• Backup Practices
  • Backup Bookmarks
  • Backup Software
  • Data Loss & Theft
  • External Drives
  • Online Backup
  • Reviews
  • Tutorials
  • Website Backups

FileSlinger Backup Blog

  • Home
  • About
  • Contact
  • Blog
  • E-zine
  • Questions?
  • Review Policy
  • Comment Policy
  • Disclosures

Zero-Knowledge Backup

December 11, 2008 by Sallie Goetsch Leave a Comment

SpiderOak Logo When I got the invitation to interview the CEO and CTO of “online data manager” SpiderOak, my first thought was “Another one!” Everyone and his brother seems to be starting an online backup service these days, and I’ve written about quite a few of them already. I agreed to the interview with Ethan and Alan with some skepticism. Would there really be anything new here?

Actually, yes. SpiderOak bills itself as five services in one, though the fifth, sync, isn’t finished yet. Ethan and Alan told me that they actually focus their marketing on the file-sharing features, because backup is just not sexy enough. (Don’t I know it.)

But there are a lot of file-sharing services out there, too. That wasn’t going to do it for me. Fortunately for all of us (they’re likeable guys and I’d hate to diss their product), there’s more.

If you’re a multi-platform family (for a while I had both a Mac and a PC, and these days Linux-based UMPCs are becoming popular), SpiderOak has a definite advantage over Windows-only services, because it lets you share files between your Mac, your PC, and your Linux machine. It also lets you connect multiple machines to the same account. They bill by the amount of storage space you use, not the number of computers you connect. If you’ve ever contended  with the need to license multiple “seats” of the same program, you’re sure to appreciate that.

You can also subscribe to a SpiderOak “share room” via RSS feed. Like most bloggers, I’m an RSS fan, and I hadn’t encountered that in relation to a backup service before.

What really caught my attention, however, was the claim to be “zero-knowledge backup.” That means that SpiderOak has no idea what you’re backing up or sharing. Alan explained it this way:

We know absolutely nothing about the content of a user’s data. Most storage companies when they do encryption, if they do encryption at all, maybe they just do it during the transmission, but the files are still stored in plain text. With Mozy, for example, you have to choose a different option to use your own key, and if you don’t choose that option, then Mozy can decrypt your files at any time, so it’s sort of like they’re not really encrypted. Even if you do choose your own keys, they still know all of your file names, and your file sizes, and the time the file was stored, which is a tremendous amount of information to know about somebody’s data.

At SpiderOak we only see sequentially-numbered encrypted data blocks. We have some idea of how much space you’re using after it’s been compressed and de-duplicated, but that’s really about all we know.

The Ur-Guru insists that if SpiderOak built the software, they could crack the encryption. (The exact quote was “If they really wanted to know the names of files, details, or even copy and extract they could do that. They designed the system so saying things like ‘even we can’t look at it’ is more or less a statement that is aimed at inspiring confidence but in reality means nothing at all.”) I’m not in a position to dispute the ways and means of software with him, yet I found what Alan told me compelling. It still sounds more secure than the alternatives, except possibly in cases like Spare Backup where they use a third-party escrow service to hold your encryption key.

The password-creation screen in SpiderOak explains their zero-knowledge policy this way:

SPIDEROAK WILL NEVER KNOW YOUR PASSWORD AND, THEREFORE, WILL NEVER HAVE ACCESS TO YOUR DATA. ALL OF THE DIGITAL POSSESSIONS STORED ON YOUR SPIDEROAK NETWORK WILL BE IN AN UNREADABLE CRYPTOGRAPHICALLY SECURE FORMAT FROM THE MOMENT THE DATA LEAVES YOUR COMPUTER, THOUGH THE ENTIRE STORAGE PROCESS, UNTIL IT ARRIVES SAFELY BACK ON THE DEVICE OF YOUR CHOOSING. TO RETRIEVE THE DATA YOU HAVE STORED ON SPIDEROAK, YOUR PASSWORD IS ABSOLUTELY REQUIRED. PLEASE MAKE A RECORD OF THE PASSWORD THAT YOU HAVE SELECTED. SHOULD YOU FORGET YOUR PASSWORD, SPIDEROAK WILL STORE A ‘PASSWORD HINT’ TO HELP YOU RECOVER YOUR PASSWORD. THE ‘PASSWORD HINT’ CAN BE RETRIEVED ON THE SPIDEROAK WEB PAGE ANYTIME.

IF YOU HAVE ANY QUESTIONS, PLEASE FEEL FREE TO E-MAIL US ANYTIME AT: [email protected].

Given that I’m already taking my chances with Mozy, and haven’t had any problem there, I didn’t hesitate to download an install SpiderOak. Setup is simple, and the program has an attractive interface. SpiderOak recognized my network drives and external hard drives immediately. One curiosity: it doesn’t seem to see the !Author-izer, !FileSlinger, and !Podcast Asylum folders on my C drive, though it can see them just fine on the D drive. Those are the folders with all my business data in them (barring the Quicken data and Outlook data, which live elsewhere), so not being able to see them is a bit of an issue, but since I have everything in those files backed up to the D drive, it’s only a minor issue for me. And it probably wouldn’t be an issue for ordinary users, who probably don’t name their folders with ! or keep them outside “My Documents.”

There are several handy video tutorials for the different features on the SpiderOak website, and even screenshots from all three supported operating systems. These helped explain to me that when the backup was finished, the status would say “built” instead of showing a number representing percentage complete. Not that the explanation does much to speed up the initial upload time for the videos I recorded yesterday at the BACN Board holiday party, but that’s a bandwidth problem as much as anything. Perhaps when Comcast finally rolls out its 50-megabit cable service, the Ur-Guru and I can split the bill.

Meanwhile, I’m going to experiment with SpiderOak a bit. If you still don’t have a backup system, maybe you should, too. One thing they do have in common with Mozy is a free service with 2 GB of storage.

Technorati Tags: SpiderOak,Mozy,Spare Backup,encryption,BACN

Share this:

  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Twitter (Opens in new window)

Related

Filed Under: Online Backup Tagged With: BACN, Mozy, reminder, Spare Backup, SpiderOak

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Search

Google Ads

Categories

  • Announcements
  • Archiving
  • Backup Bookmarks
  • Backup Devices
  • Backup Practices
  • Backup Software
  • CD & DVD Backups
  • Data Loss & Theft
  • Data Recovery
  • Drive Failure
  • Drive Imaging
  • E-mail Backups
  • Events
  • External Drives
  • Flash Drives
  • Guest Bloggers
  • Hardware Failure
  • Humor
  • Mac Backups
  • Mobile Backup
  • Network Storage
  • Offsite Backups
  • Online Backup
  • RAID
  • Removable Drives
  • Reviews
  • Storage
  • Tape Backup
  • Traveling Backups
  • Tutorials
  • Website Backups

Tags

Elsewhere

  • BACN
  • East Bay WordPress Meetup
  • Rhymes with Sketch
  • The Author-izer
  • WP Fangirl

Find Sallie Online

Backup Poll

When was the last time you backed up your computer?

View Results

Loading ... Loading ...
  • Polls Archive

Tags

.MAC Acronis Amazon S3 annual archive backup Backup Bookmarks BACN Bart-PE Buffalo carbon copy cloner Carbonite CloudBerry Cloud Computing Coding Horror CrashPlan disaster recovery Dmailer DriveImage DriveSavers Dropbox DVD Flickr Ghost Google Docs Iron Mountain Karen's Replicator LinkedIn LiveVault Maxtor Memeo Mozy RAID Rebit reminder Retrospect Seagate social backup Spare Backup SyncBack SyncBack Freeware Titan Backup WordPress XHD year-end backup Zoogmo

Copyright © 2023 · Metro Pro Theme on Genesis Framework · WordPress · Log in