• o_o
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    1
    ·
    1 year ago

    I toss my KeePass file (encrypted database) in Google Drive.

    That way I have all the convenience of syncing through the cloud, but I also get the benefit of having my database access and database storage be managed by separate companies.

    If Google has a breach and my data gets leaked, sucks, but the database is encrypted so I’m good. If KeePass encryption is broken, sucks, but attackers would also have to find a way to gain access to my Google Drive.

    • geoma@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      You don’t need a data breach to be worried if your data is already on google drive.

      • DeadDjembe@midwest.social
        link
        fedilink
        English
        arrow-up
        10
        ·
        1 year ago

        If it’s properly encrypted they can’t do anything with the data. Storing unencrypted data on Google drive is another story.

      • o_o
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        Really? Is there any evidence for this? I imagine they’d be open to huge lawsuits if they were exposing user data to any other parties.

        • geoma@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I would bet you didn’t read the Terms of Service and/or Privacy Policy when you created your google account. Check out tosdr.org

          • o_o
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            That’s a great resource! Thanks for sharing.

            While Google is graded poorly on that site, I don’t really see anything too egregious there. Maybe it’s because I used to work for a lot of software companies so I already know how the “sausage is made” as it were.

            They have a clause in there that allows them not to immediately delete my data upon my request (which makes sense in case it was deleted by accident and I wanted to restore it or to comply with law enforcement), another that allows them to use partners to provide services (like cloud providers, though I’d guess they primarily use their own).

            They do have one line item saying that they can share my data with third parties (possibly what you’re referring to), but the quote from the privacy policy only says that they publicly share people’s Google searches in aggregated form to provide their “Google search trends” service. This doesn’t/shouldn’t allow them to share my files with anyone.