Snowden: Dropbox is an NSA surveillance target, use Spideroak instead


#1

[Permalink]


#2

SO you mean they are knowingly lying here and we should bring a class action suit against them or is there some stupid legal loophole I don’t understand.


#3

I’ve been using SpiderOak for a few years now. SpiderOak is structured as a cloud backup service with file syncing and sharing built upon that, and I use it both for file backups and for syncing. It has its strengths and weaknesses.

SpiderOak’s commitment to end-user privacy is very strong, and I’ve never heard its security features faulted. They’re in the small set of organizations that has been willing to go to court to protect the privacy of their end users. SpiderOak is available for all major platforms, and there are RPM and DEB repositories to keep it up-to-date in Linux. There’s a free plan where you get 5 GB of storage, which is typical for file syncing services; you can get additional storage, in increments of 100 GB, for about $100/year, which you’d want if you intend to use it for backing up your files. It keeps multiple versions of a file. The encryption is all done client-side.

On the other hand, file transfer rates can be erratic, and often very slow. My partner tried to restore her entire Documents folder hierarchy from her SpiderOak backup through the client, less than ten gigabytes of files, and after several days, it hadn’t completed; she eventually gave up trying to use the client and used the Web interface instead; she was so frustrated by the experience that she immediately abandoned use of SpiderOak. SpiderOak isn’t quite as easy to use for basic file syncing, partly because the security considerations of SpiderOak make it a little more complicated to set up, partly because the client is not so polished as that of DropBox. File sharing is harder to set up and use. And while there’s an Android client, it doesn’t allow syncing, only downloading files to Android, which SpiderOak users have been complaining about for several years.

I find SpiderOak is adequate for my purposes – I sync a few documents between different computers I use, and I can restore the occasional deleted file or overwritten prior version. And I want to support SpiderOak for taking a principled stand in support of its users. But not everyone will be happy with it, and it will be hard to convince someone to use it if they are not already concerned about privacy and security and aren’t willing to put up with a less-polished interface.


#5

They say that the use 256-bit AES: this is a strong cipher, if implemented correctly; and 256 bits is generally believed to be beyond the reach of any current or expected near to medium term attacks (if not substantially more; barring some serious advances in factorization algorithms or quantum computers or something the time required to brute force with even several factors of ten more power than currently available across the planet just gets ludicrious).

However: Notice how they only specify the cipher and key length, not anything about where the keys are stored, who has access to them, whether they are unique per-subscriber or shared, whether they ‘secure your files’ in transit, at rest, or both, and so on.

Aside from Dropbox’s pitiful security track record, there are several reasons to suspect that the key management story is where this all goes off the rails:

  1. Unless dropbox can decrypt the files, they cannot offer such (undeniably popular) features as ‘access your files just by logging in in-browser’ and ‘synchronize your files to a new device just by installing the client and logging in’. If they don’t have the key, all they could do is provide the ciphertext and tell you to work it out. There is an intermediate step (one it appears that spideroak uses), where the keys are encrypted with a key derived from your password, so that you don’t have to manually key-fill a new device, just provide the credentials; but the service provider need never have access to them. Unfortunately, this means that it is impossible to reset a password (since, without the password you can’t decrypt the keys that decrypt the files. You can overwrite the password hash to allow logins with a new password; but the keys are toast, period).

  2. Given the fairly thin margins in bulk file storage, deduplication is extremely popular: eliminate redundancy (whether at the block or the file level), accrue significant reductions in real disk space use for duplicate-heavy storage loads. However, unless the same key is used across users, deduplication will fail: exactly as intended, even identical plaintexts will produce wholly different ciphertexts if different keys are used. Unless they specifically assert that they are foregoing the benefits of deduplication between accounts, this is a tempting reason to share keys between accounts.

  3. Customers, especially non-technical customers who’ve come to ‘the cloud’ to solve the data transfer and retention problems they have, hate losing data. However, unless the service provider can decrypt your files, they can’t really help you with data loss. You lose your key? Game over. Very spartan. The issue of password resets falls under this heading as well. You can’t have zero-knowledge on the part of the provider and password resets that don’t destroy all prior data.

TL;DR, I’d be very surprised if DropBox Legal lets them say anything that isn’t technically true anywhere that might be construed to constitute a legally binding obligation; but they omit more than enough to compromise the cryptosystem utterly; and their feature set suggests that they do, in fact, engage in at least some of this behavior (in fairness, these cryptographic shortcuts do offer financial and user convenience advantages, one need not suppose that malice motivated them; but once you know something you are just a subpoena or NSL away from the feds knowing it, so your initial intentions aren’t terribly relevant to the outcome. Only rigorously enforced ignorance can protect you from being forced to compromise your customers; because you can’t be made to divulge what you do not know.)


#6

@FF I have not read or heard such an interesting comment in a very long time. Would I be in the ballpark by drawing the conclusion that they’re just too stupid? Hear Hear


#7

Personally I use Tresorit. Why? Because they’re not based in the US, and therefore should be safe from National Security Letters.

Like Spideroak they use AES-256 clientside encryption, so there’s nothing lacking there. They also offer clients for many devices/OSs (which is another big requirement for me).

I can easily see Spideroak going through similar dramas to Lavabit.

https://tresorit.com/


#8

Hi, I’m a programmer at SpiderOak (since 2008). BoingBoing readers may be interested in more detail. Try this: https://spideroak.com/engineering_matters.


#9

I couldn’t help thinking part of the reason she turned out so screwed up is that creepy name.

Condi Rice

…So I don’t think we should extend the usual courtesy of familiarising somebody’s name for them in this case.

C.o.n.d.o.l.e.e.z.a…

C.o.n.d.o.l.e.e.z.a…

C.o.n.d.o.l.e.e.z.a. Weird and creepy.


#10

How is the syncing on tresorit? The reason I ask is that I stopped using (and paying for) SpiderOak because their sync would get “wedged” – that is, it would just stop syncing, and the only way to fix it was to contact customer support and have them unwedge whatever process got wedged. Although now I understand that they’ve published command lines that can be used on the client side when that happens.


#11

@doug_fort looks really neat - does your company have a “warrant canary” page to let us know that you’re FISA free?


#12

I’ve been using SpiderOak off and on for a few years. Finally came to my senses and dropped Dropbox entirely earlier this year. I currently have ~94GB of data stored in my SpiderOak account, mostly backups.
I haven’t had a problem with transferring large files or data sets to/from PCs (though the first time backup of large files can take a few minutes to initialize). Where I have seen speed issues is with the Android client. The UI is often not very responsive, and transferring files as small as 80-90MB is slow and hit or miss. Sometimes the UI takes rather a while to acknowledge that you’ve requested a download and other times it just silently fails.

If they fix the speed/reliability issues of the Android client (and allow you to sync from Android devices), I’d say that it’s easily recommendable for the general public. As is, it’s unlikely that someone who doesn’t take data security seriously would be willing to put up with the mobile client’s gotchas.


#13

I think there’s a story behind the name. I don’t remember, but I recall it was kind of classy. If you’re going to oppose her do it on moral and political grounds, not by calling her fatty on the playground.


#14

What a crazy conspiracy theory! Dropbox an NSA target?! I mean, whoever would have thunk it. What crazy paranoia!
Damn, if only someone warned us all about such things happening 10 years ago but who wasn’t a crazy paranoid conspiracy theorist. Maybe we could have done something about it then! Why is it that only crazy paranoid conspiracy theorists talk about such things before they become fait accompli? Why do we always have to wait for legitimate heroic whistleblowers to come out but they always seem to arrive too late to change anything? I wonder…


#15

I haven’t had an issue, but to be honest, I haven’t used much space yet. I mainly use it to access my KeePass 2 databases and a few other smaller files that get the paranoid treatment (financials, etc).


#16

Why not just, you know, not store sensitive unencrypted data in the Cloud?

I like Dropbox primarily because it provides an easy means of uploading something to which I can post public links.


#17

Pff, opposing scumbags on moral and political grounds really gets us far, doesn’t it?

Perhaps some good can come of sinking to their idiot level.

Anyway, there might be some substance to my comment; I recall coming across this relevant factoid: if you name your son with something unusual, you increase his chance of mental illness by 30%. Although it supposedly doesn’t apply to girls, I’m not sure Condoleeza isn’t a bloke in drag.


#18

Dropbox’s security record suggests a certain amount of incompetence and/or apathy (I adore the one where they just accidentally turned off password access control for a few hours at one point); but I’d suspect that they aren’t ‘stupid’ in any larger sense: they’ve quite successfully delivered, on a large scale, a cheap, easy, multiplatform, secure-enough-that-not-too-many-scary-stories-of-people’s-lives-being-destroyed-by-criminals-are-published, product.

Very popular with home users, so convenient that even people in corporate and institutional environments with IT departments and file servers pre-configured, and so on, often try to sneak it onto the network, practically the de-facto replacement for the filesystem that the iDevices hide from you.

Unfortunately, any sort of offsite storage is (in practice, I’d argue unconstitutionally; but people who matter haven’t) treated as a 4th-amendment-free zone. Anyone who builds their security against a non-state threat model, even if they were to achieve perfection in that area, is focusing on a substantially different set of security risks than someone building their security against a state actor threat model. It’s not that Dropbox has tried and failed to be secure against the state, they just haven’t tried (whether because doing so would raise costs and decrease customer satisfaction, which it probably would, or because they are actively collaborators is unknown to me; but not really relevant when the state can force even unwilling parties to hand over information).


#19

Not really. There are plenty of online forums in which the participants do little more than name-calling and invective, and it doesn’t make for a useful discussion. Worse, often that name-calling ends up insulting and alienating allies and oppressed minorities.

Like so. Don’t do that.


#20

I kind of like owncloud for shared projects - just set it up to only use https, and everything lives on your own server rather than some random company’s server. As an added bonus, 500 gig costs whatever a 500 gig hard drive costs these days, with no montly fees.


#21

See, here’s the thing - the unwashed masses couldn’t give a flying fuck for the alienating moral superiority and overriding concern for relevance of the liberal set; they’re too busy having their hindbrain buttons pressed and apathy encouraged by cycnical scumbag arseholes.

Throwing shit is actually a semi-serious suggestion; if for some reason it doesn’t work as well as when the bad guys do it, what the hell - at least it’s a chance to blow some steam off.