I have been a big fan of Dropbox, mostly for accessing my files from my iPhone, but I also like the idea of public links for sharing large files.

Dropbox is a bit of a joke at work, though, as it is not considered compliant with BC Privacy law (the vendor can access your data that may have other people's personal information in it)

I came across SpiderOak recently, but haven't seen any recent discussions in this forum on it. What have been you experiences?

I like that the vendor has custody, but not control of your data. However I appreciate that this makes it difficult to build it into other iOS apps like Dropbox.

Comments?

/d

Security? Anytime you put your files on somebody else's server, ie. one you don't control, you have a security issue IMHO. What makes you think this service is truly any more secure than Dropbox?

Well, I suppose there are other variations of security (like will you files be available to you next week?) but the main thing I am concerned about here is:

Can Homeland Security or any other entity force the vendor to give-up your data without your consent (or even awareness)?

The theory behind this SpiderOak is that the encryption and decryption happen on the client side, and you (the owner) are the only one to hold the key. Everything in the cloud is gobbletey-gook.

Given that I haven't reviewed the client-side code and compiled it myself, I appreciate there is some risk the vendor may be a big-fat-liar and be retaining our encryption keys despite everything they say; so I am curios to get security-expert thoughts on the likelihood of this.

Can these things be audited to anyones satisfactions?

And what about User Experience?

I appreciate Dropbox is still king here - easy setup, easy access from various iOS apps, right-clickable options right from the files within Finder or Windows, ...

Does anyone here use SpiderOak and what is the user-experience like once configured?

(i.e. would grandma be able to use it without having to call me every night ? )

Looks like they might have to 'hold' your password if you use the WebApp.

#1 is not true. SpiderOak and Wuala both have products in the marketplace today... | Hacker News (http://news.ycombinator.com/item?id=2461857)

Also, Wuala might be another option ... I am going to look for a Wuala invite (start with 3 gig rather than 2 gig :-)

(got one : Wuala - Your personal invitation - Secure Cloud Storage - Backup. Sync. Share. Access Everywhere. (http://www.wuala.com/referral/GN73JP66A3B3KH3CAF6G) )

Can Homeland Security or any other entity force the vendor to give-up your data without your consent (or even awareness)?

AFAIK any sever located in the US or or owned by a US company is vulnerable to Homeland Security scrutiny. The company gives a physical address of 555 Huehl Road Northbrook, IL 60062 therefore you have to assume Homeland can have access.

AFAIK any sever located in the US or or owned by a US company is vulnerable to Homeland Security scrutiny. The company gives a physical address of 555 Huehl Road Northbrook, IL 60062 therefore you have to assume Homeland can have access.

That is a red-herring, Gray.

Legally, public entities can store private information in the US if it is encrypted at the source. (edit: perform a privacy impact assessment first)

What I am looking for is some kind of assurance the vendors claims around this are 'true', provable, audit-able, whatever...

Please refer to: https://spideroak.com/whyspideroak#privacy

Complete Privacy Guaranteed

SpiderOak never stores or knows a user's password or the plaintext encryption keys which means not even SpiderOak employees can access the data

Our zero-knowledge privacy approach means we can never betray the trust of our users

It'd be nice if all their claims are true. Until then I'll stick with Dropbox for my needs. I barely use it as it is now.

I use Box.com to store my files. Their iOS App Promo Before For 50 GB of Free Storage Was Something I could not pass on. I used DropBox before, but I left after all the controversies surrounding it over the Terms & Conditions and security issues with it.

In any case, services like these could all have their own risk of security... However, seeing as a lot of companies use Box, they must make sure that security is a top priority. Seeing as I do not have much sensitive content on Box, then I don't really mind to be honest...

I use Box.com to store my files. Their iOS App Promo Before For 50 GB of Free Storage Was Something I could not pass on. ...

Ouch! 50 Gig? How did I miss that one :-/ ?

It looks like SpiderOak is working towards 'open sourcing' its client API - making it possible to audit claims that your key stays with you.

Now the challenge will be a catch-22 on iOS devices - iOS End users can not compile and install their own code, so the open-source thing is missing a step. Maybe we need a trusted (canadian?) third-party to post the App.

Or Jailbrake, but then that introduces all sorts of other security compromises.

/d