Ubuntu One needs cloud encryption like LastPass does it
Paul Graydon
paul at paulgraydon.co.uk
Fri Apr 6 00:51:29 UTC 2012
On 04/05/2012 01:33 PM, Jordon Bedwell wrote:
> On Thu, Apr 5, 2012 at 5:42 PM, Sam Smith<smickson at hotmail.com> wrote:
>> The point is that SpiderOak (and Lastpass) never know the user's password.
>> And never receive the encryption key. The key never leaves the user's
>> computer. The server never gets it. The only thing that ever lands on the
>> server is an encrypted blob.
> From their website "Retrieve files from any internet-connected
> device", "Access all your data in one de-duplicated location"... I
> know to the easy consumer that doesn't spell lies but to me it reads
> "We do know your encryption key, if we want to and little do you know,
> we do have the ability to get the key that encrypts the encryption key
> too." Companies lie all the time, or they tell pieces of a story and
> never tell the entire story. Though I don't know if it's more of a
> lie then an assumption on their end and maybe even they themselves not
> even understanding what could possibly go wrong, or they just don't
> care because the user doesn't pay too much attention after "WE NEVER
> KNOW."
>
> The key to knowing the full story is read "Retrieve files from any
> internet-connected device." To add to it, let me point out this:
> "Easily access all of your data from any device within your SpiderOak
> network or on the web" which contradicts this: "SpiderOak never stores
> or knows a user's password or the plaintext encryption keys which
> means not even SpiderOak employees can access the data" and it's no so
> much a direct contradiction as much as an arrogant assumption that we
> (or I guess only I in this conversation) don't realise that their
> employees do have a way to access it, they just need to do a couple
> minutes worth of work, that is what makes it contradict.
>
It might not harm to actually look around for technical details before
deciding what a service is or isn't providing, rather than trying to
interpret from the marketing speak.
You can get a much better picture from here:
https://spideroak.com/engineering_matters
<https://spideroak.com/engineering_matters#user_auth>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20120405/47a57e83/attachment.html>
More information about the Ubuntu-devel-discuss
mailing list