Talk:SpiderOak

This is the talk page for discussing improvements to the SpiderOak article.
This is not a forum for general discussion of the article's subject.

Put new text under old text. Click here to start a new topic.
New to Wikipedia? Welcome! Learn to edit; get help.

Article policies

Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL

Archives: 1: 6 months

Computing: Software / Websites Low‑importance

This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles

Low

This article has been rated as Low-importance on the project's importance scale.

This article is supported by WikiProject Software (assessed as Low-importance).

This article is supported by WikiProject Websites (assessed as Low-importance).

This article is supported by WikiProject Computer Security (assessed as Low-importance).

Things you can help WikiProject Computer Security with:

Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...

Answer question about Same-origin_policy
Review importance and quality of existing articles
Identify categories related to Computer Security
Tag related articles
Identify articles for creation (see also: Article requests)
Identify articles for improvement
Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
Find editors who have shown interest in this subject and ask them to take a look here.

AVG LiveKive[edit]

AVG has selling re-branded SpiderOak with altered plans. Maybe it worths noting. —Preceding unsigned comment added by 79.111.223.5 (talk) 18:36, 18 May 2011 (UTC)[reply]

Zero-knowledge[edit]

"zero-knowledge" is advertised, but it cannot be real, since i can access my data trough a web-api. This means they can decrypt my data!!!! and so they know them :( :( :( look at this: https://spideroak.com/faq/questions/37/how_do_i_use_the_spideroak_web_api/ — Preceding unsigned comment added by 92.203.66.219 (talk) 18:03, 29 June 2011 (UTC)[reply]

"IMPORTANT NOTE: Accessing your data remotely through the web is the only instance when your data does become readable; however, these machines are only accessible by a select number of SpiderOak employees. For continued zero-knowledge privacy we only recommend accessing your data through the SpiderOak client, as it downloads the data before decrypting it." --Pmsyyz (talk) 03:15, 30 June 2011 (UTC)[reply]

Yes but this means, that they can read my data if they want to read it. Doesn't it? — Preceding unsigned comment added by 92.203.120.168 (talk) 12:24, 1 July 2011 (UTC)[reply]

This means that the only way SpiderOak can decode the data is if you provide your key, i.e. the password, to them. When you perform a web login, you are doing this. The password is used to dynamically create a key with PBKDF2 which then secures your session keys. The data really is encrypted before it is received by SpiderOak servers. So the data isn't readable until you provide them with that primary key, which is why security conscious users often do not wish to use the web interface. This also underscores the importance of a strong password! https://spideroak.com/engineering_matters#instant_access is the full context of the quote above. Rixoff (talk) 17:38, 6 July 2011 (UTC)[reply]

As long as the client is not open source you can claim anything... Release the client as open source so that people can check whether their data is encrypted before sending or not (and still your service will be unique because nobody can rebuild your server)... --92.203.47.202 (talk) 10:27, 4 August 2011 (UTC)[reply]

You could still dump its tcp/ip traffic and check, wether it's plain data. --84.147.221.24 (talk) 13:01, 6 September 2011 (UTC)[reply]

But they could use an encryption but also send the key for the encryption (or just use a pseudo encryption so that your cannot see that your data is in fact (with a little bit of wor) plain data) --92.203.105.75 (talk) 14:56, 15 September 2011 (UTC)[reply]

Indeed very interesting :/--92.203.39.199 (talk) 22:15, 18 November 2011 (UTC)[reply]

This brings up an obvious issue. You can already do this with any cloud server by encrypting files or (using something like DFS) clusters. That would even still work with dedupe and you can compress at the same time as encrypting. There's the possibility that they'll offer a localhost proxy like TOR/I2P that transparently decrypts it locally? Seems this is the most practical way to make it work 100% 0-knowledge. 75.70.89.124 (talk) 07:10, 9 July 2013 (UTC)[reply]

Removed some advertising[edit]

I hopefully improved the neutrality by removing some specific promotional statements. More content needs to be added, however. Rfellows (talk) 17:15, 29 July 2011 (UTC)[reply]

This reads like an advertisement[edit]

This seems like it was written by SpiderOak promoting their own site. — Preceding unsigned comment added by 2600:6C48:7003:200:7D4A:149E:669E:347B (talk) 14:13, 2 August 2017 (UTC)[reply]