Conversations about life & privacy in the digital age

Privacy Roundup #4 of 2013

It is now March 28th and the 4th Privacy Roundup is upon us. As the year marches forward so too are we seeing an exploding number of events involving the importance and necessity of privacy. From increased surveillance efforts to the financial crisis in Cyprus to the rise of Bitcoin and Litecoin as crypto-currency alternatives, privacy awareness is making headlines and raising eyebrows.

On a slightly different note but worth mentioning, we at SpiderOak are in the last phases of a major 5.0 release which will include exciting new features, bug fixes, and functionality updates. Additionally, we will be launching our mobile 2.0 effort which makes the ‘on-the-go’ experience much more powerful. Exciting times indeed…

As always, below find a cured selection of privacy and security related news from across the globe:

Google Takes the Dark Path, Censors AdBlock Plus on Android.

Smart Homes: Our Next Digital Privacy Nightmare.

Web advertisers attack Mozilla for protecting consumers’ privacy.

Cisco switches to weaker hashing scheme, passwords cracked wide open.

Viruses, Trojans, and worms, oh my: The basics on malware.

Privacy 101: Skype Leaks Your Location.

New Google Chrome Spell Checker Monitors Everything You Type, While FBI Secretly Watches.

One in six Amazon S3 storage buckets are ripe for data-plundering.

This week we are closing out with a meta-quote from the movie ‘Hackers’, where one of the main characters can be found quoting Ozzy Ozbourne’s famous: “Of all the things I’ve lost, I miss my mind the most”. Sending our best wishes for a great April ahead.

A Great Evening Focused on Privacy

We’re just starting to see the dust settle after hosting the first annual Penetralia Event and wanted to thank all the attendees for their attendance as well as the folks over at Silent Circle for co-hosting and making the evening so special. It is our hope that you had as much fun as we did and left feeling more understanding and passionate about privacy.

The event was intended to coincide with the first day of the RSA Conference in order to help further draw the important distinction between security on the one hand and privacy on the other. A physical way to explain this technical difference would be to think of your house or apartment:

Security relates to the lock on your door and/or your alarm system — the measures you put in place to keep out unwanted visitors or intruders.

Privacy represents the blinds on your windows. Most of us don’t like the idea of a passersby peering inside at all hours even if we aren’t doing anything of particular note. This is why we we draw the blinds.

Hence – it is through the existence of both security and privacy that we can fully enjoy peace of mind. And of course the same should exist in our digital / online lives as well.

To illustrate this point, we created ‘Secure’ and ‘Private’ boxes which were on display and available for attendees to experience. We invited people to step inside each box, feel the difference and ponder how the experience translated to putting their data in the cloud.

On Monday we also announced the launch of our newest product, Crypton. Penetralia attendees had the opportunity to see and discuss directly with the developers responsible for building this world’s first ‘Zero-Knowledge’ application framework. The level of interest was overwhelming and thus incredibly encouraging. We look forward to working with the community at large and supporting their efforts around various Crypton implementations.

For those who couldn’t attend, don’t you worry. Several privacy-focused companies asked how they could help sponsor our event next year. Penetralia 2014 is already in the works!


Privacy Roundup #3 of 2013

The third privacy roundup of 2013 is upon us. And much has happened in the security and privacy space.

Here at SpiderOak we have certainly been busy between throwing an event around RSA 2013, working on exciting new features for the application and launching Crypton (our ‘zero-knowledge’ application framework) – allowing any developer to build ‘zero-knowledge’ privacy applications.

So with no further ado, please enjoy this additional selection of privacy and security related news below:

Apple iCloud censoring ‘Barely Legal Teen’ emails.(SFW)

Google accused of privacy violations yet again.

The Problem With Google Glass: People Wearing Them Can Record You Without You Knowing.

Ragtime: Code name of NSA’s Secret Domestic Intelligence Program Revealed in New Book.

INFOGRAPHIC: Managing Mobile Privacy.

Bypassing Googles two-factor authentication..

And for this weeks closing quote, a little William Blake’s America: A Prophecy: “Fiery the angels rose, and as they rose deep thunder roll’d. Around their shores: indignant burning with the fires of Orc.”

Announcing Penetralia: Launch of First-Ever Open Source ‘Zero-Knowledge’ Application Framework

The RSA Conference in San Francisco takes place next week and we will be sponsoring the first annual Penetralia Event with our friends over at Silent Circle, the global encrypted communications service provider.

What is Penetralia? The definition reads:

1. The innermost part of a building, especially the sanctuary of a temple.

2. The most private or secret parts; the recesses; the penetralia of the soul.

Taking place on Monday, the 25th, from 7pm-10pm, the goal of Penetralia is to gather folks from across industries to further the privacy-in-technology conversation. “The underlying premise behind the cloud is that all data is stored or available in plaintext. From an end user perspective, this means everything you upload – from financial documents to family photos to vital company information – exists in a readable format by someone other than you. The ‘Zero-Knowledge’ concept propels the dialogue forward by enabling something previously not possible – maintaining privacy in a cloud environment,” said CEO and Co-Founder Ethan Oberman.

Penetralia is an invite-only event. If you would like to attend, please visit

Also, this Monday at RSA we will formally announce a first-ever open source ‘Zero-Knowledge’ application framework. This framework will empower both companies and developers alike to take full advantage of ‘Zero-Knowledge’ cryptography and encryption standards through a lightweight utility that runs via the browser.

We believe this framework will deepen the divide between companies that need access to your data as part of their business model, such as Google or Facebook, as opposed to those who don’t, like Evernote or 37signals. With this advancement we ask, “Why would companies choose to store data in plaintext when there is no financial benefit in doing so?”

Privacy Roundup # 2 of 2013

We are back for the second privacy roundup of this new year 2013. And not surprisingly, there are still a flood of privacy issues being talked about and revealed.

At SpiderOak we continue the cause by working diligently to improve our overall service offering, build new and exciting features (including a new mobile application, a ‘SpiderOak Folder’ which will closely resemble a dropbox but private, and increased OS integration – all which will be launched this month) and planning an innovative new event around the RSA conference in San Francisco on February 25th. Actually – at the event we will be unveiling a new ‘zero-knowledge’ application framework that will push privacy further into the web.

More on all of these wonderful new topics to come. Back to the main focus of this post, please find a few stories that caught our eye and are around the topic so dear to our hearts – privacy. Enjoy and – as always – please feel free to send thoughts / ideas / reactions!

The Creepy Details of Facebook’s New Graph Search

Yes, U.S. authorities can spy on EU cloud data. Here’s how

Google Will Fight Government Over Access To Your Emails

Path fined $800,000 by FTC over iOS privacy breach

FTC calls on Apple, Google, Microsoft and BlackBerry to improve mobile privacy disclosures

Are You Guilty of Oversharenting? Why We Owe Our Kids Online Privacy.

In closing with a quote: “The future is not set. There is no fate but what we make for ourselves.” – Sarah Connor, Terminator 2

“How can we turn privacy into a tangible?”

In stride with 2013 as ‘The Year of Privacy’, SpiderOak launched a ‘Zero-Knowledge’ Privacy Ambassador (ZKPA) program.

We have nine ZKPAs from around the world who we will introduce you to in the coming weeks. Our ZKPAs will help inform and educate people on the importance of preserving privacy in everyday online life. Please lend them a warm welcome as they lead the change in advocating for privacy…

Meet Rob

Rob Simmons is a SpiderOak ZKPA hailing from St. Louis, MO. He has been working with computers professionally for the past 16 years. His day job includes management of NetApp, EMC, and Oracle disk and tape storage systems. His evenings and weekends include running Wycombe, LLC, (@WycombeLLC) which provides IT consulting solely to small businesses. While serving in the US Air Force he had the distinct honor of being stationed in an English sheep field. After his Honorable Discharge, Rob helped build a small telecom startup and obtained a Bachelor’s of Computer Science with an emphasis on Information Technology in 2009.

Why are you so passionate about privacy?

RS: We are in the ‘Share It All’ age. I think this is horrible. It is not necessary to share every aspect of your life, where you are this very moment, what you’re doing, where you’ve been, or what you plan. There are consequences for sharing it all. Namely, a complete loss of privacy. By sharing everything going on in your life, you give other people (sometimes malicious, sometimes not) the ability to rebroadcast your life any way they please without your permission.

Ensuring privacy is essential in navigating our online lives where every click we perform, every post we make, every picture we upload is replicated hundreds, maybe thousands of times. At that point a person has lost control of their privacy. It also lowers the excitement in meeting a new person, in making friends, or even developing a romantic relationship. The ability to learn something new about someone is eliminated when that person has given up his privacy. I’m passionate about privacy because I want all people to be able to selectively control the way their personal data is released.

What did you find most interesting about SpiderOak?

RS: Honestly, until the spring of 2012 I never heard of SpiderOak. Nor did I have any sort of backup solution for my computer. I got away with “winging it” for all these years. As part of my duties with my employer, I was tasked to research online cloud backup, sync, and recovery companies and their offerings. Among all companies and products I researched, not one came close to offering the critical level of digital security and personal privacy that SpiderOak offers. Others do a good job, but SpiderOak’s security structure is as near bulletproof as you can get. I was truly impressed. So impressed that I signed up for an account. After seeing how well SpiderOak worked for me I signed up my mother, two brothers, grandmother, grandfather, and my wife. My entire family is now a SpiderOak family.

What are some of the biggest challenges you see for advocating privacy?

RS: Privacy is not something that people actively think about. They think about seemingly more pressing items such as finances, car maintenance, home maintenance, work-related tasks, and family issues. These are all tangible items in their life. Things they experience, perform, or feel emotionally. Privacy, and especially online privacy, is an intangible item. How can we turn privacy into a tangible? Something a person can feel, touch, and understand? Once it’s turned into a tangible it will remain at the front of people’s minds along with all their other concerns.

Where do you see the online cloud industry in 5 years?

RS: It’s going to get bigger. Exponentially larger. Data center and data warehouse architects should be quite busy. I see a massive consolidation of disparate online items. Microsoft is going forth in a way I think will be the future. Microsoft is consolidating their desktop, mobile, and gaming platforms into one common system. And it’s all interfacing with Microsoft’s painfully non-private cloud storage: SkyDrive.

But it’s not just desktop, mobile, and gaming I see as part of the consolidation. I can see medical records, academic records, purchase histories, ebooks, music, accounts (online credentials), recorded VoIP calls, and who knows what else to be stored in a personal cloud. You could tell the doctor to just send your medical records to your personal SpiderOak storage. You’ll tell your VoIP service provider to record and send all calls to your SpiderOak storage. Receipts? Send it to storage. Ebook delivery? Not to a particular device, to storage. I think online cloud companies are going to have to look far ahead and see how they can become a person’s “personal storage” company that the user can access from any device, any location, at any time.

What do you hope to accomplish as a ZKPA?

RS: I’d like to get computer users to begin to think critically about their privacy and security of their personal files.

I’m sure many folks will brush off privacy with the statement they have nothing to hide. Well, truth be told, I don’t either. If you’ve nothing to hide, why close your drapes in the evening, why drop your blinds, and why close your outside door? People instinctively like their privacy even if they don’t know it. It just feels better knowing others aren’t looking in on you. Personal privacy is a natural thing for humans to enjoy. I want computer users to realize they should treat their files the same way. Make them private and share them only if they choose to do so. By stressing the ability users will have in selecting who has access to their files, I’ll be strengthening their freedom of choice. People would much rather be able to choose among a set of choices than none at all.

We are proud to have Rob aboard! If you have any questions for Rob, please feel free to write in the comments or find him on Twitter.

Next week, we’ll introduce another ZKPA…

Secure & private storage API on the horizon?

We wanted to share our announcement that just hit the wire today:

2013: The Year of Privacy

SpiderOak Bringing Privacy to the Cloud Through Open Source ‘Zero-Knowledge’ Application Framework

SAN FRANCISCO, CA–(Marketwire – Jan 28, 2013)– SpiderOak, the ‘zero-knowledge’ privacy cloud technologies provider, revealed today that the company will release an open source ‘zero-knowledge’ application framework (ZKAF) to push privacy further into the web than previously possible. The official launch will come at the RSA Conference in San Francisco and will further signify the evolution from Internet security to cloud privacy.

The ZKAF open source code will be made available on February 25. Additional details leading up to the announcement will be available at the SpiderOak website:

2013 – The Year Privacy was Found

As the cloud has gone mainstream, so too has the conversation around security. With more data being pushed to cloud servers throughout the world — the need to ensure the data is safe grows. Amidst this dialogue, the concept of ‘privacy’ has been drowned out as it was previously thought not possible to both preserve the privacy of data and also benefit from the advantages of the Internet. This is now all changing.

SpiderOak’s launch of its ZKAF will enable companies and/or developers to apply this framework on top of their application and enjoy all the benefits of ‘zero-knowledge’ privacy without having to understand the detailed specifics around cryptography and encryption. In practical terms, this means that any data generated by an application will never be readable on the server it is stored and, henceforth, remains private and in full control of the end user.

SpiderOak: Privacy Built Into the Technology

From the ground up, SpiderOak was designed with privacy at the core. The company’s industry-leading ‘zero-knowledge’ privacy standard protects user data by encrypting file backup, synchronization and storage throughout every stage. SpiderOak servers never store the plaintext version of a user’s encryption keys (or password). As a result, nobody can view any portion of a user’s content including filenames, file types, folder names, etc. Even the members of the SpiderOak staff with physical access to the servers can never view plaintext user information.

With SpiderOak Blue, the company brings the ‘zero-knowledge’ privacy environment to the enterprise. Through a virtual machine running behind a company’s firewall, SpiderOak Blue connects to LDAP / ActiveDirectory to provide consistent authentication procedures. IT departments have the flexibility and control to create and deploy specific end-device builds depending on the user — managing how and when individual files should be backed up and/or synced. A private cloud offering is also available such that the entire solution is contained behind the company’s firewall or within their server environments.

For more information on SpiderOak Private Cloud and other enterprise products, please visit:

Media Contact:
Ethan Parker, BOCA Communications: (415) 377-0978

Introducing ZKPAs: Privacy is a part of security

Most of you have probably caught on by now that 2013 is ‘The Year of Privacy’. One of many reasons is we’ve just launched our ‘Zero-Knowledge Privacy Ambassador’ (ZKPA) program.

We now have nine impressive ZKPAs from around the world who we want to introduce you to in the coming weeks. You will find these ZKPAs online and offline, specifically advocating for the virtues upon which we built SpiderOak and educating others on zero-knowledge privacy. They will help us dream and expand the program in order to make ‘zero-knowledge’ a household term.

Allow me to introduce to you one of these new ZKPAs, Ryan D. Lang. Ryan graduated magna cum laude from Drexel University this past summer, 2012, with a degree in Computing and Security Technology. While employed at the Camden County Library System, he aided patrons as in-person technical support. He is currently employed in the IT Support department at LT Security.

In his spare time, he works on a book that attempts to adapt corporate best practices to average users. The goal is to convince others of the importance of good security. Earlier writings can be found at “I just want to do a little good in this world.”

Ryan wrote the following post:

Privacy is a part of security

It came up in the meeting that several members of SpiderOak felt that privacy and security were separate. I politely objected to no avail, but rather than argue, I elected to compose a concise, persuasive essay.

Security is often described as being composed of the CIA: Confidentiality, Integrity, and Availability. “Confidential” can literally be defined as “private” or “secret.” * Thus, privacy is a subcomponent of security. To attain privacy/confidentiality industry uses technology, policies, and physical controls.

Consider VPNs: Virtual Private Networks. They are designed to keep communications private over a public network. They employ the technology of encryption to achieve this. Another technology employed is user privileges. They can control/restrict access to information, keeping it secret from those who do not need access. SpiderOak takes this a step further by removing access from employees completely.

Policies are rules of conduct that a company sets for its employees. They can be used to define what should be kept private and create ramifications for sharing secrets. While this often relies on background checks and the honor system, the procedures defined by policies can make breaking them harder (e.g. requiring two signatures or a notary on critical documents).

Locks and keys have long been used to secure property. Physical security is as important as digital security. This should include old fashioned locked doors to protect private data (&c.) not only from outside access, but from unauthorized internal access as well. Key files placed on a physical USB drive can be used with TrueCrypt and KeePass, secret keeping programs, to compliment or replace passwords.

These are examples of old and new methods used to protect privacy. Together they form critical parts of industry security best practices. Without privacy, data is insecure.

* (see definition #2)

Personal Note

I find “confidential” to be an interesting word. To me it means: “giving with trust of keeping a secret.” A prime example of this is when you confide in a friend. Another example is when talking to a doctor or lawyer; arguably a better example since there is legal backing. Those professionals have to keep your secrets (within statutes) or they will be fined or even lose their license to practice. I do not think that the majority companies consider the depth of the word “confidential” when forming policies or choosing controls (though they may consider “due diligence”).

The first Privacy Roundup of 2013

Another year has passed and we are ushering in another year of technological breakthroughs, computer crashes, storage problems and of course security and privacy issues. Fortuitous then that we bring you the first privacy roundup of the new year, filled with informative and interesting news from around our globe.

As usual you will find a wealth of information on privacy and security below, and just like always we look forward to your feedback.

Facebook chose Bing over Google because of privacy concerns

At Disney Parks, a Bracelet Meant to Build Loyalty (and Sales)

Chips off the old block;
Tracking children has never been easier. Nice for parents, not for privacy

Yahoo! Mail makes HTTPS available.

Silent Circle Adds Android For Encrypted Voice And Video Calls.

After a year in the grave, can SOPA and Protect IP return?

As always, Live long and Prosper!

Privacy MadLibs Follow Up & Winners

A big thank you to everyone who participated in our privacy MadLib. We not only enjoyed everyone’s submissions but also valuable comments and suggestions about how we can improve an activity like this in the future. We will definitely do so!

Find our answer key below and the top three submissions. Before we do…

Here is our key

We think individuals and companies don’t have to {compromise} their {privacy} online. Companies who can’t offer privacy are forced to sell security alone. However, we believe the cloud can be a perfectly safe place as well.

Privacy has been and will always be a priority for SpiderOak. Everything we {plan} for meets our ‘Zero-Knowledge Privacy Standard’, which means no one at SpiderOak can see your {private} plaintext data.

SpiderOak is often referred to as “the secure alternative to Dropbox”. Our founders {created} SpiderOak in 2007 with the ultimate idea to create an environment where they didn’t even have to trust the people that work at SpiderOak. It was {carefully} built in to the product.

We are very proud of how SpiderOak has evolved over the past several years. Once you download our {flexible} {product}, you can use our software online to back up, share, sync, access and privately store data for only $10/month. You can {access} your data from anywhere, from any device: Windows, Mac OS X, and Linux (Ubuntu, Debian, and Fedora & openSUSE). We also offer SpiderOak Blue, which provides the same security and privacy you know and love to businesses. The financial, healthcare, legal, and accounting sectors with sensitive data are especially keen on the {flexibility} SpiderOak Blue provides.

Thanks for making the web a safe place with us! We predict 2013 will be ‘The {year} of {privacy}. What do you think?

The winners are…

  • First Place: Alexkorff
  • Second Place: Happybeing
  • Third Place: Mscarborough

Congrats and stay tuned for some more games and opportunities to win free GBs.