Common Cloud Objections: Yes, They Can See Your Data. No, You Shouldn’t Panic.

Cutting through some of the fear mongering.

by

Many people fear their files stored in the cloud get scanned, stolen, or used to train AI. I'll break down the most common objections and share how easy it is to keep your data private.
A Corgi in a press-conference setting, promoting the use of cloud storage, taking questions from a small crowd of people.
(Image: Gemini)

Every time I post something about using the cloud, I hear from people who worry that their uploaded data is being used for nefarious purposes.

I want to address some of those objections.

TL;DR:

Major cloud services don’t spy on your files, claim them, or feed them to AI. Companies can see your data, but only to run the service. To stay fully private, encrypt your files before you upload them.

Objection #1: They can see my data!

Of course they can. You’re copying your files to their servers.

The question is not whether they can see your data — they have to to provide the service you’re using — it’s whether or not they use that ability for things you didn’t agree to.

Ask Leo! is Ad-Free!
Help keep it going by becoming a Patron.

Objection #2: They’re scanning my data!

Some do. Specifically:

  • Some cloud providers search for CSAM (Child Sexual Abuse Material).
  • Some governments enforce searches for threats, perhaps to specific individuals like the president.

In both cases, due to the volume of data involved, these are automated processes that, presumably, report suspicious findings to a human.1

Here’s a relevant section from Microsoft’s Privacy Statement:

For example, some of our products, such as Outlook.com or OneDrive, systematically scan content in an automated manner to identify suspected spam, viruses, abusive actions, or URLs that have been flagged as fraud, phishing, or malware links; and we reserve the right to block delivery of a communication or remove content if it violates our terms.

First, I’m totally OK with that as it applies to the data I upload to cloud services.

Second, there are simple ways to avoid it if you feel the need. More on that in a second.

Related


Yes, You Can Use the Cloud Safely — Here’s How

 Cloud storage is one of the most useful tools around, but it brings two real risks along for the ride.
#128296

Objection #3: Cloud providers are claiming ownership of my files!

No. They. Are. Not.

The Microsoft Services Agreement is quite explicit about this:

We don’t claim ownership of Your Content. Your Content remains yours and you are responsible for it.

This objection usually results from misreading or misunderstanding other wording in a provider’s terms of service. Here’s an example from Microsoft’s terms of service:

To the extent necessary to provide the Services to you and others, to protect you and the Services, and to improve Microsoft products and services, you grant to Microsoft a worldwide and royalty-free intellectual property license to use Your Content, for example, to make copies of, retain, transmit, reformat, display, and distribute via communication tools Your Content on the Services.

This does not grant Microsoft the right to do whatever it wants with your content. The wording is specific: “To the extent necessary to provide the Services”. Microsoft needs to be able to copy your files around on their servers, back them up, and whatever else is required to provide the service you’re using — and nothing else.

Objection #4: They’re using my data to train their AI!

This is perhaps the most difficult to pin down. I ended up asking Claude to analyze Microsoft’s Privacy Statement and the Microsoft Services Agreement, both of which are massive documents2.

Claude AI:

Files just sitting in OneDrive — not training data. The Privacy Statement describes OneDrive document handling as processing your documents so you can retrieve, edit, forward, or delete them “at your direction as part of the service.” That sits under “provide our products,” not under model training. Storing a file doesn’t feed it to a training pipeline.

If there’s controversy at all, it’s that there’s no simple and clear “We don’t use your data to train AI” statement equivalent to the “We don’t claim ownership of Your Content” statement.

Personally, even if Microsoft is using my OneDrive documents to train their AI, I’m OK with it. Training does not mean they’re copying my documents wholesale into some massive repository.  Much like a spam filter, they’re using it to update the rules contained within the LLM (Large Language Model) behind the AI.

I know not everyone feels that way, for a variety of reasons.

Avoiding the objections

One of my frustrations about all of these objections (besides the fact that they’re wrong) is that it’s so easy to address them all and continue to use cloud storage.

Encrypt.

Using a tool like Cryptomator, you can encrypt the data you store in the cloud. Once encrypted, the service can see that you’ve uploaded encrypted files, but cannot see the contents.

  • They can’t see your encrypted data.
  • They can’t scan your encrypted data.
  • They can’t use your encrypted data to train AI.

You continue to get all the benefits of cloud storage, like off-site backups, synchronization across all your PCs, and more, but you retain complete control over who can and cannot see your data.

Encrypted data also protects you from account hacks, because hackers can’t see what’s in your encrypted data either.

Related


On Trusting and Not Trusting Microsoft

 Worried Microsoft is peeking at your files in OneDrive? The truth is more complicated and perhaps surprising. I’ll look at what scanning really means, why avoiding OneDrive may not be enough, and how trust in Microsoft’s products comes down to risk, reality, and choice.
#184360

All providers are the same and yet different

I’ve used Microsoft and OneDrive as examples, but the concepts apply to so much more.

For example, these concerns could be raised about every online service you might use, not just cloud storage. This includes email. If you’re using email from Microsoft (or Google, Yahoo, or any of a thousand other providers), then all of the objections above could be raised… and all of my responses would still apply.

And, naturally, this applies to all the providers, not just Microsoft. Each has its own privacy policy and terms of service, but by and large, most fall into the same situation: they’re not using your data for the things some raise alarms about. And even if they do, most are up front about it in those policy documents (even if you do need an AI to interpret it for you).

Subject to change

One important thing to point out is that this is an ever-changing landscape, particularly when it comes to AI. Microsoft, Google, and the other providers can change their terms of service and privacy policies at will. I don’t think it’s in their best interest to, say, suddenly start scanning cloud documents to train AI, as that would certainly earn negative publicity. But that being said, all of these organizations have occasionally acted in ways that seem counter to their best interests at the time.

One important caveat is that I’ve been talking about the consumer side of things. Businesses and large enterprises typically operate under a different set of terms and policies.

Do this

Use cloud storage. Or not.

My goal here isn’t to convince you to use cloud storage services like OneDrive, Dropbox, Google Drive, or others. My goal is to help you decide based on an accurate assessment of the risks as applied to your situation. As you’ve seen, I feel many of the popular objections are incorrect. Hopefully, with those objections clarified, you can make a decision that’s right for you.

As for me, I’m all in on cloud storage; it’s a cornerstone of how I operate.

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio

Play

Download (right-click, Save-As) (Duration: 9:22 — 8.7MB)

Subscribe: RSS

Related Video

Footnotes & References

1: Though there are stories of actions being taken without human intervention as well.

2: This is a great use case for AI: feed it massive documents and then ask it questions about them.

5 comments on “Common Cloud Objections: Yes, They Can See Your Data. No, You Shouldn’t Panic.”

  1. the thing that bothers me most is it`s always our terms of service, which they can change at any time and we have to agree to.

    Reply

  3. To anyone skeptical about storing files in OneDrive, try out Cryptomator. Once Cryptomator is setup and you start moving files and folders into the Cryptomator vault, you will get all sorts of warnings about a ransomware attack from Microsoft as the files are being encrypted and offers to restore your files. Microsoft knows files are being encrypted but can’t read them.
    Google doesn’t do that with Google Drive, which tells me that Google doesn’t scan files for malware the same way Microsoft scans files in OneDrive or has a means to recover files other than from the trash folder. Since I mirror my files in Google Drive (files are always on my computer as well as on Google’s servers), I’m not concerned about it.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Additional information is available at https://askleo.com/creative-commons-license/.