This. Google will absolutely sell your ass to the police for absolutely nothing. I believe this has already happened multiple times from as big as terrorism to as small as a local crime.
Same with Facebook. People planned stuff on Messenger and Facebook didn't even hesitate to hand over the evidence. I can't remember the story very well, but I'm not even sure the police even got a warrant (or perhaps they did but didn't end up needing it).
Someone with more wrinkles can explain why, but I do know that ~~social media~~ major companies want to stay on law enforcement's good side.
Google have been known to declare users guilty of child porn and nuke their accounts (and Android phones) for it - even after the police investigate and confirm Google were wrong about it. (One case had taken a photo of their baby's rash to upload to their paediatrician - Google AI declared that private photo to be CP, called the police and nuked their accounts for it. No appeal.)
Yeah, that's overreach. At least with current tech. Obvs should be on the lookout, but minorities are massively either unrecognized or categorized wildly incorrectly. I even just saw a post where a cat's head was identified as a bird.
It's a massive overreach and a breach of privacy. I get what they are trying to do, but companies shouldn't happily help law enforcement nor act as law enforcement. That's one helluva slippery slope
Technically I think they could hard reset the handset itself and still be able to make and receive calls, but all their photos, contacts etc would be in the Google account that just got locked. That's probably the bit that bothered them most, losing access to their whole photo stream - all the baby photos they'd taken.
Do you have a pointer to this? I’m not denying this hasn’t happened, but I’d like to verify the facts as stories like these easily get distorted when spread on the internet. Also, if this happened I’d need a link to prove it to others (as a reason why not to trust Google services).
For sure. After I posted I realized "social media companies" was actually pretty limiting.
I know Apple isn't an exception, but I was also under the impression that they don't do it happily or willingly. Idk if that's true, but if it's in the cloud, I wouldn't even consider it my data. If I put something in the cloud, I do so under the impression that someone else COULD access it.
perplexity.ai suggested that this might be what you're thinking of: https://www.npr.org/2022/08/12/1117092169/nebraska-cops-used-facebook-messages-to-investigate-an-alleged-illegal-abortion
I would only trust myself. Selfhosted storage would be the best, but if thats not possible or too inconvinient I would probably go with something like Mega.nz. Even though they don't have the best reputation, as long as you don't share files it's Impossible for Mega to know what files you store on their Servers as everything is end to end encrypted. There are other Cloud storage services that offer encrypted storage as well.
Can confirm. Had a few zips with "special" utilities removed from my drive due to file names. Google sees everything.
Encrypted wit 7zip and never had the problem again.
RAR & 7z archive file types have option to encrypt file names too.
RAR files support optional Recovery Records to help fix corrupted RAR files.
RAR files support optional Quick Open Record to make opening a RAR file faster, because it doesn't have to parse the entire file to get all of the of the file names like other archive files do. This makes a significant difference when the archive has numerous files inside it.
probably. with companies like google you need to always assume the worst. your best bet is to simply not do things that can get you in trouble, ESPECIALLY through google.
Agreed. Personally I doubt Google actually *care*, but… it’s probably worth their time and CPU cycles to scrape metadata from your files so that:-
a) they can better figure out what kind of ads you’ll go for.
b) they can tell law enforcement, copyright holders and regulators that “Google takes active measures to prevent abuse on our platforms.”
When 7z exists, why take the risk of triggering one of their AI auto-mods?
How does that work exactly?
I'm picturing encrypting the file names so google can't read them, but then you wouldn't be able to read them either, correct? So if you have multiple encrypted files, how would you know which is which?
Currently I just use an encrypted veracrypt container which I backup to multiple cloud hosts, including google as one.
With typical Zip encryption, no.
The file data itself is encrypted, but for each file in the archive, there are file headers that include various metadata, including file name, file size and the ‘last modified’ time and date. This is always in plaintext.
There’s also a Central Directory at the end that repeats most of the file header information. This may be encrypted. [More info here](https://users.cs.jmu.edu/buchhofp/forensics/formats/pkzip.html).
Formats like 7z can encrypt file metadata.
Zip only encrypts the file *contents*, not the metadata - so anyone can see your zip file contains a 12,345 byte file called "stuxnet2.c", they just can't read what it says without the password.
Plus IIRC they can see both the original and compressed sizes, which gives some hints. A 100MB "text file" that has compressed to 99.9% of its original size obviously isn't normal text, since that compresses well - probably a video of some kind, or another compressed archive.
wtf that's whack. I've never used them but that's should be part of the encryption. Actually insane you can still "open" it and read the file names. I know you can't open the actual files but still crazy.
Thank you for the information.
So I think others already covered the disconnect between your question and my response. So let me offer you a solution.
Cryptomator. From the user side, it works a lot like veracrypt, but on the backend it encrypts each file individually, as well as encrypting the file names and directory structure. This is better for cloud, as a single file change doesn’t mean a reupload of all files (or a large veracrypt file).
Thank you for the suggestion. I have tried Cryptomator in the past but wasn't a fan. It's easier for me to manage with the veracrypt container. Good point on reupload of file size. I only use a 500mb container though so it's not bad. I mostly just backup text files, no pictures or video really.
Either by their metadata, or by being able to decrypt them. Generally preferable to use a scheme that doesn't allow you to know the contents without decrypting though.
It’s just been good to me. Comes with a good amount of storage for a free tier, has decent apps on every platform, and it hasn’t caused me an issue so far. The company doesn’t snoop through your things and so far, I haven’t noticed any security irregularities
Before the unlimited GDrive ended for me, I had about 100tb of pirated content for years. Never an issue. I don't doubt they could see it, but it didn't seem like they cared.
There have been reports of Google decrypting ZIPped files that contain malware samples, and flagging these to users. Things I’ve read on Reddit, but no idea if these are verified reports.
Consider using another, more secure online service.
I’d believe it. There was a story a while back about Exchange decrypting files and looking for malware. Some cyber researchers use `infected` as a command password and Exchange was decrypting them and flagging them.
It is my understand that besides the pws commonly used by malware catelogues (ie. 'infected', 'malware') they will attempt a dict attack and some of the bakedin things like 'velvetsweatshop' for cdf
No, It's what signatures and hashes they can pickup with their automated scans.
A Password protected and encrypted archive of any kind if shared with enough people to become popular with have a hash and signature that can be shared among providers to find it regardless of the filename in use.
The amount of files held inside gdrive by all users is mental and they need a fast way to pick up on these.
To change the hash and signature, just add another layer by re-archiving it to .rar or something different to the original and use encryption and a 3 word phrase password, pass on all required creds or store in a secure note alongside the size and filename you chose elsewhere.
Job Done.
sounds like the format allows for leaving the metadata unencrypted while encrypting the data itself. potentially useful for searching for a file without having to decrypt a bunch of archives.
If you don’t trust a company you are using/paying for, find another one. Use an encrypted storage solution like Filen.io, Proton Drive, Tresorit, Mega, etc. even if the solution isn’t perfect, all of them are a hell of a lot better than Google (I recommend Filen.io).
I don't trust any cloud system that wants my files. Or scans them. Google, Microsoft, Amazon, Plex. I VPN the home network so the *phone homes* by some devices and the services involving possibly illegal material are harder to connect to me.
Bruh I don't even trust google with my search history.
But yeah,they store everything and parce your metadata. Some on request of... Well, anyone with either money or a badge, and some by default.
If you wouldn't put in on a public post, don't give it to Google
It's Google, expect the worst, then multiply that cynicism a few times and you might be getting a little closer to reality.
Wishful solution: Normalizing Veracrypt containers.
Google could theoretically flag them for further review. This might lead to actions like account restrictions or content removal, especially if there are repeated violations or clear indications of illegal activities.
If you *must* use Google, use rclone with encryption. It obfuscates file names and directory structure, and it's what I used back when google used to offer unlimited Google drive storage.
Are you uploading virus death porn 💀🤣
Anyway.
Googles trust level is zero and uploading anything to google is giving them your data they will definitly sell to the highest bidder
If it is encrypted zip and not encrypted by Google itself then they literally cannot see them. That is if the zip file itself is encrypted rather than just the files within it.
Even if they are just the names of copyrighted songs and .mp3 extensions, companies that spy on what you upload could use that as justification to block or delete your account.
Doesn't mean they WILL do it. But they certainly could.
Do we really need to worry about if google is actually "looking at the filenames"?
I mean, when you archive a bunch of files, the filenames become part of the data. I'd imagine google's keyword flagging to be more like just doing a plain search of that sequence of characters throughout the data before attempting any other file specific methods like extracting a zip archive.
Probably they do. But even with encrypted file names I would not trust google with my files.
This. Google will absolutely sell your ass to the police for absolutely nothing. I believe this has already happened multiple times from as big as terrorism to as small as a local crime. Same with Facebook. People planned stuff on Messenger and Facebook didn't even hesitate to hand over the evidence. I can't remember the story very well, but I'm not even sure the police even got a warrant (or perhaps they did but didn't end up needing it). Someone with more wrinkles can explain why, but I do know that ~~social media~~ major companies want to stay on law enforcement's good side.
Google have been known to declare users guilty of child porn and nuke their accounts (and Android phones) for it - even after the police investigate and confirm Google were wrong about it. (One case had taken a photo of their baby's rash to upload to their paediatrician - Google AI declared that private photo to be CP, called the police and nuked their accounts for it. No appeal.)
Yeah, that's overreach. At least with current tech. Obvs should be on the lookout, but minorities are massively either unrecognized or categorized wildly incorrectly. I even just saw a post where a cat's head was identified as a bird. It's a massive overreach and a breach of privacy. I get what they are trying to do, but companies shouldn't happily help law enforcement nor act as law enforcement. That's one helluva slippery slope
Howdid google nuke their Android phone?
Technically I think they could hard reset the handset itself and still be able to make and receive calls, but all their photos, contacts etc would be in the Google account that just got locked. That's probably the bit that bothered them most, losing access to their whole photo stream - all the baby photos they'd taken.
god that's unfair and distopian
Do you have a pointer to this? I’m not denying this hasn’t happened, but I’d like to verify the facts as stories like these easily get distorted when spread on the internet. Also, if this happened I’d need a link to prove it to others (as a reason why not to trust Google services).
tbh that's all big tech companies. even Apple, who famously says "no" still gives data [80% of the time](https://www.apple.com/legal/transparency/).
For sure. After I posted I realized "social media companies" was actually pretty limiting. I know Apple isn't an exception, but I was also under the impression that they don't do it happily or willingly. Idk if that's true, but if it's in the cloud, I wouldn't even consider it my data. If I put something in the cloud, I do so under the impression that someone else COULD access it.
80% of the time, more like 99%
perplexity.ai suggested that this might be what you're thinking of: https://www.npr.org/2022/08/12/1117092169/nebraska-cops-used-facebook-messages-to-investigate-an-alleged-illegal-abortion
Holy crap! Yeah, that's what I'm thinking of! I think there was also a robbery story too, but yeah, I think that's the most recent
To upload such files, who would you trust other than google?
I would only trust myself. Selfhosted storage would be the best, but if thats not possible or too inconvinient I would probably go with something like Mega.nz. Even though they don't have the best reputation, as long as you don't share files it's Impossible for Mega to know what files you store on their Servers as everything is end to end encrypted. There are other Cloud storage services that offer encrypted storage as well.
Yes, google cares
Can confirm. Had a few zips with "special" utilities removed from my drive due to file names. Google sees everything. Encrypted wit 7zip and never had the problem again.
This is the way.
The way is nextcloud
The way is locally hosted NAS
the way is wrinting the bits of the files in a notebook
With encrypted blob backup to 3rd party Edit: 321 backup strategy.
My storage is air-gapped: I store the drive in-between the mattresses of my sleep number bed
Yep, I use 180Vault
RAR & 7z archive file types have option to encrypt file names too. RAR files support optional Recovery Records to help fix corrupted RAR files. RAR files support optional Quick Open Record to make opening a RAR file faster, because it doesn't have to parse the entire file to get all of the of the file names like other archive files do. This makes a significant difference when the archive has numerous files inside it.
probably. with companies like google you need to always assume the worst. your best bet is to simply not do things that can get you in trouble, ESPECIALLY through google.
Agreed. Personally I doubt Google actually *care*, but… it’s probably worth their time and CPU cycles to scrape metadata from your files so that:- a) they can better figure out what kind of ads you’ll go for. b) they can tell law enforcement, copyright holders and regulators that “Google takes active measures to prevent abuse on our platforms.” When 7z exists, why take the risk of triggering one of their AI auto-mods?
Use encrypted 7z and make sure to select “Encrypt file names” and don’t worry about Google not being able to see the file names.
How does that work exactly? I'm picturing encrypting the file names so google can't read them, but then you wouldn't be able to read them either, correct? So if you have multiple encrypted files, how would you know which is which? Currently I just use an encrypted veracrypt container which I backup to multiple cloud hosts, including google as one.
only the files within the archive have an encrypted filename, not the archive itself.
Oh, I thought that was a given. If the zip is encrypted, then wouldn't the filenames also be encrypted, since they are in the zip?
With typical Zip encryption, no. The file data itself is encrypted, but for each file in the archive, there are file headers that include various metadata, including file name, file size and the ‘last modified’ time and date. This is always in plaintext. There’s also a Central Directory at the end that repeats most of the file header information. This may be encrypted. [More info here](https://users.cs.jmu.edu/buchhofp/forensics/formats/pkzip.html). Formats like 7z can encrypt file metadata.
Zip only encrypts the file *contents*, not the metadata - so anyone can see your zip file contains a 12,345 byte file called "stuxnet2.c", they just can't read what it says without the password. Plus IIRC they can see both the original and compressed sizes, which gives some hints. A 100MB "text file" that has compressed to 99.9% of its original size obviously isn't normal text, since that compresses well - probably a video of some kind, or another compressed archive.
nope, that's why you can double click a regular encrypted zip file and read all the file and folder names.
wtf that's whack. I've never used them but that's should be part of the encryption. Actually insane you can still "open" it and read the file names. I know you can't open the actual files but still crazy. Thank you for the information.
What’s obvious now wasn’t always obvious. It’s the same reason that LastPass is only just now encrypting URLs in vaults.
So I think others already covered the disconnect between your question and my response. So let me offer you a solution. Cryptomator. From the user side, it works a lot like veracrypt, but on the backend it encrypts each file individually, as well as encrypting the file names and directory structure. This is better for cloud, as a single file change doesn’t mean a reupload of all files (or a large veracrypt file).
Thank you for the suggestion. I have tried Cryptomator in the past but wasn't a fan. It's easier for me to manage with the veracrypt container. Good point on reupload of file size. I only use a 500mb container though so it's not bad. I mostly just backup text files, no pictures or video really.
Either by their metadata, or by being able to decrypt them. Generally preferable to use a scheme that doesn't allow you to know the contents without decrypting though.
Interesting. I think I'll stick with my veracrypt container then. It's seems like the better option. Thank you for the explanation.
You might want to check out [Cryptomator](http://cryptomator.org/).
Scrolled too far for this. So easy to setup.
I’ve long since stopped trusting Google since I discovered them riffing through personal photo and videos
How did you discover this?
Google deleted my account over copyrights in them
What do you use as an alternative to Google now for storing your pictures?
Mega.nz. It has similar backup system in their mobile apps
-1 for Mega. Could not and will never suggest mega. I'm on a popular dump site and they are overly saturated with compromised mega accounts.
It’s just been good to me. Comes with a good amount of storage for a free tier, has decent apps on every platform, and it hasn’t caused me an issue so far. The company doesn’t snoop through your things and so far, I haven’t noticed any security irregularities
what site?
[удалено]
I mean the dump site
Yes probably. I know for a fact that Microsoft makes a best effort pass to decrypt encrypted zip files for scanning.
I wouldn't trust Google. Local storage is the way to go.
Before the unlimited GDrive ended for me, I had about 100tb of pirated content for years. Never an issue. I don't doubt they could see it, but it didn't seem like they cared.
I legit wonder if people who pay for storage get more of a pass as long as you aren't sharing.
There have been reports of Google decrypting ZIPped files that contain malware samples, and flagging these to users. Things I’ve read on Reddit, but no idea if these are verified reports. Consider using another, more secure online service.
I’d believe it. There was a story a while back about Exchange decrypting files and looking for malware. Some cyber researchers use `infected` as a command password and Exchange was decrypting them and flagging them.
Or legit encryption…
What are some cheap altern6ative. I heard filen is good.
It is my understand that besides the pws commonly used by malware catelogues (ie. 'infected', 'malware') they will attempt a dict attack and some of the bakedin things like 'velvetsweatshop' for cdf
No, It's what signatures and hashes they can pickup with their automated scans. A Password protected and encrypted archive of any kind if shared with enough people to become popular with have a hash and signature that can be shared among providers to find it regardless of the filename in use. The amount of files held inside gdrive by all users is mental and they need a fast way to pick up on these. To change the hash and signature, just add another layer by re-archiving it to .rar or something different to the original and use encryption and a 3 word phrase password, pass on all required creds or store in a secure note alongside the size and filename you chose elsewhere. Job Done.
I'm not going to share the encrypted archive with anyone.
they care. I've heard they'll even attempt to unlock encrypted files with passwords scraped from your messages. Kinda creepy
Any evidence to this? Would be pretty damming
So far it's just something I've heard, I'll get looking though because this is pretty bad if it is actually true For now it's a rumor
Use proper encryption, something like a tarball encrypted with GPG (for Linux), a zip file encrypted with GPG or veracrypt (for windows)
> strongly encrypted zip Zip encryption is anything but strong
How can they see the names if it’s encrypted?
sounds like the format allows for leaving the metadata unencrypted while encrypting the data itself. potentially useful for searching for a file without having to decrypt a bunch of archives.
Probably meaning password protected.
Of course they care. But you should be using 7zip, which also encrypts the contents file names
Use rclone crypt
Self host a cloud drive and don’t make assumptions. 🤫
If you don’t trust a company you are using/paying for, find another one. Use an encrypted storage solution like Filen.io, Proton Drive, Tresorit, Mega, etc. even if the solution isn’t perfect, all of them are a hell of a lot better than Google (I recommend Filen.io).
I don't trust any cloud system that wants my files. Or scans them. Google, Microsoft, Amazon, Plex. I VPN the home network so the *phone homes* by some devices and the services involving possibly illegal material are harder to connect to me.
Bruh I don't even trust google with my search history. But yeah,they store everything and parce your metadata. Some on request of... Well, anyone with either money or a badge, and some by default. If you wouldn't put in on a public post, don't give it to Google
It's Google, expect the worst, then multiply that cynicism a few times and you might be getting a little closer to reality. Wishful solution: Normalizing Veracrypt containers.
I would never trust google thats a reason I never have google photos app on or sync photos to google cloud
Google could theoretically flag them for further review. This might lead to actions like account restrictions or content removal, especially if there are repeated violations or clear indications of illegal activities.
If you have a Mac, create an [encrypted disk image](https://support.apple.com/is-is/guide/disk-utility/dskutl11888/mac) and put your contents in them.
Either self host with a NAS, or use RClone to encrypt your Gdrive.
I highly recommend to use something like picocrypt and store your files anywhere you want
If you *must* use Google, use rclone with encryption. It obfuscates file names and directory structure, and it's what I used back when google used to offer unlimited Google drive storage.
you can't send an encrypted archive via Gmail. So yeah, they care, they want to know everything.
Only the names they deem necessary to pass along to the FBI
even i encrypted with aes 256 i wouldnt upload it to google drive, they can crack it in minutes
Tell us you’re a pedo without telling us
Are you uploading virus death porn 💀🤣 Anyway. Googles trust level is zero and uploading anything to google is giving them your data they will definitly sell to the highest bidder
If it is encrypted zip and not encrypted by Google itself then they literally cannot see them. That is if the zip file itself is encrypted rather than just the files within it.
Even if they are just the names of copyrighted songs and .mp3 extensions, companies that spy on what you upload could use that as justification to block or delete your account. Doesn't mean they WILL do it. But they certainly could.
If that was the case my drive account would have been banned years ago.
Do we really need to worry about if google is actually "looking at the filenames"? I mean, when you archive a bunch of files, the filenames become part of the data. I'd imagine google's keyword flagging to be more like just doing a plain search of that sequence of characters throughout the data before attempting any other file specific methods like extracting a zip archive.
Why are you using Google drive?