You Got A Question? Ask    GNOME Community!


Keep your data 100% (?) private in Cloud with SpiderOak!

This post was made with an older stylesheet


100% Real Privacy (?)

In my opinion nothing stored in the cloud will ever be 100% private, except if you are the actual owner of that Cloud Service. Spider Oak is advertised as a 100% private service built upon (*integration is coming) the world’s first ‘Zero-Knowledge’ application framework, Crypton Framework, which is available for fork in GitHub.

Whats Crypton:

Crypton is a framework for building cryptographically secure cloud applications. Such applications offer meaningful privacy assurance to end users because the servers running the application cannot read the data created and stored by the application.

Using Crypton, developers can for the first time easily build feature rich multi user collaborative applications that offer total privacy and security “out of the box.” Crypton transparently does all the hard parts of cryptography behind the scenes. This allows developers to focus on domain specific challenges.

I am putting down some highlights of the Privacy Polices of Drop Box, Ubuntu One and Spider Oak. However you need to take a look from time to time for licenses updates.

Drop Box – Privacy Policy

Compliance with Laws and Law Enforcement Requests; Protection of DropBox’s Rights. We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to

(a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of DropBox or its users; or(d) to protect Dropbox’s property rights. If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement. However, Dropbox will not be able to decrypt any files that you encrypted prior to storing them on Dropbox.

Ubuntu One – Privacy Policy

We don’t ask you for personal information unless we truly need it.

We don’t share your personal information with anyone except to provide you with services, products, to comply with the law, or to protect our rights

We don’t store personal information unless required for the on-going operation of services to you, to provide you with products, to comply with law or to protect our rights.

We will use personal information that you provide to us in accordance with this Privacy Policy.

SpiderOak – Privacy Policy

In the case of Spider Oak things seem are a bit confusing. In their front page they say:

Our ‘zero-knowledge’ privacy environment ensures we can never see your data. Not our staff. Not a government. No one. The myth about ‘online’ and ‘privacy’ has been dispelled – leaving an environment whereby it is impossible for us to betray the trust of our users.

However if we look at their privacy policy:

We will disclose your Personally-Identifiable Data if we reasonably believe we are required to do so by law, regulation or other government authority. We will not sell your Personally-Identifiable Data to any company or organization except we may transfer your Personally-Identifiable Data to a successor entity upon a merger, consolidation or other corporate reorganization in which SpiderOak participates or to a purchaser of all or substantially all of SpiderOak’s assets to which this Site relates.

SpiderOak’s policy is to notify a user of a request for their personal data stored on our servers prior to disclosure unless prohibited from doing so by statute or court order [e.g. U.S.C. § 2705(b)].

Any thoughts?


Spider Oak Client

Lets assume that Spider Oak offers the best privacy from the other services. The pleasant surprise really comes when we are using the service. Spider Oak isn’t about Contacts, or Music but about Files. In this part Spider Oak does far far better than both Drop Box or Ubuntu One. Note that this service isn’t Open Source, and neither Ubuntu One (only client Open Source) or Drop Box are.

All you need to do is to go to their page, create an account and download their client which is available for Win, Mac, Debian Based (inc Ubuntu), Fedora Based, Slackware Based, Android, iOS, Maemo (!), and is coming soon for Blackberry and Windows Phone.

Obviously Mobile Clients have limited capabilities in comparison to desktops and includes:

  • View / Watch / Listen to any backed up file
  • Visit your ShareRoom or your friends
  • Send a file to a friend, colleague, or client
  • Save a file directly to your device

There is a set for many many things you can do with Spider Oak and don’t just stay in what I am showing here. What is really nice is that you can sync whatever Folder you want, and keep other Folders just online. You can share folders, you can use as many computers you want into a single account and many more..

spideroak1

Choose what to Back Up

spideroak2

Upload it

spideroak3

 Detailed Selection of Files to Back Up

spideroak4

Your Online Files Per Devices (ie myPC), just Share them!

spideroak5

Sync Online Files with Local and Vice Versa, across your devices!

spideroak6

There are many more things you can do, like Sharing Files and of course there is also a Web Interface. Something really annoying is that at least in Linux Clients you can’t sign more than one Accounts. I had setup my primary account and then I created a new one just to make this post, but I couldn’t find a way to sign out and sign in.

A workaround is to delete everything in

~/.SpiderOak

Spider Oak is really impressive in use with endless possibilities and it also promises a ‘Zero-Knowledge’ Privacy for you data, which is the first service worldwide to do that. Spider Oak will give you for free 2GB storage space and if you need more space, check on their Pricing.

Installation and account creation takes like 3mins, so you have nothing to lose, go ahead and try it!


Does SpiderOak use encryption when storing and transferring data?

Yes. SpiderOak encrypts your data at every stage in the process – from uploading to storage to downloading again. This process ensures complete security and privacy at all times.

SpiderOak is a “zero knowledge” backup provider.This means that we do not know anything about the data that you store on SpiderOak — not even your folder or filenames. On the server we only see sequentially numbered containers of encrypted data.

Please note that zero-knowledge applies only when using the SpiderOak client. When logging into the website with your password, you are giving the primary encryption key to our servers. We work hard to ensure that this key is kept safe (for instance, by only keeping it in memory and never writing it to disk), but to maintain absolute privacy, you should use only the client.

Spider Oak FAQ

*SpiderOak is proprietary so the encryption can’t be verified. As most Free Software users would agree, proprietary encryption is as good as none, since you can’t verify that it’s secure to begin with. (from a comment)


 
  We can't watch comments unless G+ provides an API or if you send a notification, e.g +World Of Gnome
     Sometimes is better to place your questions on GNOME Community
  • adawdadd

    You should probably point out that SpiderOak is proprietary so the encryption can’t be verified. As most Free Software users would agree, proprietary encryption is as good as none, since you can’t verify that it’s secure to begin with.

    • alex285

      Thank you for pointed out, let me some time to check around it.

      • alex285

        Oops now I realized what you were saying. You were referring to the Client and not actually to encryption which is open algorithms (which can’t verified as you are saying) plus SpiderOak has released Crypton as Open Source.

        • adawdadd

          Yeah sorry, I should have been more clear on that, my apologies.