Update: This was written long before Edward Snowden's revelations were
mainstream. Already then there was an uneasy feeling about all the information
and "the cloud".
The Google Chromium OS is open
In the world of Chromium OS, applications will be web apps. Access to
the applications will be through the web browser. The web apps live in
the cloud, i.e. in a bunch of servers somewhere in the Internet.
In light of this, let's talk about cloud
specifically, let's talk about the security and privacy trade-offs of
non-cloud and cloud computing.
Do you trust the cloud?
In the non-cloud scenario, i.e. your Linux PC, your Windows desktop,
your Apple laptop, whatever, your data is stored locally. You run
applications locally. You do not need Internet access to do something.
As the data is stored locally, access to your data can therefore be
achieved by breaking into your computer.
In the cloud scenario, such as Google Chromium OS, your data lives
inside the Google servers somewhere, inside the cloud. You need Internet
access. You're more protected in the device side: if someone breaks into
your computer, you can restore a clean system easily and your data will
persist elsewhere, unchanged.
It is exactly this "elsewhere" which is the problem.
In the cloud scenario, you have zero visibility about how your data gets
used. This is because you have zero visibility and zero control about
who gets access to the data - whether it is advertisers who examine your
behavior patterns and personal data you store (with or without your
consent), or whether it is more powerful entities such as governments
(yours or another country's).
Today you'll be marked if you're a lunatic and converse with other
lunatics to, say, purchase hundreds of kilograms of fertilizer and
diesel fuel with plans to kill a lot of people with bombs. What about
tomorrow? Supporting a certain political party will get you into
trouble? Investigating government corruption raises a flag? Speaking
against an unfair, exploitative corporation will trigger an alarm? Will
thinking differently simply make you vanish?
If you represent a company, and valued trade secrets go into the cloud
in the form of documents, mails and spreadsheet data, how can you be
sure that the information will not be leaked to your competitors? How
can you ensure that your trade negotiation strategy is not made known to
the other party? How can you ever again win business-wise in anything
important, if the other party already knows everything?
It is easy to dismiss this line of thinking as some sort of a silly
slippery slope argument,
but I would not dismiss the argument so easily myself. Why? Well, once
an entity is empowered with:
- knowing what you search (example: Google Search)
- knowing what you read and where you surf (Google Ads)
- knowing where you live (geolocating your IP address)
- knowing who your friends are (GMail, Google Wave, especially the
invites when those services are launched)
- knowing your voice communications (GTalk)
- owning all of your data (Chromium, coming soon!)
that entity may or may not use these capabilities to your detriment,
whether you're a private individual or someone representing a
It all boils down to this question: do you trust the cloud - can the
cloud do no evil?
So, going back to the original question: is the security of the
non-cloud scenario worse than the cloud scenario? It depends. If one
disregards data security and privacy issues for a while, then the
security model presented by Google Chromium OS is, in fact, better. Life
will be harder for viruses, trojans, and so on, on the client side. All
in all, keeping secure on the client side will be less hassle for the
It will take less effort for someone (criminal or curious) to compromise
your laptop and your data than to compromise the cloud/Google servers.
However, the cost of compromising your data will drop dramatically for
someone who is a friend of Google or who can somehow leverage Google -
mostly this means other big businesses or, rather, various governments.
Given that the data confidentiality and privacy is the real issue, what
about encryption of user data? This can only work if no plain-text data
goes to the cloud as an input for some computation (such as data entry
to a spreadsheet cell). If plain-text data does go to the cloud, then
encryption will be irrelevant - the data is already in clear inside
(There are methods to do computation on encrypted data, for example
fully homomorphic encryption. With such technology, one could build a
web app where the cloud/server-side learns nothing of the data itself,
but the cloud could still provide, for example, a spreadsheet program.)
All in all, it's a trade-off. It depends on what you as the user value
most and where your priorities lie. For the record, I'm not trying to
argue that Google is bad, or that Google Chromium OS is an overall bad
development. I'm saying that all trade-offs (security or otherwise) must
be weighed in whole, together with their impacts, and the
likelihoods of different impacts, to reach a good conclusion in order to
make an informed judgment.
For this reason, I want to see more discussion about the overall
security issues, especially the question about what exactly is the level
of confidentiality and privacy of user's data in the cloud computing
paradigm. I'd like to see Google raise these issues too.