Weeknote 36/2013

Weeknote 36/2013

This week I’ve been:

  • Celebrating my 10 years of marriage to my wonderful wife. :-)
  • Setting up PGP signing/encryption of my work email (surprisingly easy using GPGTools on OS X)
  • Mapping existing online activities to the Web Literacy Standard.
  • Purchasing a ticket to #CASinclude in November as well as Bruce Schneier’s ebook Liars and Outliers.
  • Responding to more feedback on the Web Literacy Standard.
  • Changing the way I deal with email on a daily basis.
  • Submitting a cheeky last-second session proposal for MozFest.
  • Talking with people (like KQED) about aligning with the Web Literacy Standard.
  • Setting up a not-so-covert cross-team Mozilla working group that has LOLCAT as an acronym.
  • Attending my usual weekly calls. I now have four calls in a row between 3pm and 7pm on a Wednesday, which is an absolute killer.
  • Taking Friday off work to look after my daughter (we’ve got some childcare issues at the moment).

Those childcare issues I’ve alluded to in the last bullet point have contributed to us having to abandon plans to celebrate our wedding anniversary in Amsterdam. So I’ve got a bonus three days at work next week! I’ll be using some of that time to prepare for OKCon in Geneva where I’ll be moderating a panel session.

spideroak

Why I’m saying goodbye to Dropbox and hello to SpiderOak Hive

TL;DR version: I’m moving from Dropbox to SpiderOak for file sync/backup. SpiderOak not only encrypts files in transit, but on their servers. The encryption key stays on the user’s machine so SpiderOak employees (or anyone else) can’t get access to your files.


Wow, hello Hacker News readers! You took down my server there for a moment. If you like this you might want to subscribe to my newsletter or read some of my other blogs. Thanks for stopping by!


I’ve been a happy Dropbox user for years. I even took Lifehacker’s advice a couple of years ago and made it, effectively, ‘My Documents’; if it was on my machine it was backed up to Dropbox’s servers. I’ve had zero user experience issues with Dropbox, finding it efficient and useful for when I want to share something while on-the-go. The mobile apps are great and the pricing plans are reasonable.

So why have I just jumped ship to SpiderOak?

My main concerns are around the NSA revelations. I’ve taken my time to read up on what’s going on and, last Sunday, finally felt I could write my response. As a consquence, I’m reviewing the core services I rely upon on a day-to-day basis. I had Dropbox in my crosshairs due to their seemingly regular and high-profile security breaches. It helped that my yearly renewal was due this Friday.

Perhaps the easiest way to explain the difference between Dropbox and SpiderOak is like this: if you forget your Dropbox password you’re able to reset it. That’s great, but it means that Dropbox has the means to access your files as they hold the key to unlocking your files.

It’s worth saying at this point that I don’t, to my knowledge, do anything wildly illegal. But why should others have access to my files? There’s a reason we put curtains on our windows. Privacy is something that we should care about and defend.

Something we’ve all learned from the Lavabit fiasco is that government security agencies can force individuals and companies not to release details of privacy and security infringements. So if my files were accessed I’d be none the wiser. Dropbox is insecure from many angles. I wanted out.

SpiderOak encrypts your files and then sends them securely to their servers. The key to decrypt those files is on your machine. The key and the files aren’t kept together. It means, of course, that you have to have a reliable password system in place (I use LastPass and 64-character strings) but means people can’t access your unencrypted files on the ‘cloud’ server.*

I researched many other options to Dropbox. I’ll not detail them here as I had to reject them for one reason or another. Instead, I think it’s worth quoting from the SpiderOak FAQ in response to the question ‘What if I forget my SpiderOak password?’

Changing your password from any computer in your SpiderOak account will reset your password for all your computers and the website. However, if can’t reset your password from another machine and the hint has still not helped you remember your password, then I’m afraid your only option is to open a new account. Here at SpiderOak we take our zero-knowledge privacy policy very seriously, so we never have any knowledge of your password and no way to retrieve or reset it, even in emergencies. It’s our way of ensuring that our customers’ data is always completely secure… even from ourselves! If you need any more assistance recovering your password or resetting your account, please contact support@spideroak.com.

It looks like there’s different ways you can use SpiderOak, but I’m going to be using SpiderOak Hive almost exclusive as it offers ‘drag-and-drop syncing across all your devices’. In essence, it’ll be a replacement for my Dropbox folder.

I’ll still be keeping my free Dropbox account for legacy shares and my ebook workflow. Other than that, I’ll be using SpiderOak.

Now then, you’ll have to excuse me. I’ve got >100GB to sync… 😉


*You should have full-disk encryption turned on and switch off your computer when you’re finished using it, if you want to secure the files on your computer.