IPB

Welcome Guest ( Log In | Register )

11 Pages V  < 1 2 3 4 5 > »   
Reply to this topicStart new topic
AudioSAFE, New online backup concept
Mangix
post Jul 23 2011, 21:25
Post #51





Group: Members
Posts: 591
Joined: 26-February 06
Member No.: 28077



will the data be encrypted server-side?
Go to the top of the page
+Quote Post
spoon
post Jul 23 2011, 21:58
Post #52


dBpowerAMP developer


Group: Developer (Donating)
Posts: 2755
Joined: 24-March 02
Member No.: 1615



No


--------------------
Spoon http://www.dbpoweramp.com
Go to the top of the page
+Quote Post
birdie
post Jul 24 2011, 20:10
Post #53





Group: Members
Posts: 108
Joined: 3-March 06
From: this planet
Member No.: 28235



QUOTE (Mangix @ Jul 24 2011, 02:25) *
will the data be encrypted server-side?


It doesn't make sense if since they will employ deduplication. Of course, you can encrypt all users data using just one encryption key, but that doesn't make sense either. dry.gif
Go to the top of the page
+Quote Post
googlebot
post Jul 24 2011, 20:25
Post #54





Group: Members
Posts: 698
Joined: 6-March 10
Member No.: 78779



QUOTE (birdie @ Jul 24 2011, 21:10) *
It doesn't make sense if since they will employ deduplication.


Deduplication and client-side encryption (without vendor access to the key) is not mutually exclusive. Wuala is the best example, it works beautifully. I'm a big fan of it.
Go to the top of the page
+Quote Post
Ardax
post Jul 25 2011, 14:27
Post #55





Group: Members
Posts: 233
Joined: 3-December 01
Member No.: 578



QUOTE (googlebot @ Jul 24 2011, 14:25) *
Deduplication and client-side encryption (without vendor access to the key) is not mutually exclusive. Wuala is the best example, it works beautifully. I'm a big fan of it.

For something particular to audio libraries, I'd think that deduplication across accounts would be extremely useful to the service provider. Especially if audio containers are cracked and audio data treated separately from embedded tags/artwork, with bonus points for taking offset matching into account.

Now, if you're saying that dedupe across accounts w/ client-side encryption is doable, then I'm curious how it'd be implemented.
Go to the top of the page
+Quote Post
Garf
post Jul 25 2011, 14:45
Post #56


Server Admin


Group: Admin
Posts: 4886
Joined: 24-September 01
Member No.: 13



QUOTE (Ardax @ Jul 25 2011, 15:27) *
Especially if audio containers are cracked and audio data treated separately from embedded tags/artwork, with bonus points for taking offset matching into account.


Matching offsets that are not multiples of the audio frame format is probably not going to work. But most rips are going to have a few common offsets, matching the most distributed drive manufacturers. And then there's the fact that AccurateRip and the Drive Offset DB belong to spoon...
Go to the top of the page
+Quote Post
googlebot
post Jul 25 2011, 19:20
Post #57





Group: Members
Posts: 698
Joined: 6-March 10
Member No.: 78779



QUOTE (Ardax @ Jul 25 2011, 15:27) *
Now, if you're saying that dedupe across accounts w/ client-side encryption is doable, then I'm curious how it'd be implemented.


Wuala implements this by using (symmetric) encryption keys derived from content hashes. If you don't know the exact content, you don't know the key. If you do know the content, you can recreate the key, but only to decrypt what you already know.

It is possible for a server to deduplicate encrypted files of unknown content, when identity information is being preserved across encrypted entities, like described. The only security feature, which is sacrificed, is plausible deniability (but no additional plain-text-attack vectors, ect.). You cannot deny to be in possession of a file, if a prosecutor is in possession of an identical, decrypted copy. For pirates this might be an issue.

In this specific case, an audio-only service, not much could be gained by a decrypt-by-content-hash-scheme. Since many audio files are identical across individual collections, the information which songs you own exactly, could be recovered by a fair share. And there isn't really much more to hide than exactly that information in a music collection, when you use an audio-only backup service. Wuala is general purpose, and thus a different case. Your diary entries, your family pictures are unique files, and their content hashes cannot be correlated with known content. Thus they are perfectly private. Other files, like Windows installation images are identical across thousands of users and can be stored as a single copy. To achieve plausible deniability in a case like that, it is sufficient to zip a popular file and include a random text file or directory entry. To achieve plausible deniability for your music collection, it is sufficient to have custom tags or individual codec (padding, ect.) settings. For Wuala it is impossible to deduplicate them in this case. A service like spoon's could deduplicate anyway, of course, when it generates an individual track identifier on the client machine, but I wouldn't see any benefit of an additional encryption scheme in that a case.

This post has been edited by googlebot: Jul 25 2011, 19:56
Go to the top of the page
+Quote Post
Ardax
post Jul 25 2011, 20:03
Post #58





Group: Members
Posts: 233
Joined: 3-December 01
Member No.: 578



QUOTE (googlebot @ Jul 25 2011, 14:20) *
Wuala implements this by using (symmetric) encryption keys derived from content hashes. If you don't know the exact content, you don't know the key. If you do know the content, you can recreate the key, but only to decrypt what you already know.

Let me make sure I understand this process correctly:

  • Client #1 generates hash key for a file's content
  • Client #1 encrypts that file with that hash key
  • Client #1 then generates a hash id of the encrypted blob
  • Client #1 uploads encrypted blob and hash id to storage
  • Client #2 comes along, and generates the same hash key, block, & hash id for the same content file
  • Client #2 tells Service it wants to store encrypted blob & hash id
  • Service tells Client #2 that given blob already exists by hash id
  • Client #2 only needs to upload unique metadata (e.g. file path, ACLs, whatever)

Roughly correct?

QUOTE
To achieve plausible deniability for your music collection, it is sufficient to have custom tags or individual codec (padding, ect.) settings. For Wuala it is impossible to deduplicate them in this case. A service like spoon's could deduplicate anyway, of course, when it generates an individual track identifier on the client machine. I wouldn't see any benefit of an additional encryption scheme in a case like this.

It's entirely possible to crack file formats and deal with each internal blob of data independently for the purposes of deduplication, making it resistant to tag changes (or at least ensuring that any further clients would only need to upload the modified tags). Wuala could do this if it wanted to, and products like Druva inSync already do. inSync isn't a cloud-based backup product, just an example of a content-aware dedupe implementation.

This post has been edited by Ardax: Jul 25 2011, 20:04
Go to the top of the page
+Quote Post
saratoga
post Jul 25 2011, 21:38
Post #59





Group: Members
Posts: 5116
Joined: 2-September 02
Member No.: 3264



QUOTE (_mē_ @ Jul 23 2011, 01:33) *
QUOTE (Soap @ Jul 22 2011, 22:54) *
QUOTE (_mē_ @ Jul 22 2011, 16:30) *
US acts differently, companies have to hand over whatever data they have when government asks for them (it's called patriot act).


Lol.

Citation needed.

EDIT:

Let's be less glib and just say that the Patriot Act, for all its many flaws, does not work like that.



https://secure.wikimedia.org/wikipedia/en/w...tems_under_FISA


I suspect thats not the clause you intended to link, since allowing judges to issue warrants to seize property suspected of being involved in a crime is fairly common in most European countries as well.
Go to the top of the page
+Quote Post
googlebot
post Jul 25 2011, 22:02
Post #60





Group: Members
Posts: 698
Joined: 6-March 10
Member No.: 78779



QUOTE (Ardax @ Jul 25 2011, 21:03) *
Roughly correct?


Yes!

QUOTE (Ardax @ Jul 25 2011, 21:03) *
It's entirely possible to crack file formats and deal with each internal blob of data independently for the purposes of deduplication, making it resistant to tag changes (or at least ensuring that any further clients would only need to upload the modified tags).


Yes, it is indeed possible. And I also think that spoon has programmed something like that. The point I was trying to make was: There is no greater secret about a music collection than what it lists (compare that to private videos where the actual content is the secret). A deduplicating audio backup service with intelligent track ID mechanisms, that survive encryption (while only scrambling the content) makes no sense. Track IDs and there correlation among users ARE the secret.

I don't think that Wuala would be interested in more fine grained deduplication, because privacy is one of their biggest unique selling points. Deduplication of anonymous blobs is just a welcome side effect of how their P2P protocol distributes content to storage nodes.

This post has been edited by googlebot: Jul 25 2011, 22:03
Go to the top of the page
+Quote Post
indybrett
post Jul 26 2011, 02:29
Post #61





Group: Members (Donating)
Posts: 1350
Joined: 4-March 02
From: Indianapolis, IN
Member No.: 1440



QUOTE (spoon @ Jul 23 2011, 10:23) *
Album art is not part of the 500 MB quota.



500MB? Unfortunately, that's not enough for a large FLAC collection. And there's no point in backing up MP3's, IMHO.


--------------------
flac>fb2k>kernel streaming>audiophile 2496>magni>dt990 pro
Go to the top of the page
+Quote Post
Soap
post Jul 26 2011, 02:33
Post #62





Group: Members
Posts: 1016
Joined: 19-November 06
Member No.: 37767



Dude, at least read the first page of the thread.

500MB of quota for non-audio data

This post has been edited by db1989: Jul 26 2011, 12:38
Reason for edit: no need to quote


--------------------
Creature of habit.
Go to the top of the page
+Quote Post
indybrett
post Jul 26 2011, 02:37
Post #63





Group: Members (Donating)
Posts: 1350
Joined: 4-March 02
From: Indianapolis, IN
Member No.: 1440



Actually, it wasn't in the thread, unless I missed it. It was, however, in the fine print on the web page. Thanks.
++ audio has no limits other than a fair use policy, non-audio files subject to 500MB total locker space

Edit: Unless you mean this "Very interesting, though 500 MB limit on non-audio data seems wrong", which is not an official statement from Spoon.

This post has been edited by db1989: Jul 26 2011, 12:38
Reason for edit: no need to quote


--------------------
flac>fb2k>kernel streaming>audiophile 2496>magni>dt990 pro
Go to the top of the page
+Quote Post
hellokeith
post Jul 26 2011, 05:09
Post #64





Group: Members
Posts: 288
Joined: 14-August 06
Member No.: 34027



A popular recent saying is that if the product is free, then most likely YOU are the product.

So what I want to know is what is in it for the AudioSafe developers/employees/investors? There cannot be much expectation of daily restore revenue. Certainly not enough to offset storage costs in the short to mid term. What is the benefit of having petabytes of digital music? Testing of algorithms, processing, compression?
Go to the top of the page
+Quote Post
Emon
post Jul 26 2011, 06:20
Post #65





Group: Members
Posts: 119
Joined: 20-July 05
Member No.: 23424



QUOTE (hellokeith @ Jul 25 2011, 23:09) *
So what I want to know is what is in it for the AudioSafe developers/employees/investors? There cannot be much expectation of daily restore revenue. Certainly not enough to offset storage costs in the short to mid term. What is the benefit of having petabytes of digital music? Testing of algorithms, processing, compression?

I also want to know this. From what I've read, the business model depends on users' having data failures. Given how uncommon that really seems to be these days, what is the revenue stream?

This post has been edited by Emon: Jul 26 2011, 06:21
Go to the top of the page
+Quote Post
Garf
post Jul 26 2011, 06:41
Post #66


Server Admin


Group: Admin
Posts: 4886
Joined: 24-September 01
Member No.: 13



QUOTE (Emon @ Jul 26 2011, 07:20) *
I also want to know this. From what I've read, the business model depends on users' having data failures. Given how uncommon that really seems to be these days,


Hard drive failures have been +-5% (depending on brand/model) per year for a long time, and SSD's get very similar numbers. So I'm not sure what "uncommon these days" is supposed to mean.
Go to the top of the page
+Quote Post
spoon
post Jul 26 2011, 08:46
Post #67


dBpowerAMP developer


Group: Developer (Donating)
Posts: 2755
Joined: 24-March 02
Member No.: 1615



QUOTE (hellokeith @ Jul 26 2011, 05:09) *
A popular recent saying is that if the product is free, then most likely YOU are the product.


If the restores were free then I might agree with you.


--------------------
Spoon http://www.dbpoweramp.com
Go to the top of the page
+Quote Post
Squeller
post Jul 26 2011, 14:03
Post #68





Group: Members
Posts: 2351
Joined: 28-August 02
Member No.: 3218



My concept says: 1 HD current audio data, 2nd builtin HD with a copy, 3rd in bank safe, all changed regularly and I keep all old ones. Cannot upload tons of stuff (n*10^2 GBytes) to a www service, because of my providers upload bandwidth. Also, encryption.

This post has been edited by Squeller: Jul 26 2011, 14:07
Go to the top of the page
+Quote Post
frozenspeed
post Jul 26 2011, 14:49
Post #69





Group: Members
Posts: 207
Joined: 16-October 01
From: Seattle, WA
Member No.: 301



QUOTE (Soap @ Jul 22 2011, 13:54) *
Let's be less glib and just say that the Patriot Act, for all its many flaws, does not work like that.



Citation needed
Go to the top of the page
+Quote Post
DonP
post Jul 26 2011, 17:36
Post #70





Group: Members (Donating)
Posts: 1473
Joined: 11-February 03
From: Vermont
Member No.: 4955



QUOTE (Garf @ Jul 26 2011, 01:41) *
QUOTE (Emon @ Jul 26 2011, 07:20) *
I also want to know this. From what I've read, the business model depends on users' having data failures. Given how uncommon that really seems to be these days,


Hard drive failures have been +-5% (depending on brand/model) per year for a long time, and SSD's get very similar numbers. So I'm not sure what "uncommon these days" is supposed to mean.


In the case of laptops you have to consider a higher frequency of both theft/loss and failure due to shock.


Go to the top of the page
+Quote Post
xnor
post Jul 26 2011, 18:50
Post #71





Group: Developer
Posts: 908
Joined: 29-April 11
From: Austria
Member No.: 90198



Maybe the business model includes re-using all the uploaded tracks/rips. Why rip music on your own if you can let others do all the work for you.

Is there a policy about what happens / Cloud Audio is allowed to do with the uploaded files?

This post has been edited by xnor: Jul 26 2011, 18:53
Go to the top of the page
+Quote Post
_mē_
post Jul 26 2011, 20:04
Post #72





Group: Members
Posts: 231
Joined: 6-April 09
Member No.: 68706



@saratoga:
As far as I understand it, in EU your data can be investigated if there's reasonable suspicion that you committed some crime.
In US your data can be investigated if you're suspected of being related to somebody, for whom there is a reasonable suspicion that this person was planning to commit some crime.

Seems quite different.
Go to the top of the page
+Quote Post
spoon
post Jul 26 2011, 21:00
Post #73


dBpowerAMP developer


Group: Developer (Donating)
Posts: 2755
Joined: 24-March 02
Member No.: 1615



QUOTE (xnor @ Jul 26 2011, 18:50) *
Maybe the business model includes re-using all the uploaded tracks/rips. Why rip music on your own if you can let others do all the work for you.

Is there a policy about what happens / Cloud Audio is allowed to do with the uploaded files?


It would be the stupidest business model ever to 're-use' potentially copyrighted audio, and reuse for what exactly?


--------------------
Spoon http://www.dbpoweramp.com
Go to the top of the page
+Quote Post
xnor
post Jul 26 2011, 22:43
Post #74





Group: Developer
Posts: 908
Joined: 29-April 11
From: Austria
Member No.: 90198



Well is there (going to be) a policy, or not? People probably wanna know what happens with their data.
Go to the top of the page
+Quote Post
spoon
post Jul 26 2011, 23:04
Post #75


dBpowerAMP developer


Group: Developer (Donating)
Posts: 2755
Joined: 24-March 02
Member No.: 1615



Already stated the intentions, see:

http://www.hydrogenaudio.org/forums/index....st&p=763983



--------------------
Spoon http://www.dbpoweramp.com
Go to the top of the page
+Quote Post

11 Pages V  < 1 2 3 4 5 > » 
Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 21st November 2014 - 03:29