A Common Sense Way to Improve Cloud Backup
In the wake of the Apple iCloud debacle, there has been a lot of discussion on what Apple has done wrong, what it could do better, and how this could have been prevented.
This is not a blog post about 2-factor authentication or proper implementation of authentication channels or how Apple should be more open in their dealings with the security community, but something more basic and common sense: give users more granular control on what gets backed up.
You will see in many discussions and comments to articles that there is quite a bit of “victim shaming”.
But I think that this is quite unfair and I postulate that an average smartphone user has no idea that their photos are being synced to the cloud. It is far more likely that users had no idea that these photos and videos were synced to the cloud in the first place and even if they had an abstract idea that it was (for example, you take a photo on your phone and you can see it on your desktop later), they had no concrete idea of the implications (those photos are now resident in the cloud as opposed to transient).
It is easy to imagine that such things are obvious and should be trivially easy to configure and control to the end users, but I think that this is a poor assumption to make by anyone that is technically savvy; people like my mother and wife really have no idea about these things. My guess is that Jennifer Lawrence and Kate Upton simply had no idea that their photos and videos were sitting resident in the cloud and even if they did, they probably couldn’t figure out how to get rid of them.
Some have said that this is not the fault of the OS makers or app makers. Google Photos, for example, gives you a very clear screen when you launch it for the first time asking you if you’d like to sync the files to the cloud. But one problem is that users may not actually read these things before agreeing. The other is that even after a user agrees, if the user decides that she wishes to change her mind, the setting is turned off from a screen that is three levels deep (launch Photos, click Menu, click Settings, click Auto Backup). While this is very obvious to some, to many — like my mother — this is an absolute mystery. She has no idea that it’s syncing her photos and has no idea how to turn it off.
I think that there are many common sense solutions that can be implemented outside of the security measures implemented above to give users more granular control over their content.
Give Periodic Notifications to Update Privacy Settings
One simple idea is that say every three months, the phone prompts you with a notification in your notification bar:
This would allow users to periodically be reminded that things like automatic sync are on and that they have the option of turning them off. The user is free to ignore it, but it would give them at least a reminder that “Hey, I’m sending your stuff to the cloud, are you OK with that? Do you want to review your settings?”
Make Synchronization Explicit
One of the problems I have with Google Photos is that it’s all or nothing by default. There isn’t a middle ground that allows me to sync some of my photos as a default.
The user experience paradigm here would be much like that of Facebook where you can post photos by selecting them from your album to explicitly and with fine grain control what gets sent to the cloud. Likewise, iCloud and Google Photos would do well to allow a middle ground that gives users more fine grained control over what gets sent to the cloud instead of ON and OFF.
In discussions, some have said that this would present too high a burden on end users, but it seems to work fine for Facebook and I think that it would be relatively easy to implement in an easy to use manner:
If the user selects “Sync All“, then all 20 new photos are synced to the cloud (be that iCloud, Dropbox, Google Drive, etc). If the user selects “Choose“, the user is given a screen that allows the user to explicitly pick the ones to sync. The pick screen should prompt the user to “Ignore unselected items for future backup?” when selection is complete so that any unselected photos are simply ignored next time. If the user selects “Don’t Sync“, then do nothing.
A simple design like this still gives the user access to the convenience of cloud backups while giving them explicit, fine-grained control and acknowledgement that their data will be stored in the cloud.
The victim shaming is simply not warranted; whether these individuals should or should not have taken these compromising photos and videos is not the right question to ask. The right question to ask is whether Apple or Google should be automatically syncing them to a resident cloud storage without finer grained controls and explicit consent.