November 20, 2008

Online Privacy – Strange Bedfellows…

by with 9 comments

Normally, when people think of ‘online’, privacy is definitely not the first, second, or fiftieth thought that comes to mind. If fact, people generally exhibit quite the opposite response and conjure up images of complete nakedness. After all, the modern-day Internet has evolved mostly for the purpose of providing instant exposure, distribution, and presence to the world over. The question then becomes, can the value of the Internet extend beyond nakedness?

One of the driving purposes behind SpiderOak was to dispel the notion that just because data is online means it can no longer be private. The goal was simple – devise a plan where a user’s files, filenames, file types, folders, and/or any other personal information is never exposed to anyone for any reason (even under government subpoena). This of course includes the SpiderOak staff who – even with physical access to the servers upon which the data resides – should never be able to see or interact with a user’s plaintext data. Creating this environment, however, would prove more difficult than simply making these statements.

In the beginning, we grappled with how best to accomplish this feat – creating ‘Zero-Knowledge’ privacy as we call it. Most of our competitors and thousands of other companies make claims and statements about security and privacy but, at the end of the day, they would all fall short of achieving our aforementioned goals. To use the most general example – if a company can reset your password, it means someone in the company has access to your encryption keys (if they encrypt the data) which further means they can access your data if they ‘had’ to or, worse yet, someone else could with far worse intentions.

A more specific case is Mozy’s use of encryption. Mozy’s encryption is far better than most online storage providers and yet it contains serious oversights. The default options have you choosing between a stronger ‘Mozy’ key (which Mozy then knows and could use to decrypt your data) or a weaker key you choose on your own and keep private. Even if you choose the weaker private key, Mozy still stores your file and folder names in plain text – meaning they know a list of every file archived from your computer. We would suspect they know the size and timestamp of each file as well although this information has not been publicly disclosed. This seems to represent a great deal of information to reveal about the contents of your ‘private’ data, doesn’t it?

To overcome this threat and others, we at SpiderOak decided to never store a user’s password nor the plaintext of a user’s encryption keys. This ensures that there can never be a point – ever – where we could even unknowingly betray the trust or privacy of a user. Why? Because – to put it simply – we don’t ever come into contact with the keys needed to unlock the encryption surrounding the data. Even with physical access to the server or under subpoena, SpiderOak simply can never see or turn over a user’s plaintext files, filenames, file sizes, file types, etc… On the server, we only see sequentially numbered containers of encrypted data.

This necessarily meant a different approach to various processes throughout SpiderOak which you may or may not have noticed – including forced registration through the desktop application and never via the web. In the
end, however, we did accomplish our goals and proved that, although strange bedfellows indeed, ‘online’ and ‘privacy’ can sleep next to each other every night, naked, and live happily ever after…

Comments
  1. Just my 2cents… For me the gem is that SpiderOak has solved the golden tension. Traditionally its been Secure VS Share and with this approach we're getting close to Secure AND Share.

    This has been a bonus for me, I've been able to share study notes, photos and other large files without having to use a separate service (and all the uploading that comes with it). Yet, the files I need to keep most secure (Business Accounts etc.) are only a few directories away and totally sewn up in zero-knowledge privacy.

    I am intrigued however about the safety mechanisms that surround the shared files (not that I share anything super sensitive)???

  2. That's a great question and one of the important details of SpiderOak — sharing + privacy.

    Here's a scenario. Suppose you have all your files uploaded and stored, all encrypted, zero-knowledge. Later, you decide to share a folder of photos, containing gigabytes of data. Since that data is already uploaded, you can create a SpiderOak ShareRoom, and within a very short time that ShareRoom is live and accessible to visitors (although it may take a few minutes for SpiderOak servers to generate previews and thumbnails of all your pictures.)

    The SpiderOak client did not have to upload your photos again in plain text to make this ShareRoom available.

    So, how did this happen? How is your the privacy of all the other unshared items preserved, while yet being able to arbitrarily choose to share various portions?

    Most storage providers — if they offer encryption at all — only use one encryption key per account. Instead, SpiderOak uses a nested system of many small scoped encryption keys. When you create a ShareRoom, the SpiderOak client makes the encryption keys of appropriate scope for the contents of that share room public.
    This makes it possible for our webservers to present the contents to visitors, but nothing beyond the Share Room is known.

    So, the upload transaction to create a new ShareRoom and suddenly be sharing a lot of data within your account is very small, and your ShareRoom is ready for company very soon.

  3. <quote>Mozy's encryption is far better than most online storage providers</quote>

    Would you tell a little more? F.e. name a few online backup providers that do better/worse thans mozy.

    <quote>if a company can reset your password, it means someone in the company has access to your encryption keys</quote>
    Is this also true when that system/company would have a seperate encryption key for the data stored in that account (a layered approach)?

  4. My friend and I were recently talking about how technology has become so integrated in our day to day lives. Reading this post makes me think back to that discussion we had, and just how inseparable from electronics we have all become.
    <br>
    I don't mean this in a bad way, of course! Societal concerns aside… I just hope that as technology further develops, the possibility of uploading our brains onto a digital medium becomes a true reality. It's a fantasy that I daydream about almost every da

  5. I have a question. When we create the share folder, the data are already on the server (assuming encrypted with a key). How the server obtain the key and decrypt the share folder? So you say that the client create a key for each folder? That doesn't make sense to me.

  6. Your blog article content is very deep , with very strong philosophical knowledge , these have great value . We very much enjoy your share , benefit from a lot . Thank you for your sharing, I am very much looking forward to more of your wonderful sharing .

  7. Such a good blog to the network environment is difficult to find a . In your blog , you can learn a lot of meaningful knowledge , and benefit from. Some valuable information can also be collected from your article that these be of great help to me . Thank you for your wonderful sharing .

  8. Your blog is worthy of attention , your article is worth browsing , your content is worth learning . Very appreciate your blog post , which gives shared a lot of valuable knowledge to help information and philosophical theories . Very thank you for your wonderful sharing, I very much look forward to your more similar to the update .