spideroak

Why I’m saying goodbye to Dropbox and hello to SpiderOak Hive

TL;DR version: I’m moving from Dropbox to SpiderOak for file sync/backup. SpiderOak not only encrypts files in transit, but on their servers. The encryption key stays on the user’s machine so SpiderOak employees (or anyone else) can’t get access to your files.


Wow, hello Hacker News readers! You took down my server there for a moment. If you like this you might want to subscribe to my newsletter or read some of my other blogs. Thanks for stopping by!


I’ve been a happy Dropbox user for years. I even took Lifehacker’s advice a couple of years ago and made it, effectively, ‘My Documents’; if it was on my machine it was backed up to Dropbox’s servers. I’ve had zero user experience issues with Dropbox, finding it efficient and useful for when I want to share something while on-the-go. The mobile apps are great and the pricing plans are reasonable.

So why have I just jumped ship to SpiderOak?

My main concerns are around the NSA revelations. I’ve taken my time to read up on what’s going on and, last Sunday, finally felt I could write my response. As a consquence, I’m reviewing the core services I rely upon on a day-to-day basis. I had Dropbox in my crosshairs due to their seemingly regular and high-profile security breaches. It helped that my yearly renewal was due this Friday.

Perhaps the easiest way to explain the difference between Dropbox and SpiderOak is like this: if you forget your Dropbox password you’re able to reset it. That’s great, but it means that Dropbox has the means to access your files as they hold the key to unlocking your files.

It’s worth saying at this point that I don’t, to my knowledge, do anything wildly illegal. But why should others have access to my files? There’s a reason we put curtains on our windows. Privacy is something that we should care about and defend.

Something we’ve all learned from the Lavabit fiasco is that government security agencies can force individuals and companies not to release details of privacy and security infringements. So if my files were accessed I’d be none the wiser. Dropbox is insecure from many angles. I wanted out.

SpiderOak encrypts your files and then sends them securely to their servers. The key to decrypt those files is on your machine. The key and the files aren’t kept together. It means, of course, that you have to have a reliable password system in place (I use LastPass and 64-character strings) but means people can’t access your unencrypted files on the ‘cloud’ server.*

I researched many other options to Dropbox. I’ll not detail them here as I had to reject them for one reason or another. Instead, I think it’s worth quoting from the SpiderOak FAQ in response to the question ‘What if I forget my SpiderOak password?’

Changing your password from any computer in your SpiderOak account will reset your password for all your computers and the website. However, if can’t reset your password from another machine and the hint has still not helped you remember your password, then I’m afraid your only option is to open a new account. Here at SpiderOak we take our zero-knowledge privacy policy very seriously, so we never have any knowledge of your password and no way to retrieve or reset it, even in emergencies. It’s our way of ensuring that our customers’ data is always completely secure… even from ourselves! If you need any more assistance recovering your password or resetting your account, please contact support@spideroak.com.

It looks like there’s different ways you can use SpiderOak, but I’m going to be using SpiderOak Hive almost exclusive as it offers ‘drag-and-drop syncing across all your devices’. In essence, it’ll be a replacement for my Dropbox folder.

I’ll still be keeping my free Dropbox account for legacy shares and my ebook workflow. Other than that, I’ll be using SpiderOak.

Now then, you’ll have to excuse me. I’ve got >100GB to sync… 😉


*You should have full-disk encryption turned on and switch off your computer when you’re finished using it, if you want to secure the files on your computer.

Project Reclaim: backing up to local network storage

Learn about Project Reclaim here.

Netgear Stora

As, seemingly, most of the rest of the world, I’ve got a (50GB subscription to) Dropbox. I use it in place of the ‘Documents’ folder on my MacBook Pro and, at work, instead of the ‘My Documents’ folder in Windows. Everything is kept in sync between the machines and it’s all backed-up in the cloud.

That’s all well-and-good, and three places to store data is obviously a good situation to be in. However, given the recent Amazon EC2 outage (Dropbox uses EC2) I’d like to have a local backup solution. Until 2009 my wife and I used to do this with the use of an Apple Time Capsule, but the incremental backups used to slowdown our laptops so much that we eventually sold it. Every now and again I’ll backup to a 2TB external hard disk, but that’s only when I remember.

I wanted something better.

After looking at our needs and the options, I settled on a Netgear Stora* and two 2TB hard disks in RAID1 configuration**. This means that data is written to both disks simultaneously – i.e. a Redundant Array of Independent Disks. It came in at about £170 all-told, which isn’t bad at all – especially when you consider that it’s got secure web access to the files it contains and is extremely easy-to-use.

Once you’ve spent 10 minutes getting the Stora up-and-running, you need a way to get files onto it. That’s as easy as drag-and-drop if you want it to be, but I want a more robust solution. As with Dropbox, after the initial backup I only want to transfer the files that have changed. Enter rsync – or, more accurately, arRsync (Mac only). The graphical front-end is simple and effective. I refused to pay $40 for the privilege of the (admittedly widely-acclaimed) ChronoSync.


*Other NAS drives I looked at have bittorrent functionality. This can be enabled on the Stora by looking here or here.

**This isn’t a techie post, so if you want to read about RAID, I suggest this post on Wikipedia.

Off-site and cloud-based backup: my solution.

Over Christmas I was talking with someone about backing up data. They quite rightly pointed out something I hadn’t really considered – namely, I may have an Apple Time Capsule, but if my house burned down I’d be a bit stuck. 😮

As a consequence, I’m in the market for an upgrade to a paid-for cloud-based backup solution. I asked a few people on Twitter and in person what they used for off-site backups. They mentioned the four below:

Comparison of cloud-based backup solutions (Jan 2010)

(too small? click on the table to enlarge!)

I tried these out. I found that all of them apart from Dropbox had something lacking:

  • box.net is a bit too business-focused.
  • MobileMe may provide extra features but only 20GB of storage. Also don’t like having to pay in one big chunk for a year’s service.
  • SugarSync is interesting and the cheapest of the options above, but I didn’t like the interface.

As I navigated to the Dropbox website to give them my credit card details, I remembered Zumodrive. I used to use it all of the time last academic year, but hadn’t looked at it for a while. I thought it could be perfect for my needs! Why?

  1. It now has ‘folder linking’. This means changes made in a particular folder are always reflected in Zumodrive with no extra actions needed by the user. This is also the case in the other solutions outlined above, but didn’t used to be the case with Zumodrive (it used to be like an online USB flash drive).
  2. Photos are automatically synced with either iPhoto or Picasa (I use the latter). This is particularly handy for the photos I don’t deem worthy enough to go on my Flickr account.
  3. As with Dropbox and other solutions, you can instantly share any file with others through a link on Zumodrive.
  4. The cheapest upgrade is only $2.99/month.
  5. You can open files from iWork 09.

I signed up for the $6.99/month 25GB option.

However, calculating the amount of data I was going to need to backup overall it looked like I was going to have to spend $9.99/month for 50GB and then, before long, probably have to move up to the 100GB $19.99/month plan. I didn’t like the sound of that.

I tweeted about this and Mark Wagner, amongst others, replied:

Thinking about this, I realised that I’d conflated cloud-based and off-site storage. What I really need is something to sync Documents and other files of my choosing so they’re available quickly and easily (e.g. via my iPhone). And then, separately, I need an ongoing archive of all of my stuff.

I’ve signed up for Mozy. They do unlimited non-commercial storage for $4.95/month. That’s my off-site storage solution. My cloud-based storage solution is going to be a free Dropbox account. Why? Because it’s truly cross-platform, has a great iPhone app and you can gain an extra 250MB storage for every referral you make! 😀

I need 7 more people to sign up for Dropbox to get my maximum referral bonus space (3GB). If you’re going to sign up, would you consider using one of the links to the service in this post please?

What are YOU using? Why?

Social media, open standards & curmudgeonliness.

The problem:

Harold Jarche:

The increasing use of software as a service (SaaS)… is simple, easy and out of your control.

Luis Suarez:

I guess I could sum it up in one single sentence: “The more heavily involved I’m with the various social networking sites available out there, the more I heart my own… blogs“.

It all has got to do with something as important as protecting your identity, your brand… your personal image, your own self in various social software spaces that more and more we seem to keep losing control over, and with no remedy.

A proposed solution:

Harold Jarche:

Own your own data (CC-BY Harold Jarche)

I’ve decided to start the Curmudgeon’s Manifesto, which may serve as a call to arms to start dumping platforms that don’t understand how to play nice on the Internet. It’s our playground, and through our actions we get to set the rules of conduct.

Here’s my start (additions welcome):

  1. I will not use web services that hijack my data or that of my network.
  2. I will share openly on the Web and not constrain those with whom I share.
  3. I will not lead others into the temptation of using web services that do not respect privacy, re-use, open formats or exportable data.

An alternative solution:

Wikipedia:

An open standard is a standard that is publicly available and has various rights to use associated with it, and may also have various properties of how it was designed (e.g. open process).

The term “open standard” is sometimes coupled with “open source” with the idea that a standard is not truly open if it does not have a complete free/open source reference implementation available.

OpenSocial:

OpenSocial

Friends are fun, but they’re only on some websites. OpenSocial helps these sites share their social data with the web. Applications that use the OpenSocial APIs can be embedded within a social network itself, or access a site’s social data from anywhere on the web.

Harold Jarche:

Blog Central

One way to keep information accessible is to use an open, accessible, personal blog as the centre of your web presence.

OpenID:

OpenID is a decentralized standard, meaning it is not controlled by any one website or service provider. You control how much personal information you choose to share with websites that accept OpenIDs, and multiple OpenIDs can be used for different websites or purposes. If your email (Google, Yahoo, AOL), photo stream (Flickr) or blog (Blogger, WordPress, LiveJournal) serves as your primary online presence, OpenID allows you to use that portable identity across the web.

Conclusion:

Change the name of the Curmudgeon’s Manifesto to the Open Educators’ Manifesto (or similar). Back OpenID and OpenSocial. People like to sign up to positive-sounding things that cite big players or existing traction. I’m sure Chris Messina and other open (source/web) advocates have a take on this! 😀