Conversations about life & privacy in the digital age

What Trusting Yourself Gets You + Big Events This Week

Trust is the belief that someone or something is reliable, good, honest, effective.

While you would like to think the people with whom you’ve surrounded yourself are deserving of these descriptions, you’ve probably been around long enough to know even those you hold to the highest of standards have let you down. So perhaps Mom was right, the most important person to trust is yourself.

We’re not one to argue with Mom so when it comes to putting your valuable data online, we at SpiderOak believe you shouldn’t have to trust us (though we are pretty good folks).

We don’t want to know what is being stored on our servers, and we don’t want to know your password. This being none of our business is, in fact, our business.

Trust Yourself SpiderOakTRUST YOURSELF for 30% off 

Protect 100GBs of data for less than $6 per month, until the end of February (ends 11:59 pm CT).

Use the promo code TrustYourself to upgrade to a yearly plan and get 30% off.

Already a user? Upgrading is easy:

  1. Login to your account.
  2. Go to Account tab at the top right.
  3. Select Upgrade Plan on the left under your name.
  4. Enter TrustYourself in the promotional code field and select Update. When you see ‘Promo code TrustYourself’ confirmed, select your plan size under Yearly Billing and click next. Congrats – you have 30% off!

New user? Welcome! Here’s what you do:

  1. Get started now and create your account.
  2. Download and install the client.
  3. Click  ‘Buy More Space’ in the client itself, or via the web portal (which you can only login to once you’ve downloaded the client). In the web portal, you will go to Account, and then choose Upgrade My Plan.
  4. Enter TrustYourself in the promotional code field and select Upgrade.  Choose which plan you want under Yearly Billing. Congrats – you have 30% off!

BIG EVENTS THIS WEEK:

We believe strongly that in all conversations about data security, the cloud, and the future of the Internet, ‘Zero-Knowledge’ privacy should be at the table. That is why this week we are proudly hosting and participating in the following:

The Crypto-Cherub Asks You: What Apps Should He Shoot Privacy Into?

We’re wildly, madly in love with privacy but we’re not keeping it a secret.

Many of you know we’ve spent a lot of the past year working on Crypton. And we believe it is the future. We plan to use it to build a new internet, and hope others will take its open source code to infuse their apps with privacy. We’re about ready to get started: our Crypton code just underwent two large security audits, of which we plan to share the results in the coming two weeks here on the blog.

There are also some other exciting things happening in the next few weeks. We believe strongly that in all conversations about data security, the cloud, and the future of the Internet, Zero-Knowledge privacy should be at the table:

On the cusp of these events, and in celebration of our passion for privacy this Valentines Day, we ask for your help, input and ideas. You always make us better and influence what we do. (Yes, we love you!)

What apps do you want to see our Crypto-Cherub shoot his privacy arrows into in 2014?

Tomorrow is ‘The Day We Fight Back’ against mass surveillance

In Matt’s Damon’s AMA on Reddit last week, he was asked:

Hey Matt, your amazing monologue about the NSA in Good Will Hunting is probably more relevant today than it was when the film was first released. How did you come up with that scene, and are you at all surprised by the revelations on the NSA from the information released by Snowden? 

Here is the clip from Good Will Hunting:

Matt’s reply:

“Well, the first thing to that monologue is it’s safe to say that is the hardest that Ben and I have ever laughed while writing something. We were in our old house in Hollywood, in the basement of this house writing this thing and we were literally in tears because this monologue kept building on itself. We wrote it it one night and kept performing it back and forth, and pissing ourselves laughing.

You know, I was unaware, as I think everyone was, that they had that capacity. Snowden is literally changing policy. These are conversations we have to have about our security, and civil liberties, and we have to decide what we are willing to accept, and he’s provided a huge service kickstarting that debate…”

If you haven’t yet heard, tomorrow one of those conversations about our security, civil liberties, and what we’re willing to accept – it’s called The Day We Fight Back.

Thedaywefightback.org screen shot

“Together we will push back against powers that seek to observe, collect, and analyze our every digital action. Together, we will make it clear that such behavior is not compatible with democratic governance. Together, if we persist, we will win this fight.”

HOW YOU CAN PARTICIPATE:

WHAT HAPPENS ON FEBRUARY 11th:

In the U.S.: Thousands of websites will host banners urging people to call and email Congress. Ask legislators to oppose the FISA Improvements Act, support the USA Freedom Act, and enact protections for non-Americans.

Outside the U.S.: Visitors will be asked to urge appropriate targets to institute privacy protections.

Global events: Events are planned in cities worldwide, including in San Francisco, Los Angeles, Chicago, Copenhagen, Stockholm and more. Find an event near you.

Add the banner to your site now: Grab the banner code on thedaywefightback.org. They’ve built special plugins for WordPress and CloudFlare users and also have a special version of the banner that pushes people to call over email.

Will you join us? 

17 Top Tips for Protecting Your Privacy

Happy Data Privacy Day! Celebrated Jan. 28 every year, people are coming together across the globe to talk about the importance of privacy. Take a look at the conversation that’s been happening today on Twitter via the hashtag #DPD14 (or Facebook).

On Jan. 16 we asked our users – some of the best privacy experts in the world – to share their top privacy tips. We were overwhelmed by the response. Hundreds of tips poured in, and many of which them overlapped from multiple users.

We sifted through them & picked some of the top tips for protecting your privacy:

  1. Use Disconnect if not using Tor. – Daryl
  2. Use local full disk encryption everywhere, be it FileVault on the Mac, LUKS on Linux or Truecrypt/BitLocker on Windows. Especially true for Laptops. – Gordon
  3.  If you don’t like to give your email address to each service or message board you sign in, you can use services like 10minutemail.com or mailinator.com which give you a temporary and disposable email address.  -C (You can also use Gmail’s youraddress+tag@gmail.com to track companies that sell your information, and don’t do any more business with them! – Gabriel)
  4. Use different passwords for different accounts and keep them in a password manager (LastPass, KeePass). For example, I use the cross-platform Password Gorilla (same encrypted database on a shared drive read by both Linux and Windows). Of course, backup  the password database file on SpiderOak. – Dusk
  5. Make full use of your password manager, have it generate long, random, unique passwords for all sites. Make sure the password protecting your password manager is very long. As in over 20 uppercase, lowercase, numbers, and symbols.http://imgs.xkcd.com/comics/password_strength.png has a good example of how to achieve such requirements in a sane manner (but DO NOT use the phrase “correct horse battery staple” as I’m sure that’s in a hacker’s common password list). Linux users check out the command `apg` and it’s “-a0″ mode to get pronounceable (for english speakers) random words. – Todd
  6. Never type important login information on a public computer. It may have a kernel-mode keylogger installed and you have no way to reliably check for its presence. If you can’t avoid doing it, remember to logout and when you get back home change the password you used. – D
  7. Beware of free wi-fi hotspots, remember to verify that the wi-fi network name is from a legitimate service. Avoid unsecured wi-fi networks. Use a Virtual Private Network (VPN), when possible, which helps you to route your activity through a separate private network, more secure, while you’re on a public one. – B **Note: see our two recent posts: VPN, privacy and anonymity, and Guest Post: Can you trust a VPN to protect your privacy?
  8. Never disable your security software when playing games. Search for a “game mode” in your security software; you won’t be interrupted in the middle of a game, but you’ll be protected. – B
  9. Never leave your devices unsupervised. When you leave them, lock them and make sure the password you have set is strong. – Christian
  10. Third-party cookies suck. Turn them off in Chrome under Settings > Privacy > Content Settings > Block third party cookies and site data.
    On Firefox that is Preferences > Privacy > History > Use custom settings for history > Accept Third Party Cookies > Never (or from visited if you want to let sites you’ve been to save cookies on other sites. Tell sites you don’t want them to track you on Chrome: Settings > Privacy > Send a ‘Do Not Track’ request with your browsing traffic; Firefox: Preferences > Privacy > Tracking > Tell sites I do not want to be tracked. – Conor
  11. Use DNSCrypt and the DNS Servers at OpenDNS to secure your DNS traffic from eavesdropping. Use HTTPS Everywhere from the EFF to ensure your traffic with major websites is encrypted where possible.- John
  12. Use SSH keys & disable password authentication. Use GPG to encrypt emails. And use RedPhone app to encrypt phone calls. – Toby
  13. Adblock Plus is awesome and allows you to block Social Media Buttons and has special privacy filters to help keep your footprints clean! – C
  14. Stay informed. Treat security news as important. For example, Ars Technica has a dedicated security column http://arstechnica.com/security. Be aware of alternatives to the software (including webapps) you use and how easy it might be to migrate if neccesssary. See http://prism-break.org/en/ for a privacy/security focus. See http://alternativeto.net for general options (where I found out about SpiderOak!). This is also relevant if you run a website, see http://indiewebcamp.com for tips on avoiding silos. - David
  15. Treat the answers to security questions like passwords. If “Buddy” is a bad password (and it is), then using “Buddy” as the answer to a website’s security question of “What is the name of your first pet?” is also insecure. Use strong passwords AND strong answers to security questions. Courtesy of Facebook and other Internet sources, it is often easy to find the maiden name of someone’s mother. Never use your mother’s real maiden name as the answer to “What is your mother’s maiden name?” – A
  16. Use a Google Voice number that forwards to your cell phone for Craigslist anything. - Avaah
  17. If you’re not paying for the service, your privacy could be the payment. – T

Bonus: Probably the most important privacy technique I use today: Follow this blog. Not only does it give you updates on SpiderOak, but they occasionally recommend other software and companies like they did here: A List of Privacy-Focused Companies, Tools & Technologies. - Bryan

A huge thanks to all of you for your support, time and kind words you gave when writing in!

Want more tips? Check out all the tips submitted via blog comments over the past few weeks.

Is your data secure? Enjoy 28% off our completely private backup, sync and share. Discount runs until the end of January.

Are you a privacy pro?  Answer these 10 questions and to see how good you are at protecting your online privacy: MyPrivacyIQ.com (created by SpiderOak + StaySafeOnline.org)

Learn more about Data Privacy Day.

We will share more of your tips in the coming weeks. Do you have anything to add? 

Privacy is something to be shared. Please pass it on!

Data Privacy Day Discount – Protect Your Data with 28% Off

Data Privacy Day SpiderOak 2014 discount promotionTomorrow, Tues. Jan 28 is Data Privacy Day.

This month we are raising awareness about the importance of protecting your data by joining the efforts of the National Cyber Security Alliance (NCSA) and hundreds of other organizations around the world. Read more about Data Privacy Day.

So help us celebrate! Enjoy 28% off all yearly plans for private backup, sync and share. This offer ends Friday Jan. 31 at 12 a.m. CST.

Already a user? Upgrading is easy:

  1. Login to your account.
  2. Go to Account tab at the top right.
  3. Select Upgrade Plan on the left under your name.
  4. Enter DataPrivacyDay in the promotional code field and select Update. When you see ‘Promo code DataPrivacyDay’ confirmed, select your plan size under Yearly Billing and click next. Congrats – you have 28% off!

New user? Welcome! Here’s what you do:

  1. Get started now and create your account.
  2. Download and install the client.
  3. Click  ‘Buy More Space’ in the client itself, or via the web portal (which you can only login to once you’ve downloaded the client). In the web portal, you will go to Account, and then choose Upgrade My Plan.
  4. Enter DataPrivacyDay in the promotional code field and select Upgrade.  Choose which plan you want under Yearly Billing. Congrats – you have 28% off!

Remember, store your data encrypted, and don’t give away the keys. What better way to secure your data than with this Data Privacy Day discount?

If you missed it, learn what you can expect from SpiderOak in 2014.

Happy DPD!

Privacy is something to be shared. Please pass it on.

Guest Post: Can you trust a VPN to protect your privacy?

Privacy by policy vs. privacy by design: At SpiderOak we always preach privacy by design, we don’t *choose* to not see your data, we just *can’t*.

Sadly, a lot of online services cannot take on that philosophy, simply because of how the internet works right now. This is the case of VPN. VPNs are a great service, but depending on what you want or need, they might have some drawbacks, as we commented on our VPN, privacy and anonymity post.

If after understanding the contents of that post, you still want to use VPN, you will want to use one that is run by someone or some company that is trustworthy, because they will *choose* to protect your privacy. We believe IVPN is a really good example of how this kind of services should be run, so without further ado, we continue this post with a few words from Nick from IVPN.  - Tomas

———–

This article was written by IVPN’s Nick Pearson. IVPN is a privacy-orientated VPN platform, an Electronic Frontier Foundation member, dedicated to protecting online privacy.

For many years commercial Virtual Private Network companies have promised customers freedom from online surveillance and data retention practices. But with the government seemingly waging war on online privacy, is it really possible for a VPN company to protect its users – and how do you know which VPNs actually take online privacy seriously?

 How secure is a VPN?

 Firstly, any individual who has a critical need to avoid surveillance, such as political dissidents or anyone whose life may be at risk, should not rely on a single privacy tool to protect them – whether it’s a VPN, a free tool like The Onion Router, or I2P. In such scenarios, advanced set-ups, involving compartmentalization and isolation via a combination of virtual machines, VPNs and Tor, would be required (you can check out IVPN’s guide to advanced privacy solutions here). It’s also worth noting that even highly sophisticated set-ups probably won’t protect you from targeted surveillance by global-scale intelligence agencies, which can marshal a level of resources and expertise far beyond any individual or company.

 However, generally speaking, most potential VPN customers simply want to avoid data retention at the ISP level and circumvent internet censorship. In this case a VPN service would be sufficient. But only if the company running the VPN actually takes privacy seriously in the first place.

 Privacy policies

 For instance, most VPN companies shield users from data retention by allowing them to circumvent their ISPs ability to log their IP address and connections to other websites. By using a VPN your ISP can only see that your connected to the VPN’s servers and not the website that you’re browsing. But for this system to work, the user has to trust the VPN company not to log IP addresses and connections itself.

 The sad fact is many VPN companies – and indeed some of the most popular VPNs on the market – do in fact log and store customers’ data. Some VPNs will even retain this data longer than many ISPs. Perhaps even worse is that some VPNs are not upfront about their data retention practices and do not state in their privacy policies exactly what data they store and for how long (some VPNs don’t even have privacy policies).

 A VPN company should wipe its data logs regularly, ideally within hours of them being created, so that any requests for the data cannot be met. However, even if a VPN doesn’t store data, users’ privacy can still be compromised. Any company could be subpeoned by local authorities and forced into recording data on particular user. There are precedents for this, such as the Lulzsec fiasco, which saw a US-based VPN forced into logging data by the FBI. It’s therefore good to know what jurisdiction your VPN operates within, so you can get an idea of how local authorities behave toward them. This is a grey area, as there are no countries (that we’re aware of) that will protect a VPN’s right to not log data. All you can do is try to avoid those countries whose authorities have a track record in zealous online surveillance.

 What questions do you need to ask?

 So if you’re thinking of signing-up to a VPN service what questions should you ask in order to determine whether or not they take privacy seriously. Here’s a few suggestions.

 Do they have a privacy policy? This sounds like a no-brainer, but you’d be surprised to discover some VPNs don’t even have a privacy policy, let alone one that’s up to scratch. If they don’t bother telling you their approach to privacy, steer clear.

 How long do they retain logs? The vast majority of VPNs will log data for network troubleshooting purposes. However, there’s no reason to store data longer than a few days, unless the company is eager to comply with requests from authorities or from other third parties such as copyright holders. Ideally, a VPN should be wiping logs within hours. If the VPN doesn’t say how long it retains data then ask them directly. A good place to start is this list of VPNs that don’t log data.

 What country is the VPN registered in? Knowing what country the VPN is registered in will let you research the country’s laws pertaining to online privacy. As mentioned above, there are no countries that offer complete sanctuary for VPNs who don’t want to log data, but some are better than others.

 What other personal data will the company retain? It’s important to know whether a VPN can link your account to a real identity. Does the VPN require an address, or credit card information? Can you use a more anonymous form of payment such as Bitcoin?

 What will the VPN do if laws change? With governments around the world cracking down on online freedoms, it’s quite possible that VPNs could come under scrutiny. It’s therefore important that a VPN company notify its customers of any change in local laws, which may affect its ability to protect user privacy.

“GB for Life for a TIP You Recite”: Share Your Privacy Tips, Earn Free GBs

**Thanks for submitting your tips! This promotion is now closed as of Sunday Jan. 26. Get 28% off yearly plans until the end of Jan.**

No one is better at protecting their online privacy than SpiderOak users. Our users are some of the best privacy experts in the world. They are extremely intentional about what they do – or don’t do – online, with their data and personal information.

So as Data Privacy Day (DPD) approaches on Tues. Jan. 28, we want to collect some of your key privacy tips and give you free GBs to show our thanks. Then we will share the Top Privacy Tips submitted here on the blog on DPD to help others protect their privacy online.

GB FOR LIFE FOR A TIP YOU RECITE!

Submit your top privacy tip(s) via:

  • A comment on this post
  • Email campaigns[at]spideroak[dot]com
  • Facebook
  • Twitter

Be sure to include your username so we can give you a GB!

New user? Quickly sign up for a free account (which automatically gives you 2 Free GBs for life) then submit your tip and new username and we will give you the additional GBs in this promotion.

Details: This giveaway closes Sunday Jan. 26 (12 pm CST). A maximum of 3GBs can be earned per person. You are welcome to submit more than three privacy tips, but 3GBs is as much as you can earn. Please do not share your tips in more than more place (i.e. via email, comment, and Facebook). GBs will be added to your account by the end of January, thanks for your patience!

But wait, there’s more!

We helped put together this quick and easy way to test your privacy IQ. Answer these 10 questions and see how good you are at protecting your online privacy:

MyPrivacyIQ.com

How’d you do?

—-

Thanks for sharing your top privacy tips! Learn more about Data Privacy Day.

SpiderOak to Become OSS & More: What to Expect From Us in 2014 (PART I)

To kick off the New Year, we asked our followers on Twitter what they wanted to see from us in 2014. Our CTO and Co-Founder Alan Fairless specifically addresses everyone who sent in their request, below. In Part II, our CEO Ethan Oberman will share even more about what you can expect from us throughout the year.

By the way – we just launched our new web portal design! Check it out and tell us what you think.

What you said you wanted to see from us (in no particular order):

SpiderOak improvement suggestion from Twitter

Alan: 5.1.1 was a big improvement in this regard, but there’s still some edge cases (particularly with garbage bin and many purges) or folders with hundreds of thousands of items that we’ll optimize further.

SpiderOak improvement suggestion from Twitter

Alan: SpiderOak already gives you your own encryption keys (derived from your password.)  We don’t control those! Agree we need to update our 2-factor option. Google Authenticator protocol and yubikey are top items to support.

SpiderOak improvement suggestion from Twitter

Alan: OK! We already sign our Windows installer but this is a great idea.

SpiderOak improvement suggestion from Twitter

Alan: Email support@spideroak.com anytime and we’ll make you a nice offer for these :) Otherwise we have plans to do more A/B testing on the pricing options we offer and make some changes in the coming year.

SpiderOak improvement suggestion from Twitter

Alan: Maybe…

SpiderOak improvement suggestion from Twitter

SpiderOak improvement suggestion from Twitter

Alan:  YES!!!  The need for this has never been greater, and it’s become a priority! We expect SpiderOak to become OSS in 2014. But also, every new project we’ve created in the last four years has been open source since day one, including Nimbus.io and Crypton.io.

SpiderOak improvement suggestion from Twitter

Alan: Point in time recovery! Yes! I agree this is a useful option.  Of course right now SpiderOak stores all historical versions, so all the information is there and you could do it manually, but there’s no current interface for doing this automatically.

SpiderOak improvement suggestion from Twitter SpiderOak improvement suggestion from Twitter

Alan: Underway! And our new web portal just went live yesterday.

SpiderOak improvement suggestion from Twitter

Alan: An easy fix might be to an a wildcard exclude (in preferences) for the lock files. Agree this can sometimes be annoying — deleting from syncs is a harder problem than it seems, because the app doesn’t always know exactly when the deletion happened.  It knows that the file was there at one point, and gone at another point, and knows the deletion happened sometime between those two, but not exactly when.  So sometimes getting the calculation of which files should be there is hard.  We err on the side of caution of not deleting the file if we’re not sure.

SpiderOak improvement suggestion from Twitter

Alan: Coming!

SpiderOak improvement suggestion from Twitter

SpiderOak improvement suggestion from Twitter

Alan: Coming!

SpiderOak improvement suggestion from Twitter

SpiderOak improvement suggestion from Twitter

Alan: AGREE!  Sorry, we just got absolutely slammed over the holidays, but we are hiring now and will have support caught hopefully in the next few days.  Thanks for your patience in the meantime.

Thanks to everyone who wrote in.

What about you? What do you want to see from SpiderOak this year?

And Now: a SpiderOak Video Singalong (12 Days of Privacy)

“On the 12th Day of Privacy, SpiderOak gave to me….”

For those of you who would like to see a slightly embarrassing and quite silly compilation of SpiderOakers singing what we’ve deemed The 12 Days of Privacy*, then this is for you! We have more than 50 employees all over the world, and this is but a selection of them – from our developers, to customer support, to sales and marketing folks, and yes – even our co-founders. (If you make it through all four minutes – you deserve an award.)

But seriously, thanks for watching! We had fun.

Meanwhile, for the rest of December, you CAN in fact nab 25% off all yearly plans. Here’s how.

What lyrics would you include in the “12 Days of Privacy”?

Happy Holidays! 

*Disclaimer: We do know the 12 Days of Privacy typically begins on Christmas, but we chose to celebrate it before the holidays.

12 Days of Privacy SpiderOak

Get Up to Date on Your Privacy

“If there is no right to privacy, there can be no true freedom of expression and opinion, and therefore no effective democracy.” - Dilma Rousseff

We eat, drink, and sleep privacy. This blog remains dedicated to company updates, developer musings and special promotions (like No Knowing November - check it out!), while our daily articles at the Privacy Post stay in stride with the news. We wanted to curate some of their recent posts in case you hadn’t made your way over there yet:

We want to hear from you – what other topics are you interested in? What do you want to know more about?

We also wanted to share this TEDx Brussels talkHow the NSA betrayed the world’s trust — time to act – where Mikko Hypponen calls George Orwell an optimist compared to the realities of today. “Privacy is non-negotiable and should be built into all the systems we use,” he said. At the end, he calls for trust to be built through open source software. We couldn’t agree more, which is why we have been building Crypton, to bring privacy to the internet.

Watch Mikko’s TEDx talk below: