Tips To Learn How To Go Paperless | DocumentSnap Paperless Blog

Three weeks ago, I wrote a tip in the DocumentSnap newsletter recommending that if you are going to be using cloud backup or syncing services, it is worth being aware of any security implications this might have and what your options are with respect to encryption.

It turns out that my timing was impeccable, because over the past week there has been a brouhaha about some changes that Dropbox made to their terms of services and the security implications this may have.

The Issue

Business Insider noted that Dropbox recently changed their terms of service to say that if the United States government requests it, they will comply with US law and decrypt a user’s files.

This is fairly standard stuff, and most (but not all, I am coming to that soon) cloud services have a similar provision in their TOS. After all, they do have to comply with their country’s laws.

The reason that many people are upset is because, as Miguel de Icaza noted, the wording in a previous Dropbox Help Center article gave the impression that no one at Dropbox had the ability to decrypt user files. Based on the new TOS changes, that clearly is not the case.

Dropbox’s Response

Dropbox quickly responded to the Business Insider piece and Miguel’s post (see the comment by Arash). They also wrote a blog post explaining the situation. I recommend that you give their post a read if you are a Dropbox user.

My Thoughts

Reactions to this seem to be split between the two extremes of “Dropbox lied to us!!! I can’t trust them with my data!!!” and “Duh, of course they can access my files on their own servers. You’re crazy if you think they couldn’t”.

Myself, I have previously worked in a SaaS environment with sensitive financial data, and I tend to lean towards the latter of the two views. It is fairly common from my experience that at least some operational employees have the ability to access data on the servers, which is where technical and policy limitations (with audits) come into play.

That doesn’t excuse their sloppy Help Center article (my guess: the writer of the article thought an engineer meant something that they didn’t), but it seems pretty unlikely to me that it was a deliberate intent to mislead by Dropbox. They’d have too much to lose.

Having said that, when you are going paperless, you by definition will have some sensitive documentation (think bank statements). If you have something that you absolutely positively do not want anyone to ever be able to see, you probably should not be putting it on the Internet.

Things You Can Do

Back in 2009 I wrote a post about SpiderOak’s zero knowledge approach to privacy. As that post and my newsletter article from a few weeks ago outlines, one option if you are concerned about security is to use a provider that encrypts your files before they are sent to to the server. SpiderOak and Wuala are two services that do this.

If your documents are encrypted before uploading, that means no one on the provider’s end can access them. This also means that if the government comes knocking, they can honestly say that they can’t access the files.

If you want to keep using Dropbox but want to make your documents more secure, Dropbox themselves have recommend using something like TrueCrypt to encrypt your documents. There are step-by-step instructions (with videos) for how to do this in the Paperless Document Organization Guide, but otherwise what you do is create the Truecrypt volume in your Dropbox folder, put your documents in that, and then Dropbox will sync it.

Your Thoughts?

What do you think about all this? Has this changed your opinion of using Dropbox? What do you do to keep your documents secure in the cloud?I’ve love to hear in the comments.

(Photo by CarbonNYC)

You may or may not know it, but today has been declared World Backup Day 2011.

Declared by who, you ask? A small group from the website Reddit, which is good enough for me.

On the World Backup Day site, they go through why you should backup and how to do it. It’s all really good advice, and if you have someone who you know should be backing up but isn’t, today is a good day to send the link to this site to them.

Not surprisingly, a number of online backup companies have taken up the cause and are offering contests today. At the time of writing, SpiderOak, BackBlaze, MiMedia, and CrashPlan are all offering special prizes.

You can also follow #WorldBackupDay on Twitter to see other tips and specials.

So, happy World Backup Day. When’s the last time you backed up your documents?

Being on the geekier side of the spectrum (as my wife is happy to remind me as I am hooking a Mac Mini up to our TV), I really like hearing about the inner workings of the software that we use. Too often things are dumbed down so much that they aren’t actually saying anything.

SpiderOak, an online backup and sync provider that I mentioned before, has no such problem on their blog.

Take for example their most recent post: Why and How SpiderOak architecture is different than other online storage services: The surprising consequences on database design from our Zero-Knowledge Approach to privacy.  

It goes to great length talking about why they designed the system like they did, and what some of the advantages and disadvantages are. How often do you hear about software companies bringing up their disadvantages?

That said, a surprising benefit is the implications for total service cost. You may have noticed that SpiderOak offers some of the best pricing per gigabyte for online storage available anywhere. There are other factors contributing to this, but it definitely helps that SpiderOak clients handle most of the database work. The server’s role is mostly relegated to data storage and retrieval. This lets us focus on building servers with very dense storage without the need for high speed databases and lots of system memory to run them in. (Although some of those needs reappear for servicing functions like Web-Access and SpiderOak Shares.)

For us, regardless of the advantages and drawbacks of the decisions we made, the choice has always been clear. We set out to build a backup system we ourselves felt comfortable using which is why zero-knowledge privacy was always the right path for us.

The post is a good read and gives the impression (hopefully true) that SpiderOak knows what they are doing.

Anyone else have any geeky software company blog posts they want to share? Let us know in the comments.

One company that I have been meaning to write about for quite some time is SpiderOak, which is an online backup and sync provider I have been hearing a lot of good things about.

Cross Platform

While other online backup providers have been Windows-only until just recently, SpiderOak has been cross platform right from the start. They have clients for Windows, Mac OSX, and Linux (Debian, Ubuntu, Fedora, Slackware).

In addition, they provide remote access over the web so you can get at your files from any web device.

What is ‘Zero Knowledge?’

It goes without saying (or does it) that an online backup company needs to have security in mind.

SpiderOak takes this to the next level by having a zero-knowledge policy. What does this mean? Aside from strong encryption, which they have, the company never stores or sees your password or encryption keys.

One of their FAQs is “could you read a user’s data if forced at gunpoint?” and the answer (they say) is no.

This is a big benefit if you are concerned about privacy of online backups, but of course it does have one downside. If you forget your password, you are completely and totally on your own. The company can’t help you, because they don’t know your password in the first place. (You can set a password hint, so I strongly recommend setting a good one!).

Not just backup

SpiderOak doesn’t limit itself to just online backup. They are in the sync-ing game too. If you are familiar with Dropbox, it is the same sort of deal. You can sync files across multiple machines automatically, and do it cross-platform between Mac, Windows, and Linux as well.

Pricing

The pricing is tiered. The first 2 Gigs are free, which is great if you don’t have too much to store. After that, pricing is in 100 Gig increments. It’s $10/month for the first 100 GB, and then $10/month additional for each 100 GB on top of that.

They have yearly discounts so if you buy a full year, it is $100.

Sync-ing wise, SpiderOak is cheaper than DropBox which is also free up to 2GB, but then $9.99/month for 50 GB and $19.99/month for 100 GB.

Geeks Make The World Go Around

One thing I like about SpiderOak is that you get the sense that it is run by people who really care about making good software and giving back to the software community. It sounds cheesy, but I love the fact that they have an “Engineering Matters” section of their website that describes what is going on in techie terms, and that they give back tools and code to the open source community.

If you are looking for online backup or syncing software, you definitely want to make sure SpiderOak is one of the ones you look at.

Recently I came across this tweet from Ross L. Kodner and he brought up a good point – one of the benefits of an online backup is having your data safe and sound.

If you live in a city that is prone to earthquakes, hurricanes, etc., it kind of defeats the purpose to have your online backup residing in the same city as you.

To that end, I have put this list together of where common online backup vendors have their data centers. Not surprisingly, none of them were willing to give this information on request so this is mainly pieced together from some Google-fu. Therefore, I can’t 100% say for sure that it is accurate, but you get the general idea.

Here is the list:

Mozy

• Salt Lake City
• Dublin
• (likely other EMC data centers)

Carbonite

• Boston
• Beijing

Jungle Disk (S3)/Dropbox
Jungle Disk and Dropbox both use Amazon’s S3 service. While Amazon generally does not disclose where their data centers are, the following are the edge locations for CloudFront, their CDN, so it stands to reason that S3 data is stored there too.
United States

• Ashburn, VA
• Dallas/Fort Worth, TX
• Los Angeles, CA
• Miami, FL
• Newark, NJ
• Palo Alto, CA
• Seattle, WA
• St. Louis, MO

Europe

• Amsterdam
• Frankfurt
• Dublin
• London

Asia

• Hong Kong
• Tokyo

Jungle Disk (Rackspace)
Since Jungle Disk was acquired by Rackspace, they have started offering storage in Rackspace’s data center too.

• Grapevine, TX
• London
• Hong Kong

SpiderOak

• Chicago

Like I said, this list is likely incomplete. If you have any additions or modifications, leave a comment below.

Where is your data?