TL;DR version: I’m moving from Dropbox to SpiderOak for file sync/backup. SpiderOak not only encrypts files in transit, but on their servers. The encryption key stays on the user’s machine so SpiderOak employees (or anyone else) can’t get access to your files.
I’ve been a happy Dropbox user for years. I even took Lifehacker’s advice a couple of years ago and made it, effectively, ‘My Documents’; if it was on my machine it was backed up to Dropbox’s servers. I’ve had zero user experience issues with Dropbox, finding it efficient and useful for when I want to share something while on-the-go. The mobile apps are great and the pricing plans are reasonable.
So why have I just jumped ship to SpiderOak?
My main concerns are around the NSA revelations. I’ve taken my time to read up on what’s going on and, last Sunday, finally felt I could write my response. As a consquence, I’m reviewing the core services I rely upon on a day-to-day basis. I had Dropbox in my crosshairs due to their seemingly regular and high-profile security breaches. It helped that my yearly renewal was due this Friday.
Perhaps the easiest way to explain the difference between Dropbox and SpiderOak is like this: if you forget your Dropbox password you’re able to reset it. That’s great, but it means that Dropbox has the means to access your files as they hold the key to unlocking your files.
It’s worth saying at this point that I don’t, to my knowledge, do anything wildly illegal. But why should others have access to my files? There’s a reason we put curtains on our windows. Privacy is something that we should care about and defend.
Something we’ve all learned from the Lavabit fiasco is that government security agencies can force individuals and companies not to release details of privacy and security infringements. So if my files were accessed I’d be none the wiser. Dropbox is insecure from many angles. I wanted out.
SpiderOak encrypts your files and then sends them securely to their servers. The key to decrypt those files is on your machine. The key and the files aren’t kept together. It means, of course, that you have to have a reliable password system in place (I use LastPass and 64-character strings) but means people can’t access your unencrypted files on the ‘cloud’ server.*
I researched many other options to Dropbox. I’ll not detail them here as I had to reject them for one reason or another. Instead, I think it’s worth quoting from the SpiderOak FAQ in response to the question ‘What if I forget my SpiderOak password?’
It looks like there’s different ways you can use SpiderOak, but I’m going to be using SpiderOak Hive almost exclusive as it offers ‘drag-and-drop syncing across all your devices’. In essence, it’ll be a replacement for my Dropbox folder.
I’ll still be keeping my free Dropbox account for legacy shares and my ebook workflow. Other than that, I’ll be using SpiderOak.
Now then, you’ll have to excuse me. I’ve got >100GB to sync…
*You should have full-disk encryption turned on and switch off your computer when you’re finished using it, if you want to secure the files on your computer.