Jump to content

Talk:SpiderOak

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

AVG LiveKive

[edit]

AVG has selling re-branded SpiderOak with altered plans. Maybe it worths noting. —Preceding unsigned comment added by 79.111.223.5 (talk) 18:36, 18 May 2011 (UTC)[reply]

Zero-knowledge

[edit]

"zero-knowledge" is advertised, but it cannot be real, since i can access my data trough a web-api. This means they can decrypt my data!!!! and so they know them :( :( :( look at this: https://spideroak.com/faq/questions/37/how_do_i_use_the_spideroak_web_api/ — Preceding unsigned comment added by 92.203.66.219 (talk) 18:03, 29 June 2011 (UTC)[reply]

"IMPORTANT NOTE: Accessing your data remotely through the web is the only instance when your data does become readable; however, these machines are only accessible by a select number of SpiderOak employees. For continued zero-knowledge privacy we only recommend accessing your data through the SpiderOak client, as it downloads the data before decrypting it." --Pmsyyz (talk) 03:15, 30 June 2011 (UTC)[reply]
Yes but this means, that they can read my data if they want to read it. Doesn't it? — Preceding unsigned comment added by 92.203.120.168 (talk) 12:24, 1 July 2011 (UTC)[reply]
This means that the only way SpiderOak can decode the data is if you provide your key, i.e. the password, to them. When you perform a web login, you are doing this. The password is used to dynamically create a key with PBKDF2 which then secures your session keys. The data really is encrypted before it is received by SpiderOak servers. So the data isn't readable until you provide them with that primary key, which is why security conscious users often do not wish to use the web interface. This also underscores the importance of a strong password! https://spideroak.com/engineering_matters#instant_access is the full context of the quote above. Rixoff (talk) 17:38, 6 July 2011 (UTC)[reply]
As long as the client is not open source you can claim anything... Release the client as open source so that people can check whether their data is encrypted before sending or not (and still your service will be unique because nobody can rebuild your server)... --92.203.47.202 (talk) 10:27, 4 August 2011 (UTC)[reply]
You could still dump its tcp/ip traffic and check, wether it's plain data. --84.147.221.24 (talk) 13:01, 6 September 2011 (UTC)[reply]
But they could use an encryption but also send the key for the encryption (or just use a pseudo encryption so that your cannot see that your data is in fact (with a little bit of wor) plain data) --92.203.105.75 (talk) 14:56, 15 September 2011 (UTC)[reply]
Indeed very interesting :/--92.203.39.199 (talk) 22:15, 18 November 2011 (UTC)[reply]
This brings up an obvious issue. You can already do this with any cloud server by encrypting files or (using something like DFS) clusters. That would even still work with dedupe and you can compress at the same time as encrypting. There's the possibility that they'll offer a localhost proxy like TOR/I2P that transparently decrypts it locally? Seems this is the most practical way to make it work 100% 0-knowledge. 75.70.89.124 (talk) 07:10, 9 July 2013 (UTC)[reply]

Removed some advertising

[edit]

I hopefully improved the neutrality by removing some specific promotional statements. More content needs to be added, however. Rfellows (talk) 17:15, 29 July 2011 (UTC)[reply]

This reads like an advertisement

[edit]

This seems like it was written by SpiderOak promoting their own site. — Preceding unsigned comment added by 2600:6C48:7003:200:7D4A:149E:669E:347B (talk) 14:13, 2 August 2017 (UTC)[reply]