Why I’m saying goodbye to Dropbox and hello to SpiderOak Hive
Update: Since writing this post I’ve moved on. I’m now using a combination of Dropbox (shared, work stuff) and Bittorrent Sync (everything else). More in this post.
TL;DR version: I’m moving from Dropbox to SpiderOak for file sync/backup. SpiderOak not only encrypts files in transit, but on their servers. The encryption key stays on the user’s machine so SpiderOak employees (or anyone else) can’t get access to your files.
I’ve been a happy Dropbox user for years. I even took Lifehacker’s advice a couple of years ago and made it, effectively, ‘My Documents’; if it was on my machine it was backed up to Dropbox’s servers. I’ve had zero user experience issues with Dropbox, finding it efficient and useful for when I want to share something while on-the-go. The mobile apps are great and the pricing plans are reasonable.
So why have I just jumped ship to SpiderOak?
My main concerns are around the NSA revelations. I’ve taken my time to read up on what’s going on and, last Sunday, finally felt I could write my response. As a consquence, I’m reviewing the core services I rely upon on a day-to-day basis. I had Dropbox in my crosshairs due to their seemingly regular and high-profileย security breaches. It helped that my yearly renewal was due this Friday.
Perhaps the easiest way to explain the difference between Dropbox and SpiderOak is like this: if you forget your Dropbox password you’re able to reset it. That’s great, but it means that Dropbox has the means to access your files as they hold the key to unlocking your files.
It’s worth saying at this point that I don’t, to my knowledge, do anything wildly illegal. But why should others have access to my files? There’s a reason we put curtains on our windows. Privacy is something that we should care about and defend.
Something we’ve all learned from the Lavabit fiasco is that government security agencies can force individuals and companies not to release details of privacy and security infringements. So if my files were accessed I’d be none the wiser. Dropbox is insecure from many angles. I wanted out.
SpiderOak encrypts your files and then sends them securely to their servers. The key to decrypt those files is on your machine. The key and the files aren’t kept together. It means, of course, that you have to have a reliable password system in place (I use LastPassย and 64-character strings) but means people can’t access your unencrypted files on the ‘cloud’ server.*
I researched many other options to Dropbox. I’ll not detail them here as I had to reject them for one reason or another. Instead, I think it’s worth quoting from the SpiderOak FAQ in response to the question ‘What if I forget my SpiderOak password?’
Changing your password from any computer in your SpiderOak account will reset your password for all your computers and the website. However, if can’t reset your password from another machine and the hint has still not helped you remember your password, then I’m afraid your only option is to open a new account. Here at SpiderOak we take our zero-knowledge privacy policy very seriously, so we never have any knowledge of your password and no way to retrieve or reset it, even in emergencies. It’s our way of ensuring that our customers’ data is always completely secure… even from ourselves! If you need any more assistance recovering your password or resetting your account, please contact [email protected].
It looks like there’s different ways you can use SpiderOak, but I’m going to be using SpiderOak Hiveย almost exclusive as it offers ‘drag-and-drop syncing across all your devices’. In essence, it’ll be a replacement for my Dropbox folder.
I’ll still be keeping my free Dropbox account for legacy shares and my ebook workflow. Other than that, I’ll be using SpiderOak.
Now then, you’ll have to excuse me. I’ve got >100GB to sync… ๐
*You should have full-disk encryption turned on and switch off your computer when you’re finished using it, if you want to secure the files on your computer.
I had done the same move last year but had come back to Dropbox due to the poor quality of Spideroak mobile applications. I think with the recent concerns around data privacy, I will follow your lead and give it a new shot.
Thanks for your article.
Cool. The simplicity of SpiderOak Hive (i.e. as easy to use as Dropbox but with enhanced security) was the clincher for me!
Did you try BitTorrent Sync? Peer to peer, not on the cloud? ๐
Yes, and I use BT Sync – but I need something that’s constantly backing up my stuff *and* allows me to quickly send links to stuff on-the-go.
Your mileage may vary! ๐
FYI, I rent a vps on digital ocean for $5 a month and get it backup. This will also ensure downloads when synching is also fast.
I’ve tried this switch myself three different times since Spideroak was first released a few years ago. It has never been stable, had always been very flaky across devices and often failed completely.
I wish you luck with it and really hope it works, but my own experience has ruled Spideroak out as a secure storage option.
Thanks Jeff, I’ll see how I get on. ๐
They are still a US company. They could get an NSL ordering them to send you a trojaned client that will then steal your passphrase. I’m looking into wuala. They are a run by a Swiss company. It seems like they stand a better chance of not being forced to subvert my security.
Why is no one talking about COPY https://www1.copy.com/ ….Give it a try ๐
US company, fail. Use Mega.co.nz
“Itโs worth saying at this point that I donโt, to my knowledge, do anything wildly illegal.”
Yes, but ignorance of the law is no defense. It’s been said the average person commits three felonies a day. You are not safer just because you don’t know what they are.
I found that I was only really using Dropbox as a backup tool and didn’t really use any of the mobile access, web UI or sharing features. That meant I could just replace it with the open source tool, duplicity, which encrypts and copies files to any location you like (locally, S3, Cloudfiles, etc). I wrote about this at https://blog.serverdensity.com/secure-encrypted-backup-using-duplicity-for-linux-and-mac/
How does SpiderOak allow access to your files on mobile if it’s encrypted? You have to enter your key into their mobile app? Since it’s closed source, isn’t that a potential security issue?
This “solution” is just another iteration of the thing that drives government acceptance of NSA data collection in the first place – a culture of fear and knee jerk reactions to that fear – it just keeps spiralling in on itself. This switching of services is a poor to non-sensical response IMO. If you have something NSA wants to see, your encryption is not likely to stop them.
The only solution to all this incredible nonsense, is to see and understand the drivers at play and get a consensus going that too much fear mongering is introducing huge costs everywhere in American society – let alone the terrible damage being done to the concept of personal privacy.
Until the utopia* of fear-free society arrives, where privacy is a given and no one ever reads anyone’s plain-text data, we need to encrypt. There is no single solution, and encryption is only part (although a necessary part) of the equation. There will never, ever be societal reform that makes encryption completely unnecessary.
The issue is not about 100% protection against the NSA. It’s about making the difficulty of reading our data more costly (in time and resources) than the NSA is willing to spend on a whim without
probable cause.
Encryption is not a knee-jerk reaction. It’s a necessity, and is the only thing that will put a cork in the mass surveillance firehose. Legislation will only make it illegal, and we’re seeing that illegality means nothing to the powers in play.
The realistic, present-day solution is simple built-in encryption by default for all services and storage. When all of our data is stored in plain-text, unsecured, there is no barrier to the NSA or other parties from reading and using it. Just as we wouldn’t mail an unsealed envelope or build a house with no locks on the doors, we should not send or store unencrypted data.
*that will never happen
It’s not utopia I’m looking for or have any hope of – it’s a moderation of response, as well as, *thoughtful* responses and dealing with root causes rather than symptoms.
See Rodalpho’s post to understand why *this* solution is knee-jerk and not fully thought through.
BTW – encrypting everything is not without very significant costs – intended and unintended.
A culture of trust that is *designed and constructed* to work most of the time (there will always be some abuse) is highly efficient from a societal view point – a cultural of mis-trust is highly inefficient – you can look no further then the American Congress to see the incredible inefficiencies and grid-lock resulting from both parties mistrust of the other.
“If you have something NSA wants to see, your encryption is not likely to stop them.”
Not if the encryption is strong enough.
“The only solution to all this incredible nonsense, is to see and understand the drivers at play and get a consensus going that too much fear mongering is introducing huge costs everywhere in American society – let alone the terrible damage being done to the concept of personal privacy.”
Indeed, but that’s not exactly something I can do right now by myself. Happy to contribute (and have done before) to international campaigns. ๐
Spideroak is MORE secure than Dropbox, but really that’s false security. They are located in the USA, and the government could approach them and force them to change their client to upload your encryption keys, and you would be none the wiser. That’s basically why Lavabit shut down.
If you’re really concerned about privacy, you should probably be using truecrypt containers and just live with the much longer sync times. Of course they aren’t multi-user aware, so you can’t have them open on multiple computers simultaneously, so that’s not a great option either.
What we really need is a version of truecrypt that can handle being accessed and written to by multiple clients simultaneously.
This is a problem which would be there whenever all data is managed by a central entity. Bittorrent sync sounds like a nice alternative. Have you looked at https://register.blib.us ? It lets you run your own dropbox in your computer or their cloud.
Indeed, and was specifically looking for more secure Dropbox replacement rather than an ultra-secure, tinfoil hat solution. I always have the option to add in TrueCrypt containers later… ๐
See, that’s where we disagree. I don’t find “more” secure to be valuable– that is false security. The server is either secure or it isn’t. Spideroak isn’t.
If spideroak was fully secure, not hosted in or owned by people living in one of Snowden’s big 5 (US, AU, UK, CA, NZ), encryption with user-owned keys, two-factor authentication, and an open-source client (see the dropbox reverse-engineered vulnerabilities exposed yesterday), I would probably switch.
If it doesn’t offer all those things, I don’t see any real reason to switch.
So there’s no point in moving up the security spectrum? Up to you, but find that an odd position to take! ๐
It’s not worth the trouble of switching from Dropbox, a service that I love, no. Just IMO of course.
I checked out S.O., The privacy all sounds impressive, but lets be realistic. Unless I can compile the source of the client AND verify/specify my own keys, then it’s all for show.
Dropbox is encrypted between the computer and server, and the data is encrypted on their servers. So there is some privacy, but the fact that their admins can access my data is unnerving. I haven’t completely abandoned Dropbox for a couple reasons: 1. app/platform accessibility and integration, and 2. I use True Crypt for files that I want another layer of privacy on. I do have a SpiderOak account, but I use it the same way as I do Dropbox – if they can access my computer then they can access anything.
Well given the UK government (via GCHQ) seem do the US government’s bidding, I doubt the Swiss government would be too different.
I want a solution that I feel the average user could use and that I can recommend to others. I don’t want to get my tinfoil hat out – just yet. ๐
This (geographic location) is exactly why the idea of a zero-knowledge storage setup is really smart. Spideroak has great ideas on that front.
What do you think LavaBit has been ordered to do that was so bad they had to just shut the company down? Everything on their servers is encrypted. They don’t have the ability to decrypt it. Their security is stronger than Dropbox’s. So what were they told to do?
This isn’t tinfoil hat stuff. This kind of thing is documented. Hushmail admits to trojaning their client when ordered to do so by the Canadian government: http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/
I would be trying out Canonical’s UbuntuOne offering if they weren’t based in the UK. I figure a UK-based service is no better than a US one. But Switzerland? If any company has a good track record on keeping secrets and protecting privacy, surely it is Switzerland. They are, after all, neutral country #1.
Very good points that I can’t argue against.
Because their privacy policy states:
“It may be necessary – by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence – for us to disclose your Personal Information, Non Personal Information, and Private Data Files. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.”
Which means I’d be no better off than using Dropbox. :-/
From what I’ve read, Mega actually uses *less* encryption than other providers?
Again:
“If we think it is necessary or we have to by law in any jurisdiction then we are entitled to give your information to the authorities. We reserve the right to assist any law enforcement agency with investigations, including and limited to by way of disclosure of information to them or their agents. We also reserve the right to comply with any legal processes, including but not limited to subpoenas, search warrants and court orders. We may disclose your information to enforce or apply our Terms or any other agreement we have with you; or to protect the rights,
property, or safety of us or our other users or the operation of our services and the website.”
Indeed, and I made the exact same point to my (horrified) mother-in-law last night. Hence the move. ๐
Hi David, thanks for the link. ๐
I’d check out the ‘Engineering’ section of the SpiderOak site: https://spideroak.com/engineering_matters
This is what they say:
> When accessing your data via the SpiderOak website or a mobile device, you must enter your password which will then exist in the SpiderOak server memory for the duration of your browsing session. For this amount of time your password is stored in encrypted memory and never written to an unencrypted disk. The moment your browsing session ends your password is destroyed and no further trace is left.
Thanks! Are you happy with that response? Or do you find that problematic?
For me, that seems OK.
Yeh, seems reasonable. It’s about a tradeoff of security vs convenience. My use case is pure backups so I don’t need the remote access but if you want a direct replacement for Dropbox then this make sense.
You also have to consider who you’re protecting against. If it’s direct targeted surveillance against you personally then that is a significantly more difficult situation to defend against vs the more passive monitoring of everything, which is what most people are probably concerned with.
Although I get that ‘legal’ and ‘illegal’ are relative, fluid terms I have no reason to think that I’m being specifically targetted for surveillance. I just don’t like people having access to my stuff. ๐
This means that if the government walks in with a NSL, all they have to do is tell SpiderOak: “we need access to your servers’ memory to capture suspect X’s passwords,” and SpiderOak would have to comply.
The real downside to this is that access to Suspect X’s password also grants them access to *all* SpiderOak user passwords.
I guess if you are truly paranoid, you wouldn’t use web/mobile access.
Well, indeed. This just moves me along the spectrum a bit. It’s not the full tinfoil hat approach.
It’s always going to be a balance/trade-off between security and functionality.
I use synology cloudstation
Relying on geographic location for data security is really, really short-sighted. Where you put your data is nowhere near as important as how you store it. The location is unimportant if you encrypt before upload.
+1 to that.
Why not encrypting your dropbox folder with BoxCryptor or something similar?
Agreed, but OSS != ‘ultra secure’. Checking crypto stuff is notoriously difficult in any case.
I hadn’t, thanks for the link! ๐
I’m not looking to self-host, though, so that was a constraint on my options.
” if they can access my computer then they can access anything.”
I’m not sure that’s entirely true. But I’ll investigate. ๐
That’s something that resides in your house, right?
Yes. It’s a tiny NAS but they’ve built a Dropbox clone on it that’s very sleek. I have to open a port on my home network, and I also scrapped together a DIY dynamic DNS for myself. But on the plus side I have no practical limits to space, all traffic over my own SSL cert and very fast sync on LAN.
Ah, given the limits of rural broadband, I don’t want to self-host. That’s the thing.
Because that means using two cloud providers instead of one. I like Occam’s Razor. ๐
Interesting. Never heard of the company. Can you share folders among other people as well?
It doesn’t seem to have been mentioned here – you may also want to look at OwnCloud.org. Free, open source, self-hosted DropBox alternative. For being as young as it is, it’s solid and works well.
There is a paid version as well with more enterprise-level support, but I have not tried that yet.
Interesting that you’ve switched everything from DropBox, but you’re actually storing the 64-character password at LastPass, who has had a major breach in the past. While they surely hash that password where it’s stored, breaking one targeted password is not difficult, and they can be coerced to give up your data all the same. This type of advice creates a foolish false sense of security.
Good point, but AFAIK the breach didn’t give away anything other than salted hashes?
What about LastPass giving your passwords to NSA?
I find this, from LastPass’ FAQ, reassuring:
“LastPass is *never *sent your Master Password, so we can’t send it to you or reset it for you.”
AFAIK the master password only resides on your computer?
I have got an owncloud instance, but want to pay other people to maintain this stuff for me. ๐
Yep, think so!
” if you forget your Dropbox password youโre able to reset it. Thatโs great, but it means that Dropbox has the means to access your files as they hold the key to unlocking your files.”
It’s all about trust.
What makes you think that Dropbox would access your files?
What makes you think that SpiderOak doesn’t keep a copy of your file somewhere?
Why would I trust a commercial company? Dropbox could give access to anyone and I’d never know. SpiderOak, on the other hand, can’t decrypt my files.
SpiderOak is a commercial company too. And nothing prevents you to encrypt your files before uploading them to Dropbox.
The fact that SpiderOak use a more secure authentication doesn’t mean that they can’t access your files. After all, they are stored on their servers…
Not trusting Dropbox is a thing, not trusting Dropbox BECAUSE it’s a commercial company is one of the dumbest thing I’ve ever read.
You’re the one who said it was a trust issue. ๐
It’s not to do with ‘more secure authentication’ – it’s to do with the fact that SpiderOak don’t have access to the keys to decrypt my files.
From what I’ve seen on their site, you need to use their software to encrypt & upload your files.
Why should you trust them when they tell that they encrypt the files before uploading them? They don’t open source their code. It’s a proprietary software.
In a true Lavabit scenario, the government wouldn’t need to get SpiderOak to divulge your password. They’d simply walk in with a FISA order to backdoor the client software running on your computer and mobile device. It’s all closed-source, right? You’d never know.
The only solution for the truly paranoid is to do all encryption before any of these services see your data. Under that regime, Dropbox is no worse than SpiderOak.
That’s a good point. But as SpiderOak have mentioned on the HN discussion thread, most of their stuff is open sourced and on GitHub: https://github.com/SpiderOak/
Did not see anybody mention Wuala. They were one secure alternative I was considering to Dropbox. Also they are based in Switzerland, which might be a plus or minus depending on how you value that.
Most of it is open-sourced and on GitHub, actually.
Not the desktop client at all: ” For the moment, the SpiderOak client will remain a closed source, commercial application.”. So good luck to really know what they are doing with your files (beside money ๐ )
But Open Sourcing it is on the roadmap. As I say, it seems a better solution than Dropbox, without going full tinfoil-hat. ๐
And the only part open sourced is the mobile client btw. The rest is just frameworks and tools that they developed, which is great, but doesn’t allow you to see by yourself what they are doing with the files on the server (so no, “most of it” is not open sourced)
Given UK complicity I’d trust encryption over geographic location any day. ๐
Cubby.com?
Nice, hadn’t seen that, but their privacy policy states:
“LogMeIn will not transfer your personal information to third parties, except we may transfer your personal information without your consent to the extent required to do so by law or in the good faith belief that such action is necessary to: a. conform to the edicts of law or comply with legal process served on LogMeIn or the site; b. protect or defend the rights or property of LogMeIn, c. act in urgent circumstances to protect the personal safety, property, or privacy of LogMeIn’s employees, users of LogMeIn’s products or service, or members of the public, or d. effect a transaction, restructuring or proceeding that transfers to a third party the assets or line of business to which the information pertains.”
I was thinking more about this option…http://blog.cubby.com/2013/02/20/technical-deep-dive-cubby-locks/ I tried SpiderOak and didn’t enjoy the user experience, but have loved Cubby.com. It seems secure enough for 99.99% of uses, and light of https://news.ycombinator.com/item?id=6298485, I think to a certain extent we are fighting the last battle.
Wow, thanks for the link to that HN thread – fascinating and worrying in equal measure.
The obvious deficiency in the strategy: if companies can be forced to surreptitiously share your data on the back end, they can also be forced to surreptitiously change their software to transmit your encryption key as well. As long as you’re running their software, you’re not secure, you’re just trusting them to do what they say they’re doing.
You can also use Jungle Disk which gives you the ability to store your files on Amazon S3 or Rackspace hosting. As with SpiderOak you can set your own encryption keys however I don’t believe they have a good mobile solution ๐
Yeah, I used to use that to back up to Amazon S3 but I’d have to manually encrypt my end. And, as you say, there’s no mobile solution.
Thanks!
Another option is to stay with Dropbox and encrypt your content *before* Dropbox can sync it – that’s what http://safeboxapp.com does (disclaimer: I’m one of the two man team who created Safebox).
Well, yes, but then why would I trust Safebox? Also, using two services instead of one seems… sub-optimal.
You can get a feel for Safebox by reading the FAQ (http://www.safeboxapp.com/faq.html). Basically Safebox is an app, rather that a service, so there is only one small outlay rather than a reoccurring fee. Also, only you know the password used to generate your encryption key.
Others here have commented on the stability and quality of SpiderOak – but if it is working for you that’s the best result and there is no reason to switch. Others wishing to stick with Dropbox can use Safebox to keep their content private.
Thanks! I’m due to post an update on my SpiderOak usage (or lack of it) soon.
Syncthing definitely deserves a mention: https://syncthing.net/. It’s peer to peer syncing, open source, so no costs, no limits, no hidden backdoors. I use Dropbox for public collaborations, because that’s what other tend to have. For all private mirroring / cross-device usage – syncthing is it.