Conversations about life & privacy in the digital age

AMA: Interview with Cryptographer, Computer Security Expert Jon Callas

Jon worked on Apple’s Whole Disk Encryption, PGP (Pretty Good Privacy) Universal Server, co-founded the PGP Corporation, is former CTO of Entrust, and current co-founder and CTO at Silent Circle (Global Encrypted Communications). As an inventor and cryptographer, his designs of security products have won major innovation awards from The Wall Street Journal and others.

Last week, you submitted your questions for Jon Callas, one of  the world’s most respected and brilliant minds when it comes to software security and privacy. We chose five of them, which we sent to Jon. These are his answers.

1. How did you become a security expert / cryptographer?

A long time ago, I worked at the best computer science grad school there was — VMS development at Digital Equipment Corporation. One of the great things there was that I got to work on a wide variety of things, from graphics to schedulers to memory management to operating system security. A lot of the problems we had to deal with at the time are still relevant issues. I did a random password generator among other things, and I still use that for my own passwords.

When DEC fell apart, like many people, I started a startup with a number of friends. We built a system that let you do meetings as well as play games, socialize, and collaborate. It got rave reviews. The venture capital people said to us, “This is amazing! I want to invest in this in ten years!” That was when I started getting into cryptography. People didn’t want to do collaboration on the then very-early Internet without encryption. There was no SSL at the time, either.

So I went to the second ever RSA conference to learn to do enough cryptography to protect our network. I ended up sitting next to a guy named Bruce who had just written a book called “Applied Cryptography” and he had a bunch of them in a duffel bag with him, so I bought one. I may have bought the very first copy; I know I was the first person at RSA who bought one. I asked him to autograph it, and he said, “I can’t deface a book!” I replied that it’s not defacement if you’re the author.

After we got tired of throwing our money into our startup, I went to work for Apple in the Advanced Technologies Group and worked for Gurshuran Sidhu, who was the inventor of AppleTalk, and shipped the very first crypto built into an OS, called PowerTalk. It failed for being far too early, as well. One of its pieces, though, was this password manager called The Keychain, and I claimed that it was a great thing. While it was hardly perfect, it encouraged good password use, and that was better than anything else. So Bruce Gaya and I hacked The Keychain so that you could run it without the rest of PowerTalk, and thus rescued it from oblivion. The present Keychain on Apple products is completely and utterly rewritten, but I’m proud of saving it. I also built a random number manager for Macs that’s now lost to the mists of time.

That was the worst time to be working for Apple, the year before Steve Jobs came back. I named all my computers for things in The Hitchhiker’s Guide to the Galaxy, because as I said, having been through DEC’s collapse I felt a bowl of petunias (“Oh, no, not again”). When SJ came back, we heard a lot about what his plans were, as he and Sidhu were old friends. We knew that he was planning to get rid of all of ATG, so we wondered what to do. Sidhu wanted to start a startup, but none of us had any ideas we really liked. I could have easily gone into the OS group. A friend of a friend said that Phil Zimmermann’s PGP Inc was looking for server architects, and I interviewed there and got an offer. I thought it was a great way to do fun things and change the world for the better, so I went there. That was a great place to really become an expert.

2.  Are there any localities where it is illegal to encrypt calls, text messages, or emails?

Maybe. That’s not a good answer, is it?

In civilized countries, the answer is no. I might even go so far as to say that the places where it’s not legal or even expected are pretty tightly correlated with civilized countries. Repressive governments often try to restrict crypto. I’m sure Syria’s got it’s opinions, but I’m not an expert on Syrian law.

There are places where there are restrictions, but they are also so filled with exceptions that it’s hard to give a definitive answer. For example, China has import restrictions on cryptography. But there are exemptions for non-Chinese doing business there or Chinese people who are doing business with other countries. I am also nothing like an expert on Chinese law.

My rule is that I worry about the laws of countries that I want to operate in. I need to know about them, there. Other places I just ignore.

Most often, even in repressive countries, they aren’t worried about the crypto as such, they’re worried about what the people are using the crypto for.

 3. What are you working on right now that has you the most excited?

On a large scale, it’s Silent Circle. The biggest problem we’ve always had with crypto is that it’s hard to use. Usability is key because if it’s hard to use, then people use insecure systems. They don’t stop talking, they stop being secure. So your security has to fade into the background. It has to be ignorable. But it also has to be there, as well. That’s a paradox.

We also have learned one of the best ways to make security workable is to have it run by an expert staff. So the question is how to have an expert staff running the security and privacy for people who need it and yet the staff can’t undetectably compromise the people using the system. We have a lot of innovative things we’re doing to make the security fade into the background and yet be there.

On a small scale, I’m taking my old password generator from VMS and making it into an iPhone app. I was doing a lot of work on it before Silent Circle as a hobby, and I really ought to finish.

4. As an expert on encryption do you see a natural relationship between encryption and the law? What’s your stance on how encrypted data should be treated when there’s no idea what it may contain? In some countries there are what I consider very severe key disclosure laws and I wonder if there will ever be a duress scheme or method of deniable encryption that could be so perfect as to make the laws moot.

I think it’s an unnatural relationship between encryption and the law. All technologies can be used for good or ill. It’s true for fire. It’s true for just about anything. Encryption, interestingly, is rarely *directly* used for ill. Yes, there are data ransom schemes that use encryption for ill, but that’s not what people are concerned about.

It’s part of our belief in human rights that we believe in the right to be left alone. Yet many people lose their nerve when it comes to privacy technologies on computers and networks. I think that’s an artifact of the fact that we’re comfortable with door locks or window curtains, but every time someone thinks about encryption, the James Bond theme starts playing in their head. That’s an artifact of the relationship between encryption and disagreements between nation-states. With the Internet and computing everywhere, not using encryption is like having an unlocked house with no curtains.

“With the Internet and computing everywhere, not using encryption is like having an unlocked house with no curtains.”

My stance on encrypted data per se is that it’s data. Everyone has reasons that they want something to be private. Everyone has things that *must* be private, like their own records or someone else’s records, which usually *must* be protected. This might have been an interesting debate way back in the 1900s, but it isn’t any more.

I don’t know what to say about key or data disclosure laws. In the US, there’s movement in the courts towards protecting encrypted data in some way or other. It’s all revolved around passwords in specific, but the real issue is a Fifth Amendment issue. Relatively few countries have equivalents of the Fifth Amendment.

But the UK, for example, they don’t have protections against self-incrimination. As a matter of fact, we have one in the US *because* they don’t have one there. They have a disclosure law, RIPA. I think its application has been pretty embarrassing, as I can’t think of a place where it has been used that didn’t do much more than make the defendant more sympathetic.

I am not a fan of deniable encryption and personally, I think it’s impossible. Deniable encryption seems to me to be predicated on the idea that your attacker is either a nice person or stupid. Stupid in the sense that you are managing to hide the fact that you’re using deniable encryption. That predicates that either you’re using something completely custom, or they don’t realize that the deniable encryption is there. That’s what I mean by stupid — you’re pulling a fast one on them and they don’t know it. By being nice, they know you have deniable encryption and yet they’ll say, “Well, I guess if we can’t *prove* you have something encrypted there, I guess you don’t!”

A couple of years ago, I was chatting with the customs agency of a civilized country. I asked them about TrueCrypt and its deniable disk volume. They said, “Oh, we know *all* about TrueCrypt!” One of the guys I talked to added, “If we see you’re using TrueCrypt, we just ask you for the second password.” I asked what happens if someone doesn’t have a second volume and they replied, “Why would someone do *that*? I mean, that’s the whole point of TrueCrypt, to have a second volume. What kind idiot would install TrueCrypt and not have a second volume?” We chatted some more and one of them said, “Look, we don’t look in someone’s laptop for no reason. We have better things to do. If we’re asking for your computer, it’s not because they had a piece of fruit in their bag. If we find special encryption, we know we’re on to something.” I asked again about someone who *doesn’t* have a hidden volume, and they said that you’d have to sit in a room for a while, until you convince them you don’t.

This is the real issue, I think. If you’re in a nice jurisdiction — one where you can say, “Look, I’m an honest person and I have encryption, and no I’m not going to tell you my password” then deniable encryption might work. But if you’re in a jurisdiction where they aren’t nice, then you’re actually more at risk using something that makes you look like you’re up to something.

Ironically, this is an effect of the fact that we’ve succeeded in making encryption normal.

 5. What is your favorite movie?

There are relatively few movies that I’m willing to watch more than once. I’m apathetic about special effects, but a sucker for great dialog.

One of the very few movies I can watch over and over is The Princess Bride. One of my favorite lines to live by is, “Nonsense. You’re only saying that because no one ever has.”

Thanks Jon! If you are interested in learning cryptography, we recommend reading his PDF, An Introduction to Cryptography. Otherwise, be sure to follow or like Silent Circle to stay in stride with their efforts and support their work in encrypted communications.

Drink Your Ovaltine: Encryption 101

When it comes to cryptography, there are no experts. It is considered to be a constantly evolving field. If you started learning today, it is accepted that you might see something new in the code, or do something better that lifelong cryptographers have missed.

The first thing that comes to mind when I think of encryption, is the scene in A Christmas Story when Ralphie gets a decoder ring and decrypts a disappointing (advertising) message:

But at its basic level, this describes encryption. You probably even had similar games you made up as a kid. In the computer world, this means converting plaintext data (ordinary info) into ciphertext, or unintelligible text.

 


OpenPGP (PGP = Pretty Good Privacy) is thought to be the most widely-used encryption program in the world. But there are two types of encryption methods: symmetric and asymmetric.

1) Symmetric Password-Based Encryption

This is the simplest encryption system. It’s called “symmetric” because the same key is used to encrypt and decrypt the file. If Alice wants to share data privately with Bob, she must first create an encryption key. This can be done by sampling a sufficiently random source, or by deriving it from a password. Alice must securely give this key to Bob. Now Alice can encrypt her data with that key, hand the encrypted data to Bob, and Bob can use the key to decrypt it. This method is useful to encrypt sensitive information for yourself, for family, or for a few trusted friends or coworkers. AES is a popular symmetric cipher.

2) Asymmetric Public/Private Key-Based Encryption:

Asymmetric encryption involves the use of two different keys, one which is private and not shared, and one which is public. The public key encrypts data, and the private key decrypts data. With this scheme, Alice and Bob each have their own private/public key pairs. Alice now uses Bob’s public key to encrypt the data she wants to send to him. Because only Bob has his private key, only he can decrypt the data Alice sends him. Asymmetric encryption takes more computer power than symmetric key encryption, so it is often used to set up secure communications to exchange symmetric keys. RSA is a popular asymmetric cipher.

As for SpiderOak, our old clients used a combination of 2048 bit RSA and 256 bit AES. Now new clients use 3072-bit RSA combined with 256 bit AES to meet industry recommendations. We use this mixture of techniques where each is best suited: asymmetric encryption for communications channel setup and key exchange, and symmetric encryption for internal data structures and improved client performance.

Not only are your files encrypted with SpiderOak, but so are the filenames and paths. Our Engineering Matters page does a good job of explaining in detail how we encrypt your data after the initial scan, and our servers have zero-knowledge of what they are storing. Next week our system administrator will talk about why we went this direction, as well as why encryption doesn’t necessarily mean privacy or safety.

Jon Callas is one of  the world’s most respected and brilliant minds when it comes to software security and privacy. He worked on Apple’s Whole Disk Encryption, PGP Universal Server, co-founded the PGP Corporation, is former CTO of Entrust, and current co-founder and CTO of our friends, Silent Circle (Global Encrypted Communications). As an inventor and cryptographer, his designs of security products have won major innovation awards from The Wall Street Journal and others. If you are interested in learning cryptography, we recommend reading his PDF, An Introduction to Cryptography.

(TeaserOur community gets the opportunity to interview Jon, so we will make a call out for your questions later this week – be thinking of what you’d want to ask him!)

What else would you say about encryption? How did you learn? Why do you think it is important?

It’s Data Privacy Day – Helpful Privacy Tips for You

Here are some of our tips for your privacy protection online. Please let else know what else would might add to the list?

  • Use different, strong passwords for each of your online accounts so if one is compromised the rest are safe. Strong passwords contains letters, numbers, different cases, and symbols.

  • Unused online accounts are a liability. Hackers could use them to infiltrate your more important accounts. Get rid of them.

  • You put a lot of information about yourself on social networks. Would you want that friend of a friend you met once, two years ago to be carrying around a copy of all that information? Probably not. Keep the people you know and trust. Delete the rest.

  • Still receiving bank statements and doctors’ invoices by mail? You don’t need your personal information floating around in your trash can on the curb outside. Call your bank, doctor, credit card company etc. to find out if you can go paperless and manage your records via a secure online portal. You’ll save a tree and protect your privacy. Perfect!

  • Update your web browser (Internet Explorer, Firefox, Safari etc.) regularly to ensure that it’s the most recent version so you can take full advantage of the included privacy features like ‘private browsing mode.’
    (Explorer offers phishing filters, private browsing mode and more; Firefox offers anti-malware, parental controls and more; Google Chrome offers incognito mode, a user privacy settings tab and more.)

  • Taking the time to read a privacy policy in part or in whole to understanding the data relationships that exist on the site will help you make informed decisions when using available privacy controls on a site.

  • Be wary of emails asking you to “update” or “confirm” your information. These are almost certainly phishing schemes aimed at obtaining your personal information.

  • It’s easy to spoof an email sender, so don’t download attachments that you’re not expecting, and don’t download executable attachments at all. If you get an email saying “Run the attached file”, DON’T.

  • You should also never download attachments from unrecognized senders, as they are likely to contain viruses or malicious software that can take over your computer and/or harvest your personal information.

  • Remember to sign out of an online service or account when you are finished with your session, especially if you are using a public or shared computer.

  • Don’t broadcast your location or absence on social media. For that matter, make sure you know where you privacy settings are on social media.

  • Check out some of our favorites for your online use: PrivacyFix (simplifies privacy for you); and search engine DuckDuckGo (does not track any of your personal information).

  • Password-protect your devices.

  • Check your privacy settings before sharing vacation photos.

  • Discuss privacy concerns with your children and other household members. Everyone should understand what you feel is and is not appropriate to reveal on the phone, using a computer, or other situations.

  • Check your credit report regularly.

Find even more tips at StaySafeOnlline.org.

IF YOU MISSED IT: 24 hours left for 28% off

Celebrate Data Privacy Day with us by nabbing 100GBs (an annual plan) at this great discount (details found in Friday’s post).

Thanks for elevating the privacy conversation and Zero-Knowledge privacy with us. We have a big announcement we will post later today.

Introducing ZKPAs: Privacy is a part of security

Most of you have probably caught on by now that 2013 is ‘The Year of Privacy’. One of many reasons is we’ve just launched our ‘Zero-Knowledge Privacy Ambassador’ (ZKPA) program.

We now have nine impressive ZKPAs from around the world who we want to introduce you to in the coming weeks. You will find these ZKPAs online and offline, specifically advocating for the virtues upon which we built SpiderOak and educating others on zero-knowledge privacy. They will help us dream and expand the program in order to make ‘zero-knowledge’ a household term.

Allow me to introduce to you one of these new ZKPAs, Ryan D. Lang. Ryan graduated magna cum laude from Drexel University this past summer, 2012, with a degree in Computing and Security Technology. While employed at the Camden County Library System, he aided patrons as in-person technical support. He is currently employed in the IT Support department at LT Security.

In his spare time, he works on a book that attempts to adapt corporate best practices to average users. The goal is to convince others of the importance of good security. Earlier writings can be found at Ghacks.net. “I just want to do a little good in this world.”

Ryan wrote the following post:

Privacy is a part of security

It came up in the meeting that several members of SpiderOak felt that privacy and security were separate. I politely objected to no avail, but rather than argue, I elected to compose a concise, persuasive essay.

Security is often described as being composed of the CIA: Confidentiality, Integrity, and Availability. “Confidential” can literally be defined as “private” or “secret.” * Thus, privacy is a subcomponent of security. To attain privacy/confidentiality industry uses technology, policies, and physical controls.

Consider VPNs: Virtual Private Networks. They are designed to keep communications private over a public network. They employ the technology of encryption to achieve this. Another technology employed is user privileges. They can control/restrict access to information, keeping it secret from those who do not need access. SpiderOak takes this a step further by removing access from employees completely.

Policies are rules of conduct that a company sets for its employees. They can be used to define what should be kept private and create ramifications for sharing secrets. While this often relies on background checks and the honor system, the procedures defined by policies can make breaking them harder (e.g. requiring two signatures or a notary on critical documents).

Locks and keys have long been used to secure property. Physical security is as important as digital security. This should include old fashioned locked doors to protect private data (&c.) not only from outside access, but from unauthorized internal access as well. Key files placed on a physical USB drive can be used with TrueCrypt and KeePass, secret keeping programs, to compliment or replace passwords.

These are examples of old and new methods used to protect privacy. Together they form critical parts of industry security best practices. Without privacy, data is insecure.

*http://www.m-w.com/dictionary/confidential (see definition #2)

Personal Note

I find “confidential” to be an interesting word. To me it means: “giving with trust of keeping a secret.” A prime example of this is when you confide in a friend. Another example is when talking to a doctor or lawyer; arguably a better example since there is legal backing. Those professionals have to keep your secrets (within statutes) or they will be fined or even lose their license to practice. I do not think that the majority companies consider the depth of the word “confidential” when forming policies or choosing controls (though they may consider “due diligence”).

SpiderOak 4.8.4 release

We are sorry for the blog update delay, dear SpiderOakians.

As of a week ago, in 4.8.4: Fix a bug causing upgrade from one version of 4.8.x series to a newer one to fail on Windows.

See all release notes here.

Mayan Prediction 12-21-12: Just the end of their calendar? End of the world? Or merely a blizzard?

Before I even put my head on the pillow, the screaming wind was banging without pause against my windows. It probably wasn’t a valid fear, but throughout the night I’d wake up wondering if it was going to break the glass and throw a wave of snow and paralyzing cold onto my bed, all over my room. It was an ear-plugs-in kind of night.

I currently live in the literal country in Kansas. Hay bales and cows are scattered about within eye-sight and beyond. I get to see the most beautiful sunrises and sunsets each week. Four happy farm dogs greet me as I come and go. The nearest store is 20 minutes away. I can see two houses in the distance. It is so peaceful here.

As I floated in and out of sleep all night, I’d be sure to look out and catch glances of the eerie-gray scene unfolding outside. It struck me as funny that tomorrow is the end of the Mayan calendar and one of many speculations is an apocalypse (and where to get a better picture of this than on Wikipedia). You can’t blame me for where my mind went with the brutal weather rip-roaring before my very eyes, accosting my ears.

I woke up this morning to a lighter sky, letting me finally see the blizzard in action. The wind and snow tore forcefully across the plains (the photo doesn’t do it justice). It is the kind of power and grace that makes you pause…

All over the area and into Missouri and Iowa, traffic is at a standstill for hours, schools are cancelled, and people can’t go into work. The news is eating the chaos up, describing the “painful” wind in their fluffy parkas, and following with excitement the night-work of the snow plows and salt-layers.

No matter what you think or believe may happen tomorrow, I believe it is never a bad thing to be reminded that all we ever truly have is today. So this all reminds me: enjoy this day. Each person, each moment. Do things you love with people you care about, while you can.

But for those doom-and-gloomers out there who will be spending their ‘last day’ kissing and hugging loved ones goodbye, partying like it is 1999, or spending the last drops of money in their bank accounts, tomorrow, we at SpiderOak will be developing new features, running our servers, maintaining our beloved Zero-Knowledge privacy, and arguing with each other about who’s working on New Years (or something like that).

For those of you who don’t buy any of it and will carry about as normal, here are two awesome things you can do with your time:

  1. Until Monday night, you can send a friend or loved one a ‘Secret Santa’ gift ON US. Gifts are handed out randomly and include an iPod Touch (1 prize available), a pair of socks (5 prizes available), a 100 GB plan (10 prizes available), a 5 GB plan (1000 prizes available), and 30% discount on all SpiderOak yearly premium data plans (unlimited prizes available). Spread the word! Be generous – it’s fun to give.
  2. Make sure all your documents, files, photos, videos, and data are safely backed up. If you’re new, sign up here and check out the pricing. (There is nothing like going into the New Year with peace of mind. Be sure to share with your friends and family so they can do the same!)

As for me, I’ll spend the day working, listening to the wind howling and banging on every window, and wondering when I’ll be able to get out (I have a holiday party to attend tonight after all!)…

Wishing you a truly rich, wonderful day,

Erin & the SpiderOak Team

Our first-ever, special offer for free users: 25GB for $30/yr

EXPIRED: This offer is now closed, as of Friday 11/16 @ midnight CT.

We heard you!

Normally, the smallest amount of storage you can buy with SpiderOak is 100GB for $100 a year. But a lot of our free users have said they would upgrade to an annual plan if they could get only 25GB because that is all they need, opposed to buying 100GB.

SO, this will be our first time to try it out. For only the next 3 days, you can upgrade to a 25GB plan from a free account for only $30/year.

Use this promotion code to upgrade your free account: TWENTYFIVE

(If you aren’t yet a SpiderOak user, but want to take advantage of this deal: sign up here, download and install the software, click ‘Buy More Space’ and use the promo code above.)

We’re excited to give it a try and see what the reception is like, so be sure to nab this deal and please help us spread the word until then. The offer ends on Friday Nov. 16 @ midnight CT.

Let us know what you think!

Sincerely,

The SpiderOak Team

What people are saying about SpiderOak (Pt. 3)

Over the past few days, we’ve been highlighting what our users are saying about us. In case you missed it, you can view our posts from Friday and yesterday.

We appreciate SpiderOak users, and one of our favorite things is getting to know you. Our loyal customers and fellow privacy fanatics have continually helped us create a better product and develop and grow as a company.

Cody, the pharmacy student:

Konrad, the computer geek:

“I came across SpiderOak a few days ago and gave it a bit of testing. I absolutely love the pricing plans, especially with the student discount. As a fellow computer geek, I also really appreciate all the security features. You are doing an awesome job as far as doing things properly is concerned.”

Alexej, the savvy solution-seeker:

“Back before I discovered SpiderOak, I was feeling the need to set up some kind of backup and sync between my work and home computer. I never, ever would store any data that is personal on someone else’s server unencrypted though. What was I to do?! I searched and tried and eventually came up with an encfs-Volume in a Dropbox folder. Believe me, it was a day’s work for me to figure out how to get this running on OS X including installing the Linux files, making a bash-script that would mount the volume automatically so it would always be ready to use, etc. But finally, this allowed me to store and sync files remotely while ensuring they were encrypted on my side on the fly. That was the first – at least functional – solution I used; I had tried a few other ways before but they all fell short in terms of usability. Then, I found SpiderOak – and you guys! You can imagine how moved I was to see that somebody was doing just what I had looked for for all the right reasons and in just the right way! Great company, great people, good reads on the website, and all in all such a feeling of relief, both safe and secure.

The best test was a recent hiccup while backing up: transfers just froze at some point and nothing seemed to be working anymore. But thanks to the way SpiderOak is coded and stored, nothing got lost, the re-installation of my primary device’s backups and syncs were a breeze, and Laura (Customer Relations) was a pleasure to talk to and get assisted by.”

Don’t be shy – what about you? What has been your SpiderOak experience? Leave a comment below.

(Psssst…tomorrow we will kick off our limited special offer of 25GB for $30. We’ve had a lot of requests for a 25GB offering, but this will be our first. Be sure you don’t miss out – it will only be available for 3 days!)

What people are saying about SpiderOak (Pt. 1)

One of our favorite things is getting to know SpiderOak users. Our loyal customers and fellow privacy fanatics have continually helped us create a better product and develop and grow as a company.

We’re grateful. Allow me to introduce you to a few users who were willing to share their SpiderOak story:

Kevin, the professional musician:

Brook, relieved to have photos and videos safely backed up:

“I just wanted to drop a quick note that I recently started using SpiderOak for my backup and syncing needs, and it works great. I can vouch for it working well on Windows, Linux and the Android app. I love all the flexibility you have with [the client] and really appreciate the ‘zero-knowledge’ data encryption. Over the weekend [my family] organized and backed up about 10GB of photos and videos. It’s a huge relief to have that taken care of. [I really appreciate] SpiderOak’s sync feature for keeping my main documents synced between my desktop and laptop. I’ve contacted support a few times for general questions and always received quick, personal and useful responses. So far, I’m very pleased.”

T3charmy, left Dropbox for SpiderOak:

“I left dropbox for you guys. I had a promo for 5GB free, and so far, you guys are WAY better than Dropbox. My experience… has far exceeded what Dropbox could do. The one thing that I would like to see is the ability to upload files from the Android app. Other than that, you have far exceeded my expectations. 6/5 stars.”

We’ll share more testimonials next week, as well as promote a limited special deal for 25GB we’ve never before offered. Stay tuned!

In the meantime, what about you? What has been your SpiderOak experience? Leave a comment below.

Announcing the winners of our Halloween Photo Caption Contest: ‘Your Online Privacy’

It was hard for our team to choose three winners from last week’s Halloween Photo Caption Contest around the theme ‘Your Online Privacy.’ We’re happy to announce the top three that we felt best fit the criteria:

#1 New iPad mini: Stephanie

“This is Zara. She used to be a regular human being before her online privacy was invaded by third parties like Google. SpiderOak can help protect you from falling into their traps. Save your souls… and your brains. Get SpiderOak.”

#2 Free 100 GB: Jon

“Even after eating your brains she won’t be able to get into your SpiderOak account. SpiderOak. Sync. Share. Access. Backup. Zombie Protection.”

#3 SpiderOak T-shirt: Keith

“One of many SpiderOak system administrators. (Thank goodness for Zero-Knowledge privacy!)”

Thanks again to everyone to joined us for the contest and above all for your vigilance around online privacy.

Keep an eye out: this coming month we will offer a special deal on storage, launch our new Zero-Knowledge Ambassador program, reveal customer testimonials and continue to highlight the importance of privacy.