First thing that comes to mind is that the phone wasn't actually new, but likely refurbished. I've heard of issues with people buying refurbished phones that were improperly wiped and still tied to people's accounts on Google or iCloud. (Yup, even happens to iPhones.)
posted by SansPoint at 7:45 PM on February 15, 2018 [9 favorites]

Crommie bought a Verizon LG V20 for $167 last week in Molalla for his grandmother and offered to download her photos and videos backed up on the Verizon cloud to the new phone. ...
"There's no connection between them and my grandma, their phone numbers aren't the same, we later cleared the phone completely and the same photos came back again," he said.

Likely a refurbished phone, but it doesn't seem to be previously owned by the people whose data was delivered to the wrong place.

Looks like Verizon's cloud storage is leaky, and the people only found out because the photos wound up on the phone of a former coworker.
posted by ErisLordFreedom at 8:16 PM on February 15, 2018 [6 favorites]

so maybe thousands of other people experienced this and blew it off is what you're thinking @ErisLordFreedom?
posted by Annika Cicada at 8:23 PM on February 15, 2018 [2 favorites]

Don't. Put. Nudes. In. The. Cloud.
posted by grumpybear69 at 9:37 PM on February 15, 2018 [6 favorites]

How odd! It’s not at all like a cloud to drop its contents willy-nilly.

(Ever get the feeling that “the cloud” was coined in the form of, “Jesus Christ, you absolute goddamn chucklewits, you might as well store it in a fucking cloud for all the impenetrable security this provides!”)
posted by Sys Rq at 9:38 PM on February 15, 2018 [22 favorites]

There's a great book by Tung-Hui Hu called Prehistory of the Cloud, and a lot of it talks about it's hard for many people to understand that the cloud is actually a physical thing. As I recall, he goes into depth explaining how every computer can essentially do one thing at a time (someone could probably school me on multithreading, but that's not the point here). When we use the cloud, we are taking our turn to access our files on a computer located somewhere else, right after someone else's turn, and right before someone else's. We don't notice because it happens almost instantaneously, but in some ways it's not any different than taking turns sitting at a desk. Only we never see the desk, or the other people, or anyone else, so it looks like ours alone. (There's a classic computer science thing about this, right?)

That's a poor summary of what Hu writes, but when I read it a few years ago, it was a revelation, because like most people, I had never thought about what the cloud actually is. Now I'm terrified of it: you're basically putting all your private information up on a shared computer without ever knowing where that computer is, who you're sharing it with, or who has access to it. We see again and again that companies will cut corners in ways that leave us vulnerable, but the nature of the cloud is such that it's very hard for many people to understand what they're actually being exposed to.

I've sort of run out of steam here, but check out that book if you haven't. Even if you know the cloud very well, Hu makes a lot of really interesting parallels.
posted by shapes that haunt the dusk at 10:20 PM on February 15, 2018 [10 favorites]

These things are true, shapes, but it's also hard for most people to understand the horrifying insecurity and unreliability of their own devices. I still remember the first time I looked at my Linux desktop's authorization log and saw evidence of the constant bombardment of IP addresses from around the world trying to guess my root password...
posted by qxntpqbbbqxl at 10:46 PM on February 15, 2018 [23 favorites]

A couple of years ago my dropbox showed me others photos for awhile. Nothing interesting, really, but they were taken nearby, which suggests a geographical connection of some sort.
posted by maxwelton at 11:16 PM on February 15, 2018 [1 favorite]

The fact that the phone in question is an LG V20 is buried deep in the article - - had it been an iPhone, it would have been highlighted in the title.

Apple doesn't just sell electronic devices, it sells profitable article clicks.
posted by fairmettle at 11:51 PM on February 15, 2018 [4 favorites]

My computer may be insecure, but I can try to do something about that. If I'm putting my data on someone else's computer, I can't even do that. This "cloud" thing has always looked like a bad idea to me, but I'm way behind on all the latest tech trends. Stuff like this is why I am OK with being behind.
posted by Kirth Gerson at 3:26 AM on February 16, 2018 [2 favorites]

How much do they charge to go fishing in the cloud?

While the event is a horrible privacy breech that definitely needs to be addressed, to suggest/editorialize that Verizon is selling access to private customer files is not supported by anything in the single link. It isn't even mentioned.
posted by Thorzdad at 4:23 AM on February 16, 2018 [1 favorite]

i mean, what are clouds but evaporated moisture?
what does that moisture do but, eventually, rain back down, far away from its original source?
it's an instance of rather poetic metaphor, i think, even if it has terrible privacy implications
posted by halation at 4:32 AM on February 16, 2018 [3 favorites]

There is no cloud, there is only someone else’s computer.

If this is a refurbished phone, and Verizon’s cloud storage, then my guess is Verizon is tying a hardware identifier, such as the IMEI, to the cloud account... which is a really stupid idea.
posted by SansPoint at 4:32 AM on February 16, 2018 [10 favorites]

SansPoint, that was my guess as well. The photos are obviously linked to some identifier which survives an OS reinstall. Which...as a developer, why would you do that?
posted by escape from the potato planet at 4:39 AM on February 16, 2018

Q: What is the cloud make of?

A: Linux servers, mostly.

I use encrypted cloud storage from Spider Oak to back up my stuff. I do use Amazon Photos, Google Photos etc. to back up my phone photos, but there is nothing there I'm worried about. If I'm not on vacation somewhere I take maybe a picture a week, and it's not anything sensitive.
posted by COD at 5:15 AM on February 16, 2018 [1 favorite]

Which...as a developer, why would you do that?

Well, speaking hypothetically:

The developer does it, because the spec says to do it. If the developer doesn't do it, the code won't be accepted as complete. The developer has no context for the request, is offshore anyway, and is incented to finish the code as quickly as possible. There is rarely any kind of risk analysis at this point.

The spec writer puts it in, because there's a requirement to "restore the data from the cloud on hardware wipe" from the business analyst, and if the spec doesn't satisfy the requirement, it won't be accepted as complete. The spec writer could have done some analysis, but is also offshore, and is really supposed to be thinking about architecture, not risk.

The business analyst wrote down the requirement, because the product owner said they wanted "a way to restore the user's data if they accidentally wipe their phone". If they didn't include the requirement, the product owner wouldn't accept the URS as complete. The business analyst is supposed to think about the big picture, but usually has no security training, and rarely considers edge cases that are outside the normal path.

The product owner put it in because they were in a meeting with a VP who accidentally wiped their phone and lost their holiday pictures. The product owner needed to justify three new heads on the org chart, so they were looking for a feature that the VP would like, so the budget request would get approved for next year's funding.
posted by jenkinsEar at 5:17 AM on February 16, 2018 [40 favorites]

This is not an approval of the process, of course- but it's why blaming the developer and not the institution is the wrong approach.
posted by jenkinsEar at 5:19 AM on February 16, 2018 [5 favorites]

There is no cloud, there is only someone else’s computer.


My colleagues and I serve a very not tech savvy user base and we've literally said this to multiple people and they just blank stare at us. I can't tell if they're not comprehending or just in a fugue state due to the horror of realization. (Probably the former given we just discovered that there are people we work with in another department who had never heard of a webcam live stream before. We put one on a monitor in a common area just for funsies because our space lacks windows and we're all turning into mushrooms, and they were astounded.)
posted by soren_lorensen at 5:20 AM on February 16, 2018 [5 favorites]

The photos are obviously linked to some identifier which survives an OS reinstall. Which...as a developer, why would you do that?

Pressure from the surveillance state?
posted by Glomar response at 5:40 AM on February 16, 2018 [2 favorites]

Which...as a developer, why would you do that?

Because people don’t think very far. The VP wants it to work without a login so support costs don’t blow out helping old people reset usernames and passwords and the developers either don’t think or don’t push back on those implications.
posted by Talez at 5:53 AM on February 16, 2018 [1 favorite]

The product owner put it in because they were in a meeting with a VP who accidentally wiped their phone and lost their holiday pictures. The product owner needed to justify three new heads on the org chart, so they were looking for a feature that the VP would like, so the budget request would get approved for next year's funding.

It might help you to think of the software development process as somewhere between "it's turtles all the way down" and "it's like If You Give A Mouse A Cookie, but it ends with the seas running red with the blood of nonbelievers."
posted by Mayor West at 5:53 AM on February 16, 2018 [16 favorites]

jenkinsEar, so, uh, hey, do we work together ?
posted by k5.user at 6:07 AM on February 16, 2018 [4 favorites]

I'll cop to using DropBox, so I'm not innocent of it, but the trend towards relying on cloud storage for everything is worrisome. The first time I saw a commercial for the new Pixel phone that boasts how you'll "Never run out of storage for your photos!" (because it's all cloud-based) sounds like fun, but it gives me the chills: sure, a majority of consumers will never notice or care, so long as it works, but it feels like a step backwards to dumb terminals. Worse than that (and this might be dramatic) it feels like it's another step towards all internet traffic / data being owned and controlled by corporate interests, like the future of the internet is an AOL styled walled-garden the size of the planet.
posted by Uther Bentrazor at 6:09 AM on February 16, 2018

Pressure from the surveillance state?

You'd think that, if the surveillance state wanted to keep track of that, they could devote 0.00001% of the processing power at that shiny plant in Utah to making and keeping maps of dust/dead pixels/lens imperfections from all the photos that pass through the internet, and mapping them to identifiers, in the way Facebook have recently applied for a patent for. Forcing cloud providers to tie your home nudes to your phone's serial number just feels sloppy, like something the secret police of some ex-Soviet stan might do out of unimaginative authoritarian desperation.
posted by acb at 6:12 AM on February 16, 2018 [4 favorites]

Cost is the deciding factor in something like 90% of federal acquisition decisions.
posted by Alterscape at 6:47 AM on February 16, 2018

If you haven't checked out the comic series The Private Eye by Marcos Martín and Brian K Vaughn, you should. It addresses the question of "what happens when 'the cloud' rains?". It's also beautiful and weird. Also, you get to see a depiction of a millennial in their old age.
posted by runcibleshaw at 6:54 AM on February 16, 2018 [1 favorite]

> First thing that comes to mind is that the phone wasn't actually new, but likely refurbished.

This line of inquiry could be easily narrowed by asking whether the mystery photos belonged to somebody who had previously owned that model of phone. If they did not own an LG V20, then Verizon's cloud service has bad security. If they did own an LG V20, this doesn't rule out Verizon's cloud service having bad security, but Verizon having a very half-assed data recovery protocol is the more likely problem.
posted by at by at 7:00 AM on February 16, 2018

> Cost is the deciding factor in something like 90% of federal acquisition decisions.

This story has literally nothing to do with government. This is one of the innumerable examples of industrial capitalists underspending, cutting corners, and then running away from the consequences.
posted by at by at 7:02 AM on February 16, 2018 [2 favorites]

The photos are obviously linked to some identifier which survives an OS reinstall. Which...as a developer, why would you do that?

The story only says "we later cleared the phone completely." As a person who once did tech support, I think that only raises more questions. It seems unwise to guess what "cleared" means to the users who said this. It doesn't suggest an OS reinstall to me.

New LG V20s sell for $400+, but these people paid under $200. It was used. It has a microSD card slot. Once we contemplate the possibility of an ineptly-prepared used phone, there's no good reason given here to even suspect the involvement of "the cloud" at all.
posted by Western Infidels at 7:08 AM on February 16, 2018 [5 favorites]

Which...as a developer, why would you do that?

Because the release to prod is in two weeks and you only got the final requirements two days ago.
posted by octothorpe at 7:22 AM on February 16, 2018

Western Infidels: We need to know if the other couple who's pics were popping up on that phone did have an LGV20, but it's not implausible that they did. Assuming they traded it in for an upgrade, it could very easily have been sent back to Verizon for a sloppy wipe and refurbishment, then resold.
posted by SansPoint at 8:40 AM on February 16, 2018

Because the release to prod is in two weeks and you only got the final requirements two days ago.

How absurd! If the requirements hadn't been specified, then no stories could have been sized; how could the two-week ship date have been arrived at? The whole thing just doesn't add up.
posted by Rat Spatula at 9:20 AM on February 16, 2018

I can't tell whether you're being sarcastic or you've never worked at a company that adopted the Agile development cycle but whose management and other stakeholders believed themselves exempt from having to conform to the processes they've beholden their staff to.
posted by at by at 9:41 AM on February 16, 2018 [4 favorites]

For those of you who don't know the basics: I work for a company whose software allows you to perform financial transactions. We store information about all the transactions for our millions of users in one place on our server, with each transaction tagged with the user is belongs to. We take great pains to make sure you only see your transactions. If we were to accidentally shows one user's transactions incorrectly to another user, it would be a VERY BIG DEAL due to the nature of the data.

The cloud is the same thing, only in this case, it's files/photos, not transactions. If you upload your photos to the cloud, you may imagine they are in some segregated place corresponding to the physical segregation of your local copies on your device. But really, they're put into one big pool and with everyone else's. Your files are tagged as yours and software makes sure you only see yours.

In this case, it sounds like the original user's photos were tagged with the device they came from, not some identifier tied to the user who was using the device (or some other software bug allowed one user to see another user's files).

Incorrectly downloading one user's photos to a device used by another user is only of moderate interest, not a VERY BIG DEAL, due to the nature of the data: we don't generally perceive the value of photos as highly personal as financial transactions. But it's fundamentally the same principle.
posted by tippiedog at 9:50 AM on February 16, 2018 [7 favorites]

To my way of understanding a number of items you used to buy as a stand alone program for your machines, have become cloud based. Microsoft word, Adobe Creative Suite, Google Earth, for instance. Documents I made in Microsoft Word 365 are locked in my main computer, because I don't want to pay them $70 per year for the program, and I don't know how to get my documents out of word, without paying them for another year, and moving my documents then to Open Office or some such thing. Authors beware, your stuff will be in hock.

Then the creative suite, well it makes me thing that nothing I create will be private or secure. It is not like I am Picasso or anything but I enjoy creativity, and wandering the wilderness to photograph as a private journey. So, for instance, if you are an environmental photographer and you are photographing and emphasizing the beauty of a place that some megamining company wants to dig in, then you can be targeted on your adventures.

Naked pictures, well that would fall into the realm of domestic terrorism if they were of me, so that is not such a worry. But, tweens are photographing themselves these days, and what happens to people if mystery tween nude sefies end up on strangers phones? I know a political activist who claims the kiddie porn that ended up on his machine, came out of nowhere. People came to his house specifically looking for it. Maybe this happened to him, and maybe not, but it made the papers. Then again, if someone were convicted of this offense and used this as a denial I can understand why. The possibilities here are endless, and they boggle the type of mind I have.
posted by Oyéah at 10:42 AM on February 16, 2018 [1 favorite]

To my way of understanding a number of items you used to buy as a stand alone program for your machines, have become cloud based.

At some point companies realized, "Hey, we're charging people a one-time fee to buy our product and giving employees a recurring payment for their work...it should be the other way around."
posted by Ralston McTodd at 11:51 AM on February 16, 2018 [4 favorites]

Then the creative suite, well it makes me thing that nothing I create will be private or secure.

The CS Cloud is a weird beast in that the software still runs locally, you just have to pay monthly to use it all. I make no claims about the privacy or security either way :)


There is no cloud, there is only someone else’s computer.

Anyway, last night I was looking on Amazon for some sort of Alexa compatible widget to give as a gift to a relative who has an Echo. There's dozens of "smart outlet switches" you can buy, so I'm browsing through the list when it hits me - these all come with their own app and cloud service to facilitate the Alexa connection.

I ordered a set from one of the better known overseas brands, but I might end up returning them.... I almost feel dirty and immoral gifting this thing that will open up a relative's network to some random fly-by-night server.

I'm a cranky graybeard now, aren't I?
posted by Nonsteroidal Anti-Inflammatory Drug at 12:23 PM on February 16, 2018 [1 favorite]

I can't tell whether you're being sarcastic

Cool, I can probably still pass as a "normie" and get hired again then...
posted by Rat Spatula at 1:24 PM on February 16, 2018

Nonsteroidal Anti-Inflammatory Drug: We got an Echo for Christmas, and I bought two smart plugs. Ugh, it's awful. I had to download their app, create an account with their company, sync them with their app--and only then could I connect them to the Echo. Yeah, I give them 3 years before the Chinese company that manufactured them no longer supports them. As the primary tech support technician in our house, I have no desire to have a house that's any smarter than that. It's just more IT support work for me.
posted by tippiedog at 4:33 PM on February 16, 2018 [1 favorite]

Minor derail to reply to at by: Agree that this situation has nothing to do with the gov't/surveillance. I was trying to reply to acb's comment about how thesurveillance state would do something clever and tech-y to identify the source of pictures. I was trying to say, perhaps too cleverly, that if it was cheaper to just make sure phones had persistent IDs, they'd likely do that instead.
posted by Alterscape at 6:38 PM on February 16, 2018

The IT service that my wife’s office uses has been after them to move their file server and database to thegodawmightycloud. One of the owners is all “hells yeah!” about the idea. She’s very much someone attracted to shiny new things and tends to jump before looking. I told my wife that there’s no way in hell they should offload everything like that. Backup to the cloud? Yes. But keep your working shit local.

..........
Then the creative suite, well it makes me thing that nothing I create will be private or secure.

CS5 4evar!
posted by Thorzdad at 7:57 PM on February 16, 2018

Nonsteroidal Anti-Inflammatory Drug: We got an Echo for Christmas, and I bought two smart plugs. Ugh, it's awful. I had to download their app, create an account with their company, sync them with their app--and only then could I connect them to the Echo. Yeah, I give them 3 years before the Chinese company that manufactured them no longer supports them. As the primary tech support technician in our house, I have no desire to have a house that's any smarter than that. It's just more IT support work for me.

This is why everything I have and use has a HomeKit support as well as Alexa. Like I have Lutron Caseta switches which all sync back to their Smart Bridge. That Smart Bridge interfaces with HomeKit and it's all done locally. The Echo profile? It's a mess of API calls that have to go out to the web. If my net connection goes down the Echo won't work but the HomeKit gear will. The Apple TV acts as a HomeKit proxy which allows me to turn off stuff away from home and still use geofencing and the like.

The Echo is much slower (like 3/4 second to turn off a light) but it's also so cheap I can put it in a few rooms. I also haven't bought a HomePod yet so I can't speak to Siri and HomeKit's accuracy.

If I was to build a new house from scratch or renovate I'd use all Caseta switches on every circuit because they work as regular switches even when you have nothing else configured. Luddites can go ahead and use a regular switch. Me? I'm comfortable using Alexa while remaining in bed to turn the light off.
posted by Talez at 9:48 AM on February 17, 2018

Talent: thanks for the info. I'll look into that.
posted by tippiedog at 11:26 AM on February 17, 2018

Seconding the Caseta love here as well. As a bonus, the dimmable switches are one of the few smart switches you can use without a neutral wire in the wall, should you find yourself living in a 100-year old house like some of us do.

And then said switches are all controlled by my "local cloud" - Home Assistant on a Raspberry Pi
posted by Nonsteroidal Anti-Inflammatory Drug at 2:40 PM on February 17, 2018

"If I was to build a new house from scratch or renovate I'd use all Caseta switches on every circuit because they work as regular switches even when you have nothing else configured. Luddites can go ahead and use a regular switch. Me? I'm comfortable using Alexa while remaining in bed to turn the light off."

so how much did you spend on the clapper
posted by klangklangston at 8:57 PM on February 17, 2018 [2 favorites]