Conversations about life & privacy in the digital age

Why Privacy Matters

Why does privacy matter?

To begin breaking down the subject of privacy, we created an explainer, recently published in IT Briefcase, to answer the following questions:

  • What is the difference between privacy and security?
  • Should you care about privacy if you have nothing to hide?
  • What does privacy mean in the digital age?

Want to help spread the message of privacy? Share this explainer and get people thinking about Why Privacy Matters.

Privacy Roundup #4 of 2013

It is now March 28th and the 4th Privacy Roundup is upon us. As the year marches forward so too are we seeing an exploding number of events involving the importance and necessity of privacy. From increased surveillance efforts to the financial crisis in Cyprus to the rise of Bitcoin and Litecoin as crypto-currency alternatives, privacy awareness is making headlines and raising eyebrows.

On a slightly different note but worth mentioning, we at SpiderOak are in the last phases of a major 5.0 release which will include exciting new features, bug fixes, and functionality updates. Additionally, we will be launching our mobile 2.0 effort which makes the ‘on-the-go’ experience much more powerful. Exciting times indeed…

As always, below find a cured selection of privacy and security related news from across the globe:

Google Takes the Dark Path, Censors AdBlock Plus on Android.

Smart Homes: Our Next Digital Privacy Nightmare.

Web advertisers attack Mozilla for protecting consumers’ privacy.

Cisco switches to weaker hashing scheme, passwords cracked wide open.

Viruses, Trojans, and worms, oh my: The basics on malware.

Privacy 101: Skype Leaks Your Location.

New Google Chrome Spell Checker Monitors Everything You Type, While FBI Secretly Watches.

One in six Amazon S3 storage buckets are ripe for data-plundering.

This week we are closing out with a meta-quote from the movie ‘Hackers’, where one of the main characters can be found quoting Ozzy Ozbourne’s famous: “Of all the things I’ve lost, I miss my mind the most”. Sending our best wishes for a great April ahead.

A Great Evening Focused on Privacy

We’re just starting to see the dust settle after hosting the first annual Penetralia Event and wanted to thank all the attendees for their attendance as well as the folks over at Silent Circle for co-hosting and making the evening so special. It is our hope that you had as much fun as we did and left feeling more understanding and passionate about privacy.

The event was intended to coincide with the first day of the RSA Conference in order to help further draw the important distinction between security on the one hand and privacy on the other. A physical way to explain this technical difference would be to think of your house or apartment:

Security relates to the lock on your door and/or your alarm system — the measures you put in place to keep out unwanted visitors or intruders.

Privacy represents the blinds on your windows. Most of us don’t like the idea of a passersby peering inside at all hours even if we aren’t doing anything of particular note. This is why we we draw the blinds.

Hence – it is through the existence of both security and privacy that we can fully enjoy peace of mind. And of course the same should exist in our digital / online lives as well.

To illustrate this point, we created ‘Secure’ and ‘Private’ boxes which were on display and available for attendees to experience. We invited people to step inside each box, feel the difference and ponder how the experience translated to putting their data in the cloud.

On Monday we also announced the launch of our newest product, Crypton. Penetralia attendees had the opportunity to see and discuss directly with the developers responsible for building this world’s first ‘Zero-Knowledge’ application framework. The level of interest was overwhelming and thus incredibly encouraging. We look forward to working with the community at large and supporting their efforts around various Crypton implementations.

For those who couldn’t attend, don’t you worry. Several privacy-focused companies asked how they could help sponsor our event next year. Penetralia 2014 is already in the works!

 

Privacy Roundup #3 of 2013

The third privacy roundup of 2013 is upon us. And much has happened in the security and privacy space.

Here at SpiderOak we have certainly been busy between throwing an event around RSA 2013, working on exciting new features for the application and launching Crypton (our ‘zero-knowledge’ application framework) – allowing any developer to build ‘zero-knowledge’ privacy applications.

So with no further ado, please enjoy this additional selection of privacy and security related news below:

Apple iCloud censoring ‘Barely Legal Teen’ emails.(SFW)

Google accused of privacy violations yet again.

The Problem With Google Glass: People Wearing Them Can Record You Without You Knowing.

Ragtime: Code name of NSA’s Secret Domestic Intelligence Program Revealed in New Book.


INFOGRAPHIC: Managing Mobile Privacy.

Bypassing Googles two-factor authentication..

And for this weeks closing quote, a little William Blake’s America: A Prophecy: “Fiery the angels rose, and as they rose deep thunder roll’d. Around their shores: indignant burning with the fires of Orc.”

Privacy Roundup # 2 of 2013

We are back for the second privacy roundup of this new year 2013. And not surprisingly, there are still a flood of privacy issues being talked about and revealed.

At SpiderOak we continue the cause by working diligently to improve our overall service offering, build new and exciting features (including a new mobile application, a ‘SpiderOak Folder’ which will closely resemble a dropbox but private, and increased OS integration – all which will be launched this month) and planning an innovative new event around the RSA conference in San Francisco on February 25th. Actually – at the event we will be unveiling a new ‘zero-knowledge’ application framework that will push privacy further into the web.

More on all of these wonderful new topics to come. Back to the main focus of this post, please find a few stories that caught our eye and are around the topic so dear to our hearts – privacy. Enjoy and – as always – please feel free to send thoughts / ideas / reactions!

The Creepy Details of Facebook’s New Graph Search

Yes, U.S. authorities can spy on EU cloud data. Here’s how

Google Will Fight Government Over Access To Your Emails

Path fined $800,000 by FTC over iOS privacy breach

FTC calls on Apple, Google, Microsoft and BlackBerry to improve mobile privacy disclosures

Are You Guilty of Oversharenting? Why We Owe Our Kids Online Privacy.

In closing with a quote: “The future is not set. There is no fate but what we make for ourselves.” – Sarah Connor, Terminator 2

“How can we turn privacy into a tangible?”

In stride with 2013 as ‘The Year of Privacy’, SpiderOak launched a ‘Zero-Knowledge’ Privacy Ambassador (ZKPA) program.

We have nine ZKPAs from around the world who we will introduce you to in the coming weeks. Our ZKPAs will help inform and educate people on the importance of preserving privacy in everyday online life. Please lend them a warm welcome as they lead the change in advocating for privacy…

Meet Rob

Rob Simmons is a SpiderOak ZKPA hailing from St. Louis, MO. He has been working with computers professionally for the past 16 years. His day job includes management of NetApp, EMC, and Oracle disk and tape storage systems. His evenings and weekends include running Wycombe, LLC, (@WycombeLLC) which provides IT consulting solely to small businesses. While serving in the US Air Force he had the distinct honor of being stationed in an English sheep field. After his Honorable Discharge, Rob helped build a small telecom startup and obtained a Bachelor’s of Computer Science with an emphasis on Information Technology in 2009.

Why are you so passionate about privacy?

RS: We are in the ‘Share It All’ age. I think this is horrible. It is not necessary to share every aspect of your life, where you are this very moment, what you’re doing, where you’ve been, or what you plan. There are consequences for sharing it all. Namely, a complete loss of privacy. By sharing everything going on in your life, you give other people (sometimes malicious, sometimes not) the ability to rebroadcast your life any way they please without your permission.

Ensuring privacy is essential in navigating our online lives where every click we perform, every post we make, every picture we upload is replicated hundreds, maybe thousands of times. At that point a person has lost control of their privacy. It also lowers the excitement in meeting a new person, in making friends, or even developing a romantic relationship. The ability to learn something new about someone is eliminated when that person has given up his privacy. I’m passionate about privacy because I want all people to be able to selectively control the way their personal data is released.

What did you find most interesting about SpiderOak?

RS: Honestly, until the spring of 2012 I never heard of SpiderOak. Nor did I have any sort of backup solution for my computer. I got away with “winging it” for all these years. As part of my duties with my employer, I was tasked to research online cloud backup, sync, and recovery companies and their offerings. Among all companies and products I researched, not one came close to offering the critical level of digital security and personal privacy that SpiderOak offers. Others do a good job, but SpiderOak’s security structure is as near bulletproof as you can get. I was truly impressed. So impressed that I signed up for an account. After seeing how well SpiderOak worked for me I signed up my mother, two brothers, grandmother, grandfather, and my wife. My entire family is now a SpiderOak family.

What are some of the biggest challenges you see for advocating privacy?

RS: Privacy is not something that people actively think about. They think about seemingly more pressing items such as finances, car maintenance, home maintenance, work-related tasks, and family issues. These are all tangible items in their life. Things they experience, perform, or feel emotionally. Privacy, and especially online privacy, is an intangible item. How can we turn privacy into a tangible? Something a person can feel, touch, and understand? Once it’s turned into a tangible it will remain at the front of people’s minds along with all their other concerns.

Where do you see the online cloud industry in 5 years?

RS: It’s going to get bigger. Exponentially larger. Data center and data warehouse architects should be quite busy. I see a massive consolidation of disparate online items. Microsoft is going forth in a way I think will be the future. Microsoft is consolidating their desktop, mobile, and gaming platforms into one common system. And it’s all interfacing with Microsoft’s painfully non-private cloud storage: SkyDrive.

But it’s not just desktop, mobile, and gaming I see as part of the consolidation. I can see medical records, academic records, purchase histories, ebooks, music, accounts (online credentials), recorded VoIP calls, and who knows what else to be stored in a personal cloud. You could tell the doctor to just send your medical records to your personal SpiderOak storage. You’ll tell your VoIP service provider to record and send all calls to your SpiderOak storage. Receipts? Send it to storage. Ebook delivery? Not to a particular device, to storage. I think online cloud companies are going to have to look far ahead and see how they can become a person’s “personal storage” company that the user can access from any device, any location, at any time.

What do you hope to accomplish as a ZKPA?

RS: I’d like to get computer users to begin to think critically about their privacy and security of their personal files.

I’m sure many folks will brush off privacy with the statement they have nothing to hide. Well, truth be told, I don’t either. If you’ve nothing to hide, why close your drapes in the evening, why drop your blinds, and why close your outside door? People instinctively like their privacy even if they don’t know it. It just feels better knowing others aren’t looking in on you. Personal privacy is a natural thing for humans to enjoy. I want computer users to realize they should treat their files the same way. Make them private and share them only if they choose to do so. By stressing the ability users will have in selecting who has access to their files, I’ll be strengthening their freedom of choice. People would much rather be able to choose among a set of choices than none at all.

We are proud to have Rob aboard! If you have any questions for Rob, please feel free to write in the comments or find him on Twitter.

Next week, we’ll introduce another ZKPA…

Secure & private storage API on the horizon?

We wanted to share our announcement that just hit the wire today:

2013: The Year of Privacy

SpiderOak Bringing Privacy to the Cloud Through Open Source ‘Zero-Knowledge’ Application Framework

SAN FRANCISCO, CA–(Marketwire – Jan 28, 2013)– SpiderOak, the ‘zero-knowledge’ privacy cloud technologies provider, revealed today that the company will release an open source ‘zero-knowledge’ application framework (ZKAF) to push privacy further into the web than previously possible. The official launch will come at the RSA Conference in San Francisco and will further signify the evolution from Internet security to cloud privacy.

The ZKAF open source code will be made available on February 25. Additional details leading up to the announcement will be available at the SpiderOak website: spideroak.com.

2013 – The Year Privacy was Found

As the cloud has gone mainstream, so too has the conversation around security. With more data being pushed to cloud servers throughout the world — the need to ensure the data is safe grows. Amidst this dialogue, the concept of ‘privacy’ has been drowned out as it was previously thought not possible to both preserve the privacy of data and also benefit from the advantages of the Internet. This is now all changing.

SpiderOak’s launch of its ZKAF will enable companies and/or developers to apply this framework on top of their application and enjoy all the benefits of ‘zero-knowledge’ privacy without having to understand the detailed specifics around cryptography and encryption. In practical terms, this means that any data generated by an application will never be readable on the server it is stored and, henceforth, remains private and in full control of the end user.

SpiderOak: Privacy Built Into the Technology

From the ground up, SpiderOak was designed with privacy at the core. The company’s industry-leading ‘zero-knowledge’ privacy standard protects user data by encrypting file backup, synchronization and storage throughout every stage. SpiderOak servers never store the plaintext version of a user’s encryption keys (or password). As a result, nobody can view any portion of a user’s content including filenames, file types, folder names, etc. Even the members of the SpiderOak staff with physical access to the servers can never view plaintext user information.

With SpiderOak Blue, the company brings the ‘zero-knowledge’ privacy environment to the enterprise. Through a virtual machine running behind a company’s firewall, SpiderOak Blue connects to LDAP / ActiveDirectory to provide consistent authentication procedures. IT departments have the flexibility and control to create and deploy specific end-device builds depending on the user — managing how and when individual files should be backed up and/or synced. A private cloud offering is also available such that the entire solution is contained behind the company’s firewall or within their server environments.

For more information on SpiderOak Private Cloud and other enterprise products, please visit: spideroak.com/business.

Media Contact:
Ethan Parker, BOCA Communications: (415) 377-0978

It’s Data Privacy Day – Helpful Privacy Tips for You

Here are some of our tips for your privacy protection online. Please let else know what else would might add to the list?

  • Use different, strong passwords for each of your online accounts so if one is compromised the rest are safe. Strong passwords contains letters, numbers, different cases, and symbols.

  • Unused online accounts are a liability. Hackers could use them to infiltrate your more important accounts. Get rid of them.

  • You put a lot of information about yourself on social networks. Would you want that friend of a friend you met once, two years ago to be carrying around a copy of all that information? Probably not. Keep the people you know and trust. Delete the rest.

  • Still receiving bank statements and doctors’ invoices by mail? You don’t need your personal information floating around in your trash can on the curb outside. Call your bank, doctor, credit card company etc. to find out if you can go paperless and manage your records via a secure online portal. You’ll save a tree and protect your privacy. Perfect!

  • Update your web browser (Internet Explorer, Firefox, Safari etc.) regularly to ensure that it’s the most recent version so you can take full advantage of the included privacy features like ‘private browsing mode.’
    (Explorer offers phishing filters, private browsing mode and more; Firefox offers anti-malware, parental controls and more; Google Chrome offers incognito mode, a user privacy settings tab and more.)

  • Taking the time to read a privacy policy in part or in whole to understanding the data relationships that exist on the site will help you make informed decisions when using available privacy controls on a site.

  • Be wary of emails asking you to “update” or “confirm” your information. These are almost certainly phishing schemes aimed at obtaining your personal information.

  • It’s easy to spoof an email sender, so don’t download attachments that you’re not expecting, and don’t download executable attachments at all. If you get an email saying “Run the attached file”, DON’T.

  • You should also never download attachments from unrecognized senders, as they are likely to contain viruses or malicious software that can take over your computer and/or harvest your personal information.

  • Remember to sign out of an online service or account when you are finished with your session, especially if you are using a public or shared computer.

  • Don’t broadcast your location or absence on social media. For that matter, make sure you know where you privacy settings are on social media.

  • Check out some of our favorites for your online use: PrivacyFix (simplifies privacy for you); and search engine DuckDuckGo (does not track any of your personal information).

  • Password-protect your devices.

  • Check your privacy settings before sharing vacation photos.

  • Discuss privacy concerns with your children and other household members. Everyone should understand what you feel is and is not appropriate to reveal on the phone, using a computer, or other situations.

  • Check your credit report regularly.

Find even more tips at StaySafeOnlline.org.

IF YOU MISSED IT: 24 hours left for 28% off

Celebrate Data Privacy Day with us by nabbing 100GBs (an annual plan) at this great discount (details found in Friday’s post).

Thanks for elevating the privacy conversation and Zero-Knowledge privacy with us. We have a big announcement we will post later today.

72 hours only: 28% off an annual plan for Data Privacy Day

Data Privacy Day (DPD) began in 2008 and is held every year on January 28th. As the big day approaches this Monday and buzz continues around Kim Dotcom’s Mega, we are excited to keep privacy front and center.

Embrace ‘Zero-Knowledge’ Privacy for Data Privacy Day with our 72 hour special promotion:

28% off ALL Yearly Storage Plans

For a limited time only, get 100GB for only $78 per year! (Regular pricing: $100/year.) Take advantage by visiting SpiderOak.com/signup and use the promo code “DataPrivacyDay” in your account settings.

Instructions for using the code:

  • Go to www.spideroak.com/signup if you are not a currently signed up.
  • You must first activate your account on your computer by opening the SpiderOak downloaded application and selecting “Activate First Device.”
  • If you have not yet downloaded SpiderOak, you may do so here: Download SpiderOak.
  • Once activated, go to our homepage.
  • At the top right side, you will see “Login.” Click here and enter your credentials.
  • When you are logged in, you will click “Account” in the top right corner.
  • You will then select the orange “Buy More Space” button.
  • Once on the Account Details page, you will select “Upgrade My Plan” to the right.
  • On this page, you will see a “Promotional Code” box.
  • Type “DataPrivacyDay” in this box and select “Update”
  • You should see the discount in the ‘Yearly Billing’ drop down. If so, click “Next.”
  • Your account is now updated. Enjoy!
  • DPD’s focus is on raising awareness about the importance of protecting privacy online. Many individuals, companies, organizations, and even government agencies are helping spread awareness about respecting privacy. If you’re on Twitter, join the conversation about safeguarding data with the hashtag #DPD13.

    Here are some of the people already talking about DPD:

    On Monday we’re making a big announcement about the future of privacy in the cloud, and we’ll also offer some privacy tips for everyday life. In the meantime, please ‘Like Us’ on Facebook, follow us on Twitter, and help us spread the good privacy word.

    Introducing ZKPAs: Privacy is a part of security

    Most of you have probably caught on by now that 2013 is ‘The Year of Privacy’. One of many reasons is we’ve just launched our ‘Zero-Knowledge Privacy Ambassador’ (ZKPA) program.

    We now have nine impressive ZKPAs from around the world who we want to introduce you to in the coming weeks. You will find these ZKPAs online and offline, specifically advocating for the virtues upon which we built SpiderOak and educating others on zero-knowledge privacy. They will help us dream and expand the program in order to make ‘zero-knowledge’ a household term.

    Allow me to introduce to you one of these new ZKPAs, Ryan D. Lang. Ryan graduated magna cum laude from Drexel University this past summer, 2012, with a degree in Computing and Security Technology. While employed at the Camden County Library System, he aided patrons as in-person technical support. He is currently employed in the IT Support department at LT Security.

    In his spare time, he works on a book that attempts to adapt corporate best practices to average users. The goal is to convince others of the importance of good security. Earlier writings can be found at Ghacks.net. “I just want to do a little good in this world.”

    Ryan wrote the following post:

    Privacy is a part of security

    It came up in the meeting that several members of SpiderOak felt that privacy and security were separate. I politely objected to no avail, but rather than argue, I elected to compose a concise, persuasive essay.

    Security is often described as being composed of the CIA: Confidentiality, Integrity, and Availability. “Confidential” can literally be defined as “private” or “secret.” * Thus, privacy is a subcomponent of security. To attain privacy/confidentiality industry uses technology, policies, and physical controls.

    Consider VPNs: Virtual Private Networks. They are designed to keep communications private over a public network. They employ the technology of encryption to achieve this. Another technology employed is user privileges. They can control/restrict access to information, keeping it secret from those who do not need access. SpiderOak takes this a step further by removing access from employees completely.

    Policies are rules of conduct that a company sets for its employees. They can be used to define what should be kept private and create ramifications for sharing secrets. While this often relies on background checks and the honor system, the procedures defined by policies can make breaking them harder (e.g. requiring two signatures or a notary on critical documents).

    Locks and keys have long been used to secure property. Physical security is as important as digital security. This should include old fashioned locked doors to protect private data (&c.) not only from outside access, but from unauthorized internal access as well. Key files placed on a physical USB drive can be used with TrueCrypt and KeePass, secret keeping programs, to compliment or replace passwords.

    These are examples of old and new methods used to protect privacy. Together they form critical parts of industry security best practices. Without privacy, data is insecure.

    *http://www.m-w.com/dictionary/confidential (see definition #2)

    Personal Note

    I find “confidential” to be an interesting word. To me it means: “giving with trust of keeping a secret.” A prime example of this is when you confide in a friend. Another example is when talking to a doctor or lawyer; arguably a better example since there is legal backing. Those professionals have to keep your secrets (within statutes) or they will be fined or even lose their license to practice. I do not think that the majority companies consider the depth of the word “confidential” when forming policies or choosing controls (though they may consider “due diligence”).