a bitter war with Vietnam to Apple building MacBooks there. My grandfather landed on D-Day and drove Volkswagen Beetles for most of his life.
None of us know what will happen in the future. China could become a close ally. They’re already an existential economic partner.
The only path to real privacy is personal sovereignty. If you don’t control the data it is public. Period.
> You are very naïve.
I am your of the same generation of your father...
My grandfather was already 40 years old when D-Day landed.
> None of us know what will happen in the future
It's safe to assume that it doesn't matter.
You could die tomorrow, so why are you worrying?
> If you don’t control the data it is public
Unless the network is firewalled by Chinese government...
Safety is not about paranoia, but about layers.
car alarms aren't there to make it impossible to steal your car, but only to make it inconvenient for the thief and convince them to steal someone else's car.
> If you don’t control the data it is public. Period.
Funny, censorship (which this case somewhat is) is about making things not public. Though I somewhat agree.
> Because they are not in contact with our authorities and, frankly, the chances my private files will be of any interest for Chinese authorities are close to zero.
The problems that befell the fellow in this story were not due to Google being in contact with the authorities. The authorities unobtrusively investigated, determined that the reports were false positives, and closed the case.
If all Google had done was contact authorities he would have never even known that he was investigated, and there would have been no impact at all on his life.
China has bans in most of the same categories that the US and other western countries do, but typically broader (e.g., they broadly ban pornography). If ISPs there are on the lookout for things China bans you are probably more likely to have a false positive there than with a western ISP.
The question then is a Chinese ISP more likely to overreact on a false positive than a western ISP? I believe China is more likely to hold a business responsible for the bad acts of that businesses customers, which I expect would lead to Chinese businesses being more likely to overreact.
This is the same situation with "private" search engines. Your search query is ironically less likely to be shared with government if you are using Yandex, than with DuckDuckGo that is hosted by Microsoft (before it was even Amazon).
Those countries would love to blackmail you. Just encrypt your data rclone would do that.
> Those countries would love to blackmail you
based on what?
At least is an entire Country that will blackmail me, must think I am really important, not some rando that hacked iCloud to find celebrities boobs and post them online...
> Just encrypt your data rclone would do that.
yeah, but rclone is an offline backup, basically.
cloud storage is for when you need immediate access and search capabilities.
Maybe not you specificially, but for example in the U.S., there are over three million people with security clearances. That's a large pool for an adversary to choose from. Maybe all an adversary needs for one particular mission is to identify a janitor at a facility, go through some of their content to find a nude selfie that they might be embarrased if their family saw, and the adversary says, it would be a shame if your friends, family, and coworkers saw this, just prop open this door, it's just a door...
And there are a million more people who don't have security clearances and work at companies such as Alphabet, Meta, a datacenter, Boeing, etc.
4 replies →
This is fine as long as you don’t plan to travel to China in the future.
Please explain why this is different from traveling to any other country.
I haven't been to the US since they made it legal for custom officers to search travelers' personal electronics without a warrant and deny entry if you refuse, because, thanks but no thanks.
> Please explain why this is different from traveling to any other country.
My guess is that the "trigger" for "any other country" is much higher.
Criticize the US President all you like on every social network: not a problem.
Save a screenshot of Winnie the Pooh: you're playing with fire.
7 replies →
Or to any China-aligned or vassal states, they don't need to bother with complex extradition procedures, they just ask the government 'nicely'. eg https://www.reuters.com/article/us-cambodia-china-uighurs-id...
IIRC both Cambodia (2012) and Thailand (2014) extradited TPB founders. Thailand case was already convicted for "aiding copyright infringement" (ie. pissing off a cabal of private companies) and had skipped bail, nabbed crossing inbound from Laos. Cambodia case was unconvicted and the countries had no extradition treaty, but they nabbed him anyway. Possibly because of alleged Wikileaks affiliation. Democracy in action.
That's an incredibly bad idea, you are exposing yourself to a lot more risk, than using a western cloud.
They are not in contact with our authorities, until they decide they want to. It's not like you are a Chinese factory owner making counterfeit wranglers, I doubt they would deny any kind of request from a western government about a westerner.
Your access to the service is also under risk, at any time there could be a breakdown of relations leaving you unable to pay for the service, that would have happened already, if you had chosen Russia instead of China.
Your behavior also looks suspicious to the western intelligence apparatus. Sending potentially terabytes to Chinese servers as a private individual may very well put you on their radar.
As others have noted you are setting yourself up as a prime candidate for an intelligence asset, they could at any point blackmail you to perform any action they want.
With what would they blackmail you? The terrabytes of CSAM they could at any point plant in your account. Do you think they would be above doing that, if they had anything to gain and were aware that you exist? Or do you think your Chinese provider would require a court order to give you up? Your entire bet is that they don't know that you exist.
My main point as advice to others mostly is you shouldn't put your self in the hands of your adversary.
I don't even know how you trust their software to run on your system.
PS: If you think all these are farfetched and paranoid, I will remind you that China routinely takes hostages to achieve diplomatic concessions https://en.wikipedia.org/wiki/Hostage_diplomacy#China
TBH my worry in this sort of setup is China cutting you off. Say tensions increase and the CCP throws down a decree that says all Chinese sites must block themselves from being reached by the US/Western Countries.
Can you recommend you provider? I've been wanting to do the same thing for a while.
can't edit the post anymore
My future proof solution will be hosting my data on bare metal in Iceland.
They are quite serious about data privacy.
This. China, unlike the U.S., is not gonna ask other countries to extradite me if they ever find me in violation of whatever bullshit law they have.
That's because it would be largely ineffective. States use the powers they have.
Although the US apparently does not have an extradition treaty with China, a DDG search for:
china extradited from us
Produces many independent cases of China successfully extraditing suspects from the US and vice versa.