Conversations about life & privacy in the digital age

Privacy Roundup #7 of 2013

August is upon us and summer in the northern hemisphere is in full swing. And although it seems like yesterday, news of PRISM broke several months ago and Edward Snowden continues to be firmly in the conversation. Further, the US government has been under relentless pressure from foreign governments, congressmen, senators, and companies for what many consider a very intrusive information gathering policy.

For this roundup we did try to include some links to news other then the aforementioned but – as you can tell below – we still felt obligated to include several PRISM / NSA related coverage as the associated privacy issues are still significant.

Click away and catch up on some of what has been going on in the world of online privacy and security in the last month:

From our perspective, we are happy to see a national and international debate rising around privacy and its growing importance in the online world in which we live. This will be a significant issue of our time as we need to understand where lines should be drawn and who is responsible for drawing them. Finding a fitting quote to end this privacy roundup with was not a terribly difficult task in light of this recent news.

“Big Brother is Watching You.” ― George Orwell, 1984

Privacy Roundup #6 of 2013

Summer is officially in full swing in the northern hemisphere. For us Americans that means a celebration of fireworks and cookouts and freedom. This year in particular we are thinking a little more about what ‘freedom’ means in the backdrop of PRISM and its impacts on our society.

It is a complicated issue for sure as we all want to live in a safe place – away from harm and terror. However, we also need to be fully aware of the costs and what we are willing to give up to achieve this safety. It is a dialogue that is finally entering the public discourse and one that we hope will continue in the weeks and months ahead.

This edition of the Privacy Roundup serves up a collection of the most interesting, eye opening and informational news pieces and blog posts on the topic of privacy and of course focus on the late breaking news around the growing Snowden/PRISM scandal:

The weekly quote for this roundup may have to be from “Cosmo” the lovable blind hacker from the 1992 movie “Sneakers” – “There’s a war out there, old friend. A world war. And it’s not about who’s got the most bullets. It’s about who controls the information. What we see and hear, how we work, what we think… it’s all about the information!”

As always, we hope you have a productive and private month ahead! Until next time…

Privacy VS. Security in a PRISM: The Important Difference

The events of these last many days certainly raise awareness around the integrity of data and the companies we entrust with it. Many of the articles and posts have poured over the impacts: the good, the bad, the necessity, the importance, the invasive, the threat, the martyr and so on. Given this dearth of commentary, I would like to spend some time writing about a finally emerging concept – privacy. And further – how privacy is substantially differentiated from security.

To begin, let’s review the definitions of these two words (according to Google):

Security – The state of being free from danger or threat

Privacy – The state or condition of being free from being observed or disturbed by other people

Of all the conversations and dialogue about PRISM, none have concentrated on the security measures in place at companies like Google, Facebook, Amazon, Apple, Verizon, and others. Why you might ask? Because this was not a breach of security. No one hacked into their systems. No one confiscated passwords. Rather – according to reports – these companies willingly complied. [Note: It would be appropriate to draw attention to NSA's security breach in light of Eric Snowden's ability to access and confiscate these documents.]

If the world were oriented around privacy, the ability for a 3rd party provider of web-based services (such as Google or Facebook or Dropbox or SpiderOak) to access the plaintext data is removed. In other words, privacy takes away the ability to access the data in a meaningful way such that it cannot be supplied to government agencies or stolen under the threat of hackers.

We are not now nor have we ever suggested that there isn’t a need for security; in fact, security is absolutely critical. And for many implementations of  various services, privacy is not applicable. However – in the world of conversation and creation of personally owned content from photos to chat to calls to spreadsheets to documents – privacy is absolutely a critical component that can be achieved.

My hope is that we – as a society – will now start asking the question: Why? Why do companies have access to my photos and documents and chat conversations? Is it a necessary part of the service they are offering? A convenience for me?If yes, what are these companies doing to keep my data private? And are there alternatives if I do want real privacy? From the NSA? From the company? From anyone?

This dialogue is critical and I am very glad to see the word ‘privacy’ start to weave its way into conversations. Further, that the public is being educated on the important difference between privacy and security and – hopefully – we all can start making choices accordingly.

For more information on this topic, please visit ZeroKnowledgePrivacy.org and/or watch the explainers below on Privacy VS. Security and the important role of the Privacy Policy .

Privacy Roundup: PRISM Special Edition

May has rolled into June and summer is fast approaching. Originally I had planned for this privacy update to be another collection of somewhat random links regarding the world of security and privacy. And then… We had Thursday. And then PRISM. And it seemed only right to gather as much information, opinion and material as possible around PRISM and make it available to our readers.

But what is PRISM?

This far in, all anyone can tell for sure is that PRISM is the name of a data collection model and technology solution that improves speed and simplicity in allowing NSA and possibly other US agencies to access user data from a large number of the worlds most popular online services. (Including Google, Skype, Microsoft, Facebook etc.)

It seems the program in itself actually does not introduce any new laws, or even break any current ones. What it does however is enables a more effective way for the NSA to request and receive private user data. And of course, this makes it ripe for speculation as to what this ‘new’ stream lined procurement process is being used for and how.

One of the most informative posts as to the model, use, and participants ironically enough comes from the NSA themselves (via Washington Post) and can be found here:

NSA slides explain the PRISM data-collection program

If you desire to dig a bit deeper into PRISM, what people are saying / thinking, and what companies may or may not have been directly involved, here are a collection of what we found to be the most informative links on the subject from the last several days:

Though we will be elaborating on the PRISM program in relation to SpiderOak in a separate blog post,  I can say definitively that our users’ data is encrypted client-side, uploaded, and stored in its fully encrypted state which means we  are never able to view plaintext user content under any circumstances. In short, PRISM would be wholly and entirely useless in the SpiderOak context. 

To Note: We also have yet to even be contacted by any agency regarding the program – surely a result of our ‘Zero-Knowledge’ privacy environment. After all, encrypted data is rather useless for conducting data mining activity.

In light of recent news and the topic for this special roundup I think it’s only fitting we sign off with this quote of the week:

He who controls the past controls the future. He who controls the present controls the past.” – George Orwell in 1984

 

It is a Monday…

Greetings SpiderOak Users,

This morning we excitedly sent out an email to you all with news of our latest version – SpiderOak 5.0. Within 5.0 are many new and exciting features including Hive and Windows OS integration (Mac & Linux coming soon) in addition to a completely revamped mobile effort with our 2.0 iOS app currently in the app store (2.0 Android shipping on the 16th of May).

In our efforts to alert you of these wonderful changes, we have received comments that the email was addressed to ‘First Name’ as opposed to the actual name as it appears in our database. Now – while this may appear as a mistake, it is actually us taking privacy one step further and converting all of your ‘first names’ to read ‘First Name’. As we constantly strive to push ‘Zero-Knowledge’ further and further, this is just another step in that process.

NOTE: Of course we are making light of a mistake we made in our email campaign this morning whereby we did not properly include the mail merge in the final deployment. This is my mistake and I do sincerely apologize for any problems this may have caused. Rest assured, the emails are indeed from us at SpiderOak and you can always feel free to download 5.0 from our website here: download.

Given this topic, we would also like to take a moment to mention the domain name present in our email communications to users – spideroakcommunique.com. We have designated that some of our email correspondence come from this domain so please do not be alarmed or worried about an email coming from spideroakcommunique.com as representing a spam or phishing message. That said, we are currently taking steps to push all communications from spideroak.com to limit confusion moving forward.

Please don’t hesitate to send further thoughts and/or questions anytime and we thank you in advance for both your understanding and continued patronage with SpiderOak.

Have a wonderful week ahead.

Sending very best wishes,

Ethan Oberman
SpiderOak, Inc

Privacy Roundup #5 of 2013

Time marches on and it is hard to believe the first four months of the year have now come to a close. The month of April has been a big one for SpiderOak as we have released our long awaited 5.0 client including our newest feature ‘Hive’ as well as Explorer integration for Windows and our newly redesigned 2.0 iOS application (with Android currently in Beta).

In world news it can be noted that the Crypto Coin craze is still going strong with Bitcoins (btc) hovering above $100 and companies such as Butterfly Labs and Avalon shipping more and more advanced equipment for mining cryptographic currencies (more on this and privacy and security implications of crypto currencies in a future post). The world has seen the rise and possibly fall of CISPA once more, and the debate on surveilance drones rages on.

For this Privacy Roundup we have as usual hand picked some interesting tidbits from the news, so stay vigilant and check out some of what we felt was important in the last few weeks:

Well that about sums it up. This week we sign off with a quote from Sean Parker’s character from the movie “The Social Network”: “We lived on farms, then we lived in cities, and now we’re going to live on the internet!”.

As always, we hope you have a productive and private month ahead!

Increasing Transparency Alongside Privacy – 2013 Report

As we stated in our Transparency Report in 2012, privacy continues to be at the root of all we do at SpiderOak. Every new product and feature is designed to fit tightly alongside our ‘Zero-Knowledge’ privacy commitment. And we continue to understand how transparency plays a role in overall privacy.

In our ongoing efforts to stay on top and aware of this ever-changing landscape, our work with the Electronic Frontier Foundation (EFF) continues to keep us better informed and aware of what we can do when fighting for the rights of our users.

Given all this, we have reproduced a Transparency Report for that covers all activity over the last calendar year – from April 2012 to April 2013. The report is as follows:

SpiderOak Transparency Report

We are proud to stand behind our commitment in keeping our users informed of any and all activities involving their data and the constant protection of their privacy. Our relationship with the EFF and other organizations will always improve our outreach and understanding so that you – our user – will benefit from a fully transparent and open environment. As always, we greatly value your thoughts and feedback so please don’t hesitate to send further thoughts or questions anytime.

Privacy Roundup #4 of 2013

It is now March 28th and the 4th Privacy Roundup is upon us. As the year marches forward so too are we seeing an exploding number of events involving the importance and necessity of privacy. From increased surveillance efforts to the financial crisis in Cyprus to the rise of Bitcoin and Litecoin as crypto-currency alternatives, privacy awareness is making headlines and raising eyebrows.

On a slightly different note but worth mentioning, we at SpiderOak are in the last phases of a major 5.0 release which will include exciting new features, bug fixes, and functionality updates. Additionally, we will be launching our mobile 2.0 effort which makes the ‘on-the-go’ experience much more powerful. Exciting times indeed…

As always, below find a cured selection of privacy and security related news from across the globe:

Google Takes the Dark Path, Censors AdBlock Plus on Android.

Smart Homes: Our Next Digital Privacy Nightmare.

Web advertisers attack Mozilla for protecting consumers’ privacy.

Cisco switches to weaker hashing scheme, passwords cracked wide open.

Viruses, Trojans, and worms, oh my: The basics on malware.

Privacy 101: Skype Leaks Your Location.

New Google Chrome Spell Checker Monitors Everything You Type, While FBI Secretly Watches.

One in six Amazon S3 storage buckets are ripe for data-plundering.

This week we are closing out with a meta-quote from the movie ‘Hackers’, where one of the main characters can be found quoting Ozzy Ozbourne’s famous: “Of all the things I’ve lost, I miss my mind the most”. Sending our best wishes for a great April ahead.

Latest & Greatest: Calling all Beta Users

Greetings SpiderOak Users!

We have been working diligently on a new SpiderOak 5.0 / SpiderOak Mobile 2.0 release which contains many exciting new features including a central sync folder (think Dropbox but with ‘Zero-Knowledge’ privacy), operating system integration allowing for right-click functionality (initially only on Windows), and several other enhancements to the overall application and experience. A brief overview is as follows…

The SpiderOak Sync Folder

As many of you may have already read in a previous post New Feature: What would you call it?, this ‘sync’ folder makes it easy for users to get up and running with SpiderOak in a few very simple steps. Any folders or files placed in this ‘sync’ folder will automatically get backed up and then synced to any other devices that have the SpiderOak ‘sync’ folder running. To round out the functionality, the data will be easily accessible via our new mobile applications (details below).

Operating System Integration

As part of this release we will also be deploying OS integration granting right-click access to SpiderOak functions via the file browser (Explorer on Windows and Finder on Mac). You will be able to select a folder or file for backup, share a file, or view the historical versions of a file all through the context menu.

Further – you will also notice a SpiderOak icon overlaid on all folders that are included as part of the backup set so you know immediately when a folder is safely and securely in the SpiderOak system. We will be releasing this feature initially only on Windows with Mac and Linux soon to follow.

SpiderOak Mobile 2.0

Another significant advancement is the release of our new mobile applications. We have updated the structure of the app to better take advantage of the future growth in functionality – including immediate access to all data within the SpiderOak Synd folder. This will also make it easier to navigate data across your various computers and devices as well as simply preview and share any file stored within SpiderOak. Along the way we also addressed many other issues and concerns such that the application will function with much greater efficiency and effectiveness. Our plan is to roll out the iOS version first followed closely by Android.

How to get involved?

If you are interested in helping us test these latest features as well as provide important and critical feedback, you may do so by downloading the desktop client via our Forum. Instructions can be found here:click here & log in to the forums. To test our new iOS client, please send an email to: mobile@spideroak.com with your UDID and we’ll get you connected.

Last but not least…

Please note that this is a pre-beta launch. We want to reiterate this as we are still working on addressing some small issues here and there; that said, we are extremely excited to hear your feedback and thoughts on SpiderOak 5.0 / SpiderOak Mobile 2.0 and where we are headed. Thank you in advance for your time, commitment, and continued patronage with SpiderOak.

Privacy Roundup #3 of 2013

The third privacy roundup of 2013 is upon us. And much has happened in the security and privacy space.

Here at SpiderOak we have certainly been busy between throwing an event around RSA 2013, working on exciting new features for the application and launching Crypton (our ‘zero-knowledge’ application framework) – allowing any developer to build ‘zero-knowledge’ privacy applications.

So with no further ado, please enjoy this additional selection of privacy and security related news below:

Apple iCloud censoring ‘Barely Legal Teen’ emails.(SFW)

Google accused of privacy violations yet again.

The Problem With Google Glass: People Wearing Them Can Record You Without You Knowing.

Ragtime: Code name of NSA’s Secret Domestic Intelligence Program Revealed in New Book.


INFOGRAPHIC: Managing Mobile Privacy.

Bypassing Googles two-factor authentication..

And for this weeks closing quote, a little William Blake’s America: A Prophecy: “Fiery the angels rose, and as they rose deep thunder roll’d. Around their shores: indignant burning with the fires of Orc.”