SpiderOak: Encrypting the cloud and foiling corporate hackers

SpiderOak is a cloud based data storage service with a difference -- it has no idea what its customers are storing.
Written by Tom Foremski, Contributor
620-SpiderOak Ethan Oberman

I recently met with Ethan Oberman (above) CEO and co-founder of SpiderOak, a cloud based data storage service used for backups or syncing data. It promises a very high level of security because everything is encrypted -- SpiderOak has no idea what you are storing.

This is the same strategy that Kim Dotcom, the infamous founder of Megaupload has recently taken with his latest storage venture Mega. Megaupload was shut down by US authorities because it is alleged that it stored huge quantities of pirated movies and other copyrighted materials.

Here are some notes from my conversation with Ethan Oberman:

- Security and privacy are not the same thing. Our servers are secure but our service is also private because everything stored is encrypted.

- SpiderOak talks about "Zero Knowledge" because it's far more secure than putting up firewalls , etc., The company knows nothing about what's stored because it's encrypted before it's stored. The server never sees a plain text file.

- Users upload files via a small app.

- This is different from how other services store data, such as Dropbox which has had security problems. 

-SpiderOak hasn't had any requests by authorities to release files and if they did, they wouldn't be able to read them.

- If you lose your password we can't help you.

- The company was founded in 2006. It has enterprise customers and individuals but its focus is now on business users.

- Enterprises get a virtual machine that sits behind their firewalls. They can then also better monitor how staff are using it and control the passwords. 

- SpiderOak can see what links are being shared but not what is shared. We haven't had any problems with users sharing copyrighted materials.

- Users share files by generating links that can decrypt just that one file. There is a nested series of encryption keys for each file.

- Our service also de-duplicates your data so that only changes in a file or folder are uploaded. This creates a central data repository that can be shared among all your computers, and you can share parts of it with anyone.

- The company started because I was frustrated that there was no easy way to access my files from several different computers.

- Users get 2 gigabytes to start with for free for life. We support PC, Mac and Linux.

- - -

SpiderOak's approach to data is sensible and the privacy aspect is essential for many business users who are taking a risk whenever they send out a file to the cloud or share any data outside of their firewall.

Recent news about Chinese hackers attacking US corporations is just one example of how even inside the firewall data is vulnerable. But not if it's encrypted and stored elsewhere, where the encryption keys aren't stored too.

Companies could use this type of system to prevent finding themselves in awkward positions in terms of being forced to hand over data about their users to foreign governments. For example, Yahoo! gave Chinese authorities information about it's e-mail users that led to a Chinese journalist receiving ten years hard labor for sending a government note about the Tiananmen Square anniversary to foreign journalists.

Yahoo! could have had a similar system for encrypting user data and complied with authorities by handing over encrypted files that would have protected its users. 

Editorial standards