My First Two Months with SpiderOak Hive

A couple of months ago, I came across an interesting article by Doug Belshaw that covered his thoughts and experiences with Dropbox, SpiderOak Hive, and why he made the jump from one to the other. In short (and straight from his blog):

I’m moving from Dropbox to SpiderOak for file sync/backup. SpiderOak not only encrypts files in transit, but on their servers. The encryption key stays on the user’s machine so SpiderOak employees (or anyone else) can’t get access to your files.

Shortly after reading the article, giving it some thought of my own, and taking an in-depth look at SpiderOak, I ended sharing the following:

My current setup – as mentioned – is the free Dropbox plan (with which I have 6.2GB of space), and a SpiderOak Hive subscription for 100GB. It’s been just shy of two months, so I thought it was time to follow-up with my experience thus far.

Wait, What is SpiderOak Hive?

SpiderOak Hive

SpiderOak – in the same vein as Dropbox – is a way for you to store files and sync them across multiple devices (including iOS and Android).

But here’s the thing: Whereas information kept on Dropbox’s infrastructure is kept unencrypted such that anyone – including Dropbox employees – could potentially read the information, SpiderOak’s encryption works so that only you can access the data.

Straight from the SpiderOak site:

Our ‘zero-knowledge’ privacy environment ensures we can never see your data. Not our staff. Not a government. No one. The myth about ‘online’ and ‘privacy’ has been dispelled – leaving an environment whereby it is impossible for us to betray the trust of our users.

Simply put, your password is the key to decrypting the data. If you forget your password, then you’ve essentially lost the key to the kingdom – you can’t do a password reset.

What’s The Application Like?

Inevitably, SpiderOak is going to be compared to Dropbox, so I’ll be making some of those some comparisons here; however, I’ll also do what I can to have a neutral stance on features that are unique to SpiderOak.

So the first thing is the application itself. Like Dropbox, it leaves a a small icon on your Finder toolbar (or in your system tray if you’re on Windows). It animates when it’s backing up, and stays stagnant the rest of the time.

The core application has a much more involved interface than Dropbox. Where Dropbox’s configuration interface is basically a small window with a few tabs and options, SpiderOak’s application looks like this:

The SpiderOak Application

The SpiderOak Application. Yikes!

Immediately, you notice that the interface looks specialized. I can only assume that this is because the application is cross-platform and so whatever language the front-end was written – perhaps Java? – it looks the same across all platforms.

Because it’s clearly more complicated, it takes a little while to adjust, but once you understand what you’re looking at, it’s really not that hard to follow nor do you have to jump into the configuration that often once you’ve set it up.

Despite the complexity of the user interface, I do like the fact that it gives such detailed information especially during the course of a backup. You know how many files are left to encrypt and sync, the status of each, and you know how many have been uploaded.

What About The Sync’d Directory?

Just like Dropbox, the SpiderOak Hive directory looks and functions just like Dropbox:

The SpiderOak Hive Folder

The SpiderOak Hive Folder

As you can see, SpiderOak adds itself to the Finder window (I’ve placed it just below Dropbox, obviously) and you can see a couple of the directories that I have backing up to SpiderOak.

Just as with Dropbox, as soon as you drop files into the directory, they’ll immediately begin the syncing process.

How Long Does It Take To Sync?

Honestly, it takes longer to sync than it does with Dropbox, but for a simple reason: There’s a process of encryption that happens during the course of the syncing that Dropbox (and other similar software) does not do.

This results in longer upload and download times, but it comes at the sake of security.

What About The Mobile App?

I have the SpiderOak mobile app and its decent, but I think this is where there’s most room for improvement is it relates to some of its competitors.

For example:

  • I’d love to be able to have a “camera upload” feature that will allow for syncing photos from my phone to SpiderOak ala Dropbox.
  • Right now, there’s no Apple TV integration so if you have videos in your SpiderOak Hive that you want to display on your television, you’re out of luck.
  • If you wish to quickly view something on your phone, similar to how you can with Dropbox, a download process has to occur (which make sense because of the encryption), but it takes a little while to pull it up.

Truth be told, I don’t use the mobile app that much. Then again, I don’t use Dropbox’s mobile app that much, either. For the most part, I use it as a way to quickly back up photos that I’ve taken, and I use it to stream some videos via Apple TV.

Other than that, that’s it.

Can Your Share Files?

Yes you can. SpiderOak offers what’s called a ShareRoom with which you can grant access to however many other people you’d like to retrieve files. This is analogous to Dropbox’s shared folders.

I’ve actually never had to use this feature before, so I’ve little to say about it; however, it’s nice to know it’s there should I need to shoot a file over to a family member (which I occasionally need to do).

Are You Sticking with SpiderOak?

Yes, I am, but only because the free Dropbox plan is part of my workflow and SpiderOak is used for most everything else.

The way that I organize my files are as follows:

  • Photos and Videos taken with the phone are synced to Dropbox using the Camera Upload feature
  • Personal documents are kept in SpiderOak Hive
  • Projects are kept in Dropbox because of the rapid sync feature. I also use version control so I have doubly-backed up copies.
  • Non-critical documents or things that I may need while quickly on the go are kept in Dropbox

In short, Dropbox is a “working directory” of sorts for me. It’s a temporary place where I keep things that I’m working on right now (or for the month) that will eventually move on to a different location for back up.

Ultimately, I’ve been impressed with SpiderOak. The price is great, the speed is fair, the mobile app could be improved, but isn’t terrible, and I rest easier knowing that the information is encrypted (because, yes, I’m one of those people).

Sure, they have room for improvement, but it’s only going to refine a quality service, in my opinion.

26 Comments

Nice write up. I’ve been looking into SpiderOak the past couple of weeks and one thing I found while browsing the Prism Break website was this:

BitTorrent Sync, MEGA, and SpiderOak are services that are built on either partially or fully proprietary software. They will not be recommended on PRISM Break until they open source the entirety of their codebase.

With closed source software, you need to have 100% trust in the vendor because there’s nothing except for their morality in the way of them leaking your personal information. Even if you can vouch for their integrity, proprietary software invariably has more uncaught security bugs and exploits because there are fewer eyes examining the source code.

I agree that the encryption is 100% needed and is what had me initially look at SpiderOak in the first place (I, too, am one of those people ha) but I have to agree with the above quote as well. You can’t trust something 100% but I guess if the documents/files uploaded aren’t super sensitive, it really doesn’t matter too much.

    This is a great comment, Mike.

    I should be clear: I don’t trust any online service 100%. For me, it’s a matter of having more trust than an alternative.

    At the end of the day, all it takes is a person to decide to back out of encryption, or decide to compromise with PRISM or some other organization, and then it’s a wash.

      Same here. I don’t trust anybody with my data except myself but SpiderOak definitely looks like a better alternative than Dropbox at the very least.

      There’s also OwnCloud which I believe has encryption options built in and is self hosted and I believe open source (haven’t looked too far into it yet).

      One other option would be to encrypt your files with something like TrueCrypt and upload the encrypted files, so even if SpiderOak (or an alternative) has keys to their server that they don’t tell you about, and give them up, you’re still adding that extra piece of protection with having your files encrypted before upload/sync.

      It might be a bit more of a hassle, but for super sensitive documents, it’s worth it.

I wanted to get away from dropbox. I tried SpiderOak and Wuala.In the end I picked Wuala. I don’t remember why. I think I liked the interface more. And the mobile app will allow you to secure it with a pin-code as a nice middle ground for safety.

    Wuala can share folders but not files, which is something I use Dropbox for a lot. I was all ready to sign up before I found this out and am still pondering my jump from Dropbox (Tresorit or SpiderOak).

If you’re concerned about security and feel uncomfortable about storing your personal file on a hosted service in unencrypted form, you should also take a look at TeamDrive – http://teamdrive.com/ It provides automatic synchronization with transparent, full end-to-end encryption of your files, including versioning. It supports the most popular platforms, including Linux. You can choose between different hosted plans or host the files on your own WebDAV server.

Tom, I use SpiderOak and DropBpx more or less the same way you do, but here’s my problem: I have multiple distros of Linux on my home and work desktop, so to back up all my important files I need a Hive on every distro’s desktop. SpiderOak is running fine on Linux Mint Debian but it doesn’t seem to like Fedora-based Bodhi. First message I got was that the version I downloaded through Bodhi’s AppCenter was not current, so I downloaded the RPM file directly from SpiderOak. Now the app is rejecting the username/password combo that works on SpiderOak’s Web site and in Mint. I guess my arrangement is a little too bleeding edge.

    Hey Wayne,

    Unfortunately, I’m not going to be much help – I’ve stopped using SpiderOak in favor of Dropbox and Google Drive primarily because of the pricing options and the amount of storage that’s available.

    Based on what you’ve laid out, you do like living on the edge :).

Tom, if I can get help from SpiderOak on getting Hives on both distros, I’ll continue to use it for tax returns and other high security docs. But there aren’t that may docs I’d be afraid to put on Drive or in DropBox. A less expensive alternative would be to put those files on a password-protected flash drives, one kept at home and the other at the office.

    Totally understand that with the sensitive documents.

    In fact, that’s what attracted me to SpiderOak in the first place; however, I’ve since moved those documents into another form of storage (well, in duplicate places, actually) that helps keep my paranoid self a little more comfortable at night ;).

I tried SpiderOak but quickly came across a problem because the connection to the SpiderOak servers kept failing. SpiderOak support got back to me on the ticket quickly and helpfully – but the problem is insurmountable. They limit each device connecting to their servers to 150 reconnects which, if you’re uploading a goodly amount of data and you’re on a rural connection (thanks, BT – I have friends doing research in tents in various outlying parts of the world with better connections than I’ve got in rural England…), is hopeless. It’s a real pity because I like the interface and the service, I think the price is reasonable, and the customer service is obviously first rate. They just need bigger servers!

Projects are kept in Dropbox because of the rapid sync feature. I also use version control so I have doubly-backed up copies.

I’d like to ask how you deal with the problem that Dropbox syncs also your version control metadata (.git/)? AFAIK, SpiderOak is the only solution that allows excluding paths by pattern.

Thanks I found your article very helpful and am considering moving to SO (or maybe Tresorit). I have a couple of points:

Re. “there’s no Apple TV integration so if you have videos in your SpiderOak Hive that you want to display on your television, you’re out of luck.”

I just found it to work :) I put a test photo folder into the SO Hive folder before setting Home Sharing in iTunes to that photo folder. The photos are visible on my ATV.

And re. “it takes longer to sync than it does with Dropbox, but for a simple reason: There’s a process of encryption that happens during the course of the syncing that Dropbox (and other similar software) does not do.”

If SO is slower it can’t be just because SO does encryption and DB does not. At least, my understanding is that both SO and DB send our stuff to their servers in encrypted form. The only difference is that DB decrypt our stuff at their server and SO does not. Therefore, there are more steps in the DB system than the SO system – SO should be faster, not slower, than DB.

If there is a speed difference, isn’t this more likely to be due to something else (SO uses slower encryption algorithms or is just a smaller, less well resourced operation than DB)?

In general I’m very happy with SpiderOak, but for one large problem: I’ve had a few issues which required contacting their support, and support is painfully slow to respond. But that’s not the problem: the real problem is that I can find no SpiderOak community for asking questions and other discussion.

I’m rather surprised by this. I can’t think of any other service or product that doesn’t have a community of users. How could this be, and why?

Please tell me I’m wrong, and have somehow not found an existing community.

    Unfortunately Michael, that community is -1 with me now. I’ve moved on to other services since and no longer use it =T.

    I’m afraid I gave up on SO too. An initial sync, ~30gb got stuck and everything else I tried to remedy just got stuck in the cue. I never really got to use it.

    Support was quick and friendly but there wasn’t anything they could do to unbung me. In the end I cancelled the account and my monthly payment. I really wanted to get on with it. I spent hour trying to sort it out.

    Have you looked at Tresorit? I’m using it on free ATM and it’s quite fast and a lot more intuitive than SO. The sharing options are more flexible. The only thing I’ve not liked is that it won’t sync files with certain characters in their names (e.g., “|”). Obviously it’s quite easy to find and change “|” to “_”, but it’s a little off putting.

    ATM I’m using ChronoSync on a 64 gb flash drive, which I’m quite happy with – at least as far as syncing goes. File sharing is not possible, of course!

    Michael, there is a SpiderOak community: They have their own User Forums, the URL is https://spideroak.com/forum/

    (The SO forums can also be accessed from the tray icon via the Help tab if the application is open.)

      Thanks Stevo,
      I recently found this out. The trouble now is that in order to use the forum, you have to log in, and doing so on a web page breaks the Zero Knowledge condition.
      Now I’ve been told that it’s possible to log in via the application, but I haven’t figured out how to do this. When I click on the Help button it takes me to the web page and asks me to log in there.
      If there is a way to log in to the forum from the application, I would love to hear about it!

      Michael

For syncing in local netwrok I am using bittorentsync or now I am trying http://syncthing.net/ which is opensource.
If I am out from my local netwowk I am using openVPN to get into local network, so syncing is working again.
In case that I want to send some big files to someone then I need to used “cloud”. I was using dropbox but switch to spideroak for last 3 months. Now I find out that MEGA could be better because offering more space.

@Tom I’m curious how you are getting around the privacy issue? I use Dropbox primarily, however, as much as I love Google’s low pricing I just can’t get around the fact of their piracy issue (or lack of trust). Is this something that you have looked into and/or you are aware but are perfectly fine with it?

Also, when you mentioned sensitive data, where are you storing them these days? Or how? Thanks.

    I use Dropbox primarily, however, as much as I love Google’s low pricing I just can’t get around the fact of their piracy issue (or lack of trust). Is this something that you have looked into and/or you are aware but are perfectly fine with it?

    Completely valid point and a good question (it’s one that I get more often than here in a few blog comments). The short answer is that I don’t sweat the privacy thing that much not because I don’t think it’s important – because it is – but I use alternative services for storing more secure information.

    I view Google Drive as a virtual, external hard drive. I don’t store anything on it that I wouldn’t store on an external drive that could be lifted in, say, a coffee shop. It’s got a lot of music, a lot of pictures, a lot of videos, and so on.

    Other documents are stored in different services, and I even have other backups of the aforementioned files because I’m paranoid like that.

    Also, when you mentioned sensitive data, where are you storing them these days? Or how? Thanks.

    This is spread across a couple of services. Some as simple as Evernote, others as more basic as a couple of different hard drives kept in a fire proof safe that I only keep at home.

    I’m more paranoid of data loss than I am of actual an invasion of privacy. Again, this isn’t to say that privacy doesn’t matter – because it does – and I firmly believe that our information should be respected, but I also know that when I agree to sign up for a service, I’m agreeing to their terms.

    This is one of those things that could turn into a long blog post so I’ll stop here :).

without photo upload, the mobile app is next to useless.

Tom,

Nice writeup, thanks! I have been a SpiderOak customer for many years now. I have my entire digital life on SO (700GB) and was paying $500 per year for the service because I believed in them and love the zero knowledge feature. That outweighed the less than great usability and the very slow support response times.
When they offered their unlimited account size promotion earlier this year I had mixed feelings. On the one hand I was glad that I could upgrade and at the same time cut my yearly cost buy hundreds of dollars. But on the other hand I was very worried that this might be a last ditch effort to raise capital for a company that seems to have a very small market share in the cloud backup market (they are usually not even mentioned in reviews and in polls I have seen they never get above 10% of total respondents) before possibly going out of business. At the very least their support that was already bad with response times measured in days and weeks would be crushed under the increased demands that such a promotion would surely bring.
Well, it did from what I can tell. I have had an open support case with them for 3 months now. Tomorrow I enter into month #4 of being unresolved.
The issue is that I cannot install SO on a new system. The syndication process never completes even after days or running.

I no longer am recommending SO to anyone. I got friends and family signed up in rather large numbers because I thought the service was the best around (Tried Mozy and Cabonite before).

Sad to see this happening, but my patience has run out with them and I am looking around for alternatives now.
Zero knowledge is a great feature, but I would rather have a hacker get into my photo collection than loose it because I cannot use my backup system.

    Well, it did from what I can tell. I have had an open support case with them for 3 months now. Tomorrow I enter into month #4 of being unresolved.

    :(

    The issue is that I cannot install SO on a new system. The syndication process never completes even after days or running.

    Wow. This absolutely sucks and I hate hearing this.

    I no longer am recommending SO to anyone. I got friends and family signed up in rather large numbers because I thought the service was the best around (Tried Mozy and Cabonite before).

    Luckily, I didn’t recommend it to anyone, but I have moved on to other systems (kind of a three step process that I should probably blog about at some point), but – like you said – zero knowledge is great feature but it can’t offset some of these other experiences.

    Zero knowledge is a great feature, but I would rather have a hacker get into my photo collection than loose it because I cannot use my backup system.

    Sad state of affairs, but I don’t blame you.

Leave a Reply

Name and email address are required. Your email address will not be published.

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>