When I got the invitation to interview the CEO and CTO of “online data manager” SpiderOak, my first thought was “Another one!” Everyone and his brother seems to be starting an online backup service these days, and I’ve written about quite a few of them already. I agreed to the interview with Ethan and Alan with some skepticism. Would there really be anything new here?
Actually, yes. SpiderOak bills itself as five services in one, though the fifth, sync, isn’t finished yet. Ethan and Alan told me that they actually focus their marketing on the file-sharing features, because backup is just not sexy enough. (Don’t I know it.)
But there are a lot of file-sharing services out there, too. That wasn’t going to do it for me. Fortunately for all of us (they’re likeable guys and I’d hate to diss their product), there’s more.
If you’re a multi-platform family (for a while I had both a Mac and a PC, and these days Linux-based UMPCs are becoming popular), SpiderOak has a definite advantage over Windows-only services, because it lets you share files between your Mac, your PC, and your Linux machine. It also lets you connect multiple machines to the same account. They bill by the amount of storage space you use, not the number of computers you connect. If you’ve ever contended with the need to license multiple “seats” of the same program, you’re sure to appreciate that.
You can also subscribe to a SpiderOak “share room” via RSS feed. Like most bloggers, I’m an RSS fan, and I hadn’t encountered that in relation to a backup service before.
What really caught my attention, however, was the claim to be “zero-knowledge backup.” That means that SpiderOak has no idea what you’re backing up or sharing. Alan explained it this way:
We know absolutely nothing about the content of a user’s data. Most storage companies when they do encryption, if they do encryption at all, maybe they just do it during the transmission, but the files are still stored in plain text. With Mozy, for example, you have to choose a different option to use your own key, and if you don’t choose that option, then Mozy can decrypt your files at any time, so it’s sort of like they’re not really encrypted. Even if you do choose your own keys, they still know all of your file names, and your file sizes, and the time the file was stored, which is a tremendous amount of information to know about somebody’s data.
At SpiderOak we only see sequentially-numbered encrypted data blocks. We have some idea of how much space you’re using after it’s been compressed and de-duplicated, but that’s really about all we know.
The Ur-Guru insists that if SpiderOak built the software, they could crack the encryption. (The exact quote was “If they really wanted to know the names of files, details, or even copy and extract they could do that. They designed the system so saying things like ‘even we can’t look at it’ is more or less a statement that is aimed at inspiring confidence but in reality means nothing at all.”) I’m not in a position to dispute the ways and means of software with him, yet I found what Alan told me compelling. It still sounds more secure than the alternatives, except possibly in cases like Spare Backup where they use a third-party escrow service to hold your encryption key.
The password-creation screen in SpiderOak explains their zero-knowledge policy this way:
SPIDEROAK WILL NEVER KNOW YOUR PASSWORD AND, THEREFORE, WILL NEVER HAVE ACCESS TO YOUR DATA. ALL OF THE DIGITAL POSSESSIONS STORED ON YOUR SPIDEROAK NETWORK WILL BE IN AN UNREADABLE CRYPTOGRAPHICALLY SECURE FORMAT FROM THE MOMENT THE DATA LEAVES YOUR COMPUTER, THOUGH THE ENTIRE STORAGE PROCESS, UNTIL IT ARRIVES SAFELY BACK ON THE DEVICE OF YOUR CHOOSING. TO RETRIEVE THE DATA YOU HAVE STORED ON SPIDEROAK, YOUR PASSWORD IS ABSOLUTELY REQUIRED. PLEASE MAKE A RECORD OF THE PASSWORD THAT YOU HAVE SELECTED. SHOULD YOU FORGET YOUR PASSWORD, SPIDEROAK WILL STORE A ‘PASSWORD HINT’ TO HELP YOU RECOVER YOUR PASSWORD. THE ‘PASSWORD HINT’ CAN BE RETRIEVED ON THE SPIDEROAK WEB PAGE ANYTIME.
IF YOU HAVE ANY QUESTIONS, PLEASE FEEL FREE TO E-MAIL US ANYTIME AT: [email protected].
Given that I’m already taking my chances with Mozy, and haven’t had any problem there, I didn’t hesitate to download an install SpiderOak. Setup is simple, and the program has an attractive interface. SpiderOak recognized my network drives and external hard drives immediately. One curiosity: it doesn’t seem to see the !Author-izer, !FileSlinger, and !Podcast Asylum folders on my C drive, though it can see them just fine on the D drive. Those are the folders with all my business data in them (barring the Quicken data and Outlook data, which live elsewhere), so not being able to see them is a bit of an issue, but since I have everything in those files backed up to the D drive, it’s only a minor issue for me. And it probably wouldn’t be an issue for ordinary users, who probably don’t name their folders with ! or keep them outside “My Documents.”
There are several handy video tutorials for the different features on the SpiderOak website, and even screenshots from all three supported operating systems. These helped explain to me that when the backup was finished, the status would say “built” instead of showing a number representing percentage complete. Not that the explanation does much to speed up the initial upload time for the videos I recorded yesterday at the BACN Board holiday party, but that’s a bandwidth problem as much as anything. Perhaps when Comcast finally rolls out its 50-megabit cable service, the Ur-Guru and I can split the bill.
Meanwhile, I’m going to experiment with SpiderOak a bit. If you still don’t have a backup system, maybe you should, too. One thing they do have in common with Mozy is a free service with 2 GB of storage.