Tag Archives: SpiderOak

Google Claims It Has a Right to Your Email

Millions of online users rely on Google Gmail for personal and business correspondence. But despite passionate consumer backlash against privacy breaching policies by companies like Facebook and organizations like the NSA, Google is claiming in court that it has a right to the contents of your emails. This outrageous declaration has prompted consumer rights groups to fight back and governmental organizations are even considering banning Gmail for official correspondence. As lawmakers and privacy advocates champion digital privacy rights, one way to protect your data in the meanwhile is to exclusively store and sync sensitive files to a secure cloud service provider. A good provider will offer data privacy, user anonymity, and zero-knowledge policies so that only you have access to the contents of your data.

Google Privacy

The group that filed the lawsuit against Google is Consumer Watchdog. The organization asserts that Gmail users do not reasonably expect that the company will search the contents of their emails. Director John Simpson recently told ABC News that Google “actually read and data-mine the content of the messages. They’re using my content for whatever purposes they want to do with it.” He hopes that the lawsuit might encourage Google to seek a profit through other means like “ads that aren’t based on reading your email. Or they could just stop reading emails. There are a number of commercial services that are more amenable to privacy concerns.” Other privacy experts are less certain of the legality of Google’s policy but still caution against it, as the company claims they are protected in part by the fact that they use computers and not people to scan the contents of emails. According to Lorrie Cranor, director of the privacy engineering master’s program at Carnegie Mellon University, “The issue isn’t whether it’s a machine or human reading emails, but what could happen as a result of having your email read…There is a difference between user expectations and business practices. Just because every business may do it doesn’t mean that users know the things that are actually done. Ideally, the best choice is to give people the option to opt out.”

How Gmail Uses Emails for Ads

 

What does Google have to say about all of this? Essentially, they claim you have no privacy rights over your email. In their filing for a dismissal of the class-action lawsuit, Google wrote, “Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use Web-based email today cannot be surprised if their communications are processed…Indeed, a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” The idea is that because users put their content on Gmail, the company has a right to mine it for advertising purposes. The same idea was put forth by Facebook and shot down in the courts so it’s likely that this won’t hold up for long. Still, the company’s aggressive stance is frustrating to say the least. Google attorney Whitty Somvichian says that “Users, while they’re using their Google Gmail account, have given Google the ability to use the emails they send and receive for providing that service…They have not assumed the risk that Google will disclose their information and they fully retain the right to delete their emails.” Instead of waiting around for this company to protect your data, exclusively store anything sensitive to a secure cloud service like SpiderOak.

 

Backlash Against Google

Securing Your Emails With SpiderOak

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave emails and private data wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that emails, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.

Facebook’s Privacy Policy & Your Digital Rights

Facebook has already gained the ire of privacy advocates over their advertising policies and their consent to the NSA’s PRISM program, but recent changes in the language of their privacy policy have sparked up another wave of controversy. All the while, shares of Facebook continue to rise, as users neglect the company’s use of their data for advertising purposes. Still, privacy groups continue to fight a public awareness campaign while challenging the company through a letter to the Federal Trade Commission. For users concerned with privacy, be sure to take control of your privacy settings and never upload content you don’t want exploited. Any sensitive data should be exclusively uploaded to a secure cloud provider that offers data privacy and user anonymity.

Facebook Privacy

Six major consumer advocate groups have championed digital privacy rights in an open letter to the FTC. The groups include CDD, Consumer Watchdog, EPIC, and representatives from the Privacy Rights Clearinghouse, Patient Privacy Rights, and the U.S. Public Interest Research Group. The privacy groups allege that changes in Facebook’s language violate a FTC court order and settlement that was reached back in 2011. According to the letter, “Facebook users who reasonably believed that their images and content would not be used for commercial purposes without their consent will now find their pictures showing up on the pages of their friends endorsing the products of Facebook’s advertisers. Remarkably, their images could even be used by Facebook to endorse products that the user does not like or even use.” This “free” advertising through mining and selling user profile data has outraged users that care about their digital rights. Executive director of EPIC (the Electronic Privacy Information Center), Marc Rotenberg, says, “Facebook is now claiming the default setting is they can use everyone’s name and image for advertising and commercial purposes, including those of minors, without their consent. Red lights are going off in the privacy world.”

Marc Rotenberg

Another issue is the fact that the new language indicates that simply by signing up, teens using the site imply parental consent to the use of teen data for advertising. But as the privacy advocate letter to the FTC points out, “Such ‘deemed consent’ eviscerates any meaningful limits over the commercial exploitation of the images and names of young Facebook users.” Marc Rotenberg offered privacy advocates his organization’s support saying, “The FTC needs to open an investigation and make a public determination as to whether the change in privacy policy complies with the 2011. Groups such as EPIC are prepared to litigate if the FTC fails to enforce its order that we all worked to put in place.” While groups like EPIC fight back against Facebook’s encroachment, some users are also up in arms. Facebook asked users to comment on the changes and received hordes of scathing criticism. One user wrote, “If, that proposal really is enacted, the first time ANY of my friends sees an ad with any of my information in it, I will be deleting my account, and encourage everyone else to do likewise. You need us. We don’t need you.” At the end of the day, each social media users should remain the sole owners of their data.

Who Has Access to Your Info?

Social Media & Security Through SpiderOak

Social media users should be aware of how their data is collected and used before using any social media site or platform. Don’t upload anything you don’t want shared and exploited for advertising purposes. And be sure to exclusively store anything sensitive to a secure cloud provider. For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data and private info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that photos, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access

NSA & The Rise of Cryptography

You might think that the NSA would back off of their rampant citizen spying programs after the enormous international backlash against the PRISM program. Unfortunately, it doesn’t seem that assuaging public rage is on the NSA’s docket. Recent revelations published by the Guardian indicated that the NSA and UK’s GCHQ have continued to broaden digital espionage programs. Privacy advocates are fighting back through legislation, but the best way to protect your digital rights in the meantime is to exclusively upload to a secure cloud provider that offers both data privacy and user anonymity.

NSA & Cryptography Image from fcw.com

According to files published by the Guardian, the NSA spends over $200 million annually on a programs which seeks to “covertly influence” technology product designs. Additionally, the NSA has allegedly been involved in a decade-long program that enabled Internet cable taps. Over in the UK, a GCHQ team is developing a way to crack the encryption efforts of Facebook, Google, Yahoo, and Hotmail. In a leaked GCHQ document from 2010, the joint intent to crack encrypted data was made public. The document states, “For the past decade, NSA has lead [sic] an aggressive, multi-pronged effort to break widely used Internet encryption technologies. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.” This has troubled both privacy advocates and libertarians that feel their digital rights are being infringed. According to Bruce Schneier, Harvard fellow at the Berkman Center for Internet and Society, “Cryptography forms the basis for trust online. By deliberately undermining online security in a short-sighted effort to eavesdrop, the NSA is undermining the very fabric of the internet.”

Bruce Schneier photo from Wired.com

Cryptography researcher Matthew D. Green of Johns Hopkins University agrees that attempting to build and implement such backdoor spying programs is dangerous. According to Green, “The risk is that when you build a back door into systems, you’re not the only one to exploit it. Those back doors could work against U.S. communications, too.” Other countries and spies could use these programs against our own national interest, especially given that the Snowden and Manning Leaks show that the government doesn’t quite have a good handle on its sensitive data. As law professor James Grimmelmann says, “Start from the point that if the NSA had competent security, Snowden wouldn’t have been able to do a tenth of what he did. You give sysadmins privileges on specific subsystems they administer. And you do not give them write access to the logs of their own activity. The NSA should be grateful that Snowden got there first, and not the Chinese.”

Other privacy advocates and cryptographers feel disheartened, as all of this just seems like a regurgitation of the same played out debates over the NSA Clipper Chip encryption back door program proposed in the 1990s. Cryptographer and SSL protocol designer, Paul Kocher, expressed his frustration with the current debacle. In regards to the NSA’s attempts at creating an encryption backdoor, he said, “And they went and did it anyway, without telling anyone. The intelligence community has worried about ‘going dark’ forever, but today they are conducting instant, total invasion of privacy with limited effort. This is the golden age of spying.”

Snowden’s NSA Cryptology Leak from Wired.com

This should send anyone who is scared toward proper encryption and secure cloud services. For as Edward Snowden recently asserted, “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.” Along with proper encryption and exclusive storage and syncing with a secure cloud service, Bruce Schneier offered the Guardian five simple steps to stay secure despite NSA surveillance programs:

1) Hide in the network.

2) Encrypt your communications.

3) Assume that while your computer can be compromised, it would take work and risk on the part of the NSA – so it probably isn’t.

4) Be suspicious of commercial encryption software, especially from large vendors.

5) Try to use public-domain encryption that has to be compatible with other implementations.

Staying Safe With SpiderOak

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data and private info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that photos, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.

How to Protect Your Kids From Cyber Bullying

Parents already have so much to contend with in the modern world when it comes to keeping their children safe. The Internet only complicates things with increased threats and the possibility of well-meaning kids unintentionally disclosing sensitive information like school names and personal addresses. As more and more kids plug in online to a wide range of social media, the rise of cyber bullying has only picked up steam. Parents and schools can proactively combat cyber bullying through strategic protocols, clearly articulated expectations, and strict penalties. And when it comes to protecting identities and photos, exclusive storage through a secure cloud service is essential.

Cyber-Bullying

Children of all ages have signed up for Facebook, Instagram, and Twitter accounts, despite age restrictions. Through these forms of social media, kids can bypass parental knowledge and permission, while offering up their sensitive info to strangers online. A photo could reveal school sites, friends’ names, and home addresses to would-be predators, while cyber-bullies have used publically posted photos to harass, blackmail, and demean children. Geotags are particularly tricky in that they can reveal the exact location of children. Another problem posed by online social networking is the blanket of anonymity that cyber-bullies hide behind.

Through private profiles or fake identities, bullies can make outrageous claims and attacks without having to worry about retribution or consequences of any kind. Such anonymous bullying has even led to suicides, as in the case of a 16-year-old that recently hung herself in response to the cruelty she experienced online from strangers. The teen had posted a simple medical question on eczema, a common skin condition, to Ask.fm. Instead of getting helpful answers, which is what the website is purportedly intended for, she received a barrage of harassment and shaming. Parents should be cautious about letting their children post to public forums, especially if bullying has been an issue in the past. And schools should establish strict guidelines for posting to forums, staying away from public sites that attract cyber-bullies in favor of protected educational sites that don’t allow students to hide behind anonymous avatars.

How Cyber-Bullying Victims Feel

Cyber-bullying has become somewhat of a buzzword as of late, but just what does this broadly applied term mean? Russ Warner of Net Nanny recently offered a description of cyber-bullying to The Huffington Post:

  • Post rumors, lies, or “dirt” about the victim in a public forum
  • Share embarrassing pictures of the victim in a public forum or through email
  • Use texts, instant messages, emails, or photos to send mean or threatening messages
  • Upload a video to YouTube that embarrasses the victim
  • Create a fake Facebook account and pretend to be the victim, but act in a negative way
  • Pretend to be the victim in a chat room, and act in embarrassing ways
  • Share the victim’s personal information in a public forum

Fundamentally, cyber-bullying is traditional bullying carried into the digital world. Much of it revolves around trying to embarrass, shame or imitate the victims.

Safe Facebook Practices

According to the Cyberbullying Research Center at the U.S. Department of Health and Human Services, 52% of students have been affected by cyber-bullying. Over 80% of youth admit that there are hardly any consequences for online bullying and about a third of children younger than 13 have experienced some sort of cyber-bullying. Kelly Sheridan at Information Week offers some suggestions for schools that parents can also implement at home.

1. Filter objectionable content and keywords.

HTTPS sites can help schools and parents catch cyber-bullies in the act.

2. Deploy URL categorization and filtering software.

Don’t let kids access sites that are notorious playgrounds for bullies and predators.

3. Application control.

Install strict privacy applications and security measures. SpiderOak is one great secure cloud service that offers private storage.

4. Stay current on trends.

Children’s taste change just as fast as the Internet so make sure you don’t fall behind the trends.

5. Implement awareness campaigns.

Some schools have shown success in eradicated unwanted bullying behavior by meeting the challenge directly through awareness campaigns.

Once kids know what your expectations are regarding online behavior and cyber-bullying, it’s appropriate to roll out consequences for failure to adhere to the policies you set forth. Successful consequences typically revolve around online use, such as the suspension of accounts or loss of Internet privileges. According to psychologist Roxana Rudzik-Shaw, “Bullying is no longer confined to the school playground, home or workplace. It is all around us in this digital age, which often feels inescapable.” One of the best ways to escape the encompassing sense of cyber-bullying is through a secure cloud service.

Parental Supervision and Protection in the Cloud

For many parents and guardians, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave their children’s data and photos wide open to theft, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy.

SpiderOak protects sensitive data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile security.

The Past and the Future: Taking the 4th Amendment Online

The 4th Amendment to the U.S. Constitution protects citizens from warrantless searches and seizure of private property. Many civil libertarians and others across the political spectrum consider this to be one of the most important elements to the Bill of Rights. Privacy advocates have invoked the 4th Amendment in a campaign to take citizen privacy rights online for the digital age. The amendment states, “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” Unfortunately, news of the NSA’s continued PRISM program has eradicated the public’s trust in government and reveals just how flagrantly organizations like the NSA disregard citizens’ constitutional rights. But as the legal war for online privacy rages on, be sure to protect your data and identity in the meantime by exclusively storing and syncing with a secure cloud service.

Fourth Amendment Rights

Legislators are divided as to what should be done, if anything, regarding PRISM. According to Representative Peter King (R – New York), “This is a legitimate role of government, and when we’re talking about life and death, and having lived in New York through 9/11 I know what life and death means. We cannot afford to have this become a debating society. We need decisions made quickly, yes or no, up or down, because lives are at stake.” But such aggressive attempts to curb debate only frustrate online users and create even more cause for distrust.

Former governor of New Mexico Gary Johnson recently launched an aggressive attack on such systemic breaches of citizen digital privacy, saying to New Mexico Watchdog, “My blood’s boiling and I want to keep awareness of this at a heightened level. Maybe we can get more disclosures out of this, maybe we’ll get Congress demanding more. What we’re really concerned with is the Fourth Amendment and due process,” Johnson said. “Where is the due process? Who is looking over law enforcement’s shoulder? Who is looking over the NSA’s shoulder? … This is the libertarian cause right here. Libertarians have been out there sounding the warning bell about this issue ever the Patriot Act was signed.” And Johnson is right as this push for greater transparency and constitutionality has garnered large support, unifying parties that are otherwise fiercely at odds.

Gary Johnson

Despite the public backlash, governmental institutions and courts seem to think that business as usual will suffice. Recently, the Fifth Circuit Court of Appeals upheld the right of law enforcement agencies to seize private cellphone location data from service providers without a warrant. Because such digital records have been deemed as “clearly a business record” the courts claim that no Fourth Amendment protections are in order. However, this is disingenuous at best. Warrantless tracking of car location is still protected under the Fourth Amendment, even if the car in question is driven strictly as “a business”. So it is obvious that the court’s logic doesn’t hold water. As Orin Kerr of George Washington University Law School says, “The opinion is clear that the government can access cell site records without Fourth Amendment oversight.” This sets a dangerous precedent that has gotten privacy advocates up in arms all across the digital world. According to ACLU lawyer Catherine Crump, “ This decision is a big deal. It’s a big deal and a big blow to Americans’ privacy rights.”

MIT’s Immersion

To see some of the information that the government has on you, check out Immersion. This new tool taps the cloud to analyze big data for an understanding on what relationships your Gmail account reveals. And that’s just part of what the NSA can see with their notorious PRISM program. Instead of waiting on the government to update its dated privacy policies, it’s time to proactively safeguard your data from legal snoops. One of the best and easiest ways to do that is through a secure cloud service that protects data and shields your identity.

A Secure Cloud Solution

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data and private info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that photos, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.

Picking Apart the EU’s Right to Be Forgotten

International enterprises that rely on European businesses are stuck in a sticky situation. As the Continent turns towards debating digital privacy rights in the wake of the NSA PRISM program leaks, conflicting opinions on how to protect users have left the European Union in a messy hodgepodge of pending legislation. If enacted, such governmental legal protections might make some users more relaxed about using online services, but they still don’t offer true protection from hacking and legal snooping. The only way for enterprises to navigate this murky legal territory is to proactively guard their data, rather than relying on potential legislation. For enterprises of all sizes, SpiderOak Blue offers a range of flexible secure cloud services, from storage to infrastructure.

EU Parliament

The European Union is anything but united when it comes to what should be done regarding citizen digital privacy rights. One MEP had harsh words for America’s violation of international law in spying on the UN (as revealed through the PRISM leaks). MEP Amelia Andersdotter of the Swedish Pirate Party recently said, “I hope that they [EU nations] will have the courage to react very strongly against these revelations because ultimately damaging to the trust free market in the world that the United States is acting like this.” In reaction to such concerns, European nations and businesses are pushing for diverse solutions to the problem of digital privacy rights. One potential solution is in new EU regulations that require ISPs and telecom services to notify the government within a day of detecting a data breach. According to Ross Brewer, vice president of international markets at LogRhythm, “The barrage of data breaches that we are seeing points to an urgent need for organizations to up the ante on data protection. When these regulations were first discussed following the EC’s draft proposals in 2012, many people considered the suggested penalties and timeframes too severe. Perhaps those organizations should have seen this as a warning, and used the last 12 months to really get their ducks – or cyber defenses – in a row. Unfortunately, it seems that this did not happen.”

MEP Amelia Andersdotter

Enterprises that operate in Europe should know that strict financial penalties await those companies that refuse to cooperate with the new disclosure law. According to LogRhythm’s Ross Brewer, “As with any ongoing crisis, there comes a time when less talk and more action is needed – and it may be the case that this impending regulation will be the final call to action for those organizations still lagging behind with lax security policies, Given the well-documented sophistication and readiness of today’s cybercriminals, organizations can no longer sit idly and assume that they are immune to attack. As the risk of reputational damage and customer churn clearly aren’t persuasive enough, maybe the threat of severe, perhaps debilitating, financial penalties will do the trick. While the new regulations are fairly limited at the moment, it is only a matter of time before a universal set of rules is not just proposed, but enforced.”

Unfortunately, there still is no universal standard that enterprises can rely on. Instead, international corporations must navigate different laws that require differing levels of security and disclosure, creating the confused legal mess that many enterprises find themselves in today.

Ross Brewer of LogRhythm

Pending legislation that would enact strict new protections for EU citizen data has recently been stalled in the EU parliament until October, leaving no safeguards in place from continued programs like PRISM. Called, the Data Protection Regulation, this proposal was introduced in 2012 with the addition of a Right to Be Forgotten clause. The bill is currently being debated as some elements have raised concerns over the potential for abuse through censorship. European Union member states currently each adopt some version of a 1995 bill that protects data and online privacy. But without being updated to take into account international citizen espionage programs like PRISM, this outdated legislation does little to actually keep EU nations safe.

Staying Safe With SpiderOak

For most enterprises, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave sensitive corporate and customer data wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides enterprises with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that businesses can tailor the service to fit their needs.

SpiderOak Blue protects sensitive corporate data with strong encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data whatsoever. This way, even if programs like NSA’s PRISM continue to stand unchallenged, enterprises can rest easy knowing that their data is truly protected while earning diehard customer loyalty. SpiderOak’s cross-platform private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling a mobile workforce.

Snapchat Leaves Your Photos & Data Vulnerable!

Most smartphone users and shutterbugs are familiar with the “private” photo app snapchat. The app allows users to send each other instant snapshots that are timed and supposedly deleted forever once opened by the intended recipient. Unfortunately, recent news shows that the mobile application can be easily hacked and that “deleted” photos are actually recoverable. This should worry both Snapchat users and parents of smartphone-savvy teens as sensitive photos and personal information could be hacked and used for exploitation and blackmail. Instead of using unsafe applications, users with sensitive photos and personal information should exclusively upload to a secure cloud that offers user privacy.

Snapchat

According to a study conducted by Gibson Security, Snapchat has a large number of glaring security gaps. The popular photo-sharing app only uses two encryption keys for all users, which are kept by the company, meaning that they must be released to the government in the case of a subpoena. According to the Gibson advisory, “Internet trolls and stalkers could use this [personal] information to harass people in real life, unmasking the anonymity and privacy Snapchat provides. The scariest part for us is the possibility of a company utilizing this exploit on a massive scale, only to sell a database of Snapchat names, phone numbers and locations to a third party. With little work, a malicious party could steal large amounts of data and sell it on a private market, and that’s highly illegal.”

Gibson Security’s Discovery

To the dismay of privacy advocates and phone photographers, Snapchat still hasn’t addressed these security concerns. As the security firm told ZDNet, “Snapchat aren’t exactly easy to get hold of,” claiming, “With a couple lines of Python, someone could view all your unread messages, and depending on the situation, modify and even replace the images completely.” The potential for blackmail and harassment is high, which makes consumers question why it is that Snapchat won’t put in the extra effort to keep their privacy safe. The Gibson study goes on further to claim that “Snapchat [uses] a fairly simple (yet strangely implemented) protocol on top of HTTP. We won’t reveal anything about the protocol, only what is needed for these problems, but the rest is easily figured out. We are privacy conscious, being users of the service ourselves.”

How Snapchats Can Be Recovered

Gibson Security isn’t the only company to find problems with Snapchat’s lack of security. Richard Hickman of Decipher Forensics showed a television reporter that his firm had restored allegedly deleted photos hosted by the app. The only response that Snapchat has given at this time is a blog post claiming “if you’ve ever tried to recover lost data after accidentally deleting a drive or maybe watched an episode of CSI, you might know that with the right forensic tools, it’s sometimes possible to retrieve data after it has been deleted.” But this is just false. With strong encryption, user-hosted keys, and the promise to delete photos from servers, the application could offer much better protections from the threat of hacking and recovered photos. Hickman claims, “The actual app is even saving the picture. They claim that it’s deleted, and it’s not even deleted. It’s actually saved on the phone.” Some, like Orem Police Lieutenant Craig Martinez, caution again using the app altogether. The officer recently advised, “Be careful what you do on your cell phone, what you put on your cell phone. Because once it’s there, chances are it’s going to be there for a really long time, even if you can’t see it.”

For parents and people that still want to use Snapchat, the company has offered a simple guide, which has been recently posted to Forbes:

  • Snapchat is not for children under 13. Children under 13 are prohibited but since Snapchat doesn’t ask for age on signup, parents or others need to report if a child under 13 is using it.
  • To send a message to someone on Snapchat you need to know their user name and add them to your “My Friends” list.
  • By default anyone who knows your username or phone number can send you a message, but you can configure Snapchat to only accept messages from people on your friends list.
  • You can block a user by finding their name in your friends list, swiping to the right on iOS or long-pressing in Android and selecting Edit.

While these precautions can be good first steps, it still doesn’t change the fact that the company does little to keep your identity and private photos safe.

Securing Photos Through SpiderOak

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave photos and private info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides colleges with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that photos, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.

How SpiderOak Shields You From PRISM

Cloud companies have been scrambling to provide consumers with guaranteed protections from hacking and legal snoops after the public fallout occurring as a result of the NSA’s PRISM program leak. As governmental organizations like the NSA continue to snoop on citizens, cloud services like SpiderOak continue to up the ante in privacy protections and data security. SpiderOak shields users from PRISM through strong encryption and the fact that only users host encryption keys. The company also recently rolled out a plan to accept bitcoin and continues to update its celebrated Crypton privacy framework.

SpiderOak & Prism

Recently, reports on intelligence budgets show that governmental agencies are ramping up efforts on citizen spying. Roughly $11 billion is allocated to the Consolidated Cryptologic Program, which Director of National Intelligence James Clapper says is part of an exploration “in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic.” The details of the program are still confidential, which has caused much justified paranoia in the online community. Google Cloud Storage is just one company that is trying to fight back against lack of public confidence following the PRISM leaks. With a 128-bit Advanced Encryption Standard (AES) and encrypted keys, the company seeks to win back consumer trust. Unfortunately, this doesn’t go far enough.

128-bit encryption is relatively weak when more secure companies like SpiderOak can offer 256-bit encryption. Furthermore, the company keeps a master encryption key that is supposedly rotated. According to Google, “We provide user data to governments only in accordance with the law. Our legal team reviews each and every request, and we frequently push back when the requests appear to be fishing expeditions or don’t follow the correct process. When we are required to comply with these requests, we deliver it to the authorities. No government has the ability to pull data directly from our servers or network.” But this explanation falls flat on its face when considering the fact that a simple subpoena would allow the government to access files using Google’s master key. With SpiderOak, users hold their keys so that the company can’t access your data even if it was asked to by the law.

Wikipedia Security Measures

 

Another company fighting back against privacy breaches is Wikipedia. The free research site promises to protect user privacy through HTTPS security protocols. According to a statement, the company “believes strongly in protecting the privacy of its readers and editors. Recent leaks of the NSA’s XKeyscore program have prompted our community members to push for the use of HTTPS by default for the Wikimedia projects.” While this is a promising step in the right direction, it’s just one example of a company proactively doing the right thing by protecting user privacy.

SpiderOak CEO Ethan Oberman

Another way to protect privacy online is through the use of the secure digital currency, bitcoin. Very few cloud companies accept bitcoin, which makes SpiderOak’s recent efforts to allow for bitcoin payment all the more revolutionary. According to SpiderOak spokesman Daniel Larsson, “The potentially anonymous and proof-centric nature of cryptographic currencies certainly ties into our overall messaging. Based on all of the above, it seems rather natural to at least start experimenting with cryptocurrencies as a form of payment. The choice of bitcoin was easy as it is the most widely adopted cryptocurrency and is also the only one directly exchangeable for fiat (USD), should we decide that we want to move towards larger scale acceptance.” While the bitcoin program is just in its initial pilot stages, security concerns are sure to push consumers towards the private currency.

One of SpiderOak’s strongest selling points is in its privacy platform. The company’s Crypton framework allows for private storage, sync, and development. CEO Ethan Oberman says, “Previously, privacy could only live in the belly of a downloaded client which limits adoption and creates obstacles — especially as the world shifts toward the web. Now armed with a way to push privacy further into the web than previously possible, the Crypton framework can serve as a necessary cornerstone in the development and continued advancement of this new privacy platform.”

How to Guard Your Privacy & Shield Your Identity With SpiderOak

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides colleges with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak Blue is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.

The Economic Impact of Russia’s New Anti-Piracy Laws

Recently Russia awarded NSA leaker Edward Snowden with a year of asylum. But at the same time that officials were granting the whistleblower a temporary from the U.S., the country enacted new anti-piracy laws that jeopardize online liberty, freedom of speech, and economic growth in Russia. Enterprises that work in the country or target Russian consumers should be aware of what these laws entail and how they might impact future business. And in the midst of cyber warfare, legal surveillance, and breaches of privacy, all organizations should proactively guard their data through secure cloud services. With strong encryption and a guarantee not to host encryption keys or plaintext, the secure cloud is quickly becoming the last bastion of privacy on the net.

Russian Anti-Piracy Laws

One of the recently enacted bills blocks any site that is deemed to support or aid in copyright infringement. This strict measure even applies to posting links to torrent sites like PirateBay. Nicknamed the “Russian SOPA”, the bill was ironically ushered in to law the same day that Snowden was granted asylum, indicating to what extent the whistleblower is being used by major nations for this dramatic episode of international political theatre. Other proposed legislation, such as the one sponsored by State Duma Deputy Yelena Mizulina that seeks to ban sites featuring curse words.

Another bill allegedly protects children by giving the government authority to blacklist any site with exploitative material. Critics of this proposed legislation claim that it is being used a way to handover more censorship rights to the government and that it is unclear as to what would be deemed exploitative. As Yelena Kolmanovskaya, chief editor of Yandex, says, “ The need to fight child pornography and illegal content are as important for civil society as the support of constitutional principles like freedom of speech and access [to] information.” But she adds “The proposed methods provide a means for possible abuse and raise numerous questions from the side of users and representatives of Internet companies.” But the bill’s sponsor Mizulina has harsh words for critics, claiming that “The online community initiated the need for adopting this law themselves, that’s why I’m sure not all of the online community is against it – just certain circles that can be associated with the pedophilia lobby.”

Yelena Mizulina

The reason that the demonized critics of such legislation are so strongly opposed to a bill that would purportedly protect innocent children is that there are no transparency measures or checks and balances set in place to rein in the government from censoring anything they deem unfit for public viewing. Through such legislation the government could silence dissent and usher in a new era of Russian oppression. The law allows censors to blacklist IP addresses instead of the URLs that are allegedly the source and hosts of banned content. This results in collateral damage as many sites are brought down without having committed any crimes or having anything to do with the questionable content under investigation.

As Russian reporter Alexey Eremenko notes, “About 150 websites were on the blacklist as of July 1, but another 6,800 unrelated sites fell victim to the ban because the government is using a flawed blocking mechanism… according to independent internet watchdog Rublacklist.net”. This puts enterprises at risk of Russian espionage, censorship, and even blacklisting.

Protests in Russia

The good news is that some national and international enterprises are fighting back. The top Russian global investment firm, VTB Capital sent a letter to clients regarding the law, which partially states, “The new law makes it possible to shut down unwanted Internet resources by linking any piracy video to the website and submitting a lawsuit.” Russian websites have also banded together in the thousands to deliver a petition to the Russian parliament. But instead of relying on the Russian government to get its house in transparent order, enterprises should shield their sensitive data from all sides through the secure cloud.

Secure Cloud Solutions for Enterprises

For most enterprises, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave sensitive corporate data wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides SMEs and Fortune 1000s with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a hybrid cloud, so that businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak protects sensitive enterprise data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. SpiderOak’s cross-platform cloud services are available on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling a mobile workforce.

Catching Your Favorite Shows Inside the Cloud

The state of television today varies widely depending on whom you ask. In the opinion of actor Nicholas Lyndhurst, “There used to be something every night of fantastic quality, be it a sitcom, a drama or current affairs. Now it’s maybe once a week, which is a shame. The golden age has gone.” While that might be true in regards to traditional syndicated television shows, online watching is completely changing the game. Shows like House of Cards and Orange Is the New Black have gained cult followings almost overnight with cloud-enabled online viewing. Instead of waiting around for next week’s episode and potentially losing interest, viewers can binge-watch new seasons all in one sitting. This new strategy is an attempt to stave off online piracy, which has eaten into the profits of the entertainment industry for years. But the only way to truly safeguard data from piracy is to exclusively store and sync to a secure cloud provider that offers data privacy and user anonymity.

House of Cards

Recently, Kevin Spacey addressed the audience at the Edinburgh International Television Festival. While speaking on the benefits of entertainment tax credits to local economies, the actor also touched on the necessity of moving away from the syndicated model to an instant streaming model. According to Spacey, “Clearly the success of the Netflix model – releasing the entire season of House Of Cards at once – has proved one thing: the audience wants control. They want freedom. If they want to binge – as they’ve been doing on House Of Cards – then we should let them binge.” It seems that the actor has touched on a growing revolution in television. House of Cards, a Netflix original drama, made history by becoming the first show on television to release its entire season online all at once. Netflix has already earned the business of about 1.5 million fans in the UK while the BBC’s journey into online streaming amounts to roughly 40% of its monthly viewership.

Online Media Growth

Kevin Spacey also made wave by suggesting that syndication is on the way out and that both film and television will soon adopt on-demand models. He claims that piracy will continue until the industry makes the switch. According to Spacey, “Why is Game of Thrones the most pirated show in the history of TV? Because people can’t get it fast enough, that’s why. I believe if you go to a movie theatre and you see something you think is incredible, if you walk out of the theatre and there was a bin in the lobby of DVDs of the film you just watched, you would buy four of them – one for you and three for your friends.  I believe the notion of being able to convince theatre owners that we can open a movie online, in the movie theatres, on DVD on the same day; that is probably where it is leading. That would be a huge bite out of piracy; if it is all available no one is stealing it before someone else gets it.”

Regardless of the relative marketing merits of piracy, stealing intellectual property always hurt businesses and cuts into profits. Piracy would even disrupt Spacey’s strategy of on-demand streaming, because if pirates can hack and leak a season a month before its released, why would viewers sign up for a subscription service? The true solution to piracy, whether the industry goes on-demand or not, is in exclusively storing and syncing with a secure cloud provider.

Netflix Growth

Cloud Solutions for Production Teams

For most production teams, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave company data wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides production teams with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a hybrid cloud, so that users and SMBs of all sorts can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. SpiderOak’s cross-platform cloud services are available on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and storage while on the go.