September 17, 2010

Does privacy really matter? To you? To Google?

by with 7 comments

I feel as though every couple of months a friend forwards me a story about the importance of privacy in this digital age upon which we live. And like clockwork, I received the following post the other day. If you have a brief moment, please give it a quick read:

GCreep: Google Engineer Stalked Teens, Spied on Chats (Updated)

In quick summary, a systems administrator at Google penetrated several Google accounts to view Google Voice and Google Chat logs. Apparently he had known the people whose accounts he had entered and was literally ‘spying’ on them.

Of course this one breach brings up a whole host of issues and touches on the much much larger problem of what else could potentially be going on behind the Google firewall that isn’t being caught or reported. In this case it was Mr. Barksdale’s arrogance and aggressiveness that lead to his demise but one has to figure others could/would be much smarter in their approach. At the very least – it surfaces the question.

So why did we create our ‘zero-knowledge’ privacy environment? I suppose the above case proves the point so well that no explanation is really necessary. And does this privacy come at a price? Yes – it does indeed. It means that SpiderOak cannot provide services with the same speed or as ‘openly’ as some of our competitors (feel free to read this post for further explanation: Why and How SpiderOak architecture is different than other online storage services: The surprising consequences on database design from our Zero-Knowledge Approach to privacy). However, to create a world where neither our system administrators nor potential thieves nor any government agency across the globe could access plaintext data on our servers was far more important and necessary.

After all, the world we live in now is as much about having options as anything else and we present our ‘zero-knowledge’ privacy environment as one for the security conscious. Oh – and don’t worry – if you miss this post then there will surely be another opportunity.

  1. ditto – I use SpiderOak for that reason too, although I still use online services like Hotmail too. In 2001 I was working on a book titled Privacy Defended, and I got to interview regular folks to discuss their feelings about privacy.

    Most of the responses I got back were of the 'meh' sort, people just didn't care about FBI's carnivore, Echelon, TIA, or any other program aimed at snooping on all their private conversations.

    Any isolated instance of snooping may not be so worrisome, but the concept and the bigger picture is definitely something I'm concerned about. Phil Zimmerman created PGP for good humanitarian reason – to save people's lives in countries where people are oppressed and prohibited from speaking ill about the government. But there was a more general purpose behind it, to protect everyone's right to privacy.

  2. Well I'm paranoid so SpiderOak still backs up an encfs in reverse mode instead of my actual homedir:-) (how's that open sourcing the client going guys? :-) )

    But yeah, you guys beat dropbox on architecture, security/privacy, Linux support, and oddly enough, pricing, given the student discount.

    I'm working on my own custom solution which is a sort of abstracted filestore built on top the SpiderOak API, if it goes anywhere I'll be sure to let you guys know!

  3. with all the ways of accessing data on personal computer, why do we think we actually have any private data anymore?

    how would we know anyway – unless peeping toms like this guy get caught and it's publicized?

    I feel we are kidding ourselves to think it is and privacy is increasingly becoming an illusion in the online world.

    The veil that used to protect us has become transparent.

  4. Frankly I think it is really tacky that you would use that bozo's idiot activities to sell your product. I use your product (and like it) but that strategy makes me feel a little unclean. Good products don't need grubby methods to sell them.

  5. @ Secrets R Us – Please see the following blogpost made by Chip that addresses this issue:

    @ undecidable – I do apologize that you feel this is a 'selling' tactic; quite the opposite, we feel it is important to present and understand how our privacy is being potentially breached. SpiderOak is not the only product on the market designed to provide user privacy but – as one of the main drivers – we do feel it is important to continue the conversation which is what this blogpost does (proven by your response). And as I have learned in my life, just because I may understand something doesn't mean that others don't.