Posted by Kalyani M. on Sep 9, 2013
Cloud companies have been scrambling to provide consumers with guaranteed protections from hacking and legal snoops after the public fallout occurring as a result of the NSA’s PRISM program leak. As governmental organizations like the NSA continue to snoop on citizens, cloud services like SpiderOak continue to up the ante in privacy protections and data security. SpiderOak shields users from PRISM through strong encryption and the fact that only users host encryption keys. The company also recently rolled out a plan to accept bitcoin and continues to update its celebrated Crypton privacy framework.
Recently, reports on intelligence budgets show that governmental agencies are ramping up efforts on citizen spying. Roughly $11 billion is allocated to the Consolidated Cryptologic Program, which Director of National Intelligence James Clapper says is part of an exploration “in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic.” The details of the program are still confidential, which has caused much justified paranoia in the online community. Google Cloud Storage is just one company that is trying to fight back against lack of public confidence following the PRISM leaks. With a 128-bit Advanced Encryption Standard (AES) and encrypted keys, the company seeks to win back consumer trust. Unfortunately, this doesn’t go far enough.
128-bit encryption is relatively weak when more secure companies like SpiderOak can offer 256-bit encryption. Furthermore, the company keeps a master encryption key that is supposedly rotated. According to Google, “We provide user data to governments only in accordance with the law. Our legal team reviews each and every request, and we frequently push back when the requests appear to be fishing expeditions or don’t follow the correct process. When we are required to comply with these requests, we deliver it to the authorities. No government has the ability to pull data directly from our servers or network.” But this explanation falls flat on its face when considering the fact that a simple subpoena would allow the government to access files using Google’s master key. With SpiderOak, users hold their keys so that the company can’t access your data even if it was asked to by the law.
Another company fighting back against privacy breaches is Wikipedia. The free research site promises to protect user privacy through HTTPS security protocols. According to a statement, the company “believes strongly in protecting the privacy of its readers and editors. Recent leaks of the NSA’s XKeyscore program have prompted our community members to push for the use of HTTPS by default for the Wikimedia projects.” While this is a promising step in the right direction, it’s just one example of a company proactively doing the right thing by protecting user privacy.
Another way to protect privacy online is through the use of the secure digital currency, bitcoin. Very few cloud companies accept bitcoin, which makes SpiderOak’s recent efforts to allow for bitcoin payment all the more revolutionary. According to SpiderOak spokesman Daniel Larsson, “The potentially anonymous and proof-centric nature of cryptographic currencies certainly ties into our overall messaging. Based on all of the above, it seems rather natural to at least start experimenting with cryptocurrencies as a form of payment. The choice of bitcoin was easy as it is the most widely adopted cryptocurrency and is also the only one directly exchangeable for fiat (USD), should we decide that we want to move towards larger scale acceptance.” While the bitcoin program is just in its initial pilot stages, security concerns are sure to push consumers towards the private currency.
One of SpiderOak’s strongest selling points is in its privacy platform. The company’s Crypton framework allows for private storage, sync, and development. CEO Ethan Oberman says, “Previously, privacy could only live in the belly of a downloaded client which limits adoption and creates obstacles — especially as the world shifts toward the web. Now armed with a way to push privacy further into the web than previously possible, the Crypton framework can serve as a necessary cornerstone in the development and continued advancement of this new privacy platform.”
How to Guard Your Privacy & Shield Your Identity With SpiderOak
For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides colleges with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak Blue is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs.
SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.