That’s right, you read the title correctly, I am switching my primary offsite backup and synchronization provider from Dropbox to SpiderOak. For years I have been a Dropbox evangelist. Selling the service to my family, friends, colleagues, and clients as the wonder product that kept all of my computers in sync while keeping all of my data safe.

NO MORE

Dropbox’s lack of security has shattered my trust in the service. It is not that I thought my files were private on Dropbox. I knew right from the start that anything I sent to Dropbox could be unencrypted and viewed by Dropbox employees or convincing authority figures. No, my problem with Dropbox is not with privacy, but with control.

For four hours last week Dropbox let anyone log into my account and control the files on my computers from the Dropbox website. It is bad enough that an intruder could view and copy my documents, but by having access to my entire account they could…

• remove all of the most important files from all of my computers in an instant.
• corrupt specific files in a manner that would go unnoticed for weeks.
• introduce offensive or malicious files to all of my computers including the computers of family, friends, colleagues, and clients I share folders with.

At $200 for a premium 100GB yearly subscription I cannot afford to pay Dropbox to make such mistakes.

SpiderOak

SpiderOak is an online backup tool with the same multi-platform appeal of Dropbox. It allows users to share, sync, access, and store files using an offsite server technology just like Dropbox. The difference between SpiderOak and Dropbox is the encryption, control, and cost of the service.

Encryption

SpiderOak uses both encrypted cloud storage, and client side key encryption so even SpiderOak employees cannot access your data. Dropbox encrypts all of its user’s documents with THE SAME KEY. Dropbox’s staff can read your data on the server at ANYTIME. Worst of all if an intruder gets access to the encryption key and Dropbox’s storage infrastructure they too could ACCESS EVERY FILE UPLOADED TO DROPBOX.

With SpiderOak, you create your password on your own computer not on a web form received by SpiderOak servers. Once created, a strong key derivation function is used to generate encryption keys using that password, and no trace of your original password is ever uploaded to SpiderOak with your stored data.

The outer level keys are never stored plaintext on the SpiderOak server. They are encrypted with 256 bit AES, using a key created by the key derivation/strengthening algorithm pdkdf2 (using sha256), with 16384 rounds, and 32 bytes of random data ("salt"). This approach prevents brute force and pre-computation or database attacks against the key.

So to access your data on SpiderOak you enter the password that locally decrypts the key that decrypts your data. The SpiderOak client software never sends your password to the server, but proves your identity with a zero knowledge password proof that is designed to decrypt your key and get your data without SpiderOak ever knowing your password. All of the data that is uploaded to SpiderOak is secured on their own servers. Dropbox outsources your data to Amazon S3 for storage, and SoftLayer Technologies for backend infrastructure. Outsourcing increases the number of people with immeadiate access to your data. SpiderOak even offers two-factor authentication so that only a person knowing your password and in procession of your cell phone can access your data.

Control

Dropbox offers unparalleled simplicity by only backing up, syncing, and sharing the files stored in your Dropbox folder. Users know that if they save a file into their Dropbox folder it will appear on all of their Dropbox connected computers and be backed up to the cloud. Power users like myself find Dropbox’s one box syncs all approach frustrating. Although Dropbox’s design is drop-dead simple for new users to understand, power users want to sync files located outside of our Dropbox folders. With Dropbox we are forced to do this by creating symbolic links between our Dropbox folders and data that cannot be removed from its original location. Before long our Home Folders more closely resembles a tangled web of links than a organized filesystem of documents and folders. With SpiderOak I can cut the links and untangle the web that has been tying up my Home Folder.

SpiderOak syncs outside the box by letting you control exactly which files and folders get uploaded to their service. You check off the items you want bo back up from a hierarchical list and SpiderOak will backup any file on your computer, including data stored on external drives. File name wildcards allow you to refine your selection even further. While limits can be placed on the size, age, and frequency of the files you backup with SpiderOak.

When it is time to sync and share, SpiderOak gives you full control over which files make it to other computers and which files stay securely in the cloud. SpiderOak will even let you sync two directories that are saved on the same computer, such as your primary documents folder and a backup on an external hard drive. Upload the same files from two different locations and SpiderOak can sync the results and consolidate your files saving you the cost of storage.

Cost

Boxes come in many shapes and sizes, but over at Dropbox the choice of storage capacities is limited to just three containers. A Basic 2GB account for free, a Pro 50GB account for $9.99/month or $99.00/year, and a Pro 100GB for $19.99/month or $199.00/year. SpiderOak in comparison grows with your needs, and does not try to box you into a set amount of storage. SpiderOak starts with a 2GB plan for free but can blossom into a 100GB plan for $100.00/year or sprout all the way up to a 5000GB plan for $5000.00/year. With 100GB increments costing just a $1 a GB SpiderOak offers more choices for half the price of Dropbox.

SpiderOak even cuts its own prices in half for educational customers looking for 100GB or 200GB subscriptions. This makes SpiderOak’s 100GB plan a quarter of the cost of Dropbox for students and teachers with a .edu email address.

Even Dropbox’s referral program pales in comparison to SpiderOak. Dropbox offers 500MBs for every friend your subscribe while giving the new subscriber 250MBs. The limit for this program is 16GBs for Dropbox, but SpiderOak gives you and your friend 1GB for each new subscription you refer with the possibility of earning 50GBs of free storage for life.

Dropbox’s advantages are its easy to understand sync, its ecosystem of third-party applications, and its populous of users to share files with. SpiderOak is gaining in user popularity, offers iOS and Android mobility apps, and allows more control than Dropbox at a fraction of the cost with pre-internet encryption. I will continue to use my free 2GB basic Dropbox account to share public files, but from now on I trust SpiderOak with my offsite backup and syncing needs. Give

SpiderOak a try for yourself and start backing up and syncing your data securely with an extra GB today.