Archive

The Dulin Report

Browsable archive from the WordPress export.

Results (69)

On the role of Distinguished Engineer and CTO Mindset Apr 27, 2025 The future is bright Mar 30, 2025 My giant follows me wherever I go Sep 20, 2024 On Amazon Prime Video’s move to a monolith May 14, 2023 One size does not fit all: neither cloud nor on-prem Apr 10, 2023 Some thoughts on the latest LastPass fiasco Mar 5, 2023 Comparing AWS SQS, SNS, and Kinesis: A Technical Breakdown for Enterprise Developers Feb 11, 2023 Why you should question the “database per service” pattern Oct 5, 2022 Stop Shakespearizing Sep 16, 2022 Monolithic repository vs a monolith Aug 23, 2022 All developers should know UNIX Jun 30, 2022 Scripting languages are tools for tying APIs together, not building complex systems Jun 8, 2022 Java is no longer relevant May 29, 2022 There is no such thing as one grand unified full-stack programming language May 27, 2022 Best practices for building a microservice architecture Apr 25, 2022 In most cases, there is no need for NoSQL Apr 18, 2022 What programming language to use for a brand new project? Feb 18, 2020 TDWI 2019: Architecting Modern Big Data API Ecosystems May 30, 2019 Returning security back to the user Feb 2, 2019 Microsoft acquires Citus Data Jan 26, 2019 Adobe Creative Cloud is an example of iPad replacing a laptop Jan 3, 2019 The religion of JavaScript Nov 26, 2018 Let’s talk cloud neutrality Sep 17, 2018 A conservative version of Facebook? Aug 30, 2018 On Facebook and Twitter censorship Aug 20, 2018 What does a Chief Software Architect do? Jun 23, 2018 Facebook is the new Microsoft Apr 14, 2018 Quick guide to Internet privacy for families Apr 7, 2018 Node.js is a perfect enterprise application platform Jul 30, 2017 Design patterns in TypeScript: Chain of Responsibility Jul 22, 2017 I built an ultimate development environment for iPad Pro. Here is how. Jul 21, 2017 Singletons in TypeScript Jul 16, 2017 The technology publishing industry needs to transform in order to survive Jun 30, 2017 Rather than innovating Walmart bullies their tech vendors to leave AWS Jun 27, 2017 Copyright in the 21st century or how "IT Gurus of Atlanta" plagiarized my and other's articles Mar 21, 2017 Emails, politics, and common sense Jan 14, 2017 Windows 10: a confession from an iOS traitor Jan 4, 2017 Collaborative work in the cloud: what I learned teaching my daughter how to code Dec 10, 2016 Don't trust your cloud service until you've read the terms Sep 27, 2016 I am addicted to Medium, and I am tempted to move my entire blog to it Sep 9, 2016 What I learned from using Amazon Alexa for a month Sep 7, 2016 Why I switched to Android and Google Project Fi and why should you Aug 28, 2016 In search for the mythical neutrality among top-tier public cloud providers Jun 18, 2016 Files and folders: apps vs documents May 26, 2016 What can we learn from the last week's salesforce.com outage ? May 15, 2016 Why it makes perfect sense for Dropbox to leave AWS May 7, 2016 JEE in the cloud era: building application servers Apr 22, 2016 Managed IT is not the future of the cloud Apr 9, 2016 JavaScript as the language of the cloud Feb 20, 2016 OAuth 2.0: the protocol at the center of the universe Jan 1, 2016 Operations costs are the Achille's heel of NoSQL Nov 23, 2015 IT departments must transform in the face of the cloud revolution Nov 9, 2015 Top Ten Differences Between ActiveMQ and Amazon SQS Sep 5, 2015 What Every College Computer Science Freshman Should Know Aug 14, 2015 Ten Questions to Consider Before Choosing Cassandra Aug 8, 2015 Your IT Department's Kodak Moment Jun 17, 2015 Smart IT Departments Own Their Business API and Take Ownership of Data Governance May 13, 2015 We Need a Cloud Version of Cassandra May 7, 2015 Building a Supercomputer in AWS: Is it even worth it ? Apr 13, 2015 Ordered Sets and Logs in Cassandra vs SQL Apr 8, 2015 Exploration of the Software Engineering as a Profession Apr 8, 2015 What can Evernote Teach Us About Enterprise App Architecture Apr 2, 2015 Microsoft and Apple Have Everything to Lose if Chromebooks Succeed Mar 31, 2015 Where AWS Elastic BeanStalk Could be Better Mar 3, 2015 Docker can fundamentally change how you think of server deployments Aug 26, 2014 Infrastructure in the cloud vs on-premise Aug 25, 2014 Cassandra: a key puzzle piece in a design for failure Aug 18, 2014 Cassandra: Lessons Learned Jun 6, 2014 Things I wish Apache Cassandra was better at Feb 12, 2014

Don't trust your cloud service until you've read the terms

September 27, 2016

This article was originally published September 7, 2016 on my Computerworld Cloud Power blog

Earlier this year I switched from Android to iPhone and from Verizon to Google’s Project Fi. My blog post about the experience generated a vigorous discussion comparing Google’s privacy guarantees to Apple’s.

The summary of the argument presented to me is that Apple is in the business of hardware and has no interest in monetizing data. By contrast, Google is a “Big Data company” and they do monetize data.

Android, by its nature, may be more vulnerable to malware than iOS. Switching from iPhone to Android does not mean that one is suddenly giving up all of their private data to Google to monetize.

Many people already trust their data to companies other than Apple


iCloud does not solve all problems and does not address all use cases for all users. It is meant to be used by one user and to share data among that user’s devices. There is limited sharing of individual iWork files and photo albums, but certainly not with the same power as Dropbox or Google Drive. Here are the cloud services that I use across all of my devices:

  1. iCloud for iOS device backup,

  2. Google Drive (documents and spreadsheets) for work,

  3. Gmail, Google Calendar and Google Contacts for both personal and work use,

  4. Evernote for journaling, writing, and note taking,

  5. Professional Dropbox subscription where I store both my photo library and my music collection.

  6. Facebook, Flickr, and Instagram for sharing photos and videos with family and friends.


I may be a power user when it comes to certain services, but I think the general point is valid – many, if not most, people use multiple cloud services for their needs.

iCloud is a far from a privacy nirvana


Apple’s iCloud is a far cry from censorship resistant Freenet that lets you “escape total surveillance.” Most people don’t read Apple’s iCloud terms and conditions and just click “Accept”, but it is worth a thorough examination. Apple reserves the right to screen your iCloud content, regulate what you upload, and ensure that your content complies with the laws of your country.

Apple does screen your iCloud data. In their legal document, they state (observe the catch-all “otherwise objectionable” clause):
“Apple reserves the right at all times to determine whether Content is appropriate and in compliance with this Agreement, and may pre-screen, move, refuse, modify and/or remove Content at any time, without prior notice and in its sole discretion, if such Content is found to be in violation of this Agreement or is otherwise objectionable.”

Apple does surrender customer data to law enforcement. Despite the publicity around the San Bernadino iPhone case, Apple does respond to the information requests. In the second half of 2015 they surrendered device data in as many as 80% of the United States law enforcement requests. The iCloud terms and conditions give Apple freedom to do so:
Apple reserves the right to take steps Apple believes are reasonably necessary or appropriate to enforce and/or verify compliance with any part of this Agreement. You acknowledge and agree that Apple may, without liability to you, access, use, preserve and/or disclose your Account information and Content to law enforcement authorities, government officials, and/or a third party, as Apple believes is reasonably necessary or appropriate, if legally required to do so.

Apple does require you to grant consent to publish data your share:
[…] by submitting or posting such Content on areas of the Service that are accessible by the public or other users with whom you consent to share such Content, you grant Apple a worldwide, royalty-free, non-exclusive license to use, distribute, reproduce, modify, adapt, publish, translate, publicly perform and publicly display such Content on the Service solely for the purpose for which such Content was submitted or made available, without any compensation or obligation to you

Apple’s iCloud terms and conditions have provisions for DMCA to ensure copyright enforcement. Copyright holders can submit copyright infringement claims which may result in an iCloud account getting terminated.

There are rumors that Apple may implement an iCloud encryption system that can only be unlocked by the customer. It remains to be seen how that system is going to reconcile with Apple’s legal right and obligation to pre-screen data and to share it with the law enforcement upon request as per their terms and conditions.

Google does analyze your content, but you can work around it


For the most part, Google’s policies are similar to that of iCloud. Google does not deny that they analyze your data:
Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored."_ In exchange, users get 15 GB of free Google Drive storage compared to iCloud’s 5 GB. If one is already using Google services on their iPhone, switching to Android does not mean that they give up any more privacy than they already have.

Google Apps for Business, on the other hand, ensures that Google will not scan your data. At the starting monthly cost of $5/per user you take ownership of all of your data which Google will not analyze.

Unlike Google, Dropbox does not monetize your data by scanning it. Similar to iCloud, Dropbox earns money by charging for increased storage and enterprise usage.Dropbox’s policy is pretty reasonable and does not grant them the right to screen your data.

Evernote scans data but does not monetize it


Evernote’s terms and conditions are similar to other cloud providers. To offer some of the most advanced search and indexing you must grant Evernote permission to scan your data:
By using our products, you give Evernote permission to do certain things with your data so that we can run our service. For example, you give us permission to back it up, send it over a network, index it for searching, display it on your various devices, etc.

Evernote, however, is not a “big data” company and do not earn money by monetizing your data:
We are not a “big data” company and do not try to make money from your content. Our systems automatically analyze your data in order to power Evernote features, such as search and related notes, and to tell you about important features and products that we think will enhance your Evernote experience, but we never give or sell your content to any third party for advertising purposes.

Just like Apple, Google, and most other cloud storage providers Evernote does comply with law enforcement request. According to their own Transparency Report for 2015 they’ve upheld most of the law enforcement demands and responded with data. Evernote did side with Apple in the FBI bypass case, however.

Social sharing services require you to grant them permission to publish your content


Social sharing wouldn’t make sense if you couldn’t publish your content. For a service like Facebook to display your content to other users you need to grant them a license to do so:
Yes, you retain the copyright to your content. When you upload your content, you grant us a license to use and display that content.

Likewise, your photos on Flickr are always yours but you must give them permission to publish your content. Instagram is similar:
Instagram does not claim ownership of any Content that you post on or through the Service. Instead, you hereby grant to Instagram a non-exclusive, fully paid and royalty-free, transferable, sub-licensable, worldwide license to use the Content that you post on or through the Service, subject to the Service’s Privacy Policy, available here http://instagram.com/legal/privacy/, including but not limited to sections 3 (“Sharing of Your Information”), 4 (“How We Store Your Information”), and 5 (“Your Choices About Your Information”). You can choose who can view your Content and activities, including your photos, as described in the Privacy Policy.

Again, just like all other cloud services providers Facebook complies with government requests as does Yahoo/Flickr.

So, what’s all this about?


Debating my friend on Medium led me to read the terms of service agreement for all of the services I use. The conclusion is simple:

  1. We shouldn’t fall for Apple’s publicity stunts surrounding high profile government requests. Apple does comply with most law enforcement inquiries by giving up device data. In fact, their terms and conditions grant them sweeping legal rights over their customer’s data than most other providers. They can screen your data for “otherwise objectionable” data if they want to.

  2. Many people who already use Google services such as Gmail, Calendar, Contacts, and Drive do not give up any more privacy than they already have by switching to Android and continuing to use same services. Google does scan the content stored in personal but not business accounts.

  3. You are not required to store sensitive data in the cloud or on your phone. There are many alternatives to iCloud, Google Drive, Dropbox and Evernote that do not store or scan your data. You can always use a USB drive, backup your phone to your computer, or use a third-party app to encrypt your data.


The most important lesson is that customers shouldn’t just click “Accept” when presented with a license or terms of service agreement. It is important to read and understand what they agree to.

Last updated January 20, 2026. Return to home.