<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Agreed, I think there's a significant distinction between
free/"token payment" user grade "cloud storage" (iCloud, google
drive, consumer onedrive etc) and business grade object storage
(AWS S3, Azure Storage, Google Cloud Storage, Wasabi, etc etc).
I'd want to check the references in your article to see exactly
which "Google" services they are talking about.<br>
</p>
<p>Not having seen the article, its is not necessarily "FUD", but
perhaps highlights that the free consumer services may analyse the
data to provide searching or other convenience features, as well
as perhaps extracting data to improve advertising to cover the
cost of the free service.<br>
</p>
<p>AWS maintains data security certifications/accreditation,
frequently audits their infrastructure. They use their KMS service
to maintain encryption at rest keys that only your account has
access to. I'm sure Azure and Google Cloud do much the same.</p>
<p>I can also confirm that AWS S3 stores objects only in the region
you specify (by default replicated to multiple sites (availability
zones) in the same region, I think you can now also set up
automated replication to other regions). I'm also sure Azure lets
you specify where data resides (though note Azure/AWS terminology
around regions/zones are very different). Both allow organisations
to meet their data residency requirements.</p>
<p><a class="moz-txt-link-freetext" href="https://aws.amazon.com/compliance/">https://aws.amazon.com/compliance/</a><br>
<a class="moz-txt-link-freetext" href="https://azure.microsoft.com/en-au/overview/trusted-cloud/compliance/">https://azure.microsoft.com/en-au/overview/trusted-cloud/compliance/</a><br>
<a class="moz-txt-link-freetext" href="https://cloud.google.com/security/compliance">https://cloud.google.com/security/compliance</a><br>
</p>
On 25/10/20 3:58 pm, James Hodgkinson wrote:<br>
<blockquote type="cite"
cite="mid:a8a9a9d3-433e-4e4d-8a3e-ae1bb7feb47e@www.fastmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title></title>
<style type="text/css">p.MsoNormal,p.MsoNoSpacing{margin:0}</style>
<div>Pretty sure the user stuff gets parsed, like google drive and
photos - I'd be very surprised if they messed with the
object/disk storage...<br>
</div>
<div style="font-family:"Times New Roman", times,
serif;"><br>
</div>
<div style="font-family:"Times New Roman", times,
serif;">James</div>
<div style="font-family:"Times New Roman", times,
serif;"><br>
</div>
<div style="font-family:"Times New Roman", times,
serif;">On 2020-10-25 14:42 Matthew Scutter wrote:<br>
</div>
<blockquote type="cite" id="qt" style="">
<div dir="ltr">
<div>Going to call a [citation needed] on that, because it
reeks of FUD to me.<br>
</div>
<div><br>
</div>
<div class="qt-gmail_quote">
<div dir="ltr" class="qt-gmail_attr">On Sun, Oct 25, 2020 at
1:11 PM Kai <<a href="mailto:vk6ksj@westnet.com.au"
moz-do-not-send="true">vk6ksj@westnet.com.au</a>>
wrote:<br>
</div>
<blockquote class="qt-gmail_quote"
style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,
204, 204);padding-left:1ex;">
<div>Hi folks,<br>
</div>
<div> <br>
</div>
<div> Thank you for all the feedback, greatly appreciated.<br>
</div>
<div> <br>
</div>
<div> I read an article yesterday which said that in the
same way that GMail <br>
</div>
<div> parses email content for AI learning and targeting
ads, that Google <br>
</div>
<div> cloud storage may also index content, including
facial recognition, with <br>
</div>
<div> any photo's, for behaviour learning and targeted
ads.<br>
</div>
<div> That's one of the reasons I'm not keen to store data
on Google cloud. <br>
</div>
<div> They're on a need-to-know basis with my activities.<br>
</div>
<div> <br>
</div>
<div> Does anyone know if Microsoft, AWS or other
providers may allow <br>
</div>
<div> themselves access to stored files?<br>
</div>
<div> <br>
</div>
<div> On 25/10/20 10:25 am, Jacob Taylor wrote:<br>
</div>
<div> > An important question to ask is whether you
require file storage or <br>
</div>
<div> > object storage.<br>
</div>
<div> > <br>
</div>
<div> > While the S3 portal provides a veneer of a
filesystem-style hierarchy, <br>
</div>
<div> > S3 is really a key-value object store. If you
build an application on S3 <br>
</div>
<div> > but use filesystem-style queries ("list all
files in a directory" as an <br>
</div>
<div> > example), it can end up being very costly.<br>
</div>
<div> > <br>
</div>
<div> > If you just want a place to upload big files,
such as backups, VMs, <br>
</div>
<div> > images, and videos, then S3 is ideal.<br>
</div>
<div> > <br>
</div>
<div> > If you are looking for something that requires
a file hierarchy, then it <br>
</div>
<div> > might not be appropriate.<br>
</div>
<div> > <br>
</div>
<div> > To reiterate what Shaun says, the data you put
in an S3 bucket mastered <br>
</div>
<div> > in the Sydney region (ap-southeast-2) *will not
be stored elsewhere* <br>
</div>
<div> > unless you explicitly want it to (via
cross-region replication or other <br>
</div>
<div> > sync methods).<br>
</div>
<div> > <br>
</div>
<div> > To go into more detail on encryption options:<br>
</div>
<div> > <br>
</div>
<div> > * Server Side Encryption (SSE): Encryption is
done in the S3 service<br>
</div>
<div> > itself, you upload/download in plaintext.
Comes in a few flavours,<br>
</div>
<div> > but they all use the same
algorithm (AES-256):<br>
</div>
<div> > o SSE-S3: This is the simplest and
easiest to use, basically<br>
</div>
<div> > turnkey. S3 will use an AWS-managed key
in KMS to encrypt your<br>
</div>
<div> > files.<br>
</div>
<div> > o SSE-KMS: Same as above, however it uses
a custom key you manage<br>
</div>
<div> > (could be generated on-prem and
uploaded, as an example).<br>
</div>
<div> > o SSE-C: Encrypts files with a key given
to S3 by your application<br>
</div>
<div> > at the time of upload, and you cannot
download the file without<br>
</div>
<div> > providing the same key at the time you
request it.<br>
</div>
<div> > * Client Side Encryption: Describes any
scenario where your<br>
</div>
<div> > application encrypts a file prior to
uploading, and decrypts after<br>
</div>
<div> > downloading.<br>
</div>
<div> > <br>
</div>
<div> > Disclaimer: I work for AWS<br>
</div>
<div> > <br>
</div>
<div> > On Sun, Oct 25, 2020 at 12:34 PM Shaun Ewing
<<a href="mailto:shaun@shaun.net" target="_blank"
moz-do-not-send="true">shaun@shaun.net</a> <br>
</div>
<div> > <mailto:<a href="mailto:shaun@shaun.net"
target="_blank" moz-do-not-send="true">shaun@shaun.net</a>>>
wrote:<br>
</div>
<div> > <br>
</div>
<div> > Data uploaded to S3 will stay entirely
within a region unless you<br>
</div>
<div> > explicitly configure cross-region
replication.____<br>
</div>
<div> > <br>
</div>
<div> > __ __<br>
</div>
<div> > <br>
</div>
<div> > There’s a bunch of encryption options
including Amazon S3-Managed<br>
</div>
<div> > Keys and customer provided keys.____<br>
</div>
<div> > <br>
</div>
<div> > __ __<br>
</div>
<div> > <br>
</div>
<div> > (Disclosure: I work for AWS)____<br>
</div>
<div> > <br>
</div>
<div> > __ __<br>
</div>
<div> > <br>
</div>
<div> > *From:*AusNOG <<a
href="mailto:ausnog-bounces@lists.ausnog.net"
target="_blank" moz-do-not-send="true">ausnog-bounces@lists.ausnog.net</a><br>
</div>
<div> > <mailto:<a
href="mailto:ausnog-bounces@lists.ausnog.net"
target="_blank" moz-do-not-send="true">ausnog-bounces@lists.ausnog.net</a>>>
*On Behalf Of *Giles Pollock<br>
</div>
<div> > *Sent:* Sunday, 25 October 2020 12:08 PM<br>
</div>
<div> > *To:* Kai <<a
href="mailto:vk6ksj@westnet.com.au" target="_blank"
moz-do-not-send="true">vk6ksj@westnet.com.au</a>
<mailto:<a href="mailto:vk6ksj@westnet.com.au"
target="_blank" moz-do-not-send="true">vk6ksj@westnet.com.au</a>>><br>
</div>
<div> > *Cc:* Ausnog <<a
href="mailto:ausnog@lists.ausnog.net" target="_blank"
moz-do-not-send="true">ausnog@lists.ausnog.net</a>
<mailto:<a href="mailto:ausnog@lists.ausnog.net"
target="_blank" moz-do-not-send="true">ausnog@lists.ausnog.net</a>>><br>
</div>
<div> > *Subject:* Re: [AusNOG] Australian based
cloud storage____<br>
</div>
<div> > <br>
</div>
<div> > __ __<br>
</div>
<div> > <br>
</div>
<div> > Amazon have a region, ap-southeast-2 which
is Sydney based. Can't<br>
</div>
<div> > comment whether stuff that goes into s3
gets replicated elsewhere, I<br>
</div>
<div> > believe you can set the class so it
doesn't, but you'd need to talk<br>
</div>
<div> > to someone at AWS to confirm. ____<br>
</div>
<div> > <br>
</div>
<div> > __ __<br>
</div>
<div> > <br>
</div>
<div> > On Sun, 25 Oct 2020, 12:02 Kai, <<a
href="mailto:vk6ksj@westnet.com.au" target="_blank"
moz-do-not-send="true">vk6ksj@westnet.com.au</a><br>
</div>
<div> > <mailto:<a
href="mailto:vk6ksj@westnet.com.au" target="_blank"
moz-do-not-send="true">vk6ksj@westnet.com.au</a>>>
wrote:____<br>
</div>
<div> > <br>
</div>
<div> > Hi folks,<br>
</div>
<div> > <br>
</div>
<div> > Happy weekend.<br>
</div>
<div> > I'm searching for Australian based
cloud storage.<br>
</div>
<div> > <br>
</div>
<div> > Google, Microsoft and the other big
names might have cache<br>
</div>
<div> > server here<br>
</div>
<div> > but the data is also stored overseas,
I'm looking for providers who<br>
</div>
<div> > either allow you to choose your cloud
storage location, or only<br>
</div>
<div> > have<br>
</div>
<div> > hosting within Australia, and have
storage which is encrypted.<br>
</div>
<div> > <br>
</div>
<div> > Any feedback is welcome.<br>
</div>
<div> > <br>
</div>
<div> > Cheers<br>
</div>
<div> > Kai<br>
</div>
<div> >
_______________________________________________<br>
</div>
<div> > AusNOG mailing list<br>
</div>
<div> > <a
href="mailto:AusNOG@lists.ausnog.net" target="_blank"
moz-do-not-send="true">AusNOG@lists.ausnog.net</a>
<mailto:<a href="mailto:AusNOG@lists.ausnog.net"
target="_blank" moz-do-not-send="true">AusNOG@lists.ausnog.net</a>><br>
</div>
<div> > <a
href="http://lists.ausnog.net/mailman/listinfo/ausnog____"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://lists.ausnog.net/mailman/listinfo/ausnog____</a><br>
</div>
<div> > <br>
</div>
<div> >
_______________________________________________<br>
</div>
<div> > <br>
</div>
<div> > ____<br>
</div>
<div> > <br>
</div>
<div> > AusNOG mailing list<br>
</div>
<div> > <br>
</div>
<div> > ____<br>
</div>
<div> > <br>
</div>
<div> > <a href="mailto:AusNOG@lists.ausnog.net"
target="_blank" moz-do-not-send="true">AusNOG@lists.ausnog.net</a>
<mailto:<a href="mailto:AusNOG@lists.ausnog.net"
target="_blank" moz-do-not-send="true">AusNOG@lists.ausnog.net</a>><br>
</div>
<div> > <br>
</div>
<div> > ____<br>
</div>
<div> > <br>
</div>
<div> > <a
href="http://lists.ausnog.net/mailman/listinfo/ausnog"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</div>
<div> > <br>
</div>
<div> > ____<br>
</div>
<div> > <br>
</div>
<div> >
_______________________________________________<br>
</div>
<div> > AusNOG mailing list<br>
</div>
<div> > <a href="mailto:AusNOG@lists.ausnog.net"
target="_blank" moz-do-not-send="true">AusNOG@lists.ausnog.net</a>
<mailto:<a href="mailto:AusNOG@lists.ausnog.net"
target="_blank" moz-do-not-send="true">AusNOG@lists.ausnog.net</a>><br>
</div>
<div> > <a
href="http://lists.ausnog.net/mailman/listinfo/ausnog"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</div>
<div> > <br>
</div>
<div> _______________________________________________<br>
</div>
<div> AusNOG mailing list<br>
</div>
<div> <a href="mailto:AusNOG@lists.ausnog.net"
target="_blank" moz-do-not-send="true">AusNOG@lists.ausnog.net</a><br>
</div>
<div> <a
href="http://lists.ausnog.net/mailman/listinfo/ausnog"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</div>
</blockquote>
</div>
</div>
<div>_______________________________________________<br>
</div>
<div>AusNOG mailing list<br>
</div>
<div><a href="mailto:AusNOG@lists.ausnog.net"
moz-do-not-send="true">AusNOG@lists.ausnog.net</a><br>
</div>
<div><a href="http://lists.ausnog.net/mailman/listinfo/ausnog"
moz-do-not-send="true">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</div>
<div><br>
</div>
</blockquote>
<div style="font-family:"Times New Roman", times,
serif;"><br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
</blockquote>
</body>
</html>