Conversations about life & privacy in the digital age

Do Not Track

I remember the chills that ran up my spine and the quickening of my heartbeat when I realized someone was following me in the grocery store. It was an initial exchange of smiles in the produce section that turned into multiple disturbing encounters throughout the store. I was deciding between various flavors of rice when I noticed he was standing by the pastas. I was reading the nutritional content on a container of yogurt and noticed he was peering over at me from the jugs of milk. This continued on.

It was broad daylight and there were plenty of people milling around so I didn’t feel terribly threatened, just totally creeped out. Did this person think he knew me? Was he working up the courage to ask me out? Or was he evaluating how a fit 34-year old mom kept her kitchen stocked? Whatever the motivation – innocent, vicious, or somewhere in between – this person was invading my space. I didn’t give him permission to accompany me. I wasn’t followed out of the store but I did leave feeling violated.

When I became aware of the online companies that have been tracking what I read, watch, and listen to – I was overcome with a similar feeling as I described above. One Sunday morning, I overheard a debate on a news show on this very subject. One gentleman was pointing to Facebook and how their users are volunteering their information; therefore, the personal data is fair game and the company has a right to it. But the last time I checked my account settings, the update I chose to share with my select circle of friends was intended for them, not for everyone who has a Facebook account, and not for the people who work at Facebook, and certainly not for the creepy guy in the grocery store.

A month or so ago, I received the announcement from Groupon, the deal-of-the-day discount site, regarding its new partnership with Expedia and its updated privacy policy which includes sharing my information between the companies such as my birth date, where I reside, where I’ve traveled – even my current location should I use it’s mobile application. Hmmm, all this in the spirit of more customized deals? I’m getting those chills again…

Had I found the manager of the grocery store that day and reported what I was experiencing, I’m 100% confident he would have personally escorted my stalker out the door. Perhaps a security guard or police officer would have gotten involved. I find it unsettling that companies are now helping themselves to this data without so much as asking – not dissimilar to those spying eyes. Is it necessary to better understand me as a customer? Would they send better deals my way?

Herein lies the real dilemma. It is easy enough to shop at a different market as there are plenty around the city. And if I can’t find the exact item I like then so be it. However, am I supposed to completely disengage from sites like Facebook and/or Groupon? Is that possible? Realistic? The larger companies like these get, the more complicated these privacy issues become. What do you think?

Online Privacy – Strange Bedfellows…

Normally, when people think of ‘online’, privacy is definitely not the first, second, or fiftieth thought that comes to mind. If fact, people generally exhibit quite the opposite response and conjure up images of complete nakedness. After all, the modern-day Internet has evolved mostly for the purpose of providing instant exposure, distribution, and presence to the world over. The question then becomes, can the value of the Internet extend beyond nakedness?

One of the driving purposes behind SpiderOak was to dispel the notion that just because data is online means it can no longer be private. The goal was simple – devise a plan where a user’s files, filenames, file types, folders, and/or any other personal information is never exposed to anyone for any reason (even under government subpoena). This of course includes the SpiderOak staff who – even with physical access to the servers upon which the data resides – should never be able to see or interact with a user’s plaintext data. Creating this environment, however, would prove more difficult than simply making these statements.

In the beginning, we grappled with how best to accomplish this feat – creating ‘Zero-Knowledge’ privacy as we call it. Most of our competitors and thousands of other companies make claims and statements about security and privacy but, at the end of the day, they would all fall short of achieving our aforementioned goals. To use the most general example – if a company can reset your password, it means someone in the company has access to your encryption keys (if they encrypt the data) which further means they can access your data if they ‘had’ to or, worse yet, someone else could with far worse intentions.

A more specific case is Mozy’s use of encryption. Mozy’s encryption is far better than most online storage providers and yet it contains serious oversights. The default options have you choosing between a stronger ‘Mozy’ key (which Mozy then knows and could use to decrypt your data) or a weaker key you choose on your own and keep private. Even if you choose the weaker private key, Mozy still stores your file and folder names in plain text – meaning they know a list of every file archived from your computer. We would suspect they know the size and timestamp of each file as well although this information has not been publicly disclosed. This seems to represent a great deal of information to reveal about the contents of your ‘private’ data, doesn’t it?

To overcome this threat and others, we at SpiderOak decided to never store a user’s password nor the plaintext of a user’s encryption keys. This ensures that there can never be a point – ever – where we could even unknowingly betray the trust or privacy of a user. Why? Because – to put it simply – we don’t ever come into contact with the keys needed to unlock the encryption surrounding the data. Even with physical access to the server or under subpoena, SpiderOak simply can never see or turn over a user’s plaintext files, filenames, file sizes, file types, etc… On the server, we only see sequentially numbered containers of encrypted data.

This necessarily meant a different approach to various processes throughout SpiderOak which you may or may not have noticed – including forced registration through the desktop application and never via the web. In the
end, however, we did accomplish our goals and proved that, although strange bedfellows indeed, ‘online’ and ‘privacy’ can sleep next to each other every night, naked, and live happily ever after…