Just logged onto Amazon to check on an order and noticed they've now added another benefit to Amazon Prime -- free, unlimited photo storage on their Amazon CloudDrive. I just tested it with a DNG and it worked, so it includes raw, as well, and doesn't seem to have any issue with overly lengthy file names like I use. (example: "Photo taken on 2014-11-02 at 172831 - using a PENTAX PENTAX K-5 with a smc PENTAX-DA 15mm F4 ED AL Limited at 15 mm-1-4 sec at f - 11-ISO 200.dng" )

https://www.amazon.com/clouddrive/primephotos

[mattb123]

Whether or not that is what was being suggested, I think that is what Amazon does. But I agree with points A and B. Even commercially valuable images are unlikely to be a target. If you are a hacker there's much more lucrative and easy hacks to go after.

Protecting Your Data
Data stored in Amazon S3 is secure by default; only bucket and object owners have access to the Amazon S3 resources they create. Amazon S3 supports multiple access control mechanisms, as well as encryption for both secure transit and secure storage at rest. With Amazon S3’s data protection features, you can protect your data from both logical and physical failures, guarding against data loss from unintended user actions, application errors, and infrastructure failures. For customers who must comply with regulatory standards such as PCI and HIPAA, Amazon S3’s data protection features can be used as part of an overall strategy to achieve compliance.

[vonBaloney]

Whether or not that is what was being suggested, I think that is what Amazon does. But I agree with points A and B. Even commercially valuable images are unlikely to be a target. If you are a hacker there's much more lucrative and easy hacks to go after.

Where is that quote (about S3) from? That sounds like something about if you are renting a server from Amazon, not the cloud drive they provide as part of the prime subscription. In order to access my cloud drive, all I need is my email address and my normal Amazon password, so that's not terribly secure. Actually I was forced to change my Amazon password just a couple of months ago because a strange transaction from Germany appeared on my account with no explanation, so what does that tell you?

[mattb123]

I believe it's their application hosting framework that they (and others) build their apps on.

It tells me that password security is inherently flawed (which as a software engineer I know all too well), but also that they probably do encrypt this data and the transport stream.
I'm not trying to say it's impenetrable, but that it is most likely encrypted at a low level (so it doesn't change your file types) and that it's definitely secure enough to back up my photos if I could come up with the bandwidth to actually use this service.

[mee]

UNLESS you have something salacious or information that can be used to steal your identity, the idea that someone would hack into your account and make prints is frankly absurd. That's like saying you're worried someone will break in your house and...watch your television. If you are not a celebrity, hackers and thieves are looking to make money, not make art prints from stolen source material. Nothing is secure, including my house. Certainly I don't want my account compromised, but since all I have is pictures of trees and buildings and birds, etc, if it ever were there would be no terrible consequences just from my images getting into the hands of some hacker. I would expect such a hacker to look them over, yawn, and move on...

Thank you for letting me know my concerns are absurd by valuating my situation through your own.

Perhaps you don't value your work, I'm not sure. However, I do mine regardless of it's value to others / if another decides to take the time to breach and steal/share this work or not, the threat remains.

You, kind and friendly gentlemen, are obviously free to do with your possessions as you want. I will do otherwise with mine, thank you.

[vonBaloney]

Thank you for letting me know my concerns are absurd by valuating my situation through your own.

Perhaps you don't value your work, I'm not sure. However, I do mine regardless of it's value to others / if another decides to take the time to breach and steal/share this work or not, the threat remains.

You, kind and friendly gentlemen, are obviously free to do with your possessions as you want. I will do otherwise with mine, thank you.

No offense was intended. It is not about the value you place on it, it is about the probability that some hacker will place value on it. (Which is why I made exceptions for celebrities and salaciousness.) ANYTHING (bad) has some chance of happening, so you can burden yourself with fears of EVERYTHING if you want, but it is not terribly productive. The scenario you describe is just so unlikely as to be unworthy of concern, that's all. It is like if you said to me that you never go outside because you might get hit by lightning. And then I say that's silly, and you say, "Well, maybe you don't value your life..."

[narual]

No offense was intended. It is not about the value you place on it, it is about the probability that some hacker will place value on it. (Which is why I made exceptions for celebrities and salaciousness.) ANYTHING (bad) has some chance of happening, so you can burden yourself with fears of EVERYTHING if you want, but it is not terribly productive. The scenario you describe is just so unlikely as to be unworthy of concern, that's all. It is like if you said to me that you never go outside because you might get hit by lightning. And then I say that's silly, and you say, "Well, maybe you don't value your life..."

Speaking from the standpoint of someone who has had to deal with actual hackers hacking actual servers and stealing actual data which was converted into actual money -- the only way any hacker is going to give the lightest rip about a photo you took is if it's particularly illegal pornography that they could sell, or something they could use to blackmail someone with money, or humiliate someone famous. And they'd need to know it was there in the first place, or they wouldn't bother. It's a much better time investment to penetrate weakly defended financial and personal data. You can make large amounts of money that way.

Possible exception: If the hacker in question knows you and you pissed him off. And if that happened, he'd be far more likely to go after your home machine than your backup storage. For that matter, even a hacker who *doesn't* know you is likely to have some automated processes that try to hack your home machine, and any others they can find, but only to use to help them hack businesses (and maybe to capture any credit card data you enter into web forms).

Von Baloney is right on the money with his analogy. It's a nonexistent risk compared to the risk of simply having your photos stored on device at home that's connected to the internet.

---------- Post added 11-11-14 at 03:06 PM ----------

In order to access my cloud drive, all I need is my email address and my normal Amazon password, so that's not terribly secure.

And all you need to transfer money out of your bank account is your username and bank password. (and maybe a challenge question answer. Or if your bank has really good security, an RSA token that changes every few seconds). That doesn't mean that a bank has bad security. It does mean that for a specific user's data, the weakest point is that user's ability to access said data. (And this is why you should use good passwords, a non-obvious username, and pick challenge questions only you'd know the answer to, or better yet, pick challenge questions anyone might guess or know, but store incorrect answers to them (what color was your first car? 1957. Who was your favorite teacher in high school? motorcycles. What is your favorite movie? [my last name] (side note: on the first iteration of our in-house online banking back in the early 2000s, our challenge questions were stored in plain text, and our support staff used them as one of the tools to validate customer identities. We changed that after a few too many embarrassing moments. My favorite was the customer who could remember his answer to "my favorite movie".. but couldn't remember just how many exclamation marks he used after the word "PORNOS!!!" -- it was something like 15. )

Sorry if this is too technical:
If were a hacker, and was able to compromise the online banking database at the bank I used to work for, I'd have access to a long list of preference settings, and maybe email addresses or usernames. I forget if those were encrypted. I'd also have a long list of encrypted data that could, with the proper code, be decrypted, to get things like your mailing address and (if they weren't in the clear) email address and username. There'd also be a long list of hashed (that is, 1-way encrypted) data, which could only be decrypted if someone were to take the encryption code, build a list of every possible encrypted string, and then compare each hashed value with that very, very large list. (And smart coders use a different salt for each value, so they'd have to create that massive list for every single password, not for the whole customer list). The most likely thing that would happen here is the hacker would say "Oh, screw that" and go plunder a poorly protected eCommerce site (happens all the time, and few of them ever bother reporting it to the press, assuming they even find out it happened in the first place), or if he had a particular goal in mind at the bank (say, stealing a boatload of money from a specific customer), compromising the customer's actual computer, or using social engineering to get access (for example, convincing someone at the bank to change the registered email address, reset challenge questions, and smooth over whatever other roadblocks were in the way of logging into the account because they think they're helping the very nice but technically challenged customer.)

Wow, was that off-topic. Sorry. I can't concentrate on work today, but everything else is getting my full attention and way too much detail!

[mee]

It is easy to forget there are people on the other end of these words on our computer screens and some aren't out to debate everything under the sun just because it was mentioned on the forum. So many enjoy picking people and thoughts apart these days online in the comfort of their own shoes. Instead of having discussions we have debates, arguments, trials, and hearings...

[clackers]

Instead of having discussions we have debates, arguments, trials, and hearings...

"Chin up", Mee.

You can take something away from people's suggestions, or nothing.

If your backup is currently a USB hard drive, then a fire, theft or clicking on an email that unleashes Cryptolocker gets them both.

What is your current offsite backup strategy?