I toss my KeePass file (encrypted database) in Google Drive.
That way I have all the convenience of syncing through the cloud, but I also get the benefit of having my database access and database storage be managed by separate companies.
If Google has a breach and my data gets leaked, sucks, but the database is encrypted so I’m good. If KeePass encryption is broken, sucks, but attackers would also have to find a way to gain access to my Google Drive.
While Google is graded poorly on that site, I don’t really see anything too egregious there. Maybe it’s because I used to work for a lot of software companies so I already know how the “sausage is made” as it were.
They have a clause in there that allows them not to immediately delete my data upon my request (which makes sense in case it was deleted by accident and I wanted to restore it or to comply with law enforcement), another that allows them to use partners to provide services (like cloud providers, though I’d guess they primarily use their own).
They do have one line item saying that they can share my data with third parties (possibly what you’re referring to), but the quote from the privacy policy only says that they publicly share people’s Google searches in aggregated form to provide their “Google search trends” service. This doesn’t/shouldn’t allow them to share my files with anyone.
I toss my KeePass file (encrypted database) in Google Drive.
That way I have all the convenience of syncing through the cloud, but I also get the benefit of having my database access and database storage be managed by separate companies.
If Google has a breach and my data gets leaked, sucks, but the database is encrypted so I’m good. If KeePass encryption is broken, sucks, but attackers would also have to find a way to gain access to my Google Drive.
You don’t need a data breach to be worried if your data is already on google drive.
If it’s properly encrypted they can’t do anything with the data. Storing unencrypted data on Google drive is another story.
Really? Is there any evidence for this? I imagine they’d be open to huge lawsuits if they were exposing user data to any other parties.
I would bet you didn’t read the Terms of Service and/or Privacy Policy when you created your google account. Check out tosdr.org
That’s a great resource! Thanks for sharing.
While Google is graded poorly on that site, I don’t really see anything too egregious there. Maybe it’s because I used to work for a lot of software companies so I already know how the “sausage is made” as it were.
They have a clause in there that allows them not to immediately delete my data upon my request (which makes sense in case it was deleted by accident and I wanted to restore it or to comply with law enforcement), another that allows them to use partners to provide services (like cloud providers, though I’d guess they primarily use their own).
They do have one line item saying that they can share my data with third parties (possibly what you’re referring to), but the quote from the privacy policy only says that they publicly share people’s Google searches in aggregated form to provide their “Google search trends” service. This doesn’t/shouldn’t allow them to share my files with anyone.