All posts by:

Alan Fairless

Comments on study citing design flaw that puts your privacy at risk

Recently, Johns Hopkins published a paper stating its computer scientists found a “design flaw in ‘secure’ cloud storage” that puts privacy at risk; their study specifically focused on SpiderOak, Wuala and Tresorit. From SpiderOak’s perspective, the authors of this paper came to very incorrect conclusions about how SpiderOak works. Their assertions about the weaknesses in […]

Read More

SpiderOak.com and related SSL certificates were changed yesterday due to the OpenSSL Bug

As has been widely published, a significant vulnerability has been found in OpenSSL, the transport encryption library used by many SSL websites. SSL is the mechanism that encrypts your browser’s connection to the server, verifying the server’s identity and preventing eavesdropping. Many people know it as the padlock icon in a web browser. Many sites […]

Read More

Dear Ubuntu One Users: What SpiderOak Can Do For You

Canonical announced today that Ubuntu One is shutting down. In addition to natively supporting Linux since day 1 in 2007 (my machines run Ubuntu, Debian, and RedHat) we also support Windows and Mac allowing you to be flexible.  Enjoy our easier pricing and Zero Knowledge Privacy Policy and keep your data safe, synced, and private!  Over 20% of our […]

Read More

Responsibly Bringing a new Cryptography Product to Market

Post Snowden, technologists have rushed a variety of “liberation tech” projects to market, making boastful claims about their cryptographic capabilities to ensure the privacy of their customers. These goals are noble but the results have sometimes been embarrassing. We’re building a new crypto product ourselves: a high-level secure-by-default framework developers can use to build end-to-end […]

Read More

Increasing Transparency Alongside Privacy – 2013 Report

As we stated in our Transparency Report in 2012, privacy continues to be at the root of all we do at SpiderOak. Every new product and feature is designed to fit tightly alongside our ‘Zero-Knowledge’ privacy commitment. And we continue to understand how transparency plays a role in overall privacy. In our ongoing efforts to […]

Read More

Security Vulnerability in Py-Bcrypt 0.2

This blog post is probably only interesting to programmers. Regular SpiderOak users can safely ignore this article. (It is not related to the SpiderOak backup and sync software.) There’s a security vulnerability with py-bcrypt. The vulnerability allows an attacker (“Eve”) to login as any user by making a login attempt with a bogus password, overlapping […]

Read More

The Risk to Your Encryption Keys when Using Virtual Hosting

Dan Goodin over at Ars Technica has a nice article with an example of one of the privacy risks of using virtual hosting (such as Amazon EC2 and other cloud computing services.) This particular scenario allowed attackers to recover GPG keys from other virtual machines that happened to be running on the same physical machine. […]

Read More

Increasing Transparency Alongside Privacy

Privacy has been and will always be a priority for SpiderOak. Everything we plan for and develop makes reference to our ‘Zero-Knowledge Privacy Standard’. That said, we are now learning more about ‘transparency’ and its importance alongside privacy. As mentioned in an earlier post, we have been working with the Electronic Frontier Foundation (EFF) over […]

Read More

SpiderOak’s new Amazon S3 alternative is half the cost and open source

As 37signals famously described, in the software business we almost always create valuable byproducts. To build a privacy-respecting backup and sync service that was affordable, we also had to build a world class long term archival storage system. We had to do it. Most companies in the online backup space (including BackBlaze, Carbonite, Mozy, and […]

Read More

What I’ve learned from a natural expert in customer crisis management

In light of current events such as the AirBNB situation, I’ve now recognized how fortunate I am having a cofounder who truly understands how to have conversations with customers, especially in the most trying moments. When the first customers started using version 1.0 of SpiderOak in 2007, inevitably some people ran into serious limitations with […]

Read More