File hosting service

A file hosting service, cloud storage service, online file storage provider, or cyberlocker is an internet hosting service specifically designed to host user files. It allows users to upload files that could be accessed over the internet after a user name and password or other authentication is provided. Typically, the services allow HTTP access, and sometimes FTP access. Related services are content-displaying hosting services (i.e. video and image), virtual storage, and remote backup.

Uses

Personal file storage

Personal file storage services are aimed at private individuals, offering a sort of "network storage" for personal backup, file access, or file distribution. Users can upload their files and share them publicly or keep them password-protected.[1]

Document-sharing services allow users to share and collaborate on document files. These services originally targeted files such as PDFs, word processor documents, and spreadsheets.[2] However many remote file storage services are now aimed at allowing users to share and synchronize all types of files across all the devices they use.

File sync and sharing services

File syncing and sharing services are file hosting services which allow users to create special folders on each of their computers or mobile devices, which the service then synchronizes so that it appears to be the same folder regardless of which computer is used to view it. Files placed in this folder also are typically accessible through a website and mobile apps, and can be easily shared with other users for viewing or collaboration.[3]

Such services have become popular via consumer products such as Dropbox and Google Drive.[4]

Content caching

Content providers who potentially encounter bandwidth congestion issues may use services specialized in distributing cached or static content. It is the case for companies with a major Internet presence.[5]

Storage charges

Some online file storage services offer space on a per-gigabyte basis, and sometimes include a bandwidth cost component as well. Usually these will be charged monthly or yearly. Some companies offer the service for free, relying on advertising revenue. Some hosting services do not place any limit on how much space the user's account can consume. Some services require a software download which makes files only available on computers which have that software installed, others allow users to retrieve files through any web browser. With the increased inbox space offered by webmail services, many users have started using their webmail service as an online drive. Some sites offer free unlimited file storage but have a limit on the file size. Some sites offer additional online storage capacity in exchange for new customer referrals.

One-click hosting

One-click hosting, sometimes referred to as cyberlocker,[6] generally describes web services that allow internet users to easily upload one or more files from their hard drives (or from a remote location) onto the one-click host's server free of charge.

Most such services simply return a URL which can be given to other people, who can then fetch the file later. In many cases these URLs are predictable allowing potential misuse of the service.[7] As of 2005 these sites have drastically increased in popularity, and subsequently, many of the smaller, less efficient sites have failed. Although one-click hosting can be used for many purposes, this type of file sharing has, to a degree, come to compete with P2P filesharing services.[8]

The sites make money through advertising or charging for premium services such as increased downloading capacity, removing any wait restrictions the site may have or prolonging how long uploaded files remain on the site. Premium services include facilities like unlimited downloading, no waiting, maximum download speed etc. Many such sites implement a CAPTCHA to prevent automated downloading. Several programs aid in downloading files from these one-click hosts; examples are JDownloader, FreeRapid, Mipony, Tucan Manager and CryptLoad.

File hosting services may be used as a means to distribute or share files without consent of the copyright owner. In such cases one individual uploads a file to a file hosting service, which others can then download. Legal assessments can be very diverse.

For example, in the case of Swiss-German file hosting service RapidShare, in 2010 the US government's congressional international anti-piracy caucus declared the site a "notorious illegal site", claiming that the site was "overwhelmingly used for the global exchange of illegal movies, music and other copyrighted works".[9] But in the legal case Atari Europe S.A.S.U. v. Rapidshare AG in Germany,[10] the Düsseldorf higher regional court examined claims related to alleged infringing activity and reached the conclusion on appeal that "most people utilize RapidShare for legal use cases"[11] and that to assume otherwise was equivalent to inviting "a general suspicion against shared hosting services and their users which is not justified".[12] The court also observed that the site removes copyrighted material when asked, does not provide search facilities for illegal material, noted previous cases siding with RapidShare, and after analysis the court concluded that the plaintiff's proposals for more strictly preventing sharing of copyrighted material – submitted as examples of anti-piracy measures RapidShare might have adopted – were found to be "unreasonable or pointless".[10]

By contrast in January 2012 the United States Department of Justice seized and shut down the file hosting site Megaupload.com and commenced criminal cases against its owners and others. Their indictment concluded that Megaupload differed from other online file storage businesses, suggesting a number of design features of its operating model as being evidence showing a criminal intent and venture.[13] Examples cited included reliance upon advertising revenue and other activities showing the business was funded by (and heavily promoted) downloads and not storage, defendants' communications helping users who sought infringing material, and defendants' communications discussing their own evasion and infringement issues. As of 2014 the case has not yet been heard.[14]

The file hosting site Putlocker has been noted by the Motion Picture Association of America for being a major piracy threat,[15] and Alfred Perry of Paramount Pictures listed Putlocker as one of the "top 5 rogue cyberlocker services", alongside Wupload, FileServe, Depositfiles, and MediaFire.[16]

Security

The emergence of cloud storage services has prompted much discussion on security.[17] Security, as it relates to cloud storage can be broken down into:

Access and integrity security

Deals with the questions: Will the user be able to continue accessing their data? Who else can access it? Who can change it?

Whether the user is able to continue accessing their data depends on a large number of factors, ranging from the location and quality of their internet connection and the physical integrity of the provider's data center to the financial stability of the storage provider.

The question of who can access and, potentially, change their data ranges from what physical access controls are in place in the provider's data center to what technical steps have been taken, such as access control, encryption, etc.

Many cloud storage services state that they either encrypt data before it is uploaded or while it is stored. While encryption is generally regarded as best practice in cloud storage[18] how the encryption is implemented is very important.

Consumer-grade, public file hosting and synchronization services are popular, but for business use, they create the concern that corporate information is exported to devices and cloud services that are not controlled by the organization.

Some cloud storage providers offer granular ACLs for application keys. One important permission is append-only, which is distinct from simple "read", "write", and "read-write" permissions in that all existing data is immutable.[19][20] Append-only support is especially important to mitigate the risk of data loss for backup policies in the event that the computer being backed-up becomes infected with ransomware capable of deleting or encrypting the victim's backups.[21][22]

Data encryption

Secret key encryption is sometimes referred to as zero knowledge, meaning that only the user has the encryption key needed to decrypt the data. Since data is encrypted using the secret key, identical files encrypted with different keys will be different. To be truly zero knowledge, the file hosting service must not be able to store the user's passwords or see their data even with physical access to the servers. For this reason, secret key encryption is considered the highest level of access security in cloud storage.[23] This form of encryption is rapidly gaining popularity, with companies such as MEGA[24] (previously Megaupload) and SpiderOak being entirely zero knowledge file storage and sharing.[25]

Since secret key encryption results in unique files, it makes data deduplication impossible and therefore may use more storage space.[26]

Convergent encryption derives the key from the file content itself and means an identical file encrypted on different computers result in identical encrypted files.[26] This enables the cloud storage provider to de-duplicate data blocks, meaning only one instance of a unique file (such as a document, photo, music or movie file) is actually stored on the cloud servers but made accessible to all uploaders. A third party who gained access to the encrypted files could thus easily determine if a user has uploaded a particular file simply by encrypting it themselves and comparing the outputs.[26]

Some point out that there is a theoretical possibility that organizations such as the RIAA, MPAA, or a government could obtain a warrant for US law enforcement to access the cloud storage provider's servers and gain access to the encrypted files belonging to a user.[27] By demonstrating to a court how applying the convergent encryption methodology to an unencrypted copyrighted file produces the same encrypted file as that possessed by the user would appear to make a strong case that the user is guilty of possessing the file in question and thus providing evidence of copyright infringement by the user.

There is, however, no easily accessible public record of this having been tried in court as of May 2013 and an argument could be made that, similar to the opinion expressed by Attorney Rick G. Sanders of Aaron | Sanders PLLC in regards to the iTunes Match "Honeypot" discussion,[28] that a warrant to search the cloud storage provider's servers would be hard to obtain without other, independent, evidence establishing probable cause for copyright infringement. Such legal restraint would obviously not apply to the secret police of an oppressive government who could potentially gain access to the encrypted files through various forms of hacking or other cybercrime.

Ownership security

Deals with the questions: Who owns the data the user uploads? Will the act of uploading change the ownership?

gollark: But that misses 1.4.2, 1.4.3, and 1.4.4.
gollark: Hmm, mayhaps.
gollark: Er, proposal.
gollark: What happened to the new "properties" rules?
gollark: The provost is a potato and cannot be trusted!

See also

References

  1. "How to share". Google. Retrieved 5 August 2014.
  2. Geel, Matthias. "Cloud Storage: File Hosting and Synchronisation 2.0" (PDF). Retrieved 5 August 2014.
  3. Metz, Rachel (9 July 2013). "How Dropbox Could Rule a Multi-Platform World". MIT Technology Review. Retrieved 5 August 2014.
  4. How to transfer files from Dropbox to Google Drive. Retrieved 24 December 2014
  5. "Macworld.com". Archived from the original on 13 March 2007. Retrieved 7 February 2007.
  6. "Cyberlockers Take Over File-Sharing Lead From BitTorrent Sites". Retrieved 12 July 2011.
  7. Nikiforakis N., Balduzzi M. Van Acker S., Joosen W. and Balzarotti D. "Exposing the Lack of Privacy in File Hosting Services
  8. Roettgers, Janko. "Piracy Beyond P2P: One-Click Hosters", Retrieved: 5 January 2008.
  9. "RIAA joins congressional caucus in unveiling first-ever list of notorious illegal sites". RIAA. 19 May 2010. Retrieved 16 January 2011.
  10. Legal case: OLG Dusseldorf, Judgement of 22.03.2010, Az I-20 U 166/09 dated 22 March 2010.
  11. Roettgers, Janko (3 May 2010). "RapidShare Wins in Court". Gigaom.com. Archived from the original on 26 February 2011. Retrieved 16 January 2011. Citation from ruling: "Es ist davon auszugehen, dass die weit überwiegende Zahl von Nutzern die Speicherdienste zu legalen Zwecken einsetzen und die Zahl der missbräuchlichen Nutzer in der absoluten Minderheit ist." ("It is to be expected that the vast majority of users use the storage services for lawful purposes and the number of abusive users are in the absolute minority.").
  12. From the Atari v. RapidShare ruling: "entspricht einem Generalverdacht gegen Sharehoster-Dienste und ihre Nutzer, der so nicht zu rechtfertigen ist" ("corresponds to a general suspicion against shared hosting services and their users, which is not to justify such").
  13. Department of Justice indictment, on the Wall Street Journal's website – see sections 7–14.
  14. "Release For Victim Notification United States v. Kim Dotcom, et al, Crim. No. 1:12CR3 (E.D. Va. O'Grady, J.)". United States Department of Justice. Retrieved 10 November 2014.
  15. Prabhu, Vijay (17 October 2016). "Yet Another Video Streaming Service Bites The Dust, Putlocker Shuts Down". TechWorm. Retrieved 10 November 2016.
  16. Sandoval, Greg (31 March 2012). "MPAA wants more criminal cases brought against 'rogue' sites". CNET. Retrieved 10 November 2016.
  17. Jonathan Strickland. "How Cloud Storage Works". How Stuff Works. Retrieved 8 May 2013.
  18. "Cloud Data Storage, Encryption and Data Protection Best Practices". Techtarget.com. Retrieved 8 May 2013.
  19. https://www.borgbase.com/
  20. https://wasabi.com/blog/use-immutable-storage/
  21. https://eugenekolo.com/static/paybreak.pdf
  22. https://www.cs.kent.ac.uk/people/staff/ba284/Papers/NordSec2019.pdf
  23. "5 Ways To Securely Encrypt Your Files in the Cloud". Makeuseof.com. Retrieved 8 May 2013.
  24. "MEGA has been designed around user-controlled end-to-end encryption. MEGA's end-to-end encryption (E2EE) paradigm enhances the overall security by providing 'privacy by design', unlike many of its competitors who only provide 'privacy by policy'". MEGA Privacy.
  25. "SpiderOak - Zero Knowledge Privacy with Encrypted Cloud Backup". Retrieved 29 September 2014.
  26. Storer, Mark W.; Greenan, Kevin; Long, Darrell D. E.; Miller, Ethan L. "Secure Data Deduplication" (PDF). Ssrc.ucsc.edu.
  27. Brad McCarty. "Bitcasa: Infinite storage comes to your desktop, but so do big questions". TheNextWeb.com. Retrieved 8 May 2013.
  28. Brad McCarty. "Is iTunes Match a honeypot for music pirates? A copyright lawyer weighs in". TheNextWeb.com. Retrieved 8 May 2013.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.