Why you should drop Dropbox in favor of SpiderOak

Originally published at: https://boingboing.net/2017/11/07/why-you-should-drop-dropbox-in.html

Once your files are on their server, there’s absolutely no way for them to read their contents or metadata

You can share files from their web interface, and even create self-destructing links to give collaborators temporary access.

So how does sharing from a web interface work, then?

If they don’t have access to the contents of the file, then the file is encrypted, and in theory only you have the key. Do you hand them the key to hand to the person you’re sharing it to? If so, how does that work in the web interface securely so only the person and not the company can access it? Are you expected to hand the key to the person through another route or offline?

I’m not sure how they can provide some of these features and still remain secure.

6 Likes

Yes, but …

And the ‘but’ is that Dropbox is supported by thousands or tens of thousands of apps for seamless cross-device syncing. App makers don’t build in support for SpiderOak (or other competing systems) at anything like the same rate.

The core problem is that app developers code to an app, not an API (or they code to the app’s proprietary API, which amounts to the same thing). In an ideal world, the Dropboxes and SpiderOaks of this world would support a common API, the app developers would implement support for the API once only, and the user would then be able to freely choose the service they want. If you were of a mind for it, you could even deploy your own service, based on open-source software.

In this less than ideal world, the app developers just say “OK, we’ve added Dropbox and iCloud support, we’re done here.” Dropbox, of course, has no interest in supporting an open standard. So when I need to sync all my documents between phone, tablet and laptop, I use Dropbox, because that’s all there is. Even though I know that SpiderOak would be a better choice.

Some would say that this is just what I deserve for using devices made by That Fruit Company with proprietary lock-in engineered into them from the ground up. That may be true. But the sad fact is that if you go one route, you get a certain kind of freedom, but at the cost of a lot of convenience, and if you go another, you get more powerful features, but at the cost of freedom.

P.S. I have looked at SpiderOak in the past, and they do look good, for all the reasons the article mentions. And the $40/1TB/year that the BoingBoing store is offering now is a pretty sweet deal. If you just need file syncing and aren’t worried about supporting particular mobile or desktop apps, jump on it with both feet.

EDIT: I wrongly attributed the post to Cory, but the post actually has no byline. I’ve updated my comment accordingly.

EDIT: The post does have a byline, and it is ‘Boing Boing Shop’. Ooof, I’m on a roll today.

5 Likes

mega.co.nz offers similar and more features and pricing, but they have a free tier of 50gb.

1 Like

I think you are misattributing that post.

You’re right, I was. Apologies. I followed a link from Cory’s Twitter feed to get here, and wrongly assumed that he was also the author.

1 Like

The post has a by-line of “Boing Boing’s Shop” – which clearly denotes it as a commerce post from our shop. We make approx. 365 of these posts a year.

I tried so hard to use Spider Oak for about six months (about eight months ago) and it was just not nearly as functional a product as Dropbox. It was incredibly frustrating, with conflicts quite frequently. I primarily use Dropbox to share code between work and home and stuff was just a mess with Spider Oak, and I regrettably went back to Dropbox, which does what it does about as well as any software product I have ever used.

3 Likes

I don’t know how well Spideroak works as a Dropbox alternative, but it was one of the first cloud backup services to offer client-side encryption, and has a pretty good reputation.

2 Likes

“Edward Snowden-approved safety.”

Approved by guy who released a massive amount of classified data to the world.

Your secrets are safe, he promises!

3 Likes

I trust him more than Condoleezza Rice.

3 Likes

It’s a pity that WebDAV always remained rather half baked(and, where more fully baked, typically baked deep into a de-facto proprietary protocol with some degree of inspiration from WebDAV, as in some of the uses in Exchange and SharePoint); and that the design of protocol, API, and service have mostly been subordinated to market considerations of who was giving away more storage space a few years ago.

If anything, it’s especially dramatic and dire given that we have more networked devices in need of syncing than ever; but they are increasingly not reliably on the LAN(which cuts out CIFs/SMB and most NFS flavors as totally insane unless VPNed); and increasingly on devices crippled enough that they don’t even speak SMB, NFS, AFP, or the like without some hackery or userspace API wrappers that require explicit per-application support.

1 Like

When you say that, are you saying that Dropbox actually matches or exceeds dedicated revision control systems for keeping code worked on in multiple places under control; or that you are actually disciplined and/or masochistic enough to do so with nothing but tools designed for rudimentary versioning on mostly binary files?

3 Likes

lol I am not using Dropbox as a VCS, I am using Dropbox to keep files synchronized between three computers and SpiderOak struggled in my experience to do nearly the seamless job as Dropbox did. I simply advise caution.

3 Likes

Next up: cancer approved cigarettes

2 Likes

Tried using Spideroak in our office. Nobody wants to talk about THAT attempt anymore.

All great ideas but it ate away a lot of CPU cycles on everyone’s machine to keep encrypting stuff. Some serious slowdowns occurred.

Might be good in a single user environment with minimal major changes going on though though.

1 Like

more modern cpus are better at encryption…

There are three options in life. You can encrypt at the client, you can encrypt in the cloud, or you can not encrypt. The second and third options are not secure, the first puts a computational load the client machine. Only you know if your office data is less valuable than CPU upgrades.

(Four options, of course: you can eschew the cloud. Probably best for most people.)

2 Likes

I’ve wanted to use SpiderOak for a long time for these very reasons, but the problem that I keep running into is that, at least last I checked, it simply doesn’t perform as well as other cloud storage services. In particular the phone app is a buggy, barely-functional piece of junk with extremely limited utility. If I’m not going to be able to access my files from my phone, I don’t really need cloud storage at all, I can just keep everything localized to my computer’s hard drive. Of course, it’s been a while since I looked into it. Maybe it’s improved at long last? Would sure be nice.

1 Like

I will second the previous comments: SpiderOak’s Android phone app is half-baked at best.

I really like the idea of SpiderOak, and I was a paying customer for about a year-and-a-half. I used it both both online backup and to synchronize files between computers. Unfortunately, in that time it decided to silently stop synchronizing files a total of three times. No messages, no warnings, just quietly stopped working.

The first time I tracked the problem down to a weird non-ASCII character in a filename that caused the Windows client software to choke and die. Once I renamed the file, everything got better.

The second and third times, it apparently somehow corrupted the database used to track what needed to be transferred. After much back-and-forth with SpiderOak’s support via email, usually with multiple days between replies, the best they could come up with was to suggest that I delete all my online volumes and reupload almost a terabyte of data. The second time this happened, I became a former SpiderOak customer.

When it worked, it seemed to work well. HOWEVER, when something goes wrong, they do not have telephone support, and their email support took days to reply. I would describe this service as unsuitable for anything that you can’t afford to have fail without warning for several weeks at a time.