SpiderOak is serious about privacy
19 February 2015SpiderOak is a service a bit like Dropbox, which makes it easy to backup, sync and share files. But they take data privacy so seriously, they put this prominently on their page about mobile access:
Here’s the deal: when accessing your data via the SpiderOak website or on a mobile device, you must enter your password. The password will then exist in the SpiderOak server memory for the duration of your browsing session. For this amount of time, your password is stored in encrypted memory and never written to an unencrypted disk. The moment your browsing session ends, your password is destroyed and no further trace is left.
The instance above represents the only situation where your data could potentially be readable to someone with access to the SpiderOak servers. That said, no one except a select number of SpiderOak employees will ever have access to the SpiderOak servers. To fully retain our ‘zero-knowledge’ privacy, we recommend you always access your data via the SpiderOak desktop application, which downloads your data before decrypting it locally.
I think they’ve done just about as well as you could possibly expect to explain this issue clearly, while also providing the features that everyone wants.