Never worry

You don’t have to worry about trusting SpiderOak with your important data because even we can't decrypt your files without your password.

Built Differently

Your SpiderOak data is readable to you alone. Only YOU hold the encryption keys to your files, photos, videos, financials, or client information - we couldn’t decrypt it even if we wanted to.

We can’t even know the name of your files and folders. On the server side, all that SpiderOak staff can see are sequentially numbered containers of encrypted data.

It's All About Your Keys

Most companies don’t encrypt your data while it is resting on their servers. If they do any data encryption, it is usually only during transmission.

So what? This means the data is stored as plaintext, and anyone with access to the servers (such as the company's staff) could read or steal your data.

But let’s say that a company does encrypt your stored data at rest. The encryption keys are usually controlled by the company, and often stored right along with your data. This still makes your data still easily viewable by anyone with access to those servers.

No, thank you.

The Secret Sauce

When you first run the SpiderOak application on your computer, a series of strong encryption keys are generated. The keys are themselves encrypted with your password and stored (along with the data you backup) on our servers in their encrypted form.

Your password is the secret sauce that keeps your data readable to you alone.

Don't forget your password because we can never reset it for you. (And any company who can reset your password can access your data). You alone have responsibility for remembering your password or 'Password Hint'.

How It Works

After you first download SpiderOak, you will be prompted to sign up securely via the desktop application. Choose your email/username and a password to authenticate your account.

Strong encryption keys for your account will be automatically generated, encrypted with your password, and saved. No trace of your original password is stored; the plain version of the password is never sent to SpiderOak.

These are the necessary steps to create a true No Knowledge privacy environment. It is the foundation of how we were built. It is core to who we are.


Read our encryption specifications

Fault Tolerant Design

SpiderOak was designed and implemented by engineers with a background in fault tolerant systems with a margin of error of 0.0000%.

Consider what might happen if you are working on a document, hit Save, and just as the document is halfway through overwriting the old version, the power fails. You may now have replaced the old copy of the document with a half-written, corrupted document that you cannot open.

Most programs are not created using a fault tolerant design, but your backup software absolutely should be.

The biggest worry with corrupted backups is that you don't notice — until you try to restore. You might go on with a false sense of security knowing all your data is safe. SpiderOak eliminates this concern.

If your hardware, operating system, or electrical power fails, SpiderOak’s design makes it impossible for your backup result to be corrupted. We accomplish this with a transactional file system layer and application level transactions. SpiderOak works as a fully ACID compliant database, distributed across each computer you use SpiderOak from, and the SpiderOak servers. But basically, what you need to know is this approach is significantly different from the way most applications are engineered.

Storage Redundancy Savings

Have two copies of the same file? In your SpiderOak account, the 2nd (or 3rd or 4th, etc.) copy doesn't use any more space.

Or maybe there are instances when you have a folder with 10 or 20 different "renamed" versions of a similar file as you worked on it over time? SpiderOak internally detects the redundancy in these situations and saves you online storage space.

Additionally, this enables SpiderOak to store all historical versions of any document (even if it is not renamed) as well as allow your uploads to happen with much greater speed.

As a distributed database of your data, SpiderOak also knows what files are stored in your SpiderOak network, from any of your computers.

For instance, you might backup your music on your work computer, and also your music from your home computer. If you have many of the same songs in both places, they won't take up any extra space in your account.

Efficient Versioning

SpiderOak keeps historical versions of each file. This is an extremely important safety feature in a backup application.

Consider this scenario: You accidentally save over your thesis paper with a different document. The easy solution is just go to your backup software and retrieve the old version, except what if you don't notice for a few days? If your backup software doesn't keep historical versions, it will save the new (wrong!) version of your thesis into your next backup, making recovery impossible. If the backup software only keeps historical versions for a limited time, what if you don't notice until it's too late? By default, SpiderOak keeps all historical versions forever.

SpiderOak's historical versions are space efficient. Even though your historical versions are encrypted and only stored on the server, SpiderOak detects the similarity between those historical versions and your new versions - only saving the parts that actually changed.

As a point of comparison, many backup systems can only accomplish versioning by storing a completely new copy of the file (not just the changes), which doubles storage costs with each new version. For files that change frequently, this really adds up.

Multi-Device, Real-Time

When you save files on one of your SpiderOak enabled computers, you can see those files in real-time throughout your SpiderOak network. The redundancy savings mentioned above work across your multiple devices too.

If you have your music collection on both your desktop, and your notebook, you can back them both up using SpiderOak, without using twice the space. This works across all platforms: Mac, Linux, and Windows.

Instant Access from Anywhere

From within the SpiderOak application you can view and download all of the data you have backed up across your SpiderOak network - including files from your Mac, PC, and/or Linux machine.

As an example, you can access a document from your PC desktop computer while traveling overseas with your Mac laptop.

If you are away from your computer, SpiderOak also provides the ability to access your data remotely via the SpiderOak website using 'My Login'. This provides the added convenience of being able to remotely track down a document should the need arise.

Important Note: When accessing your data via the SpiderOak website or a mobile device, you must enter your password which will then exist in the SpiderOak server memory for the duration of your browsing session. For this amount of time your password is stored in encrypted memory and never written to an unencrypted disk. The moment your browsing session ends your password is destroyed and no further trace is left.

The instance above represents the only situation where your data could potentially be readable to someone with access to the SpiderOak servers. That said, no one except a select number of SpiderOak employees will ever have access to the SpiderOak servers. To fully retain our No Knowledge privacy, we recommend you always access your data via the SpiderOak desktop application which downloads your data before decrypting it locally.

Even though all your data is stored encrypted, you can carefully and selectively allow portions of your SpiderOak network to be shared (or become public) to family, friends, colleagues, or clients. Create a ShareRoom by choosing any number of folders from several of your computers.

A ShareRoom may be accessed as a unique web URL or by entering a user's ShareID and RoomKey on the SpiderOak homepage, easily allowing people you invite to view your documents, pictures, movies, etc.

As you make additions or edits to the folders within a ShareRoom (no matter what computer those changes are made on), the changes are automatically viewable to those who have access to the ShareRoom.

This process is more efficient than having to constantly upload new changes to an FTP site or resend big files via email.

Linux, Mac and Windows Compatible

The SpiderOak client is distributed for Windows 7, 8, and Windows 10, MacOS, and 32 and 64 bit Linux packages for Ubuntu and Debian.

This means that the data from your Mac is accessible from your PC and your Linux box. Plus, you can create SpiderOak share rooms that include folders from any or all of your many platforms. Backup your Netbook, Powermac, Linux box and PC workstation all using the same account.

We have also begun investigative work for providing SpiderOak on the OLPC.

Reliability via Comprehensive Test Coverage

We believe in data integrity and quality-by-design.

To that end, we have a comprehensive, automated, internal testing system. It simulates users using the software in a variety of ways with integrity verification at every step. We continuously verify accurate handling of data based on test sets such as the many years of changes to the Linux kernel source code, big collections of office documents, pictures, music, email, and so on.

This remains one of the most compelling arguments for relying on a 3rd party to provide your backup solution. Few individuals or organizations take the time to regularly audit the accuracy and completeness of their backups through testing via full restore. SpiderOak maintains the resources and incentives for continual quality assurance.

In the end, nobody should have to think about their backup software – rather – 'it should just work'.

Open Source

We have released many of the tools and libraries that we created while building SpiderOak as independent, generalized projects. Most of these are available via GitHub. Highlights include the Crypton framework for No Knowledge applications and the Nimbus.io distributed storage system.

For the moment, the SpiderOak backup software must remain a closed source, commercial application.

Our founder and engineers have a strong open source background and we consider a contributory relationship with the FOSS community as the normal course of business. Thus, our plan all along has been to make our entire code base open source; however, as anyone who has worked with such issues knows, it is often not quite that simple. We are committed and will continue to work toward an open source environment.

Encryption Specifications

SpiderOak uses AES256 in CFB mode and HMAC-SHA256.

We use a nested series of key scopes: a new key for each folder, version of a file, and the individual data blocks that versions of files are composed from.

Having keys with such limited scope allows for selective sharing of chosen portions of your data while keeping the remainder private.

But most importantly, the keys are never stored plaintext on the SpiderOak server.

They are encrypted with 256 bit AES, using a key created from your password by the key derivation/strengthening algorithm PBKDF2 (using sha256), with a minimum of 16384 rounds, and 32 bytes of random data ("salt").

This approach prevents brute force and pre-computation or database attacks against the key.

A user who knows her password can generate the outer level encryption key using PBKDF2 and the salt, then decipher the outer level keys and be on the way to decrypting her data. But without knowledge of the password, the data is unreadable.

SpiderOak accounts also include a 3072 bit public/private RSA key pair. This is currently not used for anything, but is included with all accounts for upcoming feature implementation which would necessitate the use of the public/private keys.

Storage Infrastructure

SpiderOak operates its own hardware and data centers without outsourcing.

Data is archived using a redundant clustering file system that can tolerate the total loss of many entire machines without loss of data. Our data centers have redundant power, generators, battery backup, redundant cooling, and multiple Tier 1 ISP uplinks.

For customers that require geographic redundancy (beyond the geographic redundancy that an off-site backup inherently offers), we offer this service at a premium pricing schedule. To find out more, please contact our support team.