Experts warn of cloud snooping

Louis Mamakos louie at transsys.com
Fri Feb 1 23:30:47 CST 2013 

Jason,

Accessing you stuff via their website requires you to login and provide a password, which is used to decrypt the layered encryption keys for your data.  So don't do that.  From one of their FAQs:

"Access your data using our Website

1: To access your data or account details online, click the My Login link on the Spid- erOak website. On the My Login page, enter your username and password in the appropriate fields and click the Login button.

REMEMBER: You will not be able to login to the website until you have initially setup SpiderOak on a computer and uploaded data to your account.

PLEASE NOTE: Accessing your data through spideroak.com will temporarily allow Spid- erOak employees access to your password. Because of this, we discourage entering your password online for users who wish their accounts to remain ‘zero-knowledge’. For more information see our Security section."

Louis Mamakos




On Feb 1, 2013, at 10:34 PM, Jason Wright <jason at thought.net> wrote:

> I believe you are incorrect about Spideroak. They imply this misconception, but the proof is that you can access your files from an arbitrary computer that does not have the Spideroak client installed... Just visit their with a web browser, login, and download a file or two.  The key management is local to their servers not your client (if the keys were local to you, you would not be able to access your files from arbitrary machines).
> 
> Now, there is a storage service that does it right (local to you key management): ciphertite from conformal systems. The user interface is not so good, but there is no way to access files except from where you have your keys installed (they are both generated locally and stored locally).
> 
> --Jason Wright
> 
> On Feb 1, 2013, at 7:41, Louis Mamakos <louie at transsys.com> wrote:
> 
>> I have back-up drives too.  Hopefully the most recent back-ups won't be sitting next to my computer and share whatever fate befalls it.
>> 
>> It's always a balance of convenience against other risks.  I like having all my Music in Google Play, so I can stream anything from the whole collection rather than just what fits on my phone.  And if someone figures out that I own the soundtrack from "Cats", well, I suppose I'll just have to suffer the taunting.  oops.
>> 
>> For storage of files and syncing then between computers and mobile device, the Dropbox guys have a good user experience, but a poor security model where they can also access your files.  Their mobile clients can automatically add photos that you take to your dropbox folder and sync them to your desktop.  This has turned out to be really handy for me, though my subject matter is pretty tame and I'm not too worried about photos of my pets, telescope or other dumb stuff leaking out to random people.  I treat Dropbox like Facebook: I don't trust either of them, and "privacy" settings are mostly a tool to avoid getting spammed by ads, not to be trusted to restrict access.
>> 
>> For stuff for which I care about security and that I want to have backed up and subsets synced between computers, I use SpiderOak.  They have a zero-knowlege security system where the files are encrypted (at the your client computers) and they don't have access to the crypto keys.  This means if your computer dies and you loose your password, you're SOL, they can't help you recover the cleartext.  They've clients for Mac OSX, iOS, Android and yeah, Windoze, but I don't use the latter.
>> 
>> louie
>> wa3ymh
>> 
>> 
>> On Feb 1, 2013, at 9:12 AM, "fgentges at mindspring.com" <fgentges at mindspring.com> wrote:
>> 
>>> tacoistas,
>>> 
>>> "What happens in Los Vegas stays in Los Vegas".  Your data is not so well protected.  What you send to the cloud can be snooped on. Large hard drives are cheap and so are backup drives.
>>> 
>>> If you have not noticed, Microcenter is now selling 1 terabyte drives for $70 and 3 terabyte drives for $130.   Best keep your data there.  I don't want the cloud.
>>> 
>>> Frank K0BRA
>>> 
>>> 
>>> On 1/31/13 11:20 PM, Andre Kesteloot wrote:
>>>> 
>>>> 
>>>> ** Experts warn of cloud snooping **
>>>> A piece of US legislation that gives authorities the right to spy on cloud data could be a major privacy issue for Europe.
>>>> < http://www.bbc.co.uk/news/technology-21263321 >
>>>> 
>>>> 
>>>> 73
>>>> André N4ICK
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Tacos mailing list
>>>> Tacos at amrad.org
>>>> https://amrad.org/mailman/listinfo/tacos
>>>> 
>>> 
>>> _______________________________________________
>>> Tacos mailing list
>>> Tacos at amrad.org
>>> https://amrad.org/mailman/listinfo/tacos
>> 
>> _______________________________________________
>> Tacos mailing list
>> Tacos at amrad.org
>> https://amrad.org/mailman/listinfo/tacos

More information about the Tacos mailing list