Cutting through some of the fear mongering.
Every time I post something about using the cloud, I hear from people who worry that their uploaded data is being used for nefarious purposes.
I want to address some of those objections.
Major cloud services don’t spy on your files, claim them, or feed them to AI. Companies can see your data, but only to run the service. To stay fully private, encrypt your files before you upload them.
Objection #1: They can see my data!
Of course they can. You’re copying your files to their servers.
The question is not whether they can see your data — they have to to provide the service you’re using — it’s whether or not they use that ability for things you didn’t agree to.
Help keep it going by becoming a Patron.
Objection #2: They’re scanning my data!
Some do. Specifically:
- Some cloud providers search for CSAM (Child Sexual Abuse Material).
- Some governments enforce searches for threats, perhaps to specific individuals like the president.
In both cases, due to the volume of data involved, these are automated processes that, presumably, report suspicious findings to a human.1
Here’s a relevant section from Microsoft’s Privacy Statement:
For example, some of our products, such as Outlook.com or OneDrive, systematically scan content in an automated manner to identify suspected spam, viruses, abusive actions, or URLs that have been flagged as fraud, phishing, or malware links; and we reserve the right to block delivery of a communication or remove content if it violates our terms.
First, I’m totally OK with that as it applies to the data I upload to cloud services.
Second, there are simple ways to avoid it if you feel the need. More on that in a second.
Related
Yes, You Can Use the Cloud Safely — Here’s How
Cloud storage is one of the most useful tools around, but it brings two real risks along for the ride.#128296
Objection #3: Cloud providers are claiming ownership of my files!
No. They. Are. Not.
The Microsoft Services Agreement is quite explicit about this:
We don’t claim ownership of Your Content. Your Content remains yours and you are responsible for it.
This objection usually results from misreading or misunderstanding other wording in a provider’s terms of service. Here’s an example from Microsoft’s terms of service:
To the extent necessary to provide the Services to you and others, to protect you and the Services, and to improve Microsoft products and services, you grant to Microsoft a worldwide and royalty-free intellectual property license to use Your Content, for example, to make copies of, retain, transmit, reformat, display, and distribute via communication tools Your Content on the Services.
This does not grant Microsoft the right to do whatever it wants with your content. The wording is specific: “To the extent necessary to provide the Services”. Microsoft needs to be able to copy your files around on their servers, back them up, and whatever else is required to provide the service you’re using — and nothing else.
Objection #4: They’re using my data to train their AI!
This is perhaps the most difficult to pin down. I ended up asking Claude to analyze Microsoft’s Privacy Statement and the Microsoft Services Agreement, both of which are massive documents2.
Claude AI:
Files just sitting in OneDrive — not training data. The Privacy Statement describes OneDrive document handling as processing your documents so you can retrieve, edit, forward, or delete them “at your direction as part of the service.” That sits under “provide our products,” not under model training. Storing a file doesn’t feed it to a training pipeline.
If there’s controversy at all, it’s that there’s no simple and clear “We don’t use your data to train AI” statement equivalent to the “We don’t claim ownership of Your Content” statement.
Personally, even if Microsoft is using my OneDrive documents to train their AI, I’m OK with it. Training does not mean they’re copying my documents wholesale into some massive repository. Much like a spam filter, they’re using it to update the rules contained within the LLM (Large Language Model) behind the AI.
I know not everyone feels that way, for a variety of reasons.
Avoiding the objections
One of my frustrations about all of these objections (besides the fact that they’re wrong) is that it’s so easy to address them all and continue to use cloud storage.
Encrypt.
Using a tool like Cryptomator, you can encrypt the data you store in the cloud. Once encrypted, the service can see that you’ve uploaded encrypted files, but cannot see the contents.
- They can’t see your encrypted data.
- They can’t scan your encrypted data.
- They can’t use your encrypted data to train AI.
You continue to get all the benefits of cloud storage, like off-site backups, synchronization across all your PCs, and more, but you retain complete control over who can and cannot see your data.
Encrypted data also protects you from account hacks, because hackers can’t see what’s in your encrypted data either.
Related
On Trusting and Not Trusting Microsoft
Worried Microsoft is peeking at your files in OneDrive? The truth is more complicated and perhaps surprising. I’ll look at what scanning really means, why avoiding OneDrive may not be enough, and how trust in Microsoft’s products comes down to risk, reality, and choice.#184360
All providers are the same and yet different
I’ve used Microsoft and OneDrive as examples, but the concepts apply to so much more.
For example, these concerns could be raised about every online service you might use, not just cloud storage. This includes email. If you’re using email from Microsoft (or Google, Yahoo, or any of a thousand other providers), then all of the objections above could be raised… and all of my responses would still apply.
And, naturally, this applies to all the providers, not just Microsoft. Each has its own privacy policy and terms of service, but by and large, most fall into the same situation: they’re not using your data for the things some raise alarms about. And even if they do, most are up front about it in those policy documents (even if you do need an AI to interpret it for you).
Subject to change
One important thing to point out is that this is an ever-changing landscape, particularly when it comes to AI. Microsoft, Google, and the other providers can change their terms of service and privacy policies at will. I don’t think it’s in their best interest to, say, suddenly start scanning cloud documents to train AI, as that would certainly earn negative publicity. But that being said, all of these organizations have occasionally acted in ways that seem counter to their best interests at the time.
One important caveat is that I’ve been talking about the consumer side of things. Businesses and large enterprises typically operate under a different set of terms and policies.
Do this
Use cloud storage. Or not.
My goal here isn’t to convince you to use cloud storage services like OneDrive, Dropbox, Google Drive, or others. My goal is to help you decide based on an accurate assessment of the risks as applied to your situation. As you’ve seen, I feel many of the popular objections are incorrect. Hopefully, with those objections clarified, you can make a decision that’s right for you.
As for me, I’m all in on cloud storage; it’s a cornerstone of how I operate.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
the thing that bothers me most is it`s always our terms of service, which they can change at any time and we have to agree to.
Objection #3: “Cloud providers are claiming ownership of my files!”
That’s a claim many posts are accusing Facebook and other websites of. It’s a viral urban legend.
Again “No. They. Are. Not.“
To anyone skeptical about storing files in OneDrive, try out Cryptomator. Once Cryptomator is setup and you start moving files and folders into the Cryptomator vault, you will get all sorts of warnings about a ransomware attack from Microsoft as the files are being encrypted and offers to restore your files. Microsoft knows files are being encrypted but can’t read them.
Google doesn’t do that with Google Drive, which tells me that Google doesn’t scan files for malware the same way Microsoft scans files in OneDrive or has a means to recover files other than from the trash folder. Since I mirror my files in Google Drive (files are always on my computer as well as on Google’s servers), I’m not concerned about it.
Yes, Leo mentioned Cryptomator in this article and has written several articles on Cryptomator.
They don’t have to scan files for malware to to that. All they need to do is notice that “a lot” of files are changing (or being deleted) in a short span of time. That alone is enough to trigger concerns about malware or ransomware.
Sorry, but some cynicism is warranted.
“Major cloud services don’t spy on your files, claim them, or feed them to AI …”
How could you possibly know this to be fact?
But they told me it was OK ….
But I asked AI …
But everyone obeys laws …
But corporations never lie …
But the 10000 page User Agreement was written for my benefit …
So, Mr Leo, not only are you the most uninteresting person, you’re also most trusting person in computerdom. Regardless, people aren’t going to stop using the cloud, no matter what.
Leo, do you encrypt Files sent to the cloud?
Yes and no. Sensitive files, absolutely, with Cryptomator. Other files, no.
My objection? It’s another avoidable expense. Every cloud provider’s app, widget, or interface applies default settings that store certain of you data in their cloud automatically. The amount of free storage they provide is limited and sized so nearly any regular user will run out of ‘free’ space in less than a year.
You are now faced with the choices of a) paying, b) regularly deleting enough stored content to keep under the limit, c) downloading everything and closing the account. A lot of people end up paying to store the digital equivalent of pocket lint.
My two cents
You can use several free tier cloud service providers. Keep some files in each. There’s no perceptible difference in bandwidth, as those services consume only a few milliseconds every few minutes polling for changes, and a tiny unnoticeable hit to CPU and disk access.
Ask Leo! Bronze subscribers, see this Tip.
https://askleo.com/tip-day-stretch-free-cloud-storage-across-providers/
Similarly to Leo, I’ve heard all the objections (many of which I consider to be conspiracy theories) to using the cloud for storing my files offsite, but unlike Leo, I’ve adopted a service that addresses most, if not all of the objections that concern my very skeptical mind. For me, that solution is mega.nz. If you’re interested, see the variety of services they offer along with cost on their mega.io website (https://mega.io/).
OneDrive was my initial experience with the use of cloud storage, and it was fine until Microsoft began to very aggressively try to induce me to ‘expand’ my storage for a price, or ‘back up my files without informing me of potential pitfalls, not to mention how easy it was to exceed their 5GB free storage limit. Their behavior is what prompted me to seek more viable alternatives, combined with my skeptical approach to everything on the Internet.
My soul source of income is Social Security Disability, so I must carefully plan how I use the financial resources at my disposal. Most of the cloud services I’ve investigated offer too little or no free storage, and will end up costing more than I can afford. Few of them provide for zero knowledge, end to end encryption, so I cannot trust that they will not misuse the data I store with them, or that my data will remain safe from data breaches/site incursions. Finally, I want to become as free of dependence on Microsoft products as possible in the event I become so alienated by their money-grubbing corporate tendencies that I’ve seen in action over the years that I end up dropping them and their services all together.
Now, don’t get me wrong. I really like Windows, including Windows 11 Pro 25H2 (the version I’m currently using), but I like Garuda Mokka Linux as well, and at present there is little to prevent me from abandoning Windows all together other than how much I enjoy using it, combined with the satisfaction I get from overcoming yet another limitation they’ve placed on their OS, or thwarted yet another source of unwanted advertising they constantly embed into it.
Even though Microsoft has embarked on an effort to address many of the concerns users have been complaining about for more than a decade, as far as I’m concerned, we’ve seen them attempt to ‘change their ways’, only to revert to what I’ve come to view as their native, corporate, financially motivated character. While I have no objection to corporations operating at a reasonable profit, I do object to them placing profit above integrity, and as an outsider, I’ve noticed indications that Microsoft tends in that direction until something happens to at least temporarily alter it. My initial observation was the FTC (or was it the DOJ) investigation and prosecution effort during the Balmer years, then in 2015 the release of Windows 10 and the establishment of the Windows Insiders program which coincided with Satya Nadella becoming CEO at Microsoft, and now the exodus to GNU/Linux, at least partially fuelled by the sun-setting of Windows 10.
Your thoughts?
Ernie
No matter what people say there’s no Linux distro that matches the aesthetic of Windows or Mac OS. Negative comments from Linux lovers will be deleted. (Just kidding. Fire away. 😉 )
First, I don’t need the Cloud. I do my own local backups: one every morning to a permanently connected SSD, and one every week to a disconnected (after backup) spinner drive. My full EaseUS backup is ~150GB, and my daily differential backups vary between 6 and 18GB so I don’t have a lot of changing data. As well as that I do (almost) daily & weekly differential backups via FreeFileSync, which is an excellent free software for copying whole folders.
Second, I don’t, and never will, trust them. As Glen says, they can change the terms of service.
Third, nobody ever seems to think that the cloud storage operators might get hacked. I would have thought they were just as vulnerable as any other mob.
Cloud only backup is a terrible idea, but supplementing system image and incremental backups with the cloud gives you an extra layer of protection in case all your electronics go up in smoke. It also syncs all my devices. Before using paid Dropbox and later OneDrive, I’d have to keep my home computer on 24/7 when I travel. It also helps me recover file I deleted the same day, because cloud services have a recycle bin.
Encrypting my cloud files protects against hackers and nosey employees.