spideroak

Why I’m saying goodbye to Dropbox and hello to SpiderOak Hive

TL;DR version: I’m moving from Dropbox to SpiderOak for file sync/backup. SpiderOak not only encrypts files in transit, but on their servers. The encryption key stays on the user’s machine so SpiderOak employees (or anyone else) can’t get access to your files.


Wow, hello Hacker News readers! You took down my server there for a moment. If you like this you might want to subscribe to my newsletter or read some of my other blogs. Thanks for stopping by!


I’ve been a happy Dropbox user for years. I even took Lifehacker’s advice a couple of years ago and made it, effectively, ‘My Documents’; if it was on my machine it was backed up to Dropbox’s servers. I’ve had zero user experience issues with Dropbox, finding it efficient and useful for when I want to share something while on-the-go. The mobile apps are great and the pricing plans are reasonable.

So why have I just jumped ship to SpiderOak?

My main concerns are around the NSA revelations. I’ve taken my time to read up on what’s going on and, last Sunday, finally felt I could write my response. As a consquence, I’m reviewing the core services I rely upon on a day-to-day basis. I had Dropbox in my crosshairs due to their seemingly regular and high-profileΒ security breaches. It helped that my yearly renewal was due this Friday.

Perhaps the easiest way to explain the difference between Dropbox and SpiderOak is like this: if you forget your Dropbox password you’re able to reset it. That’s great, but it means that Dropbox has the means to access your files as they hold the key to unlocking your files.

It’s worth saying at this point that I don’t, to my knowledge, do anything wildly illegal. But why should others have access to my files? There’s a reason we put curtains on our windows. Privacy is something that we should care about and defend.

Something we’ve all learned from the Lavabit fiasco is that government security agencies can force individuals and companies not to release details of privacy and security infringements. So if my files were accessed I’d be none the wiser. Dropbox is insecure from many angles. I wanted out.

SpiderOak encrypts your files and then sends them securely to their servers. The key to decrypt those files is on your machine. The key and the files aren’t kept together. It means, of course, that you have to have a reliable password system in place (I use LastPassΒ and 64-character strings) but means people can’t access your unencrypted files on the ‘cloud’ server.*

I researched many other options to Dropbox. I’ll not detail them here as I had to reject them for one reason or another. Instead, I think it’s worth quoting from the SpiderOak FAQ in response to the question ‘What if I forget my SpiderOak password?’

Changing your password from any computer in your SpiderOak account will reset your password for all your computers and the website. However, if can’t reset your password from another machine and the hint has still not helped you remember your password, then I’m afraid your only option is to open a new account. Here at SpiderOak we take our zero-knowledge privacy policy very seriously, so we never have any knowledge of your password and no way to retrieve or reset it, even in emergencies. It’s our way of ensuring that our customers’ data is always completely secure… even from ourselves! If you need any more assistance recovering your password or resetting your account, please contact support@spideroak.com.

It looks like there’s different ways you can use SpiderOak, but I’m going to be using SpiderOak HiveΒ almost exclusive as it offers ‘drag-and-drop syncing across all your devices’. In essence, it’ll be a replacement for my Dropbox folder.

I’ll still be keeping my free Dropbox account for legacy shares and my ebook workflow. Other than that, I’ll be using SpiderOak.

Now then, you’ll have to excuse me. I’ve got >100GB to sync… πŸ˜‰


*You should have full-disk encryption turned on and switch off your computer when you’re finished using it, if you want to secure the files on your computer.

Advertisements

63 thoughts on “Why I’m saying goodbye to Dropbox and hello to SpiderOak Hive

  1. I had done the same move last year but had come back to Dropbox due to the poor quality of Spideroak mobile applications. I think with the recent concerns around data privacy, I will follow your lead and give it a new shot.

    Thanks for your article.

    • Yes, and I use BT Sync – but I need something that’s constantly backing up my stuff *and* allows me to quickly send links to stuff on-the-go.

      Your mileage may vary! πŸ™‚

      • FYI, I rent a vps on digital ocean for $5 a month and get it backup. This will also ensure downloads when synching is also fast.

  2. I’ve tried this switch myself three different times since Spideroak was first released a few years ago. It has never been stable, had always been very flaky across devices and often failed completely.

    I wish you luck with it and really hope it works, but my own experience has ruled Spideroak out as a secure storage option.

  3. This “solution” is just another iteration of the thing that drives government acceptance of NSA data collection in the first place – a culture of fear and knee jerk reactions to that fear – it just keeps spiralling in on itself. This switching of services is a poor to non-sensical response IMO. If you have something NSA wants to see, your encryption is not likely to stop them.

    The only solution to all this incredible nonsense, is to see and understand the drivers at play and get a consensus going that too much fear mongering is introducing huge costs everywhere in American society – let alone the terrible damage being done to the concept of personal privacy.

    • Until the utopia* of fear-free society arrives, where privacy is a given and no one ever reads anyone’s plain-text data, we need to encrypt. There is no single solution, and encryption is only part (although a necessary part) of the equation. There will never, ever be societal reform that makes encryption completely unnecessary.

      The issue is not about 100% protection against the NSA. It’s about making the difficulty of reading our data more costly (in time and resources) than the NSA is willing to spend on a whim without
      probable cause.

      Encryption is not a knee-jerk reaction. It’s a necessity, and is the only thing that will put a cork in the mass surveillance firehose. Legislation will only make it illegal, and we’re seeing that illegality means nothing to the powers in play.

      The realistic, present-day solution is simple built-in encryption by default for all services and storage. When all of our data is stored in plain-text, unsecured, there is no barrier to the NSA or other parties from reading and using it. Just as we wouldn’t mail an unsealed envelope or build a house with no locks on the doors, we should not send or store unencrypted data.

      *that will never happen

      • It’s not utopia I’m looking for or have any hope of – it’s a moderation of response, as well as, *thoughtful* responses and dealing with root causes rather than symptoms.

        See Rodalpho’s post to understand why *this* solution is knee-jerk and not fully thought through.

        BTW – encrypting everything is not without very significant costs – intended and unintended.

        A culture of trust that is *designed and constructed* to work most of the time (there will always be some abuse) is highly efficient from a societal view point – a cultural of mis-trust is highly inefficient – you can look no further then the American Congress to see the incredible inefficiencies and grid-lock resulting from both parties mistrust of the other.

    • “If you have something NSA wants to see, your encryption is not likely to stop them.”

      Not if the encryption is strong enough.

      “The only solution to all this incredible nonsense, is to see and understand the drivers at play and get a consensus going that too much fear mongering is introducing huge costs everywhere in American society – let alone the terrible damage being done to the concept of personal privacy.”
      Indeed, but that’s not exactly something I can do right now by myself. Happy to contribute (and have done before) to international campaigns. πŸ™‚

  4. Spideroak is MORE secure than Dropbox, but really that’s false security. They are located in the USA, and the government could approach them and force them to change their client to upload your encryption keys, and you would be none the wiser. That’s basically why Lavabit shut down.

    If you’re really concerned about privacy, you should probably be using truecrypt containers and just live with the much longer sync times. Of course they aren’t multi-user aware, so you can’t have them open on multiple computers simultaneously, so that’s not a great option either.

    What we really need is a version of truecrypt that can handle being accessed and written to by multiple clients simultaneously.

    • Indeed, and was specifically looking for more secure Dropbox replacement rather than an ultra-secure, tinfoil hat solution. I always have the option to add in TrueCrypt containers later… πŸ™‚

      • See, that’s where we disagree. I don’t find “more” secure to be valuable– that is false security. The server is either secure or it isn’t. Spideroak isn’t.

        If spideroak was fully secure, not hosted in or owned by people living in one of Snowden’s big 5 (US, AU, UK, CA, NZ), encryption with user-owned keys, two-factor authentication, and an open-source client (see the dropbox reverse-engineered vulnerabilities exposed yesterday), I would probably switch.

        If it doesn’t offer all those things, I don’t see any real reason to switch.

      • It’s not worth the trouble of switching from Dropbox, a service that I love, no. Just IMO of course.

  5. Well given the UK government (via GCHQ) seem do the US government’s bidding, I doubt the Swiss government would be too different.

    I want a solution that I feel the average user could use and that I can recommend to others. I don’t want to get my tinfoil hat out – just yet. πŸ˜‰

    • What do you think LavaBit has been ordered to do that was so bad they had to just shut the company down? Everything on their servers is encrypted. They don’t have the ability to decrypt it. Their security is stronger than Dropbox’s. So what were they told to do?

      This isn’t tinfoil hat stuff. This kind of thing is documented. Hushmail admits to trojaning their client when ordered to do so by the Canadian government: http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/

      I would be trying out Canonical’s UbuntuOne offering if they weren’t based in the UK. I figure a UK-based service is no better than a US one. But Switzerland? If any company has a good track record on keeping secrets and protecting privacy, surely it is Switzerland. They are, after all, neutral country #1.

  6. Because their privacy policy states:

    “It may be necessary – by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence – for us to disclose your Personal Information, Non Personal Information, and Private Data Files. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.”

    Which means I’d be no better off than using Dropbox. :-/

  7. From what I’ve read, Mega actually uses *less* encryption than other providers?

    Again:

    “If we think it is necessary or we have to by law in any jurisdiction then we are entitled to give your information to the authorities. We reserve the right to assist any law enforcement agency with investigations, including and limited to by way of disclosure of information to them or their agents. We also reserve the right to comply with any legal processes, including but not limited to subpoenas, search warrants and court orders. We may disclose your information to enforce or apply our Terms or any other agreement we have with you; or to protect the rights,
    property, or safety of us or our other users or the operation of our services and the website.”

    • This is what they say:

      > When accessing your data via the SpiderOak website or a mobile device, you must enter your password which will then exist in the SpiderOak server memory for the duration of your browsing session. For this amount of time your password is stored in encrypted memory and never written to an unencrypted disk. The moment your browsing session ends your password is destroyed and no further trace is left.

      • Yeh, seems reasonable. It’s about a tradeoff of security vs convenience. My use case is pure backups so I don’t need the remote access but if you want a direct replacement for Dropbox then this make sense.

        You also have to consider who you’re protecting against. If it’s direct targeted surveillance against you personally then that is a significantly more difficult situation to defend against vs the more passive monitoring of everything, which is what most people are probably concerned with.

      • Although I get that ‘legal’ and ‘illegal’ are relative, fluid terms I have no reason to think that I’m being specifically targetted for surveillance. I just don’t like people having access to my stuff. πŸ˜‰

      • This means that if the government walks in with a NSL, all they have to do is tell SpiderOak: “we need access to your servers’ memory to capture suspect X’s passwords,” and SpiderOak would have to comply.

        The real downside to this is that access to Suspect X’s password also grants them access to *all* SpiderOak user passwords.

        I guess if you are truly paranoid, you wouldn’t use web/mobile access.

      • Well, indeed. This just moves me along the spectrum a bit. It’s not the full tinfoil hat approach.

        It’s always going to be a balance/trade-off between security and functionality.

  8. Relying on geographic location for data security is really, really short-sighted. Where you put your data is nowhere near as important as how you store it. The location is unimportant if you encrypt before upload.

    • Yes. It’s a tiny NAS but they’ve built a Dropbox clone on it that’s very sleek. I have to open a port on my home network, and I also scrapped together a DIY dynamic DNS for myself. But on the plus side I have no practical limits to space, all traffic over my own SSL cert and very fast sync on LAN.

  9. Interesting that you’ve switched everything from DropBox, but you’re actually storing the 64-character password at LastPass, who has had a major breach in the past. While they surely hash that password where it’s stored, breaking one targeted password is not difficult, and they can be coerced to give up your data all the same. This type of advice creates a foolish false sense of security.

  10. ” if you forget your Dropbox password you’re able to reset it. That’s great, but it means that Dropbox has the means to access your files as they hold the key to unlocking your files.”
    It’s all about trust.
    What makes you think that Dropbox would access your files?
    What makes you think that SpiderOak doesn’t keep a copy of your file somewhere?

      • SpiderOak is a commercial company too. And nothing prevents you to encrypt your files before uploading them to Dropbox.
        The fact that SpiderOak use a more secure authentication doesn’t mean that they can’t access your files. After all, they are stored on their servers…
        Not trusting Dropbox is a thing, not trusting Dropbox BECAUSE it’s a commercial company is one of the dumbest thing I’ve ever read.

      • You’re the one who said it was a trust issue. πŸ˜‰

        It’s not to do with ‘more secure authentication’ – it’s to do with the fact that SpiderOak don’t have access to the keys to decrypt my files.

  11. In a true Lavabit scenario, the government wouldn’t need to get SpiderOak to divulge your password. They’d simply walk in with a FISA order to backdoor the client software running on your computer and mobile device. It’s all closed-source, right? You’d never know.

    The only solution for the truly paranoid is to do all encryption before any of these services see your data. Under that regime, Dropbox is no worse than SpiderOak.

    • Not the desktop client at all: ” For the moment, the SpiderOak client will remain a closed source, commercial application.”. So good luck to really know what they are doing with your files (beside money πŸ˜‰ )

    • And the only part open sourced is the mobile client btw. The rest is just frameworks and tools that they developed, which is great, but doesn’t allow you to see by yourself what they are doing with the files on the server (so no, “most of it” is not open sourced)

    • Nice, hadn’t seen that, but their privacy policy states:

      “LogMeIn will not transfer your personal information to third parties, except we may transfer your personal information without your consent to the extent required to do so by law or in the good faith belief that such action is necessary to: a. conform to the edicts of law or comply with legal process served on LogMeIn or the site; b. protect or defend the rights or property of LogMeIn, c. act in urgent circumstances to protect the personal safety, property, or privacy of LogMeIn’s employees, users of LogMeIn’s products or service, or members of the public, or d. effect a transaction, restructuring or proceeding that transfers to a third party the assets or line of business to which the information pertains.”

  12. The obvious deficiency in the strategy: if companies can be forced to surreptitiously share your data on the back end, they can also be forced to surreptitiously change their software to transmit your encryption key as well. As long as you’re running their software, you’re not secure, you’re just trusting them to do what they say they’re doing.

  13. You can also use Jungle Disk which gives you the ability to store your files on Amazon S3 or Rackspace hosting. As with SpiderOak you can set your own encryption keys however I don’t believe they have a good mobile solution 😦

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s