But, as is usually the case, Amazon has in fact issued a SLA giving you some partial rebates to your future charges with S3 [1]. If their internet uptime is less than 99%, you get a 25% rebate to your future month’s charges and 10% if it’s between 99% and 99.9%. The uptime is actually not what it sounds like. They don’t give you any rebates if they have planned “downtime”, they only consider downtime to be only an average error rate you may experience. But they take the average over all 5 minute segments over a month, so you might get back very little and there’s still no recovery assurance.

But I would still go for it if S3 was something I could afford. A few cents per gigabyte sounds okay to me. I’m okay with the risks. There are always risks. Even though Amazon doesn’t really let you blame them for many, they are probably worth the convenience you get from not worrying about your own data storage.

[1] Amazon S3 Service Level Agreement, Oct, 2007.

He pointed out that the service uses HMAC to authenticate all transaction requests sent over to S3. Any kind of write request is hashed with SHA-1 along with a 20 character ID, 41 character secret key and a time stamp. Amazon checks the time stamp to see if it has already been issued and it also has your (ID,key) so they check if you are who you say you are. This is standardized, but he also noted someone could reset your password if they had access to your email. Actually, because most email is not encrypted, I think someone just has send a reset request on your behalf and then sniff your traffic, waiting for the reset hyper-link.

But, data you send to Amazon is at least exchanged with SSL, so your data is encrypted until… someone has your key. SSL ’s key exchange between you and Amazon is of course unrelated to your Amazon ID.

[1] Garfinkel, S. “Commodity Grid and Computing with Amazon’s S3 and EC2,” ;LOGIN:, February 2007, pp. 7-13, Usenix.

Sounded almost as good as an endorsement but without the money.

**********************************************************************
> Title: The Drives Project: From Disk Forensics to Media Exploitation
>
> Speaker: Simson Garfinkel, Naval Postgraduate School
>
> Time and Location: Monday 10/1 at 11am in LC102
>
> Abstract:
>
> A hard drive is a window into the past and a door into the mind. Using
> forensic techniques the data on a hard drive can reveal who broke
> into a
> computer system, what was done, and the perpetrators. Hard drives have
> proved so useful that they are now routinely seized or imaged in DoD,
> intelligence, law enforcement, and even civil actions. But
> analyzing the
> information a hard drive today takes the time of a skilled analyst;
> today’s
> tools lack significant automation and intelligence, and frequently
> crash.
> As a result there is a large backlog of hard drives waiting to be
> analyzed;
> important information is easily missed or not analyzed for months
> after it
> is acquired.
>
> This talk discusses the work to date of the Drives Project, a 9-
> year (and
> counting) effort that is creating a large-scale collection of real
> disk
> drive images, open source tools, and new techniques for automatically
> processing data recovered from disk drives and other kinds of storage
> devices. Today the Drives Project has assembled a corpus of more
> than 1000
> forensically interesting images from hard drives and USB storage
> devices
> that were collected all over the world. We have created open source
> formats,
> tools and algorithms for automatically analyzing this data in bulk and
> rapidly producing answers to questions that are relevant to the
> Defense,
> Intelligence and Law Enforcement communities. The Project is now in
> the
> process of dramatically expanding the global reach of data being
> acquired and
> exploring new research opportunities for using this data.
>
> Bio:
> Simson L. Garfinkel is an Associate Professor at the Naval
> Postgraduate
> School in Monterey, California, and a fellow at the Center for
> Research on
> Computation and Society at Harvard University. Dr. Garfinkel has
> research
> interests in computer forensics, the emerging field of usability
> and security,
> and privacy. He is the author or co-author of fourteen books on
> computing.
> He is perhaps best known for his book Database Nation: The Death of
> Privacy
> in the 21st Century. Garfinkel’s most successful book, Practical
> UNIX and
> Internet Security (co-authored with Gene Spafford), has sold more than
> 250,000 copies in more than a dozen languages since the first
> edition was
> published in 1991.
>
> Garfinkel received three Bachelor of Science degrees from MIT in
> 1987, a
> Master’s of Science in Journalism from Columbia University in 1988,
> and a
> Ph.D. in Computer Science from MIT in 2005.

I think it is important to consider where physically your data will be stored as well. Google for example, presumably hosts my email data in climate controlled data centers around the world and that data is stored many times over. Should one data center be wiped off the map, I won’t lose anything. (Most likely, I am making some HUGE assumptions here about what I know about the google file system rather than any guarantees from Google. They offer no guarantees at this point and technically their services are still considered beta versions.)

However, no matter how secure I make my hard drives at home in my NYC apartment, it only takes one careless tenant to start my building on fire – or if you’re from the midwest like I am, one tornado to ruin your day. I suppose another option would be to exchange NAS’s with a friend on the other side of town (or country) and backup locally as well as across the net to a colleague’s network.

On the other hand, internet backups, either to your friends place or a provider, require bandwidth. I looked into some internet backup solutions for a network I manage and we simply didn’t have enough bandwidth for the amount of data we want to backup. It was well outside the budget to add or expand our current internet connection enough to accommodate the large amount of data.

To answer your original question, I prefer to use a combination of back solutions for different types of data. I think that the confidentiality risk is worth accepting for certain things (like family photos) but probably not for others (like financial documents.)