Conversations about life & privacy in the digital age

Halloween Photo Caption Contest: Win a New iPad mini

For those who value privacy and use SpiderOak, one of the scariest things they can think of is their personal information, files or data floating around online*, vulnerable to eyes other than their own. Yikes. No thanks.

So to rid ourselves of the heeby-jeebies, let’s have some fun over the next three days:

WHAT (was that noise?!):

Halloween photo caption contest (see photo below)

EERIE THEME:

‘Your online privacy’: All submitted captions entered to win must be relevant to this theme

RIP:

Contest ends Oct. 31 @ Midnight CT

WHERE (wolves?):

Comment on our Facebook page // Tweet your caption to @SpiderOak on Twitter, using the hashtag #iPadContest // Comment on this blog post below (It doesn’t have to be all three, but the more you spread it around, the better chances you have of winning!)

HOW TO MAKE IT OUT ON TOP:

The SpiderOak team will pick the top three people with a combination of these requirements: 1) The funniest or best caption, 2) The most likes or RTs on Facebook & Twitter, and 3) The most creative approach. We will announce the ‘Top 3′ winners and their caption on our blog on Thursday Nov. 1. Someone from our team will be sure to get in touch with the winners to deliver the prizes.

PRIZES:

The top three Halloween photo caption contest winners will get to claim these items below in correlation with their place:

  1. A new iPad mini
  2. 100 GB free with Spideroak
  3. An awesome SpiderOak t-shirt

We can’t wait to see what caption you come up with for the picture below. Good luck!

And in the meantime, beware of what might be lurking around the corner (or on that hard drive in the sky)…

*SpiderOak is the only 100% private cloud environment. Your plaintext data is at risk on other cloud providers’ servers from a subpoena or breach standpoint. We pride ourselves our on extremely unique, flexible, private, and secure product available for you or your business. Learn more at spideroak.com.

Privacy Roundup – Oct 19 2012 – 1st Edition

To continually emphasize the importance of privacy in our digital world, we thought we would collect a bunch of posts that we enjoyed on the topic and present them once a week to our readership. This is the first such edition of our ‘Privacy Roundup’ and we look forward to hearing your thoughts and ideas on how and why privacy matters to you. So with no further ado:

Wired – Megaupload Is Dead. Long Live Mega

Network World – Deanonymizing You: I know who you are after 1 click online or mobile call

EFF – Google Under PressureFrom EU Data Commissioners Privacy Policy

EFF – Ad Industry’s Assult on ‘Do-Not-Track’ Continues at the W3C Amsterdam Meeting

Forbes – It’s Terrifying And Sickening That Microsoft Can Now Listen In On All My Skype Calls

Huffington Post – iPhone Privacy: How To Stop Apple And Advertisers From Tracking You On iOS 6

The Hill – Advertisers launch $1 million campaign to combat privacy concerns

And often we will include a post from lesser known but still equally important sources as we have below:

Degraffit Blog – Facebook and Privacy: Are you Lily and James’ Secret Keeper?’

Lastly, we will also try to include a company that we feel is taking a positive stance on privacy and is helping spread the word of why it is important and how we can gain control. This week’s company is:

Privacy Fix

Pease share other posts that you find particular interesting from this past week.

Our 48 hour only promo for free extra GB ends tomorrow – Details here: ‘+1 for Privacy’.

The Marriage & Separation of PRIVACY and SECURITY

We’re finding that lot of people aren’t aware of the difference between privacy and security. And for good reason. It can be confusing. They are, after all, so closely linked and equal in importance – you have to have them both.

Think of it like this:

You hope and expect that your bank is SECURE. You expect that no one else can access your account, access your money, and take advantage of your data and assets. It is also critical to the bank’s existence and business that they take the highest security measures to make sure your money and information is safe.

But a bank IS NOT private – they can see your information, how much money is in your account, and can alter information (sans say a Swiss bank account). There is a lot of expectation around trust in this capacity.

PRIVACY is more so the safety deposit box you keep at the bank. Only you have the key. It is not only kept secure, at the bank’s location, through their elaborate measures to give you that assurance, but it is also PRIVATE. You are the only one who can see the contents of the box. (Remember the scene in the Bourne Identity, when Jason Bourne goes to the bank to get his black security box? He gets the key, the box, takes it to a room, closes the curtain, and opens it. Alone, with privacy and security as his allies, he is able to access his gun, passports and money. Look out world!)

Here’s another example: A toilet in a glass room with a bolt lock on it. It is secure. But definitely not private.

One last example: You write in a journal, and hide it in your underwear drawer. It is private, or at least this is your intent, as it holds your own personal thoughts, opinions, or experiences. But it might not be secure. All it takes is a nosy sibling to seek it out, or stumble across it. Like that, your privacy is compromised.

All of this to say, in today’s ever-increasing tech-saturated society, your files, data, and information is more exposed than ever before. We believe it is important that you know what different sites and products you use are doing with your data, or at least have access to that transparency.

Just as you probably desire to use a bathroom NOT in a glass room, know only you can access your safety deposit box at the bank, and that your journal will stay private, so we work to uphold and respect this need. We work to offer you a completely private storage, sync, and share environment. We work to offer you the peace of mind that comes with knowing that only YOU have access to all of your files and data, no one at SpiderOak can see it (we call this our Zero-Knowledge privacy standard). This is our highest priority.

Since the inception of our product, we have worked to marry privacy and security for YOUR complete benefit and peace of mind. The whole reason SpiderOak was created was because there was a need for a private, central repository where we, where you, could safely store all of (y)our data.

“Privacy is not a feature to tack onto a list,” said Ethan Oberman, SpiderOak CEO. “It is very much a part of how you build and structure your product from its inception. We’ve taken this integrated approach in a zero-knowledge environment.”

How would YOU explain the difference between privacy and security? Leave us your analogy in the comments below.

Zero-Knowledge 101: What It Is & What It Means to You

Welcome to SpiderOak University. If you’re a student, new user, or a lover of continuous learning, this month we’re talking to you.

We’ll be posting a couple video shorts each week where SpiderOak CEO Ethan Oberman uses a whiteboard to explain some of our basic product functionalities. School yourself and keep an eye out for our next POP QUIZon Friday so you can receive extra GBs.

Who can you trust? This is an important question in today’s race to the cloud. We’ve worked hard over the past six years to build a trustworthy product that upholds user privacy above all else. SpiderOak CEO Ethan Oberman explains how SpiderOak developed its ‘Zero-Knowledge’ privacy policy, what it is, and how it works.

Do you have a .edu email address? Don’t forget – you can enjoy 50% off your private backup/sync/share account:

Sign up today.

Conversation with a Privacy Professional – Part II

With only a few months at SpiderOak under my belt, and new to the world of careful consideration around privacy and security, I’m learning things I’ve never considered. I’m always the first to adopt social media, I use Gmail without a second thought, and historically haven’t really cared who has my (what I thought was) basic info.

But I sat down with a “privacy professional” who breathes this stuff and has been concerned with personal privacy most of his life. And true to his nature, we kept his identity private. For the sake of this piece, let’s call him Walt. If you missed Part I yesterday, you can read it here.

“As a programmer, I’ve learned a few details of how those industries work, and now I give out the minimal information about myself. When I go to the store, I don’t fill out the membership or credit card forms, never give my social security number or date of birth to anyone, nor do I give my middle initial,” Walt said.

“Google keeps a full history of everything you’ve searched for. Imagine how well they can profile and target ads based on years of search history combined with what you’re interested in right now. I recommend not signing in when searching with Google, disallow or clear browser cookies, set Flash to for “click to play”, clear flash cookies, and use a commercial VPN service.” A VPN arranges for all Internet traffic to first pass through a secure remote location before traveling on the un-encrypted Internet. “This means that all my internet traffic when I am browsing doesn’t come straight from my location, and therefore can’t be traced back to my home or city. It also keeps my ISP from having a database of every website I’ve visited. It costs a small fee, but it’s worth it to me.”

“Companies have enough resources to profile me without my help. My friends can know where I live, or what I like, but I’m not going to tell world’s corporations.” Walt said. “I’m not as paranoid about the government as I am about what companies do with my personal data, or private individuals.”

If you’re familiar with SpiderOak, you’ve seen our “Zero-Knowledge” privacy policy. We don’t share your data with anyone, and unlike Google, not even our employees can see it. As we touched on in our most recent newsletter, when a law enforcement agency asks us for your data, we let them know your data is encrypted, and we can’t decrypt it, and they can’t either without your encryption keys. Thus far, that has always put a halt on the inquiry.

Companies like Facebook intentionally seek and use your personal information; spammers use phishing tactics to trick you into giving important personal information (like your bank account); and then some companies use or share your information it accidentally. Walt told me about a man Virginia whose laptop was stolen, and unfortunately had everyone in the state’s medical records on it. We’re seeing right now that as people have quickly adopted technology, companies or individuals with sensitive client information are having to do some back pedaling. Lawyers, accountants, big companies, and health care professionals are looking to safe alternatives (like SpiderOak) to store their information.

Thanks to Walt for sitting down with me, and showing me why I might want to be more thoughtful with my personal information. It has definitely given me a lot to think about.

If you’re interested in reading more on this subject, here are some interesting articles:

Conversation with a Privacy Professional – Part I

With only a few months at SpiderOak under my belt, and new to the world of careful consideration around privacy and security, I’m learning things I’ve never considered. I’m always the first to adopt social media, I use Gmail without a second thought, and historically haven’t really cared who has my (what I thought was) basic info.

But I sat down with a “privacy professional” who breathes this stuff and has been concerned with personal privacy most of his life. And true to his nature, we kept his identity private. For the sake of this piece, let’s call him Walt.

“Privacy starts with where you receive your dead-tree postal mail. If someone really cares about privacy, perhaps because they’re a celebrity, they have enemies, a stalker, or just because they want to be prepared, they move and then never again connect their name to their physical address,” he told me. He said that most privacy techniques started with celebrities and wealthy people who had strong reasons to protect their privacy, for example, so that their kids wouldn’t be kidnapped for ransom. Walt continued about the benefits of using a mailbox at UPS or the post office: “You don’t have to change your address when you move, and companies can’t profile you based on where you live. No one will examine your trash.”

He referenced this New York Times article from earlier this year, “How Companies Learn Your Secrets”, particularly the story about how Target knew a teen was pregnant before her father, due to her buying habits they were tracking. The enraged father called Target, how dare they send coupons for strollers and maternity clothes to his daughter, only to find out…whoops. Tricky Target, or foolish us? (Now Target has learned to send that page of ads for cribs and maternity clothes, but also include an ad for a lawnmower and a grill, just so it seems like a regular un-targeted mass mailing.)

And this is Walt’s point. Most people’s consumer shopping habits are fairly set, so Target, and companies like it, have invented algorithms to predict age, family size, if you are likely to be pregnant, etc, and use this information to target people in periods of transition long before its public. Every time you use a loyalty card or use a credit card to pay at a store, your purchases are linked to your identity, and added to the company’s big database interactions with you. They track and profile which days and times you prefer to shop along with your purchase history.

“This has been going on for decades,” Walt said. “Companies do crazy thing with your personal identifying information. But most people have no idea how their information is being used. They are also under no obligation to keep this data to themselves. They sell it to other big database marketing companies, who buy from many sources and then merge to create very detailed profiles. The DMV in Florida is getting in on this action, selling drive and auto licensing info to advertisers. If you file a police report for a burglary at your home, expect to start getting calls from companies trying to sell you alarm systems.”

Stay tuned for Part II, which we will publish tomorrow.

If you’re interested in reading more on this subject, here are some interesting articles:

A Brief History of Privacy

Remember the 15 year-old kid who was videotaped waving around a golf ball retriever while pretending it was a light saber in 2002? The video was uploaded – unknowingly – to an Internet video site by some of the boy’s friends. All across the Internet, people started mocking him, making fun of his awkward maneuvers. Then, several edited videos of “the Star Wars Kid” started to be uploaded, adorned with special effects. It was a breach of privacy that made this kid an internet sensation.

Privacy has a very long history. In fact, privacy in America has gone through drastic changes since the 1600′s as you can see in this chart. Fortunately, methods of protecting privacy are always evolving and getting better. Unfortunately, security breaches will always occur.

The legal concept of privacy in the United States states that if you intend to keep something secret then it shall, in fact, be kept secret. All other information is considered public. However, the societal concept of privacy is a bit more complicated and has been for a very long time. For example, many people have a strong desire to share experiences, anecdotes, photos, videos and souvenirs. However, those same people don’t like when others they didn’t invite to share in those experiences have access to this information. Then the question shifts to – ‘Who can I trust with this shared data?’

Controlling privacy online requires effort. It can result in a paradox where we can be unaware of how much information we are sharing and with whom we are sharing it. Danah Boyd, an anthropologist and social networking expert says, “information is not private because no one knows it; it is private because the knowing is limited and controlled.”

Managing online privacy is difficult because we do not have the degree of control we would have in an offline environment. However, there are protective options available. Since inception, SpiderOak has been very focused and passionate about online privacy. This lead to the creation of our 100% ‘zero-knowledge’ privacy approach to storing users’ data. More recently, we have worked closely with our friends at Electronic Frontier Foundation who are continually active in protecting the digital rights of online users.

How important is privacy to you? Do you have any stories you’d like to share where your privacy was compromised? How has it changed your online activity? Please don’t hesitate to write your thoughts and/or ideas and ways you protect your privacy.

On a related note and if interested further, I encourage you to read a good book on this topic – “Privacy and Big Data”.

Biggest Privacy Faux Pas of 2011

Though it’s impossible to account for all the data security breaches that happen, according to the Privacy Rights Clearinghouse, about 30 million records were compromised in 2011 in 535 separate breaches in the United States. Furthermore, those numbers reflect only the breaches reported. Many more go unknown or unreported. Many times, hackers are the culprit. However, a significant portion of the breaches come from inside the organization where an employee or agent with access to the data are at fault.

Unlike SpiderOak, some companies and services don’t encrypt information inside databases. This was the case with Sony. The Sony breach alone accounted for nearly 80 million records! Other breaches occurred because someone left a server wide open, leaving very sensitive or personal information accessible on the Internet. This was the case with Texas Comptroller, when 3.5 million people’s names, addresses, and social security information was open to the public. Some breaches were caused by carelessness, when backup tapes or laptops were stolen after being left in cars. This was the case with the Department of Veterans Affairs when 26.5 million veterans were exposed by an employee who took an unauthorized computer home.

Of course, how could we forget about the giant Dropbox breach who confessed that a bug in the service’s authentication software made passwords optional for a period of four hours. This allowed anyone to log into a user’s account simply by entering their user name. An estimated 25 million users’ accounts were compromised triggering a class action lawsuit.

As a company with the core focus on privacy and security, we know how important it is to safeguard your privacy and maintain internet safety standards. That is why we are happy to emphasize our Zero-Knowledge policy which allows only our users the ability to access their data. In addition, we are looking to certify other companies in the future who also adopt this approach. Stay tuned!

Staring Into The Black Mirror

These dark, reflective surfaces are everywhere now. Whether you’re out at a club, in an art gallery or just sitting at home on your sectional couch, it’s more than likely that there are multiple devices in the same room as you. They’re impossible to get away from as now they have become essential for people’s professional life and for their social one too. The question is whether this is a problem that needs to be reassessed or a fantastic force for good. One of the most important aspects is that a lot of these items share a trait and that is their near constant connection to the internet.

Pretty much every single new mobile phone, tablet PC and laptop is online or has the capacity to be online. Long gone are the days where wires were necessary. Now it is as simple as checking a single box in the “settings” part of your device and you’re ready to go. The entire world is now at your fingertips, literally. This must be having some kind of effect on people and one of them is that people are becoming more and more relaxed about being online, and in turn about how much personal information they allow to be stored there.

Constant technological advances have completely changed large parts of the world, and as technology becomes cheaper its spread becomes wider. The number of devices connected to the internet has surpassed 8 billion in number, with some reports suggesting there will be 30 billion of them in 2015. We are always connected now and this means people are open to see everything from your wedding day to your breakfast, but is this really a problem? A lot of this information is trivial with anything important hidden in a sea of low quality photography and inane status updates.

Of course the depth of the sea does little to put off salvage divers, and if people want your information they will make an effort to find it. So why is it that when people are still wary of giving out details over the phone they are perfectly happy to do it in an instant over the internet? The numerous stories of successful internet scams are testament to this. It’s hard to believe someone falling for the Nigerian prince scam over the phone, isn’t it?

The internet is no longer a scary place to people. It has lost its intimidating demeanor along with hellish dial-up noises, modems and wires. The world wide web now sits neatly in your hand just waiting to order you a pizza with any special request you desire, and all without the hassle of having to talk to a real person. This is the issue.

The internet has become easy to use and inviting to everyone while at the same time being de-personalised. You can use a website like Facebook for years without ever having correspondence with a real member of staff. Everything is automated for you and it becomes easy to forget that Facebook is a company like no other and that it stores everything you do. You are now welcome to download all of the information Facebook has on you, but rather than serve to relax the customer it is in fact a stark reminder of how lax you have been with your own security.

This may sound like hyperbole, but feel free to try out a little experiment for yourselves. If you so wish, pick a random friend from Facebook. You don’t have to know them personally, but as long as they’re pretty active they’ll do fine. Try as hard as you can to glean as much information from their profile over the space of a month. The amount of data you would have at the end of those 30 days may come as a shock to you.

Thanks to the check-in option you will have known exactly where they’ve been, for what reason, and at what time. You’ll know what job they have, what clothes they’ve been wearing and most of the activities they’ve undertaken. You will have learned a large amount of their interests. Most worryingly of all you’ll most likely know where they live and a rough schedule of their life. This sort of information is a goldmine for stalkers and companies alike. But with bills like SOPA (Stop Online Piracy Act) and ACTA (Anti-Counterfeiting Trade Agreement) being just the beginning of government attempts to find the place in the virtual world, it is easy to imagine other sinister uses for your personal data. Oppressive regimes around the world already try to employ these tactics, but even now the British government is trying to bring in a law that will allow it to see everything you do online in real time.

It isn’t all doom and gloom though. There are some very simple ways to help keep you in control of your information online. The first and most obvious step is to simply consider what you post online and what is linked to you. A search of your own name with a few defining parameters like your location could bring up a few surprising results. You could of course remove yourself from websites like Facebook, but it pays to be realistic here.

Facebook and other social sites aren’t essential to you, but they’re very important. Just remember, you control what you post online so make yourself your own filter. If you’re worried about companies gaining to much info on you, try to switch to open source alternatives. Rather than Microsoft Word, use Open Office; rather than using Apple’s operating systems change to Ubuntu; or rather than Photoshop, make use of GIMP. The best thing is they’re all free too.

There are simple solutions all over the internet to help you learn what data you should be giving out and to whom. If you really want to go all out, I would suggest using the Tor Browser and converting all your money to Bitcoins. In turn though, that is probably the equivalent of moving into a bomb shelter permanently on the off chance you may get attacked. All you need to do is pay attention. It’s not the time for complete online anonymity yet, but it’s never bad idea option to keep u with the game and keep your options open.

Increasing Transparency Alongside Privacy

Privacy has been and will always be a priority for SpiderOak. Everything we plan for and develop makes reference to our ‘Zero-Knowledge Privacy Standard’. That said, we are now learning more about ‘transparency’ and its importance alongside privacy.

As mentioned in an earlier post, we have been working with the Electronic Frontier Foundation (EFF) over the last few years to better understand how we can increase our efforts around fighting for the rights of our users. As we are learning, our ‘Zero-Knowledge’ privacy covers one aspect but a commitment to transparency is also critical.

As such, we have produced the following Transparency Report that covers all activity over the last year. Please review the following:

SpiderOak Transparency Report

SpiderOak is committed to keeping our users informed about all the activities surrounding their data and the constant protection of their privacy. We will continue to work with the EFF and other organizations to improve our outreach and understanding so that you all – our users – can benefit from a fully transparent and open environment. To that end and has been asked previously, we do plan on implementing a warrant canary as part of our new website launch which is expected to go live in the next few weeks.

As always, we greatly value your thoughts and feedback so please don’t hesitate to send further thoughts or questions anytime.