Note that I no longer use SpiderOak Hive. You can read more about this in the comments of the post.
A couple of months ago, I came across an interesting article by Doug Belshaw that covered his thoughts and experiences with Dropbox, SpiderOak Hive, and why he made the jump from one to the other. In short (and straight from his blog):
I’m moving from Dropbox to SpiderOak for file sync/backup. SpiderOak not only encrypts files in transit, but on their servers. The encryption key stays on the user’s machine so SpiderOak employees (or anyone else) can’t get access to your files.
Shortly after reading the article, giving it some thought of my own, and taking an in-depth look at SpiderOak, I ended sharing the following:
so i made the switch and am giving spideroak hive a try. keeping dropbox free, but everything else is going into spideroak.
— Tom McFarlin (@tommcfarlin) August 29, 2013
My current setup – as mentioned – is the free Dropbox plan (with which I have 6.2GB of space), and a SpiderOak Hive subscription for 100GB. It’s been just shy of two months, so I thought it was time to follow-up with my experience thus far.
Wait, What is SpiderOak Hive?
SpiderOak – in the same vein as Dropbox – is a way for you to store files and sync them across multiple devices (including iOS and Android).
But here’s the thing: Whereas information kept on Dropbox’s infrastructure is kept unencrypted such that anyone – including Dropbox employees – could potentially read the information, SpiderOak’s encryption works so that only you can access the data.
Straight from the SpiderOak site:
Our ‘zero-knowledge’ privacy environment ensures we can never see your data. Not our staff. Not a government. No one. The myth about ‘online’ and ‘privacy’ has been dispelled – leaving an environment whereby it is impossible for us to betray the trust of our users.
Simply put, your password is the key to decrypting the data. If you forget your password, then you’ve essentially lost the key to the kingdom – you can’t do a password reset.
What’s The Application Like?
Inevitably, SpiderOak is going to be compared to Dropbox, so I’ll be making some of those some comparisons here; however, I’ll also do what I can to have a neutral stance on features that are unique to SpiderOak.
So the first thing is the application itself. Like Dropbox, it leaves a a small icon on your Finder toolbar (or in your system tray if you’re on Windows). It animates when it’s backing up, and stays stagnant the rest of the time.
The core application has a much more involved interface than Dropbox. Where Dropbox’s configuration interface is basically a small window with a few tabs and options, SpiderOak’s application looks like this:
The SpiderOak Application. Yikes!
Immediately, you notice that the interface looks specialized. I can only assume that this is because the application is cross-platform and so whatever language the front-end was written – perhaps Java? – it looks the same across all platforms.
Because it’s clearly more complicated, it takes a little while to adjust, but once you understand what you’re looking at, it’s really not that hard to follow nor do you have to jump into the configuration that often once you’ve set it up.
Despite the complexity of the user interface, I do like the fact that it gives such detailed information especially during the course of a backup. You know how many files are left to encrypt and sync, the status of each, and you know how many have been uploaded.
What About The Sync’d Directory?
Just like Dropbox, the SpiderOak Hive directory looks and functions just like Dropbox:
The SpiderOak Hive Folder
As you can see, SpiderOak adds itself to the Finder window (I’ve placed it just below Dropbox, obviously) and you can see a couple of the directories that I have backing up to SpiderOak.
Just as with Dropbox, as soon as you drop files into the directory, they’ll immediately begin the syncing process.
How Long Does It Take To Sync?
Honestly, it takes longer to sync than it does with Dropbox, but for a simple reason: There’s a process of encryption that happens during the course of the syncing that Dropbox (and other similar software) does not do.
This results in longer upload and download times, but it comes at the sake of security.
What About The Mobile App?
I have the SpiderOak mobile app and its decent, but I think this is where there’s most room for improvement is it relates to some of its competitors.
For example:
- I’d love to be able to have a “camera upload” feature that will allow for syncing photos from my phone to SpiderOak ala Dropbox.
- Right now, there’s no Apple TV integration so if you have videos in your SpiderOak Hive that you want to display on your television, you’re out of luck.
- If you wish to quickly view something on your phone, similar to how you can with Dropbox, a download process has to occur (which make sense because of the encryption), but it takes a little while to pull it up.
Truth be told, I don’t use the mobile app that much. Then again, I don’t use Dropbox’s mobile app that much, either. For the most part, I use it as a way to quickly back up photos that I’ve taken, and I use it to stream some videos via Apple TV.
Other than that, that’s it.
Can Your Share Files?
Yes you can. SpiderOak offers what’s called a ShareRoom with which you can grant access to however many other people you’d like to retrieve files. This is analogous to Dropbox’s shared folders.
I’ve actually never had to use this feature before, so I’ve little to say about it; however, it’s nice to know it’s there should I need to shoot a file over to a family member (which I occasionally need to do).
Are You Sticking with SpiderOak?
Yes, I am, but only because the free Dropbox plan is part of my workflow and SpiderOak is used for most everything else.
The way that I organize my files are as follows:
- Photos and Videos taken with the phone are synced to Dropbox using the Camera Upload feature
- Personal documents are kept in SpiderOak Hive
- Projects are kept in Dropbox because of the rapid sync feature. I also use version control so I have doubly-backed up copies.
- Non-critical documents or things that I may need while quickly on the go are kept in Dropbox
In short, Dropbox is a “working directory” of sorts for me. It’s a temporary place where I keep things that I’m working on right now (or for the month) that will eventually move on to a different location for back up.
Ultimately, I’ve been impressed with SpiderOak. The price is great, the speed is fair, the mobile app could be improved, but isn’t terrible, and I rest easier knowing that the information is encrypted (because, yes, I’m one of those people).
Sure, they have room for improvement, but it’s only going to refine a quality service, in my opinion.
Nice write up. I’ve been looking into SpiderOak the past couple of weeks and one thing I found while browsing the Prism Break website was this:
I agree that the encryption is 100% needed and is what had me initially look at SpiderOak in the first place (I, too, am one of those people ha) but I have to agree with the above quote as well. You can’t trust something 100% but I guess if the documents/files uploaded aren’t super sensitive, it really doesn’t matter too much.
This is a great comment, Mike.
I should be clear: I don’t trust any online service 100%. For me, it’s a matter of having more trust than an alternative.
At the end of the day, all it takes is a person to decide to back out of encryption, or decide to compromise with PRISM or some other organization, and then it’s a wash.
Same here. I don’t trust anybody with my data except myself but SpiderOak definitely looks like a better alternative than Dropbox at the very least.
There’s also OwnCloud which I believe has encryption options built in and is self hosted and I believe open source (haven’t looked too far into it yet).
One other option would be to encrypt your files with something like TrueCrypt and upload the encrypted files, so even if SpiderOak (or an alternative) has keys to their server that they don’t tell you about, and give them up, you’re still adding that extra piece of protection with having your files encrypted before upload/sync.
It might be a bit more of a hassle, but for super sensitive documents, it’s worth it.
i am using owncloud now it work great
I’ve heard good things about OwnCloud and have a couple of friends who use it, as well.
I wanted to get away from dropbox. I tried SpiderOak and Wuala.In the end I picked Wuala. I don’t remember why. I think I liked the interface more. And the mobile app will allow you to secure it with a pin-code as a nice middle ground for safety.
Wuala can share folders but not files, which is something I use Dropbox for a lot. I was all ready to sign up before I found this out and am still pondering my jump from Dropbox (Tresorit or SpiderOak).
If you’re concerned about security and feel uncomfortable about storing your personal file on a hosted service in unencrypted form, you should also take a look at TeamDrive – http://teamdrive.com/ It provides automatic synchronization with transparent, full end-to-end encryption of your files, including versioning. It supports the most popular platforms, including Linux. You can choose between different hosted plans or host the files on your own WebDAV server.
Tom, I use SpiderOak and DropBpx more or less the same way you do, but here’s my problem: I have multiple distros of Linux on my home and work desktop, so to back up all my important files I need a Hive on every distro’s desktop. SpiderOak is running fine on Linux Mint Debian but it doesn’t seem to like Fedora-based Bodhi. First message I got was that the version I downloaded through Bodhi’s AppCenter was not current, so I downloaded the RPM file directly from SpiderOak. Now the app is rejecting the username/password combo that works on SpiderOak’s Web site and in Mint. I guess my arrangement is a little too bleeding edge.
Hey Wayne,
Unfortunately, I’m not going to be much help – I’ve stopped using SpiderOak in favor of Dropbox and Google Drive primarily because of the pricing options and the amount of storage that’s available.
Based on what you’ve laid out, you do like living on the edge :).
Tom, if I can get help from SpiderOak on getting Hives on both distros, I’ll continue to use it for tax returns and other high security docs. But there aren’t that may docs I’d be afraid to put on Drive or in DropBox. A less expensive alternative would be to put those files on a password-protected flash drives, one kept at home and the other at the office.
Totally understand that with the sensitive documents.
In fact, that’s what attracted me to SpiderOak in the first place; however, I’ve since moved those documents into another form of storage (well, in duplicate places, actually) that helps keep my paranoid self a little more comfortable at night ;).
Tom,
you do not have a “paranoid self” if you use not only Dropbox but also GoogleDrive… ;)
Funny guy ;)
I tried SpiderOak but quickly came across a problem because the connection to the SpiderOak servers kept failing. SpiderOak support got back to me on the ticket quickly and helpfully – but the problem is insurmountable. They limit each device connecting to their servers to 150 reconnects which, if you’re uploading a goodly amount of data and you’re on a rural connection (thanks, BT – I have friends doing research in tents in various outlying parts of the world with better connections than I’ve got in rural England…), is hopeless. It’s a real pity because I like the interface and the service, I think the price is reasonable, and the customer service is obviously first rate. They just need bigger servers!
I’d like to ask how you deal with the problem that Dropbox syncs also your version control metadata (.git/)? AFAIK, SpiderOak is the only solution that allows excluding paths by pattern.
Thanks I found your article very helpful and am considering moving to SO (or maybe Tresorit). I have a couple of points:
Re. “there’s no Apple TV integration so if you have videos in your SpiderOak Hive that you want to display on your television, you’re out of luck.”
I just found it to work :) I put a test photo folder into the SO Hive folder before setting Home Sharing in iTunes to that photo folder. The photos are visible on my ATV.
And re. “it takes longer to sync than it does with Dropbox, but for a simple reason: There’s a process of encryption that happens during the course of the syncing that Dropbox (and other similar software) does not do.”
If SO is slower it can’t be just because SO does encryption and DB does not. At least, my understanding is that both SO and DB send our stuff to their servers in encrypted form. The only difference is that DB decrypt our stuff at their server and SO does not. Therefore, there are more steps in the DB system than the SO system – SO should be faster, not slower, than DB.
If there is a speed difference, isn’t this more likely to be due to something else (SO uses slower encryption algorithms or is just a smaller, less well resourced operation than DB)?
In general I’m very happy with SpiderOak, but for one large problem: I’ve had a few issues which required contacting their support, and support is painfully slow to respond. But that’s not the problem: the real problem is that I can find no SpiderOak community for asking questions and other discussion.
I’m rather surprised by this. I can’t think of any other service or product that doesn’t have a community of users. How could this be, and why?
Please tell me I’m wrong, and have somehow not found an existing community.
Unfortunately Michael, that community is -1 with me now. I’ve moved on to other services since and no longer use it =T.
I’m afraid I gave up on SO too. An initial sync, ~30gb got stuck and everything else I tried to remedy just got stuck in the cue. I never really got to use it.
Support was quick and friendly but there wasn’t anything they could do to unbung me. In the end I cancelled the account and my monthly payment. I really wanted to get on with it. I spent hour trying to sort it out.
Have you looked at Tresorit? I’m using it on free ATM and it’s quite fast and a lot more intuitive than SO. The sharing options are more flexible. The only thing I’ve not liked is that it won’t sync files with certain characters in their names (e.g., “|”). Obviously it’s quite easy to find and change “|” to “_”, but it’s a little off putting.
ATM I’m using ChronoSync on a 64 gb flash drive, which I’m quite happy with – at least as far as syncing goes. File sharing is not possible, of course!
Michael, there is a SpiderOak community: They have their own User Forums, the URL is https://spideroak.com/forum/
(The SO forums can also be accessed from the tray icon via the Help tab if the application is open.)
Thanks Stevo,
I recently found this out. The trouble now is that in order to use the forum, you have to log in, and doing so on a web page breaks the Zero Knowledge condition.
Now I’ve been told that it’s possible to log in via the application, but I haven’t figured out how to do this. When I click on the Help button it takes me to the web page and asks me to log in there.
If there is a way to log in to the forum from the application, I would love to hear about it!
Michael
For syncing in local netwrok I am using bittorentsync or now I am trying http://syncthing.net/ which is opensource.
If I am out from my local netwowk I am using openVPN to get into local network, so syncing is working again.
In case that I want to send some big files to someone then I need to used “cloud”. I was using dropbox but switch to spideroak for last 3 months. Now I find out that MEGA could be better because offering more space.
@Tom I’m curious how you are getting around the privacy issue? I use Dropbox primarily, however, as much as I love Google’s low pricing I just can’t get around the fact of their piracy issue (or lack of trust). Is this something that you have looked into and/or you are aware but are perfectly fine with it?
Also, when you mentioned sensitive data, where are you storing them these days? Or how? Thanks.
Completely valid point and a good question (it’s one that I get more often than here in a few blog comments). The short answer is that I don’t sweat the privacy thing that much not because I don’t think it’s important – because it is – but I use alternative services for storing more secure information.
I view Google Drive as a virtual, external hard drive. I don’t store anything on it that I wouldn’t store on an external drive that could be lifted in, say, a coffee shop. It’s got a lot of music, a lot of pictures, a lot of videos, and so on.
Other documents are stored in different services, and I even have other backups of the aforementioned files because I’m paranoid like that.
This is spread across a couple of services. Some as simple as Evernote, others as more basic as a couple of different hard drives kept in a fire proof safe that I only keep at home.
I’m more paranoid of data loss than I am of actual an invasion of privacy. Again, this isn’t to say that privacy doesn’t matter – because it does – and I firmly believe that our information should be respected, but I also know that when I agree to sign up for a service, I’m agreeing to their terms.
This is one of those things that could turn into a long blog post so I’ll stop here :).
without photo upload, the mobile app is next to useless.
Tom,
Nice writeup, thanks! I have been a SpiderOak customer for many years now. I have my entire digital life on SO (700GB) and was paying $500 per year for the service because I believed in them and love the zero knowledge feature. That outweighed the less than great usability and the very slow support response times.
When they offered their unlimited account size promotion earlier this year I had mixed feelings. On the one hand I was glad that I could upgrade and at the same time cut my yearly cost buy hundreds of dollars. But on the other hand I was very worried that this might be a last ditch effort to raise capital for a company that seems to have a very small market share in the cloud backup market (they are usually not even mentioned in reviews and in polls I have seen they never get above 10% of total respondents) before possibly going out of business. At the very least their support that was already bad with response times measured in days and weeks would be crushed under the increased demands that such a promotion would surely bring.
Well, it did from what I can tell. I have had an open support case with them for 3 months now. Tomorrow I enter into month #4 of being unresolved.
The issue is that I cannot install SO on a new system. The syndication process never completes even after days or running.
I no longer am recommending SO to anyone. I got friends and family signed up in rather large numbers because I thought the service was the best around (Tried Mozy and Cabonite before).
Sad to see this happening, but my patience has run out with them and I am looking around for alternatives now.
Zero knowledge is a great feature, but I would rather have a hacker get into my photo collection than loose it because I cannot use my backup system.
:(
Wow. This absolutely sucks and I hate hearing this.
Luckily, I didn’t recommend it to anyone, but I have moved on to other systems (kind of a three step process that I should probably blog about at some point), but – like you said – zero knowledge is great feature but it can’t offset some of these other experiences.
Sad state of affairs, but I don’t blame you.
I see from your comments that you have moved away from spider oak. Perhaps a brief update at the bottom of the post to clarify that? Had I not also delved into the comments I would not of realized it and thought you were still an active user.
Great idea. I’ll do that – thanks Doug :).
Great post. Which of these are best when looking for something that will allow similar to Dropbox camera uploads but secure? I used to give my mom-in-law, who lives 1000 miles from her only grandson, access my Dropbox. I loaded it on her desktop and Android, and so she always felt part of our lives, and could literally see new photos as I take them. My husband stopped this – not only because he does not like the idea of our family life being out there for the world to potentially access but also to avoid the potential of pics of our son, e.g. in the bath, ending up on some child porno’s computer.
At the moment I wait for a good amount of pics before sending her a flashdrive but there must be viable cloud based, secure alternative.
If not, which option is best when do the more laborious option to first download pics from phone to desktop, then copy to a shared folder?
Can you help with any recommendations?
Much appreciated.
This is a good question and I totally understand the concerns of security that you have.
For some, using a service like Flickr and sharing a login is something that works well. If the grandparent is technically savvy enough, then I’d also recommend checking out services like This Life, 23snaps, Togethera, Path, Vero, and others.
Honestly, the latter three are closed-social networks but the first two are designed specifically for the use case that you’re describing.
Hope this helps!
Good luck having your files on a company like Dropbox which have Condolezza Rice on their board of directors.
Comments like this are far too assuming of those who opt to use such software. Your comment is worth deleting because it’s snarky and it’s trolling, but I’m willing to bite because there’s a point of education that can be made to those who are following and who are using services like this.
First, if you’re going to make a political tie between software and the board of directors, at the absolute very least make sure you spell the name correctly so people who aren’t as familiar can properly google them. (Condoleezza Rice.)
Next, you might as well link them to sites like Drop Dropbox that explain why so many people are upset about her being on the board of directors. Bring in topics such as the Patriot Act and Net Neutrality and how all of this ties together as it relates to saving information.
This way, people have a complete picture as to why these types of issues are so sensitive when it comes to digital information.
If nothing else, feel free to also offer a suggestion about how people can “vote with their dollars” and choose to “Drop Dropbox” and use another service. Just like SpiderOak or any of the open source alternatives that are currently available (such as ownCloud which is a really fantastic project).
Also, is it too much to ask to grant the people who are opting to use an application like this the benefit of the doubt that they are aware of who is running the company, who is behind it, the reputation of the company, and that they’ve read the privacy policies and terms of conditions what they’re using? Or is it easier to assume the opposite and to drop a single sentence about a political figure and corporation with which you disagree without giving asking for any insight as to why a consumer would opt to use such a service?
Next, don’t assume that a person is keeping sensitive files of any sort in a public repository like this. As convenient as it is to have files shared across multiple devices with an app that has a great web implementation and mobile apps that are more user-friendly than much of their competition, this doesn’t mean that we’re throwing the most significant files into something like this.
There’s a huge gap between saving a draft of a blog post I’m working on or notes on something I heard at a recent talk and a snapshot of my social security card or my local bank statements.
Finally, there are multiple services for backup, for file sharing, and for syncing. Simply because something isn’t mentioned in a post like this does not mean these services aren’t being used. It means that I’ve opted not to cover them. What do I have to gain by sharing exactly where or how I’m saving incredibly sensitive records for myself and my family?
Anyway, while you’re going around the web leaving comments about politicians having a stake in data-related software, give the benefit of the doubt to the people of whom you’re reading. Perhaps they’re more well-educated than you assume and aren’t storing whatever you think they’re storing in a service that should never be used to store secure files, anyway.