How to Safely and Securely Store Your Private Data Online with SpiderOak

File storage services in the cloud are very popular these days — and for good reasons. Services such as Dropbox, Google Drive, SpiderOak, iCloud, Microsoft OneDrive, Amazon Cloud Drive, Amazon S3, Box, and numerous others offer free or very low cost file storage space that can be used for any of a number of reasons. Cloud storage serves as an added layer of data protection for your precious and irreplaceable files. Backups are kept in a secure location that is physically removed from the originals, and these cloud-based services provide such a location.

You can store backup copies of your important personal files to provide insurance against hard drive crashes, viruses, ransomware (see my earlier article at https://privacyblog.com/2015/06/15/tox-free-ransomware-is-now-available-for-everyone/), and other computer problems. With many of these services, you can also share files, such as old family photographs, with family and friends.

Another reason to use any of these cloud-based file storage services is to share files amongst your own computing devices. Saving your pictures and documents in the cloud provides an easy way of copying those files and photos to your own tablet computer or cell phone.

Of course, the biggest concern of most users who are not familiar with cloud storage is, “Is it safe?”

Many people have phobias that some unknown hacker is going to connect to a cloud storage service and steal their personal information. In reality, cloud storage is usually safer than what you’re using today storing files only in your own computer. Anyone thinking of using one of these file storage services needs to search for a cloud storage provider that offers secure data transfer, secure stored data, access control, and data separation. These factors offer much higher security than, say, a thumbnail drive that might get lost, stolen, or damaged.

A few years ago I had a laptop computer stolen from the trunk of my automobile when it was in a parking garage. The thief gained immediate access to my credit card numbers, bank account, Social Security Number, a small amount of my medical information, and much more. I spent hours later that evening and the following day changing passwords, calling credit card companies, calling my bank, and more. Storing data only in my own computer is higher risk than storing the same data in the cloud. However, by selecting the proper file storage service, the already low risk of online file storage can be reduced even further.

One common fallacy is that “the only people who care about privacy are those who have something to hide.” In fact, that is false. The notion that we should not care about privacy is largely promoted by companies such as Facebook, Twitter, Google, and many others who depend on you using their product. They offer you services as an excuse to collect personal information about you and then use that info for advertising purposes or to sell to others.

For anyone concerned about the security of their personal information and files (and who isn’t concerned?), SpiderOak is probably the way to go. It isn’t the cheapest, it isn’t the fastest, it isn’t the most flexible; but it certainly appears to be the most secure of all the cloud-based file storage services mentioned above. SpiderOak has no clue what you’re storing. In fact, not even the SpiderOak employees can read the things you store in the SpiderOak service. The company cannot gather and sell information about you simply because it cannot see any of your information.

With most other file storage and replication services, the employees of the company can at least see the file names that you store, even if they cannot read the contents. Not so with SpiderOak as even the file names, file sizes, and other meta data are encrypted. All that the SpiderOak staff can see are sequentially numbered containers of encrypted data. In the rare event that a hacker might be able to access your SpiderOak account, all the hacker will see is the same sequentially numbered containers of encrypted data. SpiderOak also can never be forced to hand over data to any government simply because the company cannot see what is in your files.

Perhaps the best recommendation for SpiderOak came from Edward Snowden: “Dropbox is hostile to privacy, unlike ‘zero knowledge’ SpiderOak.”

This is different from how other services store data, such as Dropbox which has had security problems. See http://www.zdnet.com/article/dropbox-drops-the-security-notification-ball-again/ and https://grahamcluley.com/2014/05/dropbox-box-leak/ for information about Dropbox’s past security problems, including publicly exposing tax returns of Dropbox customers.

SpiderOak has settings that can be configured to automatically make backup copies of files at regular intervals in increments of minutes, hours, and days. Unlike some other file storage services (we’re looking at YOU, Dropbox!) you can automatically back up any folders on your hard drive, regardless of the names of the folders. You do not need to create a special folder called SpiderOak or Dropbox or anything else.

Another customization lets you select or deselect files of varying types and sizes from being backed up. For example, you can exclude from backups all files that are greater than a certain size, or that use different keywords in their file names, or that are older than a defined age. You might want to backup all files with names ending in .DOC or .XLS but ignore all other files. SpiderOak will automatically back up the folders and files you’ve selected except for the specified exclusions. Any time you update a file, only the changed parts will be re-uploaded.

SpiderOak software is available for Linux, Windows, Macintosh, Android and Apple iOS (iPhone, iPad, and iPod Touch). You install a small piece of SpiderOak software on the computers of choice. That software encrypts everything before sending files to SpiderOak’s servers. The files get transferred and then are stored on SpiderOak’s servers in the same encrypted form. None of the passwords, encryption keys, or any other personal information are ever stored on SpiderOak’s servers. In the unlikely event a hacker connects to SpiderOak’s servers, or if a SpiderOak employee looks at the information stored, he or she cannot read any of the files. SpiderOak’s own employees cannot decrypt your files without your password that is known only to you. When retrieving files from SpiderOak, the software on your computer can decrypt the files because it recognizes the password that you created.

You can save information from your Windows or Macintosh computer to SpiderOak’s servers and then later retrieve the information on an iPad, iPhone, or an Android tablet. In this manner, SpiderOak functions much like Dropbox, Google Drive, and many other file storage and replication services. When compared to other online file storage services, the one thing different with SpiderOak is the emphasis on security. Many of the other services offer some form of encryption on the data when it is being transferred from computers to the cloud and back again. A few of the other file storage and replication services may store the information on their services in an encrypted manner. However, SpiderOak is totally dedicated to security and encryption every step of the way. SpiderOak uses AES256 encryption in CFB mode and HMAC-SHA256. In fact, the company uses a policy of “Zero Knowledge.” As stated at https://spideroak.com/features/zero-knowledge:

“Zero Knowledge means we know nothing about the encrypted data you store on our servers. This unique design means nothing leaves your computer until after it is encrypted and is never decrypted until it is unlocked with your password on your computer. It’s not just ‘end to end encryption;’ it’s a Zero Knowledge System.

“Files, data, and even information about your files, is encrypted with your password before it leaves your computer. It is protected over SSL in-transit, and stored on our servers in its encrypted state.

“Your password is never transmitted to or stored on our servers. Without your password, our system’s design makes it impossible for us or any third party to decrypt anything you store on our servers.

“Filenames, size, and file creation dates are examples of meta-data – information about information. In our design we have access to none of it. To us, your files are simply containers of encrypted data.”

When you first run the SpiderOak application on your computer, a series of strong encryption keys is generated. The keys themselves are encrypted with your password and stored (along with the data you back up) on SpiderOak’s servers in their encrypted form. Your password is the “secret sauce” that keeps your data readable to you alone.

One caveat: Just be sure to make a note of your password because SpiderOak can’t help you with that either. If you ever forget it, you absolutely will lose your files! If you forget your password and your password hint (which you can set up during installation), then you’re out of luck. There is no way to “reset a password” or to retrieve a password with SpiderOak.

SpiderOak keeps historical versions of each file. This is an extremely important safety feature in a backup application, one that is not included in some of the other file backup services. Consider this scenario: You accidentally save over your thesis paper with a different document. The easy solution is just go to your backup software and retrieve the old version, except what if you don’t notice for a few days? If your backup software doesn’t keep historical versions, it will save the new (and wrong!) version of your thesis into your next backup, making recovery impossible. If the backup software only keeps historical versions for a limited time, what if you don’t notice until it’s too late? By default, SpiderOak keeps all historical versions forever, even deleted files.

SpiderOak doesn’t re-upload an entire file every time one little thing changes. Instead, it scans your files, finds the changed parts, and uploads only the new data and links it to the previous version(s). As a result, SpiderOak can store dozens of historical versions of your files while minimizing the amount of space they require. It also reduces the workload of the computer and minimizes the amount of data that needs to be sent across the Internet connection. If you later retrieve the file, SpiderOak’s software combines all the pieces for you and delivers the file exactly as you want it, even if you ask for a file that is several versions old.

When you select a file in the View tab, you can see a list of all the different versions of that file, allowing you to recover an older version if you’ve accidentally deleted or changed something you shouldn’t have. By default, SpiderOak will keep one file version per hour for the past 24 hours, one version per day for the past 30 days, and one version per week for older files.

Another advantage to SpiderOak is useful for those who use the service to keep two or more computers in sync. SpiderOak keeps track of which computer uploaded each file and allows the user to back up different folders from multiple machines without syncing those changes to every computer connected to the account.

In other words, SpiderOak works in the exact opposite manner as Dropbox, Google Drive, and many other file storage and synchronization services. Dropbox, Google Drive, and some other automatically copy all files to all your computers unless the user explicitly removes some files or folders from the process. In contrast, SpiderOak never copies anything to another computer unless the user specifies which files and folders should be copied to which computers.

I find this useful because I back up files from a desktop computer that has a 3 terabyte disk drive and from a laptop that only has a 256 gigabyte hard drive. I don’t want all those desktop files downloaded to the laptop as it will soon run out of space. With SpiderOak, it is easy to configure which files need to be saved to which computer. Some other file storage services offer the same capability but not all of them do so.

In my case, I configured SpiderOak to back up all the files in my Documents folder and to copy them to the laptop EXCEPT for those in the Music sub-folder. I have 66 gigabytes of music files and don’t need them on the laptop. I found that easy to configure by using the ADVANCED view in the SpiderOak control panel.

As an added security measure, the SpiderOak client will only allow you to delete files backed up from your current system, and not from any of the other computers in your network.

More information about SpiderOak’s encryption and redundancy features may be found at https://spideroak.com/features/private-by-design.

SpiderOak also provides Web access from any web browser, although when you log into the Web or mobile versions of SpiderOak, the company informs you in very clear and brief language what privacy you may be giving up as an unavoidable result of using those mediums. It’s exceptionally clear. I don’t recall any other file storage service providing similar security information.

I installed SpiderOak’s software on a Macintosh desktop system, a MacBook Air laptop, an Acer laptop running Windows 7, an iPhone, and an iPad. In all cases, the installation was quick and easy to accomplish.

NOTE: The SpiderOak software for Macintosh is NOT available on the Apple App Store. It must be downloaded from SpiderOak’s web site at https://spideroak.com/opendownload. The Windows and Linux versions are available at the same address. However, the iPhone, iPad, and iPod Touch versions are available in the iPhone and iPad App Store while the Android version is available on Google Play.

There is no need to set up a SpiderOak account in advance. Simply install the software on your first computer and run it. When launched for the first time, the software asks if you already have a SpiderOak account. If not, the software will lead you through the creation of your free account.

When first launched, SpiderOak suggests making automatic backups of files and offers several selections: Desktop, Documents, Email, Movies, Music, and Pictures. You can select any or all of those as desired. However, clicking on ADVANCED brings up a folder tree of your entire computer, letting you back up content that isn’t listed in the previous tabs. Here you’ll also find another option to reveal hidden files and folders. When viewing the hard drive tree, you can select or de-select any individual files and folders to be backed up.

Once I had SpiderOak software installed on my computers and handheld devices, all files I selected for backup to SpiderOak became accessible to all devices. For instance, a movie that was stored on my desktop computer could be later be downloaded and played on the iPad.

I did find that SpiderOak runs noticeably slower than the equivalent offerings from Google Drive, Dropbox, and iCloud. I consider this to be a non-issue when automatic backups are running in the background. Who cares if it is slow when you aren’t watching it? However, this becomes a small irritant when trying to retrieve files that have previously been backed up. I guess that is the price that must be paid for increased security: the computer is busier when encrypting and decrypting files.

Sharing files and folders in SpiderOak is a unique process that uses a system called ShareRooms. Your friends and collaborators can get to a ShareRoom you create through a unique URL or by logging into the SpiderOak website using a ShareID and RoomKey that you generate. Everyone with access can add new files and edit existing ones, and all the changes are automatically viewable to everyone else. However, sharing only works with items placed in a ShareRoom. Files stored anyplace other than a ShareRoom are never visible to anyone else. Details may be found at https://spideroak.com/static/v08212014.0/images/startup_guides/soh_share_everything.pdf.

Downsides

One drawback to SpiderOak is that it does not integrate very well with other products from third-party developers. For instance, I have an app on the iPhone that automatically uploads any newly-taken photos from the iPhone’s camera to either Google Drive or to Dropbox. There appears to be no similar app for SpiderOak. I assume the heavy-duty security of SpiderOak makes it impossible for other apps to read or to write to SpiderOak’s file storage service.

SpiderOak is a bit more complicated to use than some of the other file storage services. It offers more options so it has more items to select from in the menus. The added security and flexibility come at the expense of user-friendliness. Because it’s more complicated, it takes a little while to adjust, but once you understand what you’re looking at, it’s really not that hard to follow nor do you have to jump into the configuration that often once you’ve set it up. I suspect most computer users can install and configure SpiderOak without much difficulty but computer novices might need some assistance.

SpiderOak also does not work directly with Chromebooks although there are some work arounds to add that functionality. See http://www.omgchrome.com/you-can-now-access-dropbox-on-your-chromebook/ for one such solution.

Pricing

SpiderOak offers 2 gigabytes of file storage space free of charge as an introductory offer. The SpiderOak web site at https://spideroak.com/about/price-list says the free 2 gigabyte offering is a 60-day trial.

Thirty gigabytes of storage space costs $7 a month or is discounted to $79 per year if paid twelve months in advance. One terabyte of storage space costs $12 a month or is discounted to $129 per year if paid twelve months in advance. For those who wish to store a lot of data, 5 terabytes of storage space costs $25 a month or is discounted to $279 per year if paid twelve months in advance.

The price jump from 30 gigabytes to 1 terabyte confuses me: 33 times the storage space for only a 58% increase in price? It strikes me that 1 terabyte is a bargain.

Multiple computers can be backed up to SpiderOak using one account. There is no need to purchase separate subscriptions for each computer.

Full pricing information is available at https://spideroak.com/about/price-list along with still other prices for Groups and Enterprise users.

Summation

SpiderOak is not for everyone, but if security is your first concern, then SpiderOak is well worth your consideration. It also makes a fine cloud-based backup service.

I’ve been impressed with SpiderOak. The price is great, the speed is fair, the mobile app could be improved, but isn’t terrible, and I rest easier knowing that the information is encrypted because, yes, I’m one of those people… (Perhaps I should mention that I spent four years as a crypto technician when serving in the U.S. military. I am very familiar with encryption, the security involved, and the reasons for using it.)

I have now moved all my financial data to SpiderOak.

I am not paid or compensated in any way for writing and publishing this article. I am simply a SpiderOak customer who has used a number of other file-sharing services, and I prefer the security of SpiderOak. I paid for my one terabyte of storage space on SpiderOak.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s