Tag Archives: zero-knowledge

It’s Data Privacy Day – Helpful Privacy Tips for You

Here are some of our tips for your privacy protection online. Please let else know what else would might add to the list?

  • Use different, strong passwords for each of your online accounts so if one is compromised the rest are safe. Strong passwords contains letters, numbers, different cases, and symbols.

  • Unused online accounts are a liability. Hackers could use them to infiltrate your more important accounts. Get rid of them.

  • You put a lot of information about yourself on social networks. Would you want that friend of a friend you met once, two years ago to be carrying around a copy of all that information? Probably not. Keep the people you know and trust. Delete the rest.

  • Still receiving bank statements and doctors’ invoices by mail? You don’t need your personal information floating around in your trash can on the curb outside. Call your bank, doctor, credit card company etc. to find out if you can go paperless and manage your records via a secure online portal. You’ll save a tree and protect your privacy. Perfect!

  • Update your web browser (Internet Explorer, Firefox, Safari etc.) regularly to ensure that it’s the most recent version so you can take full advantage of the included privacy features like ‘private browsing mode.’
    (Explorer offers phishing filters, private browsing mode and more; Firefox offers anti-malware, parental controls and more; Google Chrome offers incognito mode, a user privacy settings tab and more.)

  • Taking the time to read a privacy policy in part or in whole to understanding the data relationships that exist on the site will help you make informed decisions when using available privacy controls on a site.

  • Be wary of emails asking you to “update” or “confirm” your information. These are almost certainly phishing schemes aimed at obtaining your personal information.

  • It’s easy to spoof an email sender, so don’t download attachments that you’re not expecting, and don’t download executable attachments at all. If you get an email saying “Run the attached file”, DON’T.

  • You should also never download attachments from unrecognized senders, as they are likely to contain viruses or malicious software that can take over your computer and/or harvest your personal information.

  • Remember to sign out of an online service or account when you are finished with your session, especially if you are using a public or shared computer.

  • Don’t broadcast your location or absence on social media. For that matter, make sure you know where you privacy settings are on social media.

  • Check out some of our favorites for your online use: PrivacyFix (simplifies privacy for you); and search engine DuckDuckGo (does not track any of your personal information).

  • Password-protect your devices.

  • Check your privacy settings before sharing vacation photos.

  • Discuss privacy concerns with your children and other household members. Everyone should understand what you feel is and is not appropriate to reveal on the phone, using a computer, or other situations.

  • Check your credit report regularly.

Find even more tips at StaySafeOnlline.org.

IF YOU MISSED IT: 24 hours left for 28% off

Celebrate Data Privacy Day with us by nabbing 100GBs (an annual plan) at this great discount (details found in Friday’s post).

Thanks for elevating the privacy conversation and Zero-Knowledge privacy with us. We have a big announcement we will post later today.

Introducing ZKPAs: Privacy is a part of security

Most of you have probably caught on by now that 2013 is ‘The Year of Privacy’. One of many reasons is we’ve just launched our ‘Zero-Knowledge Privacy Ambassador’ (ZKPA) program.

We now have nine impressive ZKPAs from around the world who we want to introduce you to in the coming weeks. You will find these ZKPAs online and offline, specifically advocating for the virtues upon which we built SpiderOak and educating others on zero-knowledge privacy. They will help us dream and expand the program in order to make ‘zero-knowledge’ a household term.

Allow me to introduce to you one of these new ZKPAs, Ryan D. Lang. Ryan graduated magna cum laude from Drexel University this past summer, 2012, with a degree in Computing and Security Technology. While employed at the Camden County Library System, he aided patrons as in-person technical support. He is currently employed in the IT Support department at LT Security.

In his spare time, he works on a book that attempts to adapt corporate best practices to average users. The goal is to convince others of the importance of good security. Earlier writings can be found at Ghacks.net. “I just want to do a little good in this world.”

Ryan wrote the following post:

Privacy is a part of security

It came up in the meeting that several members of SpiderOak felt that privacy and security were separate. I politely objected to no avail, but rather than argue, I elected to compose a concise, persuasive essay.

Security is often described as being composed of the CIA: Confidentiality, Integrity, and Availability. “Confidential” can literally be defined as “private” or “secret.” * Thus, privacy is a subcomponent of security. To attain privacy/confidentiality industry uses technology, policies, and physical controls.

Consider VPNs: Virtual Private Networks. They are designed to keep communications private over a public network. They employ the technology of encryption to achieve this. Another technology employed is user privileges. They can control/restrict access to information, keeping it secret from those who do not need access. SpiderOak takes this a step further by removing access from employees completely.

Policies are rules of conduct that a company sets for its employees. They can be used to define what should be kept private and create ramifications for sharing secrets. While this often relies on background checks and the honor system, the procedures defined by policies can make breaking them harder (e.g. requiring two signatures or a notary on critical documents).

Locks and keys have long been used to secure property. Physical security is as important as digital security. This should include old fashioned locked doors to protect private data (&c.) not only from outside access, but from unauthorized internal access as well. Key files placed on a physical USB drive can be used with TrueCrypt and KeePass, secret keeping programs, to compliment or replace passwords.

These are examples of old and new methods used to protect privacy. Together they form critical parts of industry security best practices. Without privacy, data is insecure.

*http://www.m-w.com/dictionary/confidential (see definition #2)

Personal Note

I find “confidential” to be an interesting word. To me it means: “giving with trust of keeping a secret.” A prime example of this is when you confide in a friend. Another example is when talking to a doctor or lawyer; arguably a better example since there is legal backing. Those professionals have to keep your secrets (within statutes) or they will be fined or even lose their license to practice. I do not think that the majority companies consider the depth of the word “confidential” when forming policies or choosing controls (though they may consider “due diligence”).

Mayan Prediction 12-21-12: Just the end of their calendar? End of the world? Or merely a blizzard?

Before I even put my head on the pillow, the screaming wind was banging without pause against my windows. It probably wasn’t a valid fear, but throughout the night I’d wake up wondering if it was going to break the glass and throw a wave of snow and paralyzing cold onto my bed, all over my room. It was an ear-plugs-in kind of night.

I currently live in the literal country in Kansas. Hay bales and cows are scattered about within eye-sight and beyond. I get to see the most beautiful sunrises and sunsets each week. Four happy farm dogs greet me as I come and go. The nearest store is 20 minutes away. I can see two houses in the distance. It is so peaceful here.

As I floated in and out of sleep all night, I’d be sure to look out and catch glances of the eerie-gray scene unfolding outside. It struck me as funny that tomorrow is the end of the Mayan calendar and one of many speculations is an apocalypse (and where to get a better picture of this than on Wikipedia). You can’t blame me for where my mind went with the brutal weather rip-roaring before my very eyes, accosting my ears.

I woke up this morning to a lighter sky, letting me finally see the blizzard in action. The wind and snow tore forcefully across the plains (the photo doesn’t do it justice). It is the kind of power and grace that makes you pause…

All over the area and into Missouri and Iowa, traffic is at a standstill for hours, schools are cancelled, and people can’t go into work. The news is eating the chaos up, describing the “painful” wind in their fluffy parkas, and following with excitement the night-work of the snow plows and salt-layers.

No matter what you think or believe may happen tomorrow, I believe it is never a bad thing to be reminded that all we ever truly have is today. So this all reminds me: enjoy this day. Each person, each moment. Do things you love with people you care about, while you can.

But for those doom-and-gloomers out there who will be spending their ‘last day’ kissing and hugging loved ones goodbye, partying like it is 1999, or spending the last drops of money in their bank accounts, tomorrow, we at SpiderOak will be developing new features, running our servers, maintaining our beloved Zero-Knowledge privacy, and arguing with each other about who’s working on New Years (or something like that).

For those of you who don’t buy any of it and will carry about as normal, here are two awesome things you can do with your time:

  1. Until Monday night, you can send a friend or loved one a ‘Secret Santa’ gift ON US. Gifts are handed out randomly and include an iPod Touch (1 prize available), a pair of socks (5 prizes available), a 100 GB plan (10 prizes available), a 5 GB plan (1000 prizes available), and 30% discount on all SpiderOak yearly premium data plans (unlimited prizes available). Spread the word! Be generous – it’s fun to give.
  2. Make sure all your documents, files, photos, videos, and data are safely backed up. If you’re new, sign up here and check out the pricing. (There is nothing like going into the New Year with peace of mind. Be sure to share with your friends and family so they can do the same!)

As for me, I’ll spend the day working, listening to the wind howling and banging on every window, and wondering when I’ll be able to get out (I have a holiday party to attend tonight after all!)…

Wishing you a truly rich, wonderful day,

Erin & the SpiderOak Team

Looking For A Few Good Ambassadors…

This might not exactly qualify for a top secret mission though you can bet privacy is at the core of this operation.

SpiderOak is launching a ‘Zero-Knowledge’ Privacy Ambassador program & We Want You!

The ‘Zero-Knowledge’ Privacy Ambassador (or ZKPA) will help inform and educate people on the importance of preserving privacy in everyday online life. From communicating with individuals to talking in front of groups, a ZKPA understands that certain lines must be drawn and we must have a better balance between what 3rd parties have access to, what they can do with collected data, and understanding our rights as individual users.

Requirements include:

  • Must have working knowledge of SpiderOak
  • Must have passion for understanding what privacy means and how it may be preserved online

Expectations:

  • Wear & display the ZK Image
  • Distribute ZK materials as appropriate
  • Offer information about SpiderOak and ZK to those interested
  • Participate in online conversations where data privacy is being discussed
  • Identify potential other ZKPAs
  • Offer free GBs to those interested in SpiderOak and ZK
  • Provide & collect user testimonials around ZK and Privacy
  • Be a resource for perspective SpiderOak customers

Ultimately – as a ZKPA – “you get out of it what you put into it.” – SpiderOak will look to you to set the level of involvement you will have with this position

Benefits Include:

  • Work closely with the awesome & fun SpiderOak Team
  • Represent SpiderOak and our passionate stance on ZK
  • Play a key role in helping us shape and grow the ZKPA program
  • Interact and gain leadership experience
  • Help spread awareness about ZK and the importance of control as it relates to personal data online
  • Develop a ZK Seal Certification process used to award other companies and organizations who maintain the high levels of privacy standards

Training Training:

ZKPAs are greatly encouraged to participate in monthly conference calls. ‘Training’ dates will be provided in advance. Given that the program is new, the full amount of time required is yet to be determined. Our first goal will be to gauge interest and understanding around ZK.

About Compensation:

ZKPAs are not paid. In exchange for ambassadorship, ZKPAs will gain valuable experience as well as a decent amount of swag to be worn, given away, presented, etc…

Application Details:

We would like you to send us an email to ZKPA@spideroak.com detailing why you think you would make a good ZKPA.

Some questions to consider are the following -

  • Why are you interested?
  • What does ZK mean to you?
  • What qualities do you possess that would make you a good ZKPA?
  • What experience have you had around SpiderOak?
  • Are you bilingual? And if so – what languages do you speak?
  • What sites do you frequently visit and enjoy? News outlets? Social Media?
  • Anything else you would like to share.

We are very excited to launch the ZKPA program and even more excited to hear from all of you. Don’t hesitate to send thoughts, questions, ideas, etc…

 

+1 For Privacy

It is National Cyber Security Awareness Month. And while security is crucial, it leaves out something critically important. Privacy.

We believe you shouldn’t have to choose. Companies who can’t offer privacy are forced to sell security alone. For us, it is the combination that leads to the only true freedom online. Our ‘Zero-Knowledge’ Privacy Standard trumps words like ‘trust’ and ‘security’ as plaintext data is never visible to anyone but you.

Join us in both acknowledging Cyber Security Month but also recognizing a huge ‘+1 for Privacy’ with this special promotion:

For only 48 hours, we’re offering 5 free GB for new users and 3 additional GBs for our already loyal support base.

Visit this link: SpiderOak.com/signup/, and use the promo code “plus1forprivacy” in your account settings.

Note: This code will replace your current amount with 5GBs. If you are an existing paying member, please email Plus1forprivacy@spideroak.com with your username and we will add 3GBs to your account.

Thanks for making the web a safe place with us, and your help spreading the word.

+1 for privacy,

The SpiderOak team

Zero-Knowledge 101: What It Is & What It Means to You

Welcome to SpiderOak University. If you’re a student, new user, or a lover of continuous learning, this month we’re talking to you.

We’ll be posting a couple video shorts each week where SpiderOak CEO Ethan Oberman uses a whiteboard to explain some of our basic product functionalities. School yourself and keep an eye out for our next POP QUIZon Friday so you can receive extra GBs.

Who can you trust? This is an important question in today’s race to the cloud. We’ve worked hard over the past six years to build a trustworthy product that upholds user privacy above all else. SpiderOak CEO Ethan Oberman explains how SpiderOak developed its ‘Zero-Knowledge’ privacy policy, what it is, and how it works.

Do you have a .edu email address? Don’t forget – you can enjoy 50% off your private backup/sync/share account:

Sign up today.

Top 5 Reasons You Need SpiderOak Now

  1. That family picture you love will be safe forever. Back up the files that are important to you. Whether it is personal or professional, photos, music, movies, or documents, you’ll be glad you did. Your peace of mind is our priority.

  2. 100% Private. SpiderOak is for the privacy conscious. Only you can see your data – never our employees or the government. That is what sets us apart from other cloud providers. And that is what we mean by our “Zero-Knowledge” privacy standard. Your files are encrypted at the highest level. We do everything in our power so you feel safe with us.

  3. Cross-platform. Access your files anywhere, from any device. Windows, Mac OS X, and Linux (Ubuntu, Debian, Fedora & openSUSE) compatible.

  4. It’s easy. Once you sign up for a SpiderOak account, we will automatically sync with the files you choose. A few clicks, and we go to work for you, making sure we save the data you care about. Our friendly support team is always on standby to answer any questions you may have.

  5. Share files – safely. Even though all your files are encrypted, you can carefully and selectively share something from your account with the family, friends, colleagues, or clients of your choosing. All you have to do is create a ShareRoom and send the unique web URL to whoever you’d like.

If it sounds too good to be true, that’s because it is. We have your best in mind when it comes to life in the cloud, and privacy is our specialty. Give us a try with 2GB free for life. Get started now, and let us know what you think.

Want to learn more? Read our Engineering Matters page for the more nitty gritty technical details, and what makes us different from the competition.

Announcing: SpiderOak Blue OpenLicense

Yesterday, we announced the world’s first truly private cloud storage system designed for institutional use – SpiderOak Blue OpenLicense (OL). Our enterprise customers are growing and one exciting trend is the increasing number of colleges and universities needing to fully manage the data of their faculty, staff and students. Now, University IT departments can easily deploy a cloud-based backup – sync – share product, centrally manage accounts, and keep ‘Zero-Knowledge’ privacy intact.

Validating this need is Richard Stiennon, Chief Research Analyst at IT-Harvest. “Universities are a major adopter of cloud-based technologies because they have an inherent need to store a tremendous amount of data,” said Stiennon. “Because of the high value of the intellectual property being stored on their private clouds — as well as the potential for this data to be subpoenaed under federal law — universities need to consider a cloud provider which can off-set that responsibility and assure their students complete privacy and transparency. This can only be assured within a ‘Zero-Knowledge’ environment.”

In addition to the functional benefits SpiderOak Blue OL provides, we can extend learning institutions a significant labor-saving solution. Rather than procuring and allocating additional storage hardware, colleges and universities can seamlessly create and remove storage space on an as-needed basis. This allows for an easy transition for outgoing seniors whereby they graduate into a standalone SpiderOak account and are able to manage their own storage needs.

No matter what phase of learning or degree of pursuit, it’s always satisfying to hear from happy students such as Ross Mounce, PhD Student & Panton Fellow at the University of Bath, United Kingdom. “SpiderOak is great for research data management. The ‘Zero-Knowledge’ privacy client-side data encryption provides far better security than Dropbox, whilst maintaining excellent ease of use and cross-platform syncing.”

Explaining The Cloud to my Grandparents

Granny and Papa

Pleasure to meet you! I’m new to the SpiderOak team. And I’m new to the cloud technologies space – I come from four years of work with an international nonprofit, Water.org.

I’m completely fascinated. Intrigued. Excited, even. I find myself not only spending time each day learning more about the world of backup, sync, share, and access (mobile), and all things related, but trying to adequately explain to someone else in my life what it all is. It’s good practice.

I recently visited my beloved, hospitable and humorous grandparents – Granny and Papa – in Memphis, Tennessee. As I told them about SpiderOak, they asked the question I have come to expect on a regular basis: “What is the cloud?”

A few weeks ago, SpiderOak’s Jovan Washington wrote a blog post called “Living the CloudLife: Cloud Computing 101,” in which he rightfully called cloud computing a critical trend, and asked “How would you explain the cloud to your mother?”

I took on that challenge. But let me give you a little background: Papa gets on AOL every morning to check his email, the news, his stocks, and forwards the latest funny email, such as “Wal-Martians”. He also keeps tabs on some of the family via Facebook ( i.e. “lurking”). I helped my Granny get on Pinterest (although she loved it, I don’t think she’s active), and she has an e-reader. As far as grandparents go, I think they are doing pretty good with progressive technology.

So I told Granny and Papa:

“The past few years, I haven’t had my own personal laptop, just my work computer. And I obviously had to turn that back in when I left. Since I’d had it for years, it had all my personal music, photos, and documents on it too, besides work stuff.

So, I opened a SpiderOak account, and had it backup, or save, everything off my computer. Then, I completely erased everything on my computer, and turned it back into work, empty. Now, whenever I buy a new computer, I can login my SpiderOak account, and grab anything I want that I had saved off of my old computer. I can just access it, or save it to my new computer. But it’s all there – on the cloud. And no one can get to it but me. And if my computer burns in a fire, everything will still be there for me in the future.”

Even within these past few weeks, I’ve learned to tell most people – “Actually, you know what the cloud is, you just don’t know you do – all of our photos on Facebook, our email in gmail, anything in Google Docs, or if you have photos on Flickr – that is cloud storage, or cloud-based sharing.”

What do you think? How did I do? What did I miss? How do you explain the cloud to someone who doesn’t know?

I’m excited and honored to be a part of the SpiderOak team, getting to know you – the loyal SpiderOak user, and the ever-growing space. In fact, you probably recently heard that Google announced its contribution: Google Drive.

If you missed it, last week, our CEO Ethan Oberman was interviewed on InvestorPlace about the Facebook IPO. I also enjoyed the 6 Myths About Cloud Backup You Probably Thought Were True (as well as the Zero-Knowledge shout out that linked to our mention).

Cheers! Thank you for the warm welcome, and see you here again very soon…
Erin Swanson

P.S. Stay tuned for a SpiderOak announcement this week, particularly of interest to universities.

New Browser-Based Signup Process & Maintaining ‘Zero-Knowledge’ Privacy

One of the things that has always made SpiderOak unique is our ‘Zero-Knowledge’ privacy policy. ‘Zero-Knowledge’ means no one at SpiderOak has the ability to access your data – ever. Even if we wanted to access your data or received a subpoena to do so we could never turn over plaintext data. This is accomplished by encrypting all data on your machine before it is sent to us, using encryption keys generated from your password.

With this new version of SpiderOak, we are changing our signup process to include password creation in the browser. But how can we do this and ensure ‘Zero-Knowledge’ privacy? Isn’t creating a password on the web (via a browser) in clear violation of how we maintain our security?

The short answer is that we hash your password before sending it to our servers. A hash is a one-way algorithm such that there is no way for us to reverse the hash and figure out your password. When you try to login for the first time, we hash your password again in the client and compare it to the hash stored in our servers. If the two match we know that you entered the correct password. We use a javascript implementation of bcrypt to do the hashing. This gives the convenience of a simplified signup process while maintaining your privacy. And if you don’t trust this process, we encourage you to disable javascript during signup and you will be not be prompted to create a password in the browser.

Now to focus on our motivations for making this change. We used to have everyone signup in the SpiderOak application which was great from a security perspective; however this process was awkward for customers who are used to signing up for services on a website instead of downloading an application first. It also didn’t work well with tracking behaviors – most notably our Refer-A-Friend program. Previously, when someone followed a Refer-A-Friend link to our website we had no way to know when they signed up in the application. We had a system that was pretty good at guessing after-the-fact but it was slow and often missed signups. It could take up to several weeks to get credit and sometimes the user wouldn’t get credit at all.

We needed a better solution so we conceived a way to move a portion of the signup process to the web. Since password creation was still handled in the application, we needed a way for the user to identify him/herself when the application launched on their computer for the first time (otherwise anyone could steal the account before a password was created). We accomplished this connection through generating activation codes. This system solved the Refer-A-Friend problem but activation codes proved to be a bit clunky. People would lose them or not understand what they were for.

That brings us to today. The goal of any signup process is to make it as easy and seamless for the user as possible. In our case, we also always have to keep in mind our user’s privacy which adds to the complication. With this new process in place and thanks to bcrypt, we have a much simplified process while maintaining our important ‘Zero-Knowledge’ privacy.

In the end, privacy isn’t just something we seek for additional challenge but rather a philosophical approach we believe in deeply; we have never been willing to abandon it for convenience. That said, we are always looking for ways to provide our high level of security in simpler and more usable ways. I believe that this change accomplishes our goals.