This
article on politico discusses the implications of the patriot act in the US on cloud computing, namely that companies and governments are reluctant to use US based cloud storage because data stored in the US becomes accessible to the US government through the patriot act. The best way to avoid this is to take the Wuala approach of
client-side encryption and to encrypt everything before it is uploaded. With client-side encryption, no one, not even LaCie as the operators of Wuala, can see your stored data and therefore also cannot give it to a government agency or anyone else. Furthermore, Wuala's datacenters are all located in Europe which has more data protection laws, giving additional comfort to our users.
That's why I love Wuala. :)
ReplyDeleteWell conceived and welle done guys!
ReplyDeleteLacie is an American company and therefore bound to American laws. It should therefore be assumed that Lacie cooperates with American law enforcement as all companies do in jurisdictions relevant to their business.
ReplyDelete(I know Lacie Switzerland is a Swiss company and Lacie is to a certain degree also French. That does not help either, France and Switzerland law enforcement is not bound by data privacy either.)
To "Guest": even if Wuala's servers were in the US instead of Switzerland... they could only hand-over encrypted data whose key is unknown to them.
ReplyDeleteGood job, Wuala.
@Anonymous: Sure, and Skype is fully encrypted and legal interception is not possible. Ever heard of backdoors and other access ports for law enforcement authorities?
ReplyDeleteBest reason yet to open source the client. Transparency creates confidence.
ReplyDelete@Guest: LaCie is a French company, not American.
ReplyDeleteVive la France!
ReplyDeleteI apologize if I've missed this somewhere on your site, but I couldn't find an answer to this question: Is Wuala compatible with some sort of local encryption, like Mac's FileVault?
ReplyDeleteAlso, a small stylistic comment about the website. For some people videos are a nice way to get information, but for me, and probably others, text is preferable. It's faster, and doesn't need audio.
A smart move Wuala should do: make the client available in open source.
ReplyDeleteMany benefits:
1) Wuala would be regarded as the most secure and trustful cloud backup provider
2) Free buzz, resulting in many new customers
3) Free help/improvements from the community
4) After the removal of the trading feature, disappointed people will probably be happy again :-)
Sooner or later, the Wuala competitors will open source their client, and you will be forced to follow. So, it's probably better to do it on your own, and make profit of the good press you will get :-)
BTW, regarding privacy, you should disable deduplication, or you should do it after encryption (in that case, it will be probably useless) or only per account.
My 2 cents.
Hummm... AFAIK it is possible to know by encrypted file hash comparison files than you have a certain file (size/CRC) in common with another users...
ReplyDelete@willemijns if no dedup is required, then a given file encrypted two times will result in two different encrypted versions, as long as the crypto is done correctly (ie, CBC mode, with random IV).
ReplyDeleteYou can then apply dedup on encrypted data, but as the blocks will be more or less random, the effeciency of the dedup process will be probably poor.
I would be more than happy to pay the price for having a better and safer system *by default*. Of course, nothing prevents you to still use encfs or Truecrypt :-)
real security can only be proven by source code release of relevant parts of the wuala client software or allow for an open pluggable plugin like mechanism for encryption part of wuala which could be provided by opensource community and review the code.
ReplyDeleteat the current moment all we have is wuala promises and a lot of text. there is zero proof all these years that wuala has no second backup keys, does not transmit the password in some ways back to wuala themselves, does not derive or backup decrypted privatekeys and so on.
please come forward and release a somewhat opensource client software at last or the relevant modules and allow for plugin architecture of the security related parts of wuala at last.
thanks.
opensourcemember
+1
ReplyDeleteAn open source client is the unique way Wuala can claim to be "secure by design !"
How about working a bit less on security and encryption and a bit more on proper file sharing (so mayne pple coming back to ma saying it s not working when i send a link) and a good upload manager? We re not all james bond.
ReplyDeleteDid you have a close look at the privacy policy (October 2011)?
ReplyDeleteRead the following:
6. Disclosure to third parties
Basically, your data is not transmitted to third parties. However, LaCie may release personal data if the law requires it to do so or in the good-faith belief that such action is necessary to comply with any laws or respond to a court order, subpoena, or search warrant or to protect LaCie's rights and interests. Furthermore, you expressly agree that LaCie can disclose personal data to identified third parties (e.g. owners of intellectual property rights) and/or government enforcement bodies in order to enforce the General terms and conditions, particularly in case of founded indications that the laws or the rights of a user or of third parties, particularly copyrights, other industrial property rights or personal rights, have been violated , insofar as such is necessary.
@anonymous of 18 december, you don't need to be james bond to take care of your privacy. There are many other services sharing oriented you can use if this is your primary need.
ReplyDeletePrivacy is the future for business on the cloud and open source is the only way to guarantee you really do what you promise.
I agree with the open source comments.
ReplyDeleteI love Wuala and want to stay with the service (I'm paying $79 a year with Wuala and I feel that's a steal). However, I'm closely watching projects like Syncany
http://www.syncany.org and
Own Cloud http://owncloud.com/ simply because they promise the same functionality as Wuala but with less restriction on storage (don't have to use Wuala's servers) and most importantly they are open source so that we don't have to take your word that you aren't back-dooring info.
It would be in Wuala's business interest to seriously consider these open source requests. The future of cloud computing is in security that is not dependent on the corp that is providing the service (ie - client side encryption) and at the same time can be verified secure by ANYONE.