data breach

June 4, 2021

How to Rebuild Trust in Tech

It’s safe to say that reality has not lived up to the utopian vision of a highly advanced technological society. The optimism present in the 80s during the microchip boom and again in the 90s with the internet revolution has given way to a rather dreary outlook. This pessimistic view has various causes, including the proliferation of mass surveillance systems and the overall erosion of fundamental privacy rights. Can this be fixed? AXEL believes it can, but tech corporations will have to pursue alternative business models and practices for it to happen. Let’s look at how we got into this mess and how we can get out of it.

Initial promise leads to technocratic dystopia?

So, where did this pessimism come from recently? After all, it was only a decade ago that Facebook CEO Mark Zuckerberg was touting his social media platform as a way for people all over the world to connect meaningfully. Social media and the convenience of Big Tech services were supposed to advance the human race. And, for a while, it appeared like they might. Social media sites such as Facebook and Twitter helped facilitate significant historical events, such as the 2010 Arab Spring[1]. However, as the years passed, it became apparent that these services had a darker side.

The Cambridge Analytica scandal first reported on in 2015 was the tipping point. It’s where Facebook got caught selling vast amounts of its users’ personal information to the data analytics firm Cambridge Analytica. This firm used the data in an attempt to influence the outcome of the 2016 United States elections. While it is unknown exactly how successful this was (after all, Ted Cruz’s ill-fated campaign was the first to use this data), what was obvious is that Facebook collected and sold an alarming amount of information without consent.

Looking back, people should have known all along. Enormous tech platforms require thousands of skilled employees and significant backend infrastructure to maintain. Since they are typically free to use, how do they make money? Personalized advertising due to mass surveillance.

Trust in Big Tech hits all-time lows

Since the Cambridge Analytica scandal, education regarding how Big Tech analyzes and sells data has improved. The average consumer now understands that there shouldn’t be an expectation of privacy when using these services. In fact, according to a 2020 survey, over 85% of people are “very concerned” about how companies like Facebook and Google handle their personal data[2]. We feel this is a great trend, but there will need to be an aggressive demand from consumers for better privacy protections for any actual progress. The unfortunate truth is that even if there is a tacit understanding of the current reality, consumers either feel trapped in the situation or are otherwise willing to put up with the status quo.

This is evidenced by a 2019 panel discussion where business leaders and academics talked about the ethics of data collection[3]. Throughout the roundtable, the majority of the audience and the panel itself agreed to give up their privacy for small monetary benefits.

We believe this line of thinking is short-sighted and naïve. One point that kept coming up was that most trusted the firms collecting their data not to misuse it and to protect it. We know from countless stories that neither of these assumptions is prudent. Not only will companies sell data without consent, but they can’t guarantee hackers won’t pilfer it illicitly. Even organizations spending adequate resources on cybersecurity get compromised routinely. Many of the largest businesses in the world have had terrible breaches. Putting that kind of faith in Big Tech’s trustworthiness will only end in disappointment.

The way forward

As a company that values user privacy, here are our tips for ushering in a new era of tech that delivers on the optimistic vision of previous generations:

Opt-in for advertising rather than opt-out. So far, organizations attempting to remedy privacy concerns have relied on providing opt-out clauses for data collection. We feel this puts the burden on the consumers, who tend to be busy. Most people don’t read privacy policies or want to click through a maze of links to get to the opt-out page. Privacy should be the default. If there really are benefits worthy of people giving up their personal info, the company should state their case clearly and provide a link to opt-in to the advertising.

Move away from free-to-use business models. We’ve covered this topic in a previous blog, but it’s a necessary shift if people truly value privacy. Free software and services create bad incentives to misuse data because it’s the only way to monetize users. This can be alleviated by normalizing paid software again. Consumers didn’t always have the expectation of free software. With a coordinated education outreach, paid software may make a comeback.

Transparency. One of the most disturbing aspects of the Cambridge Analytica scandal was that Facebook sold information without consent. If an organization wants to offer free services to those who opt-in to personalized advertising, it should go the extra mile and be transparent about how it uses that data. This would lead to fewer surprises and major scandals. Users could make informed decisions and weigh the tradeoffs accordingly.

AXEL leads the way

At AXEL, we provide data storage and sharing solutions that prioritize privacy and security. Not only is our leading platform, AXEL Go, built with secure implementations of blockchain technology, decentralized servers, and robust encryption, but our entire data collection policy centers around the philosophy that less is more. Just take a look at AXEL Go compared to other popular cloud drives. AXEL does not collect data linked to your identity. Period.

You can sign up for a free trial of our Premium AXEL Go service today and get the peace of mind that nobody is mining your content or selling your data. We can bring about change together. Join the privacy revolution.

Jose Antonio Vargas, “How an Egyptian Revolution Began on Facebook”, The New York Times, Feb. 17, 2012, https://www.nytimes.com/2012/02/19/books/review/how-an-egyptian-revolution-began-on-facebook.html

[2] Allen Bernard, “Most consumers do not trust big tech with their privacy”, TechRepublic, July 29, 2020, https://www.techrepublic.com/article/most-consumers-do-not-trust-big-tech-with-their-privacy/

[3] “How can we rebuild trust in the digital world? A discussion with Professor Michael Sandel”, Fujitsu.com, May 16,2019, https://www.fujitsu.com/global/vision/insights/201905event/

May 21, 2021

The Jones Day Law Firm Data Breach Serves as a Warning for Others

In December and January, the technology company Accellion experienced a hack to the Accellion FTA (File Transfer Appliance), a file-sharing program aimed at enterprise customers. Since then, multiple organizations have reported data breaches linked to the software, including the large law firm Jones Day. This created quite the storm for the firm and some high-profile customers like the City of Chicago. Here, we’ll go over the hack and discuss the lessons organizations should learn from the situation.

How it happened

According to a report by the cybersecurity company FireEye[1], the initial attacks occurred via a malicious SQL injection that allowed the criminals to install a web shell on Accellion servers. Then, the hackers could run malware programs at will via the web shell. If you remember, this is very similar to the methods employed by the group behind the infamous SolarWinds hack, covered by us here and here.

Who was behind it?

Cybersecurity experts attribute the attack to the CL0P ransomware gang[2] due to increased activity on the group’s dark website that shames organizations into paying the ransom. Analysts conclude that the victims implicated on the site line up with the known victims of this breach.

The threat actors used the Accellion FTA exploits to steal data from over 100 organizations, including the Australian Securities and Investments Commission, grocery store chain Kroger, the University of Colorado, and the Jones Day law firm. We’ll be specifically looking at the Jones Day state of affairs, as it has become a juicy story.

Jones Day

The Jones Day Law Firm is a major firm headquartered in Cleveland, Ohio, employing over 2500 attorneys and serving thousands of clients globally. In February 2021, representatives confirmed the company was one of those affected by the Accellion FTA breach. Law firms have significantly more to worry about from data breaches than, say, Kroger. This is due to the sheer amount of confidential information that passes between attorneys, legal assistants, clients, and court officials. Jones Day says its internal systems weren’t compromised, but the distinction is a bit moot, given what ended up being leaked.

The City of Chicago

The most interesting insights revealed in breach so far come from leaked correspondence between Jones Day and Chicago government officials. The City of Chicago was not a formal client of the firm, but Jones Day attorneys offered advice on many legal situations. The hackers stole over 85GB of emails, images, and documents sent between the two entities.

Neither Jones Day nor the City of Chicago paid the ransom, and these files were made available on the Dark Web. The Wikileaks-esque whistleblower website DDOSecret.com released a small portion of the haul publicly and has sent the complete data set to journalists. What has been reported on offers a fascinating look behind the political curtain of America’s third-largest city:

The Chicago Police Department created a secret drone surveillance program using money from seized assets sold after criminal investigations[3]. The budget for the drone initiative totaled nearly $8 million. The police used it to aid in missing persons cases and anti-terrorism strategies.
Mayor Lori Lightfoot attempted to distance herself from a campaign promise regarding police reformation[4].
Mayor Lightfoot and Illinois Governor J.B. Pritzker clashed on COVID lockdown restrictions on indoor dining.

Clandestine drone programs aside, there haven’t been many earth-shattering bombshells. Still, it’s embarrassing for both the City of Chicago and Jones Day. Mayor Lightfoot has called into question the authenticity of the emails[5], stopping short of outright denial.

It seems unlikely that a hacker group would go through the trouble of fabricating hundreds of thousands of documents to expose what amounts to normal everyday political shenanigans, but we’ll see how it shakes out.

The lesson

Jones Day and 100+ other affected organizations could have saved themselves the public embarrassment and loss of trust if they used better data transfer solutions. The Accellion FTA was a legacy file-sharing platform left largely unsupported. However, the inertia of technological adoption resulted in massive companies leaving themselves open to a data breach. Given the resources these organizations have at their disposal, the risks of sticking with old tech are unacceptable.

It’s especially objectional for a law firm like Jones Day. Their entire business is keeping confidential legal information away from the public’s eyes. While they may have the clout to recover from this issue, smaller firms would be devastated.

The takeaway for law firms and solo practices should be; take data security very seriously! Don’t rely on outdated platforms or downright insecure solutions like email attachments to share and store documents. Vet the provider you end up going with to ensure they will support the solution for the foreseeable future and continue to provide security patches along with new privacy features. Not doing so leaves you susceptible to catastrophic scenarios.

The right choice

Our file-sharing and cloud storage platform AXEL Go prevents data breaches. It’s the perfect solution for those working within targeted industries such as the legal sector. Our development team built AXEL Go from a framework of security and privacy. It combines secure blockchain technology, decentralized IPFS implementation, and military-grade file encryption to keep the most sensitive files safe.

To learn more, please visit AXELGo.app and sign up for a free 14-day trial of our Premium service. You get to try out all of the innovative features, such as Secure Fetch and storage encryption. Our team is always hard at work improving the platform and releasing updates. Once you see the AXEL difference, you’ll never go back to insecure data transfer systems again.

[1] Andrew Moore, Genevieve Stark, Isif Ibrahima, Van Ta, Kimberly Goody, “Cyber Criminal Exploit Accellion FTA for Data Theft and Extortion”, FireEye.com, Feb. 22, 2021, https://www.fireeye.com/blog/threat-research/2021/02/accellion-fta-exploited-for-data-theft-and-extortion.html

[2] Tara Seals, “Accellion FTA Zero-Day Attacks Show Ties to Clop Ransomware, FIN11”, ThreatPost.com, Feb. 22, 2021, https://threatpost.com/accellion-zero-day-attacks-clop-ransomware-fin11/164150/

[3] Tom Schuba, Frank Main, “CPD launched secret drone program with off-the-books cash”, Chicago Sun Times, May 12, 2021, https://chicago.suntimes.com/city-hall/2021/5/11/22425299/cpd-chicago-police-drone-secret-emails-hack-lori-lightfoot-dodsecrets-city-hall

[4] Gregory Pratt, “Computer hackers stole thousands of Lightfoot administration emails. Here’s a look at some of what they leaked online.”, Chicago Tribune, May 14, 2021, https://www.chicagotribune.com/politics/ct-lightfoot-administration-hacked-emails-closer-look-20210514-havyv352lfegrklmfi76a25wfi-story.html

[5] Bernie Tafoya, “Lightfoot questions legitimacy of city emails made public after hack”, WBBM NewsRadio 780 AM, May 11, 2021, https://www.audacy.com/wbbm780/news/local/mayor-questions-legitimacy-of-emails-made-public-after-hack

April 23, 2021

What Else We’ve Learned About the SolarWinds Data Breach

In January, we covered a massive supply-chain data breach known as the SolarWinds attack. To get a broad overview of the incident, how the malicious agents carried out the hack, and the known victims, please read our coverage. Over the past four months, there have been new developments in the story that warrant a follow-up. Here, we go over these updates and discuss the potential for lasting fallout.

A brief synopsis

In December 2020, cybersecurity firm FireEye reported a significant flaw in the SolarWinds Orion database management software suite. When the dust settled, experts found that over 18,000 organizations had inadvertently installed a backdoor for an Advanced Persistent Threat (APT) group, likely Russian in origin. These state-sponsored actors infiltrated major corporations and high-level United States governmental agencies alike. Officials believe it to be the most widespread digital espionage campaign ever carried out against the United States. So, what have we found out since then?

More sophisticated than initially thought

From the very beginning, cybersec professionals knew the culprits were sophisticated and that the program’s scope was enormous. As it turns out, however, initial estimates seemed to have underestimated it. According to a recent analysis by RiskIQ, the infrastructure used by the threat actors was at least 56% larger than originally thought[1].

This implies the state hackers had access to significantly more computing power and probably targeted even more organizations than the known 18,000 victims. The same report also concluded that the use of United States-based infrastructure during the initial attack stage prevented the National Security Agency (NSA) from noticing the situation due to stricter laws against domestic surveillance.

Russians officially blamed

United States intelligence agencies have always blamed Russia for the attack, but it turned into more than an accusation when President Joe Biden and the United States formally sanctioned the adversarial country on March 15[2]. Provisions of the sanctions include:

Forbidding U.S. banks from buying bonds from or lending money to Russia’s national financial institutions after June 14.
Expelling 10 Russian diplomats accused of being intelligence agents from the United States.
Sanctioning six technology companies in Russia accused of supporting intelligence agencies.

The sanctions significantly ratchet up tensions between the two nations and mark a major departure from standard espionage protocol. Previously, the United States and other countries assumed cyber espionage campaigns were always underway from their enemies, and their enemies were under similar assumptions. This meant that there was an implicit understanding that everyone is spying on everyone else, and nobody felt real consequences for it. The sanctions set a new precedent that could result in escalation rather than diplomacy. Although, Russia pulled back troops from the Ukrainian border after the sanctions[3], so perhaps the message landed as intended. Only time will tell what ramifications this act has, but hopefully, it doesn’t increase the divide between the two largest nuclear powers.

Concurrent Chinese involvement

Although analysts blame Russia for the initial breach, it appears like Chinese state hackers also took advantage of the situation[4]. According to a report by Secureworks, some malicious agents used tactics similar to those employed by the Chinese APT, SPIRAL[5]. Furthermore, during the intrusion, the group accidentally revealed its IP, which originated from China. So, while sanctions only targeted Russia, there is evidence that China played a role too.

Of course, as we talked about in the original SolarWinds blog, it’s exceedingly difficult to analyze blame with a hundred percent certainty. State-sponsored digital espionage groups are adept at covering their tracks and obfuscating origins. And, while the United States government seems positive the Russians were the main culprits, hard evidence of this assertion hasn’t been made public. Not to mention the United States government has been wrong about some pretty bold claims before. We may never know the full truth.

Congress grills Microsoft

Interestingly, the company in the hottest water over the whole snafu isn’t SolarWinds; it’s Microsoft. Probably due to its high-profile nature, the U.S. Congress set its sights on the tech behemoth[6]. This is because, after the breach’s first stage, the hackers exploited Microsoft products and stole sensitive emails and other data from thousands of organizations.

Microsoft itself had its source code exposed to the hackers. Since source code is the lifeblood of a tech company, it shows exactly how all-encompassing the breach was. It also proves a crucial point; no matter how secure a system is, nothing can be completely safe from ill-intentioned cyberspies with the backing of an entire country’s resources. So, although House members assuredly loved grandstanding about the holes in Microsoft’s security, the truth is more complex and nuanced.

White House ramps down recovery efforts

This brings us to the conclusion of the saga. On April 19, the White House announced that several national agencies such as the FBI, CISA, and NSA would soon begin ramping down their efforts regarding SolarWinds. Combined with the Russian sanctions, it signals that the U.S. Government considers the incident largely settled. China appears unlikely to receive any formal retaliation. Hopefully, the most significant data breach of our times serves as a lesson for the future of cybersecurity. Undoubtedly similar incidents will occur in the future, but perhaps mitigation policies will improve, and potential damages will be reduced.

Security is a personal responsibility

If there’s one takeaway everyone should have about SolarWinds, it’s that relying on Big Tech’s security policies is a mistake. People should do a bit of research to find redundant cybersecurity methods for their sensitive data.

You can protect your confidential files by ditching cloud drives like Dropbox, OneDrive, and Google Drive and switch to AXEL Go. AXEL Go utilizes our decentralized, distributed files sharing network backed by blockchain and the InterPlanetary File System. This ensures your documents aren’t stored in one place with a single point of failure.

Additionally, every file you transfer via the AXEL Network gets “digitally shredded” and distributed to scattered server nodes. This means even if a malicious agent compromised a server, they wouldn’t have access to the complete file. Documents are only reconfigured for the initial user and any recipients. This system, combined with military-grade encryption, provides multiple layers of security for AXEL Go users.

You can try AXEL Go Premium with all features unlocked free for 14-days. Sign up today and see how AXEL can improve your workflow and harden your organization’s cybersecurity.

[1] “SolarWinds: Advancing the Story”, RiskIq.com, April 22, 2021, https://community.riskiq.com/article/9a515637

[2] Morgan Chalfant, Maggie Miller, “Biden administration sanctions Russia for SolarWinds hack, election interference”, April 15, 2021, https://thehill.com/homenews/administration/548367-biden-administration-unveils-sweeping-sanctions-on-russia?rl=1

[3] “Russia to pull troops back from near Ukraine”, BBC, April 22, 2021, https://www.bbc.com/news/world-europe-56842763

[4] Dan Goodin, “Chinese hackers targeted SolarWinds customers in parallel with Russian op”, Ars Technica, March 8, 2021, https://arstechnica.com/gadgets/2021/03/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op/

[5] Counter Threat Unit Research Team, “SUPERNOVA Web Shell Deployment Linked to SPIRAL Threat Group”, Secureworks.com, March 8, 2021, https://www.secureworks.com/blog/supernova-web-shell-deployment-linked-to-spiral-threat-group

[6] Frank Bajak, “SolarWinds hacking campaign puts Microsoft in the hot seat”, The Associated Press, April 17, 2021, https://apnews.com/article/business-technology-government-and-politics-f51e53523312b87121146de8fd7c0020

November 27, 2020

Ransomware is Big Business for REvil Hacker Group

REvil, or Sodinokibi, is one of the most notorious hacker gangs in the world. Known for their ransomware attacks, the group claims it will make $100 million by the end of the year^[1]. Here is a brief overview of the Russian hackers and their illicit accomplishments.

A sordid history

For all of their high-profile attacks, concrete information about the group remains elusive to the public. They are likely based in Russia due to known cybersecurity information as well as their unwillingness to attack companies or governments in the former Soviet-bloc.

An offshoot

Cybersecurity analysts believe malicious developers from a previous group called GandCrab make up REvil^[2]. GandCrab was a prolific gang that collected an estimated $2 billion in ransoms in an 18-month period between 2018-2019. REvil popped up almost immediately after GandCrab stopped activities in 2019, and the two malware share much of the same code.

The gang also employs a Ransomware-as-a-Service (RaaS) model to supplement their revenue. Those interested in a more in-depth breakdown of ransomware can read our recent blog post about the topic.

RaaS is interesting because the gang itself doesn’t have to focus constantly on finding new victims. REvil simply licenses out their malware to vetted affiliates, who do the dirty work of searching for and breaching vulnerable networks. REvil then takes a healthy 20-30% cut of the affiliates’ payments. How’s that for a business model!

High-profile attacks

Texas local governments. In a concerted August attack, REvil infected 23 local Texas government agencies and demanded a $2.5 million collective ransom^[3]. The malware brought down the systems and websites of these agencies. Luckily, the victims were well-prepared in this case. Teams of cybersecurity experts restored the systems via backups or full rebuilds. They did not cooperate with REvil, and their sites are now back online.

Travelex: On New Year’s Eve in 2019, REvil infiltrated Travelex’s network. Travelex is a foreign currency exchange company known for its kiosks in airports around the world. Unfortunately for them, they weren’t very vigilant when it came to cybersecurity. They hadn’t installed any security patches for their VPN system in over two years! This allowed REvil to breach their network and inject ransomware easily.

It spread so fast that it took down their entire operation. Instead of coming clean about the hacking incident, Travelex claimed it was “planned maintenance” and quietly paid a $2.3 million ransom to the notorious gang. Once this information leaked (as it usually does), the company was in real hot water. Not only had their lax security policies led to a data breach and loss of service, but they lied about it. It evidently affected consumers’ trust, as the company did not recover from the situation. After a failed attempt to sell, Travelex fell into administration, cut over 1300 jobs, and is currently undergoing significant corporate restructuring^[4].

Grubman Shire Meiselas & Sacks: In May of 2020, REvil stole over 750 gigabytes of confidential legal documents from the Grubman Shire Meiselas & Sacks law firm^[5]. The practice is famous for representing celebrities and other high-profile clients. REvil gained access to records pertaining to people such as Madonna, Lady Gaga, Drake, Elton John, and United States President Donald Trump. At first, the ransom was an already-obscene $21 million but ballooned to $42 million after they figured out they had Trump’s information.

Upon the FBI’s guidance, the firm allegedly refused to pay the ransom, causing REvil to auction the information on the Dark Web to the highest bidder.

According to a recent interview with an apparent member of the gang, this may not be the entire story. The hacker claims a secret identity paid the ransom to prevent the Trump documents from leaking^[6]. This cannot be confirmed but adds another layer of intrigue to the incident.

Televangelist Kenneth Copeland. Wealthy televangelist pastor Kenneth Copeland suffered a REvil attack recently as well. The hackers encrypted and stole 1.2 terabytes of information from the Kenneth Copeland Ministries’ computer systems. The data includes email databases, bank documents, financial contracts, and more. The actual ransom demand amount isn’t known at the moment, but with an estimated net worth of over $750 million, the famous Pastor can likely afford it. If unpaid, he’ll need to take some time off from banishing evil from the world, to focus on banishing REvil from his network.

Desperate or enterprising?

REvil uses a double-extortion method to extract ransom payments from its victims. This means that they encrypt the breached data so that the victim must either pay to unlock it or restore it from a backup (which they may or may not have). Concurrently, they steal and transfer the information back to their own storage and threaten to sell it on the Dark Web. This means even if the company, agency, or individual has a backup, they still might elect to pay up to stop the data from leaking. It’s a lucrative model, but evidently not lucrative enough.

According to the interview mentioned above, the gang may add another wrinkle. They are now considering flooding a victim’s website with bot traffic, called a Denial-of-Service, to bring it down while also employing the double-extortion methods. This cripples the victim’s ability to function and puts more pressure on them to remedy the situation quickly.

Some analysts wonder if this is a sign that the gang is in desperate need of more money. However, it could just be good, old-fashioned greed. Only time will tell. What is certain is that REvil shows no sign of stopping their practices soon, and even if it does shutter eventually, a new gang will form out of the ashes to continue their dubious legacy.

Data security

AXEL is a company dedicated to data security solutions. Our file sharing and storage cloud, AXEL Go, utilizes three ultra-secure technologies (Blockchain, IPFS, encryption) to keep private documents safe. We offer a fully-featured, free Basic plan with 2GB of online storage, as well as paid plans for power users and enterprise clients. Don’t just sit back and wait for hacker gangs like REvil to set their sights on you; protect yourself with AXEL Go. Download it today and try it out for Windows, Mac, Android, or iOS.

^[1] Tara Seals,”REvil Gang Promises a Big Video-Game Hit; Maze Gang Shuts Down”, threatpost, Oct. 29, 2020, https://threatpost.com/revil-video-game-hit-revenue/160743/

^[2] Jai Vijayan, “GandCrab Developers Behind Destructive REvil Ransomware”, Dark Reading, Sept. 25, 2019,https://www.darkreading.com/attacks-breaches/gandcrab-developers-behind-destructive-revil-ransomware/d/d-id/1335919

^[3] “Texas government organisations hit by ransomware attack”, BBC News, Aug. 2019, https://www.bbc.com/news/technology-49393479

^[4] Kalyeena Makortoff, “Travelex falls into administration, with loss of 1,300 jobs”, The Guardian, Aug. 6, 2020, https://www.theguardian.com/business/2020/aug/06/travelex-falls-into-administration-shedding-1300-jobs

^[5] Lindsey O’Donnell, “REvil Ransomware Attack Hits A-List Celeb Law Firm”, threatpost, May 12, 2020, https://threatpost.com/revil-ransomware-attack-celeb-law-firm/155676/

^[6] Tara Seals,”REvil Gang Promises a Big Video-Game Hit; Maze Gang Shuts Down”, threatpost, Oct. 29, 2020, https://threatpost.com/revil-video-game-hit-revenue/160743/

October 16, 2020

A Story of Data Custody in the Modern Age: Part III

Lucas finds AXEL

In Part II of Lucas’ story, he found many companies were still collecting vast amounts of customer information even with new privacy regulations. But, that didn’t mean he was ready to shun technology. It was a modern conundrum shared by every technophile who values their privacy.

“I’m an IT professional who loves the latest and greatest technology. I can’t close myself off from the world and go hide out in a treehouse in the woods. That shouldn’t be my only option just because I don’t want these huge companies spying on me or making detailed models of my behavior. So, I started to scour the web looking for programs and services that weren’t going to auction off my information to the highest bidder. I stumbled upon AXEL from a Google search about cloud storage, and loved what I saw.”

Lucas and AXEL Go

Specifically, Lucas found our private, secure file storage and sharing application, AXEL Go.

“AXEL Go is basically my new best friend. I get instant access to all of my files and can share them with anyone. I use it at home on my PC and on my iPhone when I’m out. The first thing that impressed me was the company kept promoting this concept called ‘data custody.’ I’d never heard of the term before, but after reading into it a bit, it really hit home. It just means they’re all about giving control of data back to the people.”

AXEL is a champion of data custody and considers personal information private property. We never mine any content stored on AXEL Go and do not sell personal information to third parties, ever.

“That in itself sets them apart from most cloud companies. But they not only respect your data, they protect it too. Their security features are way more advanced than other cloud options.”

AXEL Go utilizes three secure technologies as the backbone of AXEL Go; blockchain, the InterPlanetary File System (IPFS), and password encryption. This unique combination makes AXEL Go an industry leader in security, ensuring your content stays safe at rest and in motion.

“It’s the best of both worlds. I don’t have to worry about the company itself selling my info, but I also am less concerned about hackers breaching their system. Their servers are decentralized, and I always use encrypted passwords on my files. So hackers can’t attack a single vulnerable server to get my content, and even if they do somehow get to my files, they won’t be able to access them. I looked it up, and the encryption algorithm they use for passwords takes billions of years to brute force crack. It’s reassuring. Now, if AXEL could make a social media platform…”

A happy ending

Thank you, Lucas, for your kind words and support for AXEL products. If you’re like Lucas and want a cloud sharing solution that provides security and privacy, download AXEL Go today. It’s free to signup, and our Basic accounts include all of AXEL Go’s unique features, 2GB of storage space, and enough fuel tokens to facilitate thousands of shares. AXEL envisions a better future for the internet, where everyone’s data gets the respect it deserves. Together, we will achieve this goal.

October 14, 2020

A Story of Data Custody in the Modern Age: Part II

Lucas does more research

When we last left our favorite 25-year old IT specialist, Lucas, he wasn’t feeling too hopeful. He had learned about the status quo of corporate data collection and felt powerless to stop it. But, he didn’t give up. He decided to educate himself more thoroughly on how the big players in Silicon Valley viewed their users’ privacy. He was especially interested in their responses to recent privacy legislation such as the California Consumer Privacy Act (CCPA) and the European General Data Protection Regulation (GDRP).

“I had read dozens of articles about the subject but never got any information straight from the big tech firms themselves. I thought that maybe with the adoption of the CCPA and GDRP, they might have changed their tunes. So, I did something drastic. Something I’m not sure anyone else in the world did. I read through their updated privacy policies.”

Now that’s dedication to the cause! What did Lucas find after slogging through multiple privacy policies?

“It was certainly an improvement. At least now, they had to tell you what info they collect and broadly how they use it. But, they are still hoarding your personal information. You have to opt-out of most of it, and how many people do you see doing that? I had to put on a pot of coffee to get through these privacy policies. And I hate coffee! Most people I know just clicked “Accept” on the popup and kept going about their regular routines.”

Lucas found that even with the new regulatory frameworks in place, companies still frequently had access to information such as your stored files, contact networks, GPS locations, other websites visited, and third-party advertising data.

“They’re still watching you. They’re still developing their models of you to sell to advertisers or manipulate behavior.”

So, what now?

It was apparent to Lucas that waiting on the well-known tech companies to hop aboard the privacy train wouldn’t cut it. But what options did he have?

“Unfortunately, there aren’t any mainstream alternatives to the big players when it comes to social media. If I want to stay in touch with friends and family without resorting to an old-fashioned phone call, it’s tough. I recommend going into your account and digging into the privacy settings. Opt-out of what you can and just know that you’re analyzed continuously. With other applications, luckily, you fare much better.”

This is where Lucas and AXEL finally cross paths!

“I love to store and share files in the cloud. It’s so convenient to have all my important content wherever I need it. But I wasn’t impressed with the popular cloud storage services out there due to privacy concerns. And that includes their security features too. Because even if your privacy policy is decent, if you’re storing all my documents on an insecure server, it doesn’t really matter. So I looked into what else was out there that might better fit my needs. That’s when AXEL popped up.”

A perfect match

In part three of this blog series about Lucas’ journey, we’ll delve into what attracted him to our company and AXEL Go. Check back soon for an exciting conclusion about how AXEL strives to make the internet a better place for everyone.