Conversations about life & privacy in the digital age

A note to our Tech-Savvy, Forward-Thinking SpiderOak Users. Yes – We’re Talking to You!

An Open Letter to Our Tech-Savvy Forward-Thinking Users:

We wanted to send our utmost admiration and gratitude. Great activity continues as we and our industry grow and push forward. Much of what we have developed and the choices we have made since our 2007 inception has been because of you – our wonderful user base.

We also wanted to make you aware of two big recent announcements to cross our wire (if you haven’t seen them just yet):

  1. We launched our new website &
  2. We entered the Enterprise market with SpiderOak Blue

Breaking through these milestones, we wanted to thank our roots. Thank you for embracing the importance of privacy with us, steering us towards better design, a more comprehensive product experience, and demanding more of us and our strengths. Thanks to those of you who pushed us from your role in your company’s IT department or as CTO toward breaking through into the enterprise space.

We love our relationship with you and want to stay true to that. Keep the feedback coming in the wonderful honest and detailed form it has taken. And thank you – above all – for your continued patronage and support.

We look forward to serving you for many years ahead as we continue to prove that one doesn’t have to sacrifice privacy for the benefits obtained in the cloud…

We remain grateful,

The SpiderOak Team


  1. SpiderOak Fanboy says:

    Great work! Keep it up! … The next feature I would really like to see is a way to have both (1) a complete local copy (fully encrypted, of course) of all SpiderOak data [I know about the current local copy option, but it is only forward looking, so if you don't set it up from the beginning you are out of luck and would have to re-upload EVERYTHING. Plus, it would not contain a local copy of data uploaded from another computer even if that computer is syncing, because only the decrypted synced files would be saved on the first computer.]; and (2) an app to decrypt that data. In other words, SpiderOak is awesome, and I want my data backed up safely, privately, securely [but not quite 100% securely ;-)] in the SpiderOak cloud. But I would also feel a lot better if I ALSO had a continually updated, local, encrypted copy of all of the same data that I could later decrypt if needed (e.g., if SpiderOak went out of business, had a massive data loss, I needed to recover during an internet outage, etc.).

  2. Liv says:

    Good job — the new website is much cleaner.

  3. Mark says:

    I second Spideroak Fanboy, a fully functioning local encrypted copy would be an excellent feature for all the reasons he listed.

    I'd also like to see increased features on the mobile apps. It would be nice to be able to backup our phones and tablets, as well as being able to sync them, rather than just view/download files while we're on the move.

  4. nascentt says:

    Thanks for being one of the best web services, period.

    I originally found you as an 'alternative to 'dropbox' I loved your client software from the start, the customizability and ability to select any folder without having to move your data drew me straight away. The possibility of 30gb in referrals kept me loyal, and while you discontinued that, and I'm only at 10gb, I use you over my 50gb account because your sync and historical versioning features are incredible.

    Thanks for being such a great service. I look forward to the future, and aside from space, only suggest improving the web client a little: show the directory sizes, similarly to the stats display in the client, and have the ability to purge historical versions and folders from there too. Otherwise you guys are perfect.

    I still recommend you without the referrals, and love having my phone and laptops in sync.

  5. Bill Cumming says:

    Been using Spideroak fire years now, and loveing it.
    have you thought about hardware acceleration of the encryption process. with powerful cuda based graphics cards becoming cheaper, having a hardware boost using the graphics card might me good especially for corporate clients.


    here's to another secure and innovative 5 years…

  6. Ron K Jeffries says:

    Please comment on why Spideroak has not made it a priority to provide a solid highly usable Android app? I am baffled.

    I love your stuff, but Android matters (to me).

  7. ERO - SpiderOak says:

    @ Ron: Thank you greatly for your comments and feedback. Pertaining to your note, we are and have been working diligently on revamping our entire mobile approach – moving to HTML5 for more swift and aggressive development moving forward. As you can imagine, this effort does take time but we are getting very close now and should have our new mobile apps out soon (Android & iOS). Additionally, we have planned for some important new features to mobile including the ability to upload from mobile devices which this new foundation will more easily provide.

    Of course please continue to send thoughts and ideas and we will continue to work hard on our side to get these new mobile apps into your hands as soon as possible. Thank you as always for your patience and understanding.

  8. Vinoth says:

    SpiderOak should be appreciated for their efforts..

  9. Christopher says:

    What a nice and thoughtful comment. Thank you!

    We should all thank you for an excellent product and service.

  10. Andy says:

    I can't believe that you don't have automatic proxy detection working. Especially now that you have an enterprise product. Between work and home I have to manually turn the proxy on and off. I can't expect users to remember how or simply remember to do that.

  11. zenchan says:

    You guys have done great work and I really appreciate your thoughtfulness and inclusion of us users.

    I'm perfectly happy with SO, but just one heartfelt request.

    @ ERO: Nothing personally directed at you, but "more swift and aggressive development moving forward" makes me cringe. This kind of corporate MBA speak goes completely against the reasons many of us feel so connected to SO. Plain english please, and no more of this corporate jargon.

  12. Maay says:

    I am one of the very pleased user, and I can only thank you again and again and again…

    but addition of a two factor authentication process for all users (worldwide) would be a real improvement to me. It's a standard now for many services (Gmail, many gaming plateforms, facebook, most banks, etc…).

  13. Herman says:

    I found SpiderOak in looking for a way to manage and share medical data and maintain HIPAA compliance in my handling of our data. I think your offering and work is amazing!

    My comment: After reading the Share documentation and experimenting with the service, some things don't add up. The concept seems based around a SHAREROOM, but the SHAREROOM name doesn't enter into the access methods at all, that is, it is not seen. There seem to be two ways to access the SHAREROOM data. 1) Access is via a direct url that already carries full access to the SHAREROOM or 2) access from the SpiderOak website login page where one must enter the "universal" SHAREID and the RoomKey. Both methods bypass and don't use the SHAREROOM at all. So I guess I don't see what the role of the SHAREROOM is. I also worry about the security of the process in the two methods above. The ShareID might be easily discoverable by my various clients, so the security is left to the complexity of the RoomKey. I guess it better be a long random number and not something short or guessable, otherwise anyone might be able to access a SHAREROOM. Respectfully, Herman

  14. Stephen says:

    I found SpiderOak today because I was looking to share a small number of files (larger than wise to attempt to email) with a few people. Those files will be occasionally updated and for me it is useful to share them between my multiple PCs (and a Sony PS2 running Linux but I don't think that has the resources – or for that matter a compatible processor, MIPS RR5900, to run any of the offered linux binaries – roll on Open-Sourcing of SO so I could find out!)

    @Herman: As far as I can see, the direct URL is constructed as:{ShareID}/{RoomKey} which gives access to a webpage with a Folder/FileTree for each Share Folder entered during the creation process. The banner at the top of that page is what was entered as the {ShareRoom}, under that is the Sharer's REAL NAME as entered during the account creation, then the description for the ShareRoom. IT DOES NOT APPEAR TO BE POSSIBLE TO DISABLE OR HIDE THE USER'S NAME by the way, which is a pity because I wanted to share information with other players of an on-line game but only showing my game ID not my real name (to enforce alternate in-game character separation).

    In terms of ShareID and RoomKey combination, an invalid ShareID throws up a 404 Not Found Error whatever RoomKey is appended, however a valid ShareID with an invalid RoomKey produces an unpopulated webpage perhaps this too should throw a 404? A long and cryptic RoomKey does seem to be a wise move – and the advantage of this arrangement is that the user gets to specify how long that is, up to 60 letters, numbers, underscores and dashes but it does appear to be limited to [A-Z,a-z,0-9,_,-], given that it is used to make a URL I would think this will persist until everything goes UTF-8…