Posted by Kalyani M. on Oct 1, 2013
Cloud storage services are used by many of us to store and share our files or photos. While using this extremely convenient and easy to use file-sharing service, there are valid questions, such as “what if the service providers can access our data?” or “what if somebody hacks into their servers?” Recently, the online cloud storage service Dropbox was in the news for being a target of the NSA’s requests to reveal user’s data stored in their servers. Dropbox has joined hands with other tech companies like Google, Yahoo, Microsoft and Facebook in their quest for permission to publish a transparent report of number of data requests made by US government under national security laws. In a brief filed with foreign intelligence surveillance (FISA) last week, Dropbox seeks permission to report the exact number of data requests it has received, and the number of users affected by the requests. It supports the motions filed with FISA by other tech giants like Google, Microsoft, and Yahoo. According to these companies, their inability to make public the number of data requests they have received is harming their reputation. As per the brief, Dropbox has been denied permission by the government to publish the precise number of national-security requests it receives. The only way it can publish the number of such requests is if it combines NSA requests with regular-law enforcement requests, and then rounds the total figure to the nearest thousand. Since Dropbox received fewer than 100 regular law enforcement requests last year, reporting in the government’s format will decrease the reporting resolution. Let us now take a look at the online transparency report that Dropbox has released. It states that the company has received 87 requests for user information in the U.S. in 2012, and those were specific to 164 user accounts. Out of this it responded to 82% of the requests. As per the report, there were less than 20 non-US requests for user data in the same time frame, specific to 20 unique user accounts. The company has not responded to any of the non-US requests, as it currently requires data requests to go through the U.S judicial system.
Dropbox has also included the court brief in the transparency report page. The brief uses very strong words and even accuses the government of violating the First Amendment. “There is no statute, nor any other law, supporting the government’s demands,” Dropbox said. “To the contrary, the proposed gag order violates the First Amendment, as it interferes with both the public’s right to obtain truthful information about a matter of substantial public debate and service providers’ rights to publish such information.” And these are the reasons why the company has agreed to the motions of other service providers and asks the court to “publish accurate information about the number of national-security requests received within a reporting period, along with the number of accounts affected by those requests”. How secure is Dropbox? Now the obvious question that will arise in your mind is how secure is your data in Dropbox, especially in the light of PRISM revelations. There is no doubt that Dropbox is a robust and convenient service that allows you to backup and access your data anytime and from anywhere. But you have the right to know how Dropbox stores and secures your data, irrespective of what the NSA wants. In the last few years Dropbox is under the scrutiny of security researchers as the privacy of user data is under question. There are certain security risks in this widely used cloud storage system:
Spideroak Vs Dropbox
Despite several similarities there are significant differences between SpiderOak and Dropbox.
Why choose Spideroak over Dropbox? Users sometimes find that selecting a truly protected third party cloud service can be a challenge as most “secure” services on the market have glaring security gaps that leave their sensitive data wide open to third party attacks, leaks, and hacking. One rapidly expanding cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs. SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access. Interested in SpiderOak Products? SpiderOak carved its niche as the top choice for those most concerned with privacy.The engineering goal was simple – devise a plan where users’ files, filenames, file types, folders, and/or any other personal information are never exposed to anyone for any reason (even under government subpoena). This describes SpiderOak’s ‘zero-knowledge’ privacy environment. SpiderOak offers amazing products like SpiderOak Hive and SpiderOak Blue to secure consumer and enterprise data. SpiderOak Hive keeps all your files in sync across your computer and mobile devices. Here the end-user has the ownership of data and is the only one with the keys to unlock and look at plaintext data. You can signup for this product now. SpiderOak Blue works seamlessly in your enterprise environment. To resolve authentication it deploys a virtual appliance that resides behind your firewall and integrates with Active Directory / LDAP for single sign-on. SpiderOak Blue is compatible in Mac, Windows, Linux, iOS and Android platforms. SpiderOak Blue is now available through a limited release. We have been working with several large enterprises through the beta period and will continue towards general release. If you’re curious about the product, please send an email to email@example.com and we will get back to you soon.