Blog/Infosec 101/

Should you trust Google Drive with your files?

Feb 12, 2020

Google has turned customer experience into an art form. One click, one swipe, one press of a button, and the whole world is at your fingertips. But is this seamless integration a cause for concern? Some may argue that, in 99% of cases, Google is safe to use. But you may ask whether it’s good enough for a company that knows everything about you.

In the aftermath of the Google Photos bug that exposed users’ videos to strangers, we’re trying to answer how secure Drive, Google’s cloud storage service, is.

Quick introduction to Google Drive

Most of you already know what Google Drive is. If you don’t use the service, here are the basic facts:

  • Google provides 15 GB of free cloud storage to all users.
  • The free storage is combined for all of Google’s services: Gmail, Photos, Drive, etc.
  • If you run out of free storage, you can up your cloud capacity to 100 GB for $1.99/month.

As cloud storage, Google Drive is one of the best options out there. The problem is the seamless integration. Think about the last time you got a new mobile device. You don’t choose Google, do you? It’s just there. And as soon as you enter your email, your data, contacts, documents, photos – everything gets synchronized with Google Drive immediately. We’re not arguing with convenience, but if most people don’t even realize that every picture they take on their phone is sent to Google’s servers, that’s worrying.

Imagine if you found out about your personal video that Google sent to a stranger when you didn’t even think it’s on Google’s servers in the first place?

How secure is Google Drive: possible threats

Security comes in lots of forms. It’s natural given all the different threats: hackers, human error, software and hardware bugs, unethical employees. In other words, a lot. While most of it is out of your hands, some of it is not. The three main areas you should consider when using Google Drive, or any other cloud service, are file safety during transfers, software bugs, and privacy of the cloud itself. We take a closer look at these areas below.

Let’s start with moving the file. Hackers like to hijack files as they are most vulnerable when they’re transferred. Not to suggest that Google Drive encryption is not strong enough to handle it. While en route to and from Google’s servers, your files are encrypted with a 248-bit SSL/TLS key. Data on the cloud itself is protected with 128-bit AES encryption. While not impossible, breaking Google’s security during the synchronization process would be incredibly hard.

What about cases when a human error is responsible for data leaks? For example, the recent case where a software bug caused Google Photos to send users’ videos to strangers. The true scope of this November 2019 incident was not revealed, but according to Google, no more than 100,000 users were affected. That’s a cause for concern considering how interconnected Google’s apps are. Can you imagine how many lines of code are added every week through updates? All it takes is one mistake for the company that knows everything about its 2 billion users to expose personal details of anyone to anyone.

And then there’s Google itself. But that’s more of a question of privacy rather than security.

Is Google Drive private?

Consider that Google is essentially an information peddler that’s worth over trillion dollars. It’s also a company that infamously removed the “Don’t be evil” clause from their Code of Conduct without any reason to do that.

Lastly, it’s a company that gives 15 GB of free storage for 2 billion people for free. Can you trust them to be that generous and not use your files, emails, and photos to profit?

But it’s not just about Google. There are dozens of Google Drive alternatives that offer cloud space at no cost. If you wanted, you could get almost a terabyte of free storage online. But no one is doing it out of the kindness of their hearts. So what should you do?

Two ways to increase your privacy with and without Google

Switching to another cloud provider is an option, but it’s hardly a significant change in privacy. So, you have two choices, really.

You can replace for-profit services like Gmail, Drive, and Chrome for more private options. If you’re ready to take this step, you’ll like this post about Google’s alternatives.

Or, you can also continue using Gmail and Drive but look for ways to protect yourself from Google’s snooping habits. Your first step should be to switch off Google’s automatic synchronization. Instead, regularly back up your data yourself.

Next, we highly recommend encrypting your files before you upload them to the cloud. Google Drive encryption is the only way you can protect your photos and documents on the cloud from hackers and Google at the same time. This is an area that we specialize in. You can encrypt any file you like and upload it to the cloud for easy access. Your access, not Google’s.

Would you like to try NordLocker for free? You can. Every user starts with 2 GB of free encryption.

Lastly, don’t forget that mindset is key. Most people think that they don’t need to think about privacy because they don’t have anything to hide. A lot of us don’t have anything to hide. But that’s not a good reason to give the Big Tech access to all of your data.

Protecting your privacy doesn’t require you to make massive adjustments. You can start simply by encrypting your files on the cloud.

John Sears

John Sears

Verified author

John believes that the best things in life are simple. He uses the same approach when he’s writing about online security. John says that his #1 pet peeve is phishing scams. Ironically, his favorite non-work related activity is fishing.