Tag Archives: zkaf

Zero-Knowledge Application Framework

Announcing Penetralia: Launch of First-Ever Open Source ‘Zero-Knowledge’ Application Framework

The RSA Conference in San Francisco takes place next week and we will be sponsoring the first annual Penetralia Event with our friends over at Silent Circle, the global encrypted communications service provider.

What is Penetralia? The definition reads:

1. The innermost part of a building, especially the sanctuary of a temple.

2. The most private or secret parts; the recesses; the penetralia of the soul.

Taking place on Monday, the 25th, from 7pm-10pm, the goal of Penetralia is to gather folks from across industries to further the privacy-in-technology conversation. “The underlying premise behind the cloud is that all data is stored or available in plaintext. From an end user perspective, this means everything you upload – from financial documents to family photos to vital company information – exists in a readable format by someone other than you. The ‘Zero-Knowledge’ concept propels the dialogue forward by enabling something previously not possible – maintaining privacy in a cloud environment,” said CEO and Co-Founder Ethan Oberman.

Penetralia is an invite-only event. If you would like to attend, please visit https://penetraliaevent.com/.

Also, this Monday at RSA we will formally announce a first-ever open source ‘Zero-Knowledge’ application framework. This framework will empower both companies and developers alike to take full advantage of ‘Zero-Knowledge’ cryptography and encryption standards through a lightweight utility that runs via the browser.

We believe this framework will deepen the divide between companies that need access to your data as part of their business model, such as Google or Facebook, as opposed to those who don’t, like Evernote or 37signals. With this advancement we ask, “Why would companies choose to store data in plaintext when there is no financial benefit in doing so?”

Secure & private storage API on the horizon?

We wanted to share our announcement that just hit the wire today:

2013: The Year of Privacy

SpiderOak Bringing Privacy to the Cloud Through Open Source ‘Zero-Knowledge’ Application Framework

SAN FRANCISCO, CA–(Marketwire – Jan 28, 2013)– SpiderOak, the ‘zero-knowledge’ privacy cloud technologies provider, revealed today that the company will release an open source ‘zero-knowledge’ application framework (ZKAF) to push privacy further into the web than previously possible. The official launch will come at the RSA Conference in San Francisco and will further signify the evolution from Internet security to cloud privacy.

The ZKAF open source code will be made available on February 25. Additional details leading up to the announcement will be available at the SpiderOak website: spideroak.com.

2013 – The Year Privacy was Found

As the cloud has gone mainstream, so too has the conversation around security. With more data being pushed to cloud servers throughout the world — the need to ensure the data is safe grows. Amidst this dialogue, the concept of ‘privacy’ has been drowned out as it was previously thought not possible to both preserve the privacy of data and also benefit from the advantages of the Internet. This is now all changing.

SpiderOak’s launch of its ZKAF will enable companies and/or developers to apply this framework on top of their application and enjoy all the benefits of ‘zero-knowledge’ privacy without having to understand the detailed specifics around cryptography and encryption. In practical terms, this means that any data generated by an application will never be readable on the server it is stored and, henceforth, remains private and in full control of the end user.

SpiderOak: Privacy Built Into the Technology

From the ground up, SpiderOak was designed with privacy at the core. The company’s industry-leading ‘zero-knowledge’ privacy standard protects user data by encrypting file backup, synchronization and storage throughout every stage. SpiderOak servers never store the plaintext version of a user’s encryption keys (or password). As a result, nobody can view any portion of a user’s content including filenames, file types, folder names, etc. Even the members of the SpiderOak staff with physical access to the servers can never view plaintext user information.

With SpiderOak Blue, the company brings the ‘zero-knowledge’ privacy environment to the enterprise. Through a virtual machine running behind a company’s firewall, SpiderOak Blue connects to LDAP / ActiveDirectory to provide consistent authentication procedures. IT departments have the flexibility and control to create and deploy specific end-device builds depending on the user — managing how and when individual files should be backed up and/or synced. A private cloud offering is also available such that the entire solution is contained behind the company’s firewall or within their server environments.

For more information on SpiderOak Private Cloud and other enterprise products, please visit: spideroak.com/business.

Media Contact:
Ethan Parker, BOCA Communications: (415) 377-0978

It’s Data Privacy Day – Helpful Privacy Tips for You

Here are some of our tips for your privacy protection online. Please let else know what else would might add to the list?

  • Use different, strong passwords for each of your online accounts so if one is compromised the rest are safe. Strong passwords contains letters, numbers, different cases, and symbols.

  • Unused online accounts are a liability. Hackers could use them to infiltrate your more important accounts. Get rid of them.

  • You put a lot of information about yourself on social networks. Would you want that friend of a friend you met once, two years ago to be carrying around a copy of all that information? Probably not. Keep the people you know and trust. Delete the rest.

  • Still receiving bank statements and doctors’ invoices by mail? You don’t need your personal information floating around in your trash can on the curb outside. Call your bank, doctor, credit card company etc. to find out if you can go paperless and manage your records via a secure online portal. You’ll save a tree and protect your privacy. Perfect!

  • Update your web browser (Internet Explorer, Firefox, Safari etc.) regularly to ensure that it’s the most recent version so you can take full advantage of the included privacy features like ‘private browsing mode.’
    (Explorer offers phishing filters, private browsing mode and more; Firefox offers anti-malware, parental controls and more; Google Chrome offers incognito mode, a user privacy settings tab and more.)

  • Taking the time to read a privacy policy in part or in whole to understanding the data relationships that exist on the site will help you make informed decisions when using available privacy controls on a site.

  • Be wary of emails asking you to “update” or “confirm” your information. These are almost certainly phishing schemes aimed at obtaining your personal information.

  • It’s easy to spoof an email sender, so don’t download attachments that you’re not expecting, and don’t download executable attachments at all. If you get an email saying “Run the attached file”, DON’T.

  • You should also never download attachments from unrecognized senders, as they are likely to contain viruses or malicious software that can take over your computer and/or harvest your personal information.

  • Remember to sign out of an online service or account when you are finished with your session, especially if you are using a public or shared computer.

  • Don’t broadcast your location or absence on social media. For that matter, make sure you know where you privacy settings are on social media.

  • Check out some of our favorites for your online use: PrivacyFix (simplifies privacy for you); and search engine DuckDuckGo (does not track any of your personal information).

  • Password-protect your devices.

  • Check your privacy settings before sharing vacation photos.

  • Discuss privacy concerns with your children and other household members. Everyone should understand what you feel is and is not appropriate to reveal on the phone, using a computer, or other situations.

  • Check your credit report regularly.

Find even more tips at StaySafeOnlline.org.

IF YOU MISSED IT: 24 hours left for 28% off

Celebrate Data Privacy Day with us by nabbing 100GBs (an annual plan) at this great discount (details found in Friday’s post).

Thanks for elevating the privacy conversation and Zero-Knowledge privacy with us. We have a big announcement we will post later today.