All posts by:

Alan Fairless

Comments on study citing design flaw that puts your privacy at risk

Recently, Johns Hopkins published a paper stating its computer scientists found a “design flaw in ‘secure’ cloud storage” that puts privacy at risk; their study specifically focused on SpiderOak, Wuala and Tresorit. From SpiderOak’s perspective, the authors of this paper came to very incorrect conclusions about how SpiderOak works. Their assertions about the weaknesses in […]

Read More and related SSL certificates were changed yesterday due to the OpenSSL Bug

As has been widely published, a significant vulnerability has been found in OpenSSL, the transport encryption library used by many SSL websites. SSL is the mechanism that encrypts your browser’s connection to the server, verifying the server’s identity and preventing eavesdropping. Many people know it as the padlock icon in a web browser. Many sites […]

Read More

Dear Ubuntu One Users: What SpiderOak Can Do For You

Canonical announced today that Ubuntu One is shutting down. In addition to natively supporting Linux since day 1 in 2007 (my machines run Ubuntu, Debian, and RedHat) we also support Windows and Mac allowing you to be flexible.  Enjoy our easier pricing and Zero Knowledge Privacy Policy and keep your data safe, synced, and private!  Over 20% of our […]

Read More

Responsibly Bringing a new Cryptography Product to Market

Post Snowden, technologists have rushed a variety of “liberation tech” projects to market, making boastful claims about their cryptographic capabilities to ensure the privacy of their customers. These goals are noble but the results have sometimes been embarrassing. We’re building a new crypto product ourselves: a high-level secure-by-default framework developers can use to build end-to-end […]

Read More

Security Vulnerability in Py-Bcrypt 0.2

This blog post is probably only interesting to programmers. Regular SpiderOak users can safely ignore this article. (It is not related to the SpiderOak backup and sync software.) There’s a security vulnerability with py-bcrypt. The vulnerability allows an attacker (“Eve”) to login as any user by making a login attempt with a bogus password, overlapping […]

Read More

The Risk to Your Encryption Keys when Using Virtual Hosting

Dan Goodin over at Ars Technica has a nice article with an example of one of the privacy risks of using virtual hosting (such as Amazon EC2 and other cloud computing services.) This particular scenario allowed attackers to recover GPG keys from other virtual machines that happened to be running on the same physical machine. […]

Read More

SpiderOak’s new Amazon S3 alternative is half the cost and open source

As 37signals famously described, in the software business we almost always create valuable byproducts. To build a privacy-respecting backup and sync service that was affordable, we also had to build a world class long term archival storage system. We had to do it. Most companies in the online backup space (including BackBlaze, Carbonite, Mozy, and […]

Read More

What I’ve learned from a natural expert in customer crisis management

In light of current events such as the AirBNB situation, I’ve now recognized how fortunate I am having a cofounder who truly understands how to have conversations with customers, especially in the most trying moments. When the first customers started using version 1.0 of SpiderOak in 2007, inevitably some people ran into serious limitations with […]

Read More

2-Factor Authentication to your SpiderOak Account

We are now offering limited support for 2-Factor Authentication into your SpiderOak account. 2-Factor Authentication provides an additional layer of security on top of password protection. In other words, if someone were to compromise your username and password, these two elements alone would not be enough to allow them to access your SpiderOak account. As […]

Read More

A True Story about iPods, Audio Books, Automatic Weapons, Swat Teams and … Design of Technology

My friend Harry told me a story the other day. It’s an incredible story, but true. Harry is convinced that his story should be told to others as a cautionary tale, but he’s too embarrassed to tell it himself. So with the names and some details changed to protect the embarrassed, here it is. Harry […]

Read More