From experience:

3: On the Pogoplug end, not much, the only log I've been told about is one that only stores data about what's going on inside the 'plug, not who is connecting.

On the Pogoplug Drive software it's a different story; here, you get a log of who is logged in through the Drive software but it's only on the local computer. Additionally, unless you change logging to Verbose (registry edit required) you don't see anything more than who connected and when. In Verbose you get everything though.

6, 7 Both the Pogoplug web interface and the Pogoplug Drive require the Cloud Engines servers to log in, which are hosted on the Amazon Cloud. Unfortunately this means if Cloud Engines dies, or Amazon kills their distributed processing (cloud) services, your Pogoplug can't log in and therefore can't work. (This is why I keep asking for SMB, so if Cloud Engines vanishes or their servers have a fainting spell, I can still get my stuff locally.)

The situation might have changed since I've been looking at it, so trust only the official word; this is just what I've seen.

1) This can be said about ALL the online storage solutions. In fact, I struggled with this same issue. I was looking at SpiderOak because most of the other major players in the online storage solutions didn't have a Linux client. One major difference was I am still in control of my data and know where it is with the Pogoplug. What happens if Carbonite, Mozy, SpiderOak, etc go belly up? What happens if one day you try to access your account on one of these services and you can't, they secretly went out of business and have ALL your data, not to mention more than $100, if you have been with them for any great length of time.

5) It is a striped down Linux kernel so I am not sure what kind of vulnerabilities will be exposed. Not to say there aren't any or won't be in the future but I believe the script kiddies and hackers will still stay focused on Windows OS since it is an OS that many people use and they can cause the greatest damage.

6) The Pogoplug service is great but you don't really need it. If the plug is on your LAN you can ssh into it, mount up shares, etc just like you can with any other Linux server.

7) See 1 and 6 comments

You ask some valid questions but in my opinion these are questions that you could ask any offsite, online, cloud backup service. As I stated previously, one of the selling points for me was I am still in control and had physical access to my data. Not to mention I will spend a fraction of the cost over the life of my hard drives, and I can do so much more with the device. Only limited by your imagination. You can't say that about the other "cloud" backup services which only serve on purpose, backup your files. At least you hope they are keeping good backups right? :)

Curious said: Thanks for the 3 replies. Basically, it sounds like there is no real reason to believe in any privacy or security when using the PogoPlug. As for them going out of business, their plan seems more like a joke. They'll release their back end stuff and we users can hope somebody will come along and allow us to use our pogoplugs, and do so without charging us a fee. If all that interface stuff was actually on the Plug itself and their PogoPlug.com server just behaved like a dynamic domain redirector kind of thing, then most of the privacy & security & reliability issues would disapear. But that's not as 'sexy' as doing it as a 'cloud', I guess. Anyway, thanks for the replies, but unless they come out with a pretty convincing statement about these points, I don't think their plug is for me. I'd be better off getting some old laptop and having somebody set up a small home server on it.

Maybe there's a bit of confusion here.  In order to get any computer anywhere talking to the Pogoplug without having a private domain name for every person, the Pogoplug has to have somewhere to look for connections, and the same is true for the Drive software and web interface.  Amazon's cloud is that interface.

 The rest of the Pogoplug connection is done through SSL, either at the browser level or the drive level.

 Naturally this isn't proof against Amazon going down, or Cloud Engines, or both; but the security question is less a problem than I think you imagine.  What you call a dynamic domain redirector is basically what's going on.

 Besides this, you'd still have the same security concerns with a home server that you would with a Pogoplug; any computer on any network at any time can be attacked.  With a home server though you're doing all the patching and configuring, and if you aren't, somebody else is.  Unless you're paying them big bucks to set the server up right and maintain it against zero-day attacks, you're even more of an attack target than you might realize.  You'd be exposing yourself to more risk with a home server than with a pogoplug, essentially.

Popoplug is a very stable software. I am saying this because I started using this software long time ago and till now I had no problems with it. Some friends of mine use Data Center Security to maximize their security at 100%, but I know this is not needed, because with pogoplug my files are safe.
@tivoboy- check the popoplugfs.log for size changes and you will see when the file has been modified.