Krunch? Try “Thud”
Anyone taken a look at Krunch (featured on LifeHacker today). The service allows you to upload files, “krunch” them (compress them in a number of common formats) or “unkrunch” them (uncompress them), and download the results. It’s a cute way to solve the problem of not having a utility on your system to perform compression or decompression for a specific compression type.
Or so it claims.
Does anyone think that this is a clever way to gather vast amounts of potentially sensitive data from unwitting Web 2.0 buzzword-addled users? I mean, it doesn’t even use so much as HTTPS to handle file transfers. There’s no privacy policy (not that it would really get you anything – but, come on, they’re not even trying). You have no idea what’s being done with your data! While I’m all for solving problems with web-based tools, I’m not sure any problem is worth throwing my precious data up to any random service to be probulated.
Then again, maybe that’s the way things are going – nobody seems to mind that all their online webmail service provider is reading their email, or their desktop search provider is reading their hard drives. Why would files be any different?
Hello Brendon,
your suspicions are natural. I wouldn’t put forward a dispute.
But its highly unlikely that, I, personally would go through the sensitive user data and cause any potential damages 🙂
Regards,
Kailash Nadh
http://krun.ch
I would never dream of suggesting that you would go through these files yourself. You’re a programmer – you’d write a piece of software to do it. 😉
Well its true that I can’t physically prove that the user data won’t be compromised. Who can actually? What’s happening inside ‘giant’ mail services? 🙂
Anyway, I am going to do my best to improve Krun.ch’s functionailty and security. Its getting an SSL certificate installed pretty soon.
Precious data? 9 times out of 10 this will be used to un-archive software installs. Like the other day when I downloaded something (snort, I think) that was stored as a .tar.gz onto Windows XP. Instead of having to install WinZip just to handle the tarball I could have used Krun.ch (I’m assuming). Handy. Nevermind the fact that any reasonable operating system should be able to deal with every archiving system known to man.
The real problem is that most people have little idea how to safeguard sensitive data in the first place. Even classifying what is sensitive is difficult, since often it’s the aggregation that’s sensitive rather than any individual piece.
r.
p.s. Whether your webmail provider or your ISP is reading your email is pretty much moot point.
You wrote this diatribe like a true computer person. Just because something could, maybe, possibly happen to the data if someone, somewhere, happened to be looking in the right direction while it sailed through the net doesn’t mean that it will. If computer people designed cars we’d all be wearing crash helments and five point harnesses and be seating in gel filled capsules just to drive (at 5 km/h) to the corner store.
Yes and no. Yes, I wrote it as a person in computing – but no, that’s not a full and accurate description of the motivation. I work in information security field – if you knew about the kinds of tricks people play to get personal information through online scams and their rates of effectiveness, you’d be concerned as well. It’s not a question of “if”, it’s “when”. Everything from fake websites that ask you for your passwords, to targeted thefts of executive laptops – just look at the malware epidemic. The motivation is that information is worth money: don’t be a victim.
That said, it’s true that no data can ever be 100% secured. Do you know who made your keyboard? Your motherboard? Your CPU? Are you 100% certain that they don’t have backdoors to allow a nefarious attacker to access your data. It doesn’t bring our world to a grinding halt that we can’t be 100% certain, because the probability is that there’s enough people involved in developing those systems that any such purpose would come to light eventually. Contrast that with a web site run by a single person – not a lot of tongues to go wagging there.
To be clear, I don’t think that’s what’s going on here in this case, but it just shocks me that people would even consider uploading anything to some unknown party. Sometimes the obsession with new technology (for example: web applications attempting to transplant client/desktop software), overshadows the risk, or even the lack of benefit, of the solution that is developed. At best, it’s a useful utility, but for only a very small set of people.