SpiderOak: The Online Backup and Sharing Service Where Privacy Counts
When it comes to putting your data in the cloud, the options seem to fall into two familiar groups. There are services like Carbonite and Mozy for backing up individual computers, and then there are services like Dropbox or Box for accessing or synchronizing files across many computers.
But maybe that isn’t all there is. Lately I’ve been learning about a company that straddles these definitions in some interesting ways. It’s called SpiderOak, and in addition to being a category-buster, it’s also got an intriguing history that combines a mania for privacy with extreme capital efficiency (the company’s total backing of $900,000 is a tiny fraction of what its competitors have raised).
Aimed mainly at advanced consumers—but with a growing user base inside large enterprises—SpiderOak backs up users’ data across all of their computers (Mac, Windows, and Linux). It charges according to the amount of storage used: the first 100 gigabytes costs $10 per month or $100 per year, and each additional 100 gigabytes costs another $100.
That’s in contrast to Carbonite and Mozy, which charge $59 to $72 per year to back up one computer, and another $24 to $56 per year for every additional machine. In other words, if you’re only backing up one machine, Carbonite and Mozy might be more economical, but if you need to back up two or more computers and your total storage is under 100 gigabytes, SpiderOak is cheaper.
SpiderOak also offers a Box- or Dropbox-like synchronization service. Designated folders can be kept in sync and shared across any combination of personal machines, as long as they’re attached to a single user account. (There’s another sharing option for large companies with lots of accounts.) The company calls its combination of backup and sync “living the CloudLife.”
“In my mind we are building a central repository” for data, says SpiderOak CEO Ethan Oberman. “The idea was to build a mini-network that revolves around an individual, as opposed to these standalone accounts for individual machines with the online backup companies.”
At the same time, SpiderOak puts a high priority on privacy. Oberman says the company “wanted to dispel this myth that just because your data is online, it can’t be private.”
The problem with synchronization and collaboration services like Box and Dropbox, Oberman says, is that before they can know that a file has changed (and that it therefore needs to be incrementally updated in the cloud), their servers need to know what’s in it. This means customer data must be stored in plaintext form. To Spider Oak, that’s anathema.
In fact, the company has what it calls a “zero knowledge” approach to privacy: all files are encrypted on a user’s computer before they’re uploaded to SpiderOak’s data centers. Only the user has possession of the passwords and encryption keys. That means SpiderOak can’t reveal users’ private data, even when law-enforcement agencies come calling. It also means the company isn’t vulnerable to the kind of snafu that left every file in every Dropbox account unlocked for about 4 hours one Sunday in June 2011.
“It doesn’t seem logical that data should be made public for any reason,” says Oberman. “Passwords are never transmitted to our servers. They are big dumb boxes, and even if we were trying to do something [nefarious] we couldn’t. That is how we keep the zero-knowledge privacy environment intact.”
Oberman admits that SpiderOak’s unusual combination of features has made it a “hard sell.” The startup doesn’t really like to be lumped in with either the backup companies or the synchronization companies, which means customers don’t always know what to make of it. And its emphasis on privacy may resonate with programmers and other tech-savvy users, but it’s not necessarily a big selling point for average consumers, who … Next Page »