May 7, 2012

Increasing Transparency Alongside Privacy

by with 16 comments

Privacy has been and will always be a priority for SpiderOak. Everything we plan for and develop makes reference to our ‘Zero-Knowledge Privacy Standard’. That said, we are now learning more about ‘transparency’ and its importance alongside privacy.

As mentioned in an earlier post, we have been working with the Electronic Frontier Foundation (EFF) over the last few years to better understand how we can increase our efforts around fighting for the rights of our users. As we are learning, our ‘Zero-Knowledge’ privacy covers one aspect but a commitment to transparency is also critical.

As such, we have produced the following Transparency Report that covers all activity over the last year. Please review the following:


SpiderOak is committed to keeping our users informed about all the activities surrounding their data and the constant protection of their privacy. We will continue to work with the EFF and other organizations to improve our outreach and understanding so that you all – our users – can benefit from a fully transparent and open environment. To that end and has been asked previously, we do plan on implementing a warrant canary as part of our new website launch which is expected to go live in the next few weeks.

As always, we greatly value your thoughts and feedback so please don’t hesitate to send further thoughts or questions anytime.

  1. To 0: Federal Law Enforcement contacted us regarding data they believed we were storing on behalf of someone they were investigating. In both cases, once we informed them how our 'Zero-Knowledge' Privacy is employed, they no longer pursued the matter.

  2. With all the new US laws etc. coming… If they really want to see any customer data are there any shortcuts you can provide for them or is the only choice to brute force the data if the password is not known?

  3. @ Niko: First – allow me to apologize for not responding to you sooner. In regards to your question, there are absolutely no shortcuts we can provide under any circumstances. The data blocks we store do not contain any information about what plaintext data is contained up to and including the name of the file, file size, file type, etc… Brute force would be the only option.

    Please let me know if that answers your question.

  4. Here's one thing I haven't quite understood:
    If I want to put something into a share room, I have to put it in a backup folder first (right?)
    That backup folder is of course encrypted.
    If I add that folder to a share room, though, it becomes available for the whole world to see if they just know the URL. Unencrypted.
    This means two things: First: If I want to share sensitive data via Spideroak, I'll have to create a shared spideroak account (okay, that's doable). Second: How does the encrypted backup folder become an unencrypted share room? Who's doing the decryption? Does that mean that I have to re-send everything in unencrypted format? Does the availability of both the encrypted and unencrypted version of that folder give any hints about the encryption key?

  5. @Zak, data in share rooms have ancillary keys generated and sent to the server for that subset of shared data only. Then, any share room data is decrypted on the SpiderOak servers using those ancillary keys when the share rooms are accessed. The ancillary keys are not derived from the account keys, so the account keys are kept safe.

    For further details on our Zero-Knowledge architecture, we strongly recommend our users read For those with a desire for strong privacy, The Backup/Sync products running from within the SpiderOak client are solid solutions. Using share rooms, the Web interface, and mobile clients (at this time) to access your account weaken your privacy, thus should be considered carefully for those circumstances.

  6. Thanks for the effort! This is a great policy … will you also list requests from foreign law enforcement agencies?

  7. Did you inform the people Federal Law Enforcement asked for information about that the request was made? If you legally can you should commit to doing so. Not just if a court order is presented but upon any contact.

  8. In Canada some organizations are particularly concerned about the implications of the Patriot Act, to the extent that they go out of their way to avoid storing data on US servers. I believe data requests under the Patriot Act are quick rare. And even as a Canadian, with SpiderOak's encryption system, I feel comfortable storing data on your servers; even if you are compelled to hand over data, it's encrypted. Still, I'm curious whether your stats include data requested under the Patriot Act (which is I believe a court ordered request for data).

  9. I just read about the Warrant Canary plan, which answers about reporting about data requests made under the Patriot Act. I appreciate the work SpiderOak is doing!

  10. @Simon: To paraphrase another commenter (from elsewhere): If I'm doing nothing wrong, why does the government/law enforcement need to see my data?

    Others have written volumes on the topic, but a recent post that I found particularly excellent appeared over at LifeHacker: . If you're interested in more than one answer to your question, that article provides half a dozen in less than two pages.


  11. @Simon, @Tom:
    A "Snuff" quote, from the brilliant Terry Pratchett:

    "[Commander of the Watch] Vimes didn’t like the phrase “The innocent have nothing to fear,” believing the innocent had everything to fear, mostly from the guilty but in the longer term even more from those who say things like “The innocent have nothing to fear.” "