Last year we had a look at SpiderOak, a public cloud service with a focus on security above all else. The idea behind SpiderOak was to create a service with the same type of features as Dropbox but without the ability for anyone other than an account's user to see the unencrypted contents of that user's data store—including SpiderOak itself.
This is done by storing everything on the SpiderOak service as encrypted blocks and ensuring that the decryption keys for those blocks can only themselves be decrypted with the user's password. That password is entered by the user into the locally installed SpiderOak client and is never seen by the backend service. SpiderOak has gained a strong following as a more tech-savvy alternative to Dropbox because of its central emphasis on encryption. Dropbox also encrypts files stored on its service, but it also holds the decryption keys and uses them to perform global single-instancing—that is, if you and your friend both upload a copy of the new Star Trek trailer, Dropbox will save backend storage space by only actually storing the trailer once. It can do this because even though your files are secured and encrypted from access by others, the Dropbox service itself is able to decrypt files in order to ensure it's only storing each unique set of blocks once.
So SpiderOak has traditionally appealed to the more security-conscious (or paranoid) user, since data is securely encrypted by the SpiderOak client installed on the user's computer or computers, and its backend treats everything as encrypted blocks, no matter what. However, SpiderOak's emphasis on security has come at the expense of a bit of usability; contrary to Dropbox, getting files stored on the SpiderOak service and synced across different devices isn't seamless out of the box; SpiderOak requires a bit of setup to reach the same place that Dropbox and others start out with.
This situation is changing with this morning's release of SpiderOak Hive, a new feature which automates the process of syncing between the different devices connected to your SpiderOak account. This feature is accompanied by a new Hive-enabled version of its iOS application (with an Android version due on 13 May), which automatically takes advantage of the Hive feature.
"Hive is really a much more accessible way to use SpiderOak," explained SpiderOak cofounder and CEO Ethan Oberman in an interview with Ars yesterday. "One of the benefits we've always argued behind SpiderOak is that it's a much more flexible tool. You can go in there and specify what data you want to back up, all the way down to a specific folder that may be buried, like, twenty folders deep in your desktop... Unfortunately, you have to actually go through the steps of setting it up."
Oberman continued: "With SpiderOak Hive, we've removed a lot of those setup steps and allowed people to benefit from the technology through dragging and dropping things into the Hive folder."
Hive comes down to quickly exposing uses for SpiderOak that may have been buried and nonobvious except to users who want to dig into the application. The advantage of using SpiderOak over Dropbox or another cloud storage and sync tool has often been lost on less-skilled users used to Dropbox's "install and go" ease of use; SpiderOak hopes that Hive will overcome that barrier and expand its reach.
SpiderOak contends that its advantage comes partially from technology and partly through its operating philosophy. On the latter point, Oberman emphasizes that SpiderOak was founded on the premise that a person shouldn't have to give up his or her privacy in order to use cloud technologies—there should be a way to benefit from synchronizing data across devices and backing things up in "the cloud" without relinquishing anonymity and privacy. "Our competitors have done great things with technology and allowing the cloud to be more useful," he said, "but without the focus on making privacy a priority."
SpiderOak's other cofounder, Alan Fairless, explained a bit more about the technology behind SpiderOak and how the company manages to keep a user's data secure, even from the company itself: "The server is just a dumb storage device of sequentially numbered blocks," he explained. "It does not understand their contents or relationships to each other. So we have to handle the task where the information is available: on the client."
"The SpiderOak client is really a distributed database application," he continued. "Each device is uploading its changes as they happen, and the metadata portions of each upload are passed to every other device (in their encrypted form, of course). So every device maintains a real-time database of the contents of the full backup set. With that available to them... devices handle tasks such as de-duplication and garbage collection."
SpiderOak also lets users publicly share secure links, which is something also touted by Kim Dotcom's online locker service Mega. "SpiderOak uses a new encryption key for each unit of data that is stored, down to the block level," elaborated Fairless. "The act of sharing data is about publishing the keys to decrypt only that specific data."
Oberman has very strong feelings about SpiderOak and its focus on encryption and security. "One of the things that has happened is that you end up getting very philosophical about what it means to have privacy," he said. "Is it a right or a privilege? It's a topic very much in the public eye right now. What should the government have access to, and how should that access work?"
"I've always believed that privacy is a right," Oberman concluded. "And it is a right we are extended by living in this country. We need to preserve that right—not from a place of fear, but from a place of understanding that there are certain things we feel like we have privacy over. That's how we've attacked the issue of privacy: not with some kind of 'looming government' looking at your data, but that you have your own data, and whether it's stored on your computer or stored on the cloud, I should be able to benefit from technology and still have the same level of privacy."
The SpiderOak client, with Hive, can be downloaded directly from the company's website, and users can sync up to 2GB of encrypted data to the cloud with a free account.
reader comments
48