Before Christmas I organised a productivity-focused call for some of us at the Mozilla Foundation.* One tool I recommended was Notational Velocity, a service that syncs with Simplenote. However, I haven’t used it for a while as I’ve been trying to get to grips with using Evernote.
We’re moving to another country next month and, as part of that, I’ve set up a stack of notebooks in Evernote that I’ve shared with my wife. It’s our ‘external brain’ as it were, a place where we can dump information and sort it afterwards. On a couple of occasions, though, I found that we’d lost information. I just assumed that one or both of us weren’t ‘using it properly’.
Disturbingly, on Hacker News this morning I came across an article by former TechCrunch writer Jason Kincaid entitled Evernote, the bug-ridden elephant. After reading it (and I suggest you do too), I’m ready to return to a Simplenote-based solution.
While I’ve come across an app called Simple-for-Ever that syncs notes from Simplenote to Evernote, I haven’t found one that does the reverse. There’s a paid-for service called CloudHQ that’s allowed me to backup to both Google Drive and Dropbox, but is limited to
50 files 2GB of data transfer unless you pay $4.90/month or $49/year.
Update: a commenter on Hacker News asked why I wasn’t prepared to pay this. Given that I’ve been paying for Evernote Premium its not the money I’ve got an issue with. I’m just checking it works – and flagging to readers that it’s not an entirely free service.
Update 2: when you reach the 2GB limit for your trial, CloudHQ presents you with an option to get unlimited data transfer during the trial by tweeting about them.
Happily, if the worst comes to the worst, Evernote allows me to export everything to HTML. That’ll teach me to trust bloated closed-source products, eh? 😉
Update 3: the CEO of Evernote responded to Kincaid’s blog post here. I’m still moving away from it as I’m using Chrome OS more and more these days. Evernote’s web interface is clunky.
Update 4: I’m no longer using Chrome OS, nor GMail.
*You can see the etherpad we used for that call here.
Image CC BY-SA Igor Schwarzmann
TL;DR: I’m now using a combination of BitTorrent Sync and Dropbox for my file sync and storage requirements. I use the former for private stuff and with the latter I just assume that everything in there is publicly-accessible.
Last month I wrote a post entitled Why I’m saying goodbye to Dropbox and hello to SpiderOak Hive. I learned so much in the 48 hours following its publication.
First of all, because the post hit the front page of Hacker News, this blog was overwhelmed with traffic. Whereas I get anywhere between 200 and 1,000 visits per day, on that I got more than 15,000 in just a few hours. It would have been more but I hadn’t configured my web hosting properly and so the server went down. That’s something I’ve sorted out, using the Quick Cache plugin for WordPress and signing up for the free version of Cloudflare.
Second, the comments I received on the HN thread and the blog post itself were eye opening. I’d assumed that SpiderOak’s commitment to encrypting my files using a password only I knew kept me safe. It turns out that’s not the case:
If SpiderOak had been compromised by the US government forcing them to install a backdoor, they would be forbidden by law from telling anyone about this. They would not be allowed to remove the clauses from their service description that claim no-one is able to decrypt your data.
This is the special risk of dealing with US-based companies. They can be forced to install decryption backdoors or hand over their users’ data while continuing to tell the users they are unable to do so. So you must assume no US-based service is truly secure.
I went down deep, dark holes investigating other options that I’ll not discuss here. What woke me up, though, was a couple of things. One person said to me something along the lines of:
Is the NSA a credible threat against you and your family?
To which I had to reply that while I feel uncomfortable about it all… no, they’re not. Their suggestion, therefore, was that political and social pressure to reform the NSA was probably better than trying to outgun a well-funded government body that has the force of law on their side.
Although there were some suggestions of some niche products, the most common suggestions were that I either encrypt my files before syncing with Dropbox, or that I use BitTorrent Sync. I’d already been experimenting with BTSync, so in the end I’ve decided to go with that. Having to unmount drives to ensure they’re synced with Dropbox in an encrypted state is an annoyance and something that I’m likely to forget to do.
So I’ve cancelled my SpiderOak account. They were really good about it, actually. And instead I’m syncing private files (like family photos, documents pertaining to money, sensitive information, etc.) between my laptop, HP MicroServer and kitchen PC. Anything I’m likely to want to share with others and which is fine being in the public domain goes in my free 18GB Dropbox.
It’s working pretty well so far, especially now BTSync has both Android and iOS clients. 🙂
Update: Since writing this post I’ve moved on. I’m now using a combination of Dropbox (shared, work stuff) and Bittorrent Sync (everything else). More in this post.
TL;DR version: I’m moving from Dropbox to SpiderOak for file sync/backup. SpiderOak not only encrypts files in transit, but on their servers. The encryption key stays on the user’s machine so SpiderOak employees (or anyone else) can’t get access to your files.
I’ve been a happy Dropbox user for years. I even took Lifehacker’s advice a couple of years ago and made it, effectively, ‘My Documents’; if it was on my machine it was backed up to Dropbox’s servers. I’ve had zero user experience issues with Dropbox, finding it efficient and useful for when I want to share something while on-the-go. The mobile apps are great and the pricing plans are reasonable.
So why have I just jumped ship to SpiderOak?
My main concerns are around the NSA revelations. I’ve taken my time to read up on what’s going on and, last Sunday, finally felt I could write my response. As a consquence, I’m reviewing the core services I rely upon on a day-to-day basis. I had Dropbox in my crosshairs due to their seemingly regular and high-profile security breaches. It helped that my yearly renewal was due this Friday.
Perhaps the easiest way to explain the difference between Dropbox and SpiderOak is like this: if you forget your Dropbox password you’re able to reset it. That’s great, but it means that Dropbox has the means to access your files as they hold the key to unlocking your files.
It’s worth saying at this point that I don’t, to my knowledge, do anything wildly illegal. But why should others have access to my files? There’s a reason we put curtains on our windows. Privacy is something that we should care about and defend.
Something we’ve all learned from the Lavabit fiasco is that government security agencies can force individuals and companies not to release details of privacy and security infringements. So if my files were accessed I’d be none the wiser. Dropbox is insecure from many angles. I wanted out.
SpiderOak encrypts your files and then sends them securely to their servers. The key to decrypt those files is on your machine. The key and the files aren’t kept together. It means, of course, that you have to have a reliable password system in place (I use LastPass and 64-character strings) but means people can’t access your unencrypted files on the ‘cloud’ server.*
I researched many other options to Dropbox. I’ll not detail them here as I had to reject them for one reason or another. Instead, I think it’s worth quoting from the SpiderOak FAQ in response to the question ‘What if I forget my SpiderOak password?’
It looks like there’s different ways you can use SpiderOak, but I’m going to be using SpiderOak Hive almost exclusive as it offers ‘drag-and-drop syncing across all your devices’. In essence, it’ll be a replacement for my Dropbox folder.
I’ll still be keeping my free Dropbox account for legacy shares and my ebook workflow. Other than that, I’ll be using SpiderOak.
Now then, you’ll have to excuse me. I’ve got >100GB to sync… 😉
*You should have full-disk encryption turned on and switch off your computer when you’re finished using it, if you want to secure the files on your computer.