Cloudsweeper FAQ

Is this even real?

Thanks for checking the FAQ! Seeking out extra proof that this is actually a legitimate research project is good security practice. This service is being hosted at the University of Illinois at Chicago. You should only ever use this page through the URL https://cloudsweeper.cs.uic.edu; as with any secure site, you can verify the server's identity by inspecting the SSL certificate.

The human subjects research has been approved by the UIC IRB under protocol \# 2012-0774. While we are still collecting research data, this project will be listed on this page.

Why are you doing this? The NSA already has all of my messages.

While it may be true that the NSA has already collected a copy of your emails, nosy acquaintances, cybercriminals, and non-nation-state actors are still sources of real risk to your data. Cloudsweeper secures your account in the event of a temporarily compromised computer or stolen password, but can't prevent leaks due to persistent malware on your machine or the collusion of your cloud storage provider.

Are you asking me to buy something?

No, Cloudsweeper exists only as a research project. We are neither offering to buy nor sell your information, or anything in your email account. The most we ask is for you to opt in to data collection about your use of this tool. If you don't opt in, you can still use it, and we won't store any information about your use of the tool. If you do opt in, we don't keep any personally identifying information, only stats about tool usage and your survey responses.

What data do you modify in my account?

We don't modify anything without your consent and confirmation. Presently we modify only those messages that include passwords. We are very conservative about what gets changed: if your message is garbled in any way that makes it hard for us to be 100% sure that we aren't losing any of your data, we will not touch that message. You'll be given a few warnings before we actually start modifying messages, and if you navigate away from the page while our server is modifying your messages, it will immediately stop.

Do you guarantee that you've made my account 100% safe?

Unfortunately, no defense is perfect; we make no guarantees about your use of this software. If our code detects a failure to parse a message, our code does not change it in any way, to make sure that you don't lose any of your data.

In the unlikely event of a mid-modification crash, you may find that an extra message exists in your account under the "Cloudsweeper Work" label. This message may be a duplicate of a message that's already in your account: we put it there so that it can be recovered in the case of a network failure.

Can you find passwords in attachments?

At this time we can't search attachments for sensitive data. We are looking into adding this feature.

Why is Cloudsweeper so slow?

We perform a several step process when making any modifications so that you are never in danger of losing any of your messages. We are looking into alternative update mechanisms, but for now we prioritize keeping your data safe over speed.

Why doesn't Cloudsweeper work in my language?

Our detection of passwords hinges very much on the word "password" itself. We're working on improving Cloudsweeper for non-English users, but we currently miss a lot of messages written in other languages.

Contact information

If you have any further questions, you can contact Prof. Kanich at ckanich@uic.edu, or the UIC Office for the Protection of Research Subjects at uicirb@uic.edu.