Back Up Safely With SpiderOak

The SpiderOak secure online backup service protects you by encrypting your data with keys that only you recognize.

By Alex Wawro , PCWorld   

Every backup service worth its salt uses encryption to maintain your data safe from snoops, but Spider­Oak goes one step further by promising to maintain your data private from its own employees. Although you continue to should use common-sense in choosing what to upload to any service, i think that SpiderOak is likely one of the best secure online backup options available.

You may store as much as 2GB on a free account; more room costs $10 per 30 days or $100 per year per 100GB (cheaper than Dropbox but a chunk pricier than Mozy).

You download an application (for Windows, Mac, or Linux) that coordinates which files and folders to back up, and runs within the background to sync your online backup along with your PC. The password that you just create never goes to the SpiderOak servers; it’s stored for your PC. Your password then serves to generate a couple of encryption keys, which also remain local. The keys work to encrypt your files in your PC before the info goes to the SpiderOak servers-without your password or keys, not anyone can view your data without cracking the encryption via brute force.

‘Zero-Knowledge’ Privacy Policy

This hands-off approach implies that whenever you log in to SpiderOak, you’re just verifying your identity to the desktop client, which in turn establishes a se­­cure connection to the SpiderOak servers. So long as you never log in via SpiderOak’s website or a mobile device (as well as the desktop tools, SpiderOak offers mobile and Web clients for convenience), your password won’t ever enter SpiderOak servers, so theoretically it’s difficult for a SpiderOak staffer to peek at your data or give it to a 3rd party.

SpiderOak calls this a “zero-knowledge” privacy policy, and it makes life difficult for anyone who attempts to subpoena SpiderOak for data. While SpiderOak could hypothetically hand your data to, say, the government (that could then crack the encryption by brute force), the corporate promises to inform users of any data requests from civil subpoenas or state or federal law en­­forcement agencies unless prohibited by law. Even better, SpiderOak publishes an annual Transparency Report wherein the corporate reveals what percentage times it has received such requests, in addition to what number of times SpiderOak complied.

Of course, since SpiderOak doesn’t store passwords, it can not help you recover a forgotten one. You may store a password hint at the SpiderOak servers, though. Remember, should you lose your password, your backup becomes unintelligible (unless you need to try breaking the 256-bit AES encryption yourself).