I’ve been using Dropbox as both a semi-backup to the cloud, and to sync files (mainly PDFs) between various computers and my iPad.

I’ve never been entirely happy with it, because I’ve always known that Dropbox could get to my data if they wanted to.  They have policies that say they won’t, but they also don’t give me any confidence that they would resist a subpoena, even a wide-ranging fishing expedition one.

I’ve considered running my own encryption on the data before it gets there (there are lots of tutorials on that on the net) but it would defeat one of my main goals — being able to get to the data on my iPad.  Now, I’ve found SpiderOak.  (If you signup for it using this link, I get a free gigabyte of storage. Yay me! No homo — I mean, no promo code.)  Spideroak uses RSA encryption to lock the data up before it ever leaves your computer, so there is no way for them to access it or turn it over to .gov in a usable form even if they wanted to, which it doesn’t look like they do.

Check out the “zero knowledge” policy they have.  Hell, they don’t even have a Terms of Service to agree to.  All you have to agree to is that if you forget your password, you are screwed, which is a Goodness Thing.  They actually put it best on their Dev blog:

As we move forward, however, how is this always-on, instant-access society impacting you? Do you not expect that the enablers of this magic to take you seriously, with your needs as an individual? Why does adding the phrase “on the internet” suddenly imply that it’s OK to be lax about trust? You have a file store at home: your computer’s hard drive. For those of us renting, we pay someone (the landlord) to house it. How would you react if your landlord or a maintenance man plugged your hard drive into his laptop and downloaded a copy of everything just because some man in a suit asked him to? Why does “file store on the internet” mean anything different? Why should we instantly relax our standards just because it’s online and shiny?

If this sounds like a manifesto, that’s because it is. At the core of this future is the bedrock we lay down today. What you will have tomorrow, the freedoms and limitations of tomorrow, are set in concrete form with the foundations of today. That is the point of this message, that engineering matters! Core design principles will outlive any set of bugs in an implementation, and that is what we do here. Our core is trust, our core is security, our core is safety. The engineering of the system now will have a direct impact for years to come.

Hell yeah.  I’m there until they give me a reason not to trust them.

Comments are closed.