Tag Archives: Terms and Conditions

Autodesk founder outraged by Amazon snatch of cloudy purchases

3 Replies

Autodesk co-founder John Walker (it’s not his fault, he relinquished control of the company many years ago) recently posted this on Twitter:

In a move reminiscent of the infamous removal of Orwell’s 1984 from Kindle devices (which Amazon promised a court it would never repeat), John’s Audible.com (owned by Amazon) audio books, purchased in 2009-2010, simply went away.

John’s reaction was to post a video of harmless inanimate objects being blown away by a powerful firearm, so I think it’s safe to say he was not overly pleased about this turn of events. Can’t say I blame him.

This is a variant of the old joke on those cheesy pre-show anti-piracy ads that have annoyed owners of legitimately purchased videos for many years:

“You wouldn’t steal a car.”
– I would if I could download it.

Amazon’s version goes:

“You wouldn’t steal a book.”
– I would if I could delete it from my server.

OK, Amazon is obviously doing evil here, but what can John do about it? Maybe nothing. As pointed out in a series of responses to John’s post, Amazon considers itself fully entitled to do this. Amazon also allows itself permission to change the rules as and when it sees fit.

Does this sound familiar? It should. “What’s yours isn’t really yours, even if you paid for it. It can go away when we feel like it. We can change the rules when we feel like it. No guarantees. Just keep paying and hope for the best.”

This is why we don’t CAD in the cloud. Or subscription CAD, for that matter. Owning stuff is still important.

Cloud concerns – security again

4 Replies

It’s probably worth pointing out that if you you have no problem emailing your designs around the place without some form of protection or encryption, there’s little point in getting all worked up about Cloud security. Email isn’t remotely secure. FTP isn’t exactly watertight, either. If you’re still interested in Cloud security issues, this post includes some relevant links you might like to peruse.

First, here’s what Autodesk’s Scott Sheppard had to say about Project Photofly (now 123D Catch Beta) security last month: Project Photofly FAQ: What about the security of my data? This covers some of the same kind of stuff I’ve already discussed, but from an Autodesk point of view (albeit a pretty transparent and honest one, as you might expect from Scott). Here are some selected quotes:

In essence, we don’t want to accept liability when we don’t take money…

We intend to have a reasonably secure service, better than email, but less secure than a bank account.

We store your files on Amazon’s S3 service, and they maintain their own physical and data security policy that is considered robust.

Next, here are the 123D Terms of service, which raise many of the same alarm bells I mentioned before. Selected quotes:

We reserve the right to change all or any part of these Terms, or to change the Site, including by eliminating or discontinuing the Site (or any feature thereof) or any product, service, Content or other materials, and to charge and/or change any fees, prices, costs or charges on or for using the Site (or any feature thereof).

By uploading, posting, publishing, transmitting, displaying, distributing or otherwise making available Shared Content to us and/or any Users of or through the Site you automatically grant to us and our sub-licensees…the worldwide, perpetual, royalty-free, fully paid-up, irrevocable, non-exclusive, sublicensable (through multiple tiers) right and license to have access to, store, display, reproduce, use, disclose, transmit, view, reproduce, modify, adapt, translate, publish, broadcast, perform and display (whether publicly or otherwise), distribute, re-distribute and exploit your Shared Content (in whole or in part) for any reason and/or purpose (whether commercial or non-commercial) by any and all means in any and all media, forms, formats, platforms and technologies now known or hereafter devised, invented, developed or improved.

Please note that with respect to Non-public Content, we will not authorize your Non-public Content to be made available to others on a public section of the Site, although we cannot guarantee complete security (e.g., of cloud servers).

Moving on to another Cloud security-related issue, something that Owen Wengerd raised on Twitter was the idea that:

…once data is on the cloud, it can never be deleted.

Deelip Menezes thought this whole idea somewhat loopy:

Actually I’m implying that it is ridiculous to even start thinking along those lines. 😉

However, I see Owen’s point. Once your data is on someone else’s server, you have no control over it. You have no idea where it lives, how often it is backed up, what happens to those backups, and so on. Let’s say you place some highly sensitive design data on the Cloud. It might be commercially sensitive, or about something that represents a possible terrorist target, or just something you don’t want certain parties to know about, ever. A week later, you delete the design data. Now, is it really gone? Any responsible Cloud infrastructure vendor must regularly take multiple backups and store them securely. So you now have multiple copies of your “deleted” data floating around, who knows where? What happens to old servers when they die? Where do backup hard drives, tapes, etc. go? If backups are stored off-site, how are your files going to be permanently removed from the media?

While there may be policies, procedures and ISO standards in place, we’re dealing with humans here. If one backup copy of your data ended up in a country where a rogue employee decided to better feed his family by selling off old hard drives, your nuclear power plant plans could end up not safely deleted at all, but instead delivered into the hands of some people you’d really prefer not to have it.

This may sound like paranoid nonsense, but risk from non-deleted data is real. There was a local case where a company was illegally siphoned of funds and went bust. The company’s old internal email servers were supposedly wiped and sold off. Somebody bought them, undeleted the data and was able to pass on incriminating emails to the police. While that ended up being a good thing in terms of natural justice and it’s not even a Cloud issue, it illustrates that making sure your stuff is properly deleted can be very important. This is related to something that Ralph Grabowski mentioned on Twitter; the “right to be forgotten”. Here is a Google search that includes various links that touch on some of the struggles related to this issue.

Finally, here’s something related to the possibility of the data being accessed illegally while it’s up. You put it up there, somebody copies it, you delete it, it’s not really gone and you are none the wiser. Is that something that only tin foil hat wearers need worry about? Have a read of this article before answering that one: Cloud Services Credentials Easily Stolen Via Google Code Search. Selected quotes:

The access codes and secret keys of thousands of public cloud services users can be easily found with a simple Google code search, a team of security researchers says.

Now the team is offering one word of advice to companies that are considering storing critical information on the public cloud: Don’t.

…an attacker who knows Google and some simple facts about cloud services authentication can easily find the access codes, passwords, and secret keys needed to unlock data stored in public cloud services environments such as Amazon’s EC3.

We found literally thousands of keys stored this way, any one of which could be used to take control of computers in the cloud, shut them down, or used to launch attacks on other computers on the same service.

Here’s a PDF of the presentation, if you’re interested.

Cloud concerns – terms and conditions

21 Replies

I just used Autodesk Cloud Documents for the first time, and was asked to confirm my acceptance of the Terms of Service. Fair enough. But just what is in those terms, and what do they mean to you if you are dubious about using the Cloud? Will you be reassured by what you find there? Maybe not. Here are a few clauses that might make you go hmmm…

The terms applicable to a particular service may vary.

Translation: Autodesk can move the goalposts.

Autodesk has the right (but not the obligation) to monitor Your usage of the Service to verify compliance with these Terms.

Translation: Autodesk can keep its eye on you.

You acknowledge and agree that: (a) You will evaluate and bear all risks associated with Your Content; (b) under no circumstances will Autodesk Parties be liable in any way for Your Content, including, but not limited to, any loss or damage, any errors or omissions, or any unauthorized access or use; and (c) You (and not Autodesk) are responsible for backing up and protecting the security and confidentiality of Your Content.

Translation: whatever happens, it’s your problem, not Autodesk’s.

Third Party Content and services may be made available to You, directly or indirectly, through the Service (including Content shared by other users of the Service, through Forums or by any other means). In some cases, such Content and services may appear to be a feature or function within, or extension of, the Services or the Autodesk Software. Accessing such Content or services may cause Your Computer, without additional notice, to communicate with a third-party website … for example, for purposes of providing You with additional information, features and functionality.

Translation: Autodesk and others can use the service to advertise to you.

Autodesk reserves the right to delete inactive accounts or purge related Content (and all backups thereof), without further notice and Autodesk Parties shall have no responsibility or liability for deletion or any failure to store Your Content.

Translation: don’t just leave your stuff up in the clouds and expect it to still be there a few years later.

You acknowledge that Autodesk may use third-party service providers in connection with the Services, including without limitation the use of cloud computing service providers which may transmit, maintain and store Your data using third-party computers and equipment in locations around the globe.

Translation: it’s not just Autodesk here, there is a chain of responsibilities and vulnerabilities.

THE SERVICE OFFERING IS PROVIDED “AS IS” AND “AS AVAILABLE.” AUTODESK PARTIES MAKE NO, AND HEREBY DISCLAIM ALL, REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF ANY KIND…

YOUR USE OF THE SERVICE OFFERING IS AT YOUR OWN DISCRETION AND RISK.

AUTODESK PARTIES DO NOT WARRANT THAT THE SERVICE OFFERING WILL PERFORM IN ANY PARTICULAR MANNER AND HEREBY DISCLAIM LIABILITY FOR NEGLIGENCE AND GROSS NEGLIGENCE.

Translation: Autodesk lawyers LOVE SHOUTING. Whatever happens, including gross negligence on Autodesk’s part, it’s still all your fault and you’re severely out of luck.

…for all Service Offerings accessed as part of Subscription, these Terms and Your access to the Services will terminate when Your Subscription (and the Subscription Program Terms applicable to Your Subscription) terminates or expires.

Translation: here’s a further disincentive to ever dropping out of Subscription once you’re on it.

It is Your responsibility to retain copies of Your Content. Upon termination Autodesk shall have the right to immediately delete, without notice, Your Content, if any, and all backups thereof, and Autodesk Parties shall not be liable for any loss or damage which may be incurred by You or any third parties as a result of such deletion.

Translation: don’t rely on the Cloud alone.

Autodesk reserves the right, from time to time in its sole discretion, to (a) modify or release subsequent versions of the Service, (b) impose license keys or other means of controlling access to the Service, (c) limit or suspend Your access to the Service, and (d) change, suspend or discontinue the Service at any time.

Translation: Autodesk can do pretty much whatever it likes, including killing the whole thing.

I don’t think any of this means Autodesk is evil. Looked at from the point of view of a corporation that needs to cover its backside and reduce risks to itself, it’s quite understandable. Much of it is just very sensible advice. You can expect similar conditions from other companies providing Cloud services. But what if you’re not happy with using a Cloud service that has such conditions attached? Well, you can use it anyway and keep your fingers crossed, or you stay away from it altogether.

How do you see this? Assuming you were happy with everything else about the Cloud, would clauses like those above be a dealbreaker?

Edit: this post is also being discussed on the Dezignstuff blog.

Note: the above clauses are Autodesk copyright, reproduced here under fair use (comment and criticism).