Investigators pulled video from ‘residual data’ in Google’s systems — here’s how that was possible and what it means for your privacy.
Eh, either that specialist doesn’t understand how cloud storage works or the author isn’t doing a good job of explaining it. Because it sounds like the specialist figured out how deletions work on your home computer’s hard disk and tried to shove that into some info they searched for on the internet about distributed storage or sharding. What was described is absolutely not how that data is stored in the cloud. The question of “when is my data actually deleted” is completely valid but the explanation is a mashed together pile of dog shit.
Google likely stores small clips of the full video stream (which they did explain) but in object storage. These clips are probably used for training AI and deleted after some period of time according to a retention policy that might soft delete the data first before removing it permanently. And maybe they do replicate the data to keep it safe, but also maybe not since it’s just for training. Since the customer didn’t have a plan that included storage, there’s no reason for them to persist the data after they’ve trained with it. It’s just a waste of storage space costing them money at that point.
They could also store the clips in block storage but all those little pieces on the filesystem would be in the same data center, maybe region, but definitely not all across the world for a single file.
And I guarantee you there was no forensic analysis on any storage devices for this. The reason it took so long to retrieve was probably from back and forth with the feds and deliberation within Google’s legal and management teams. Then once that was sorted, some poor prick probably had to manually dig through some services to find the file and grab it.
TL;DR: Google does hold onto your data longer than most people think but that “expert” doesn’t know what the fuck they’re talking about. Bureaucracy and manual processes likely drug out the process, not forensic analysis.
They’re going to lengths to make it sound like oh there was some cached server they found after intensive searching that hadn’t yet been updated or some such nonsense, but reality is is that Google is part of the dystopian constant surveillance present we now live in and likely they save ever little bit of video and information they can get their grubby blood stained hands on and use it for ai processing, government contracts, or you know, to jerk off to in their free time.
Fuck I really need to get off my ass and degoogled.
not even that hard anymore.
buy a fairphone. fuck anything that requires google.
Does nobody else feel strange about this story? Like the entire thing is made up. I would say it’s a distraction from the Epstein Files, but while lackluster, media is sorta covering it. I don’t know, this whole story just sets my bullshit meter off.
While this case shows recovery is technically possible, it also shows it’s rare, resource-intensive, and reserved for extraordinary circumstances.
How does this show “it’s rare, resource-intensive, and reserved for extraordinary circumstances” when that’s entirely based upon the word of the people doing it in secret?
“Google is notoriously uncooperative with law enforcement; they will comply with search warrants, but in the least helpful way possible and they will fight it,” he says.
Google sent personal and financial information of student journalist to ICE
“Google has received legal process from a Law Enforcement authority compelling the release of information related to your Google Account,” it read. The email advised Jon that the “legal process” was an administrative subpoena, issued by DHS. Soon, government agents would arrive at his home.
The subpoena wasn’t approved by any judge, and it didn’t require probable cause. Google gave Jon just seven days to challenge it in federal court — not nearly enough time for someone without a crack team of lawyers on retainer. Even more maddeningly, neither Google nor DHS had sent him a copy of the subpoena itself, leaving Jon and his attorney in the dark.
This article reeks of whitewashing for the government and tech industry.
They are desperate to make it look like the google cameras aren’t recording and saving data 24/7 regardless of whether you have an account or not.
It sure does. It’s an article about your deleted data being accessible by Google engineers then spends the rest of the article backtracking.
The fact that giant companies keep your data and don’t delete it when you tell them to has been true since the beginning of social media. Your things are not deleted, they’re simply marked as deleted so you don’t see them. The actual binary data never goes anywhere.
The rule of thumb is that if the data leaves your possession then assume someone has a copy of it. If it is encrypted and you don’t control your keys then it isn’t encrypted. (See: Bitlocker keys and Microsoft)
Saying google is uncooperative with law enforcement is like saying Donald Trump tried his very hardest not to rape children.
As someone who hasn’t paid a lot of attention to this case other than general curiosity out of how odd it is. I had wondered why the family hadn’t been able to give the police the security footage sooner.
When Nancy Guthrie went missing, officials said she had a doorbell camera, but that it had been forcibly removed, and she did not have a subscription.
only reason, and I mean the ONLY reason why this was possible is because of the high profile case.
still, begs the question. When is my data, no longer my data?
IDK this just looks like ICE kidnapped her. Has anyone checked the concentration camps?
They really do just look like a cartel: https://youtu.be/EG7bqoDJ9L4
From the article:
Nest cameras, by contrast, can send clips to Google’s servers even without a paid subscription. Google offers a small amount of free cloud storage — older models store clips up to five minutes long for three hours; the latest models store 10-second clips for six hours. That means some footage is uploaded and stored, at least temporarily, whether you pay or not.
According to Nick Barreiro, chief forensic analyst with Principle Forensics, deleting footage from the cloud doesn’t necessarily mean it’s immediately gone. “When you delete something from a server, it doesn’t get overwritten immediately — the file system is just told to ignore this data, and this space is now available to be used. But if no new data is written over it, it’s still going to be there, even though you can’t see it.”
This is more or less how local storage works as well. The creator of BleachBit, a file cleaning tool made famous for being present on Hillary Clinton’s email servers, has some great insights in their documentation about the methods for destroying data on hard drives. As it turns out, data “deletion” is just a series of operations on your hard disk like any other, and retrieval depends on the methods used - de-indexing, metadata and file structure removal, and overwriting to name a few.
Once, I accidentally formatted the wrong drive in Windows and it ended up being my 20TB platter (oops). I was able to recover 99% of the files on the drive with some free recovery software just because I disconnected and stopped using the drive immediately. The only files lost were large ones partially overwritten by the new blank file system created when I formatted the drive. Windows had only deleted the file system indexing the drive, and all of the file data and metadata was intact, waiting to be randomly overwritten. I had to string together four cheap failing 4TB SATA drives I bought used on Amazon, but it worked.
The point is, if I could do this as an amateur, and storage technology operating on the same principals is in use at enterprise scale, what are the lengths that the likes of the FBI and Google are willing to go to recover old data that has been “deleted”? I’m frankly surprised that Google does not overwrite their discarded data, and it’s probably for reasons like this, beyond the additional processing time it would take. Given their vast resources and storage capacity, it could be some time before “deleted” data is at least partially overwritten, if ever.
If you ever have data that you absolutely need destroyed, overwrite the entire drive with random data more than once, then physically shred the drive completely. And never connect your devices to a cloud storage service. It’s the only way to be sure.
I was under the impression that Google just didn’t delete data — ever. Like, it’s way more valuable compared to the cost of the disk.
I wouldn’t be surprised if this is actually what happened here… tech companies in general don’t delete data if they can avoid it. I worked for companies that would just set
deleted = 1in the DB on delete calls. Google has more ability than anyone else to put that data to use
I’ve never understood the overwrite more than once instruction. If the entire drive is overwritten how in the world do you pull back data out from an overwrite?
Flipping the bits on a magnetic medium back and forth doesn’t always flip them entirely. Using more sensitive equipment to read back the bits can see the faint hints of what the bits used to be, which is why multiple overwrites with random information is the only way to be sure (and even then, there are advanced techniques that try to see past all that noise. The more you overwrite, the less sure any of these techniques are to work.
Wild. If anyone knows of a video or demonstration of someone actually looking past the overwritten data on a platter, I’d love to see that - that’s really next level csi stuff.
Magnetic platter drives still have the highest storage density per dollar and so they are still heavily in use. Theoretically, overwritten data can be recovered from them by analyzing the magnetic fields directly from the platter. However, this is extremely time and money intensive and requires specialized equipment and expertise. Overwriting a partition multiple times severely complicates this process just by performing multiple overwrites.
Realistically, overwriting once with random data is enough, especially if the drive is to be physically destroyed. You can also use a powerful magnet (top end neodymium in direct contact) to scramble the delicate magnetic fields that encode the data on the platter, but at that point you may as well shred the drive anyways.
SSDs are a fundamentally different storage paradigm that make this kind of recovery essentially impossible. Due to the limitations of NAND memory, data can be written to blocks inaccessible except at the hardware level. To make SSDs secure, modern drives usually implement processes (TRIM) that erase blocks marked for deletion. Or, all data written to the drive is encrypted by onboard hardware (SED), and “erasing” the drive simply deletes the encryption keys.
This article is on the verge of making sense. The hell kind of nonsense is this. Files can be recovered but don’t worry not yours unless something happens.
This is a pretty decent article and answered some of the exact questions I had when I heard about the recovered video.
or a cloud service that offers end-to-end encryption, which means not even the provider can access your footage.
That’s not what “end-to-end encryption” means. End-to-end encryption means only the sender and receiver have the ability to decrypt the message. The definition the author provided would be a match for “Zero-Knowledge Encryption” instead.
A whole new generation learns what “marked as deleted” means.
What’s the old adage? If it’s on the internet it is there forever? except when nintendo IP lawyers or dmca douchebags are involved
Even local files still “exist” when you delete them. Usually the filesystem just marks those blocks as reusable since overwriting the data would take a lot longer.
Really with an SSD this makes extra sense. Not only would over writing the data immediately take some time but would also use up the limited write cycles faster.
Even with spinning disks all that extra write traffic isn’t exactly great.
Plus scrubbing floppies takes forever
It’s on the internet forever, but whatever the regular user needs is lost behind poor content indexing and incompetent search functions
