"Spideroak plugs iCloud leaks to the NSA" identifies idcloak

June 21, 2013 (PRLEAP.COM) Technology News
The recent NSA whistleblowing has revealed that Apple grants the US government agency warrantless access to user data stored on iCloud. Under the Foreign Intelligence Surveillance Act (FISA), this would also allow the US government to access data belonging to non-US iCloud users. Robin Welles, lead tech researcher at idcloak, recommends users take it on themselves to protect their data.

"Encryption keys for iCloud accounts are stored on Apple's servers," says Welles. "This means that the corporation, its staff and anyone else with administrative access to its servers may access personal data stored there. Basically, we shouldn't use iCloud for anything more than our iTunes playlists."

For cloud storage of personal data, Welles recommends Spideroak. "Spideroak also provides encryption on storage and transfer, but is one of the few cloud providers to offer a zero-knowledge privacy policy. The encryption key is only stored on the user's devices so your data cannot be accessed in the cloud or in transit."

One natural downside of locally held passkeys is that users will lose their data if they forget their password. Fear of loss may encourage them to use weak passkeys that can easily be remembered or to keep written records of them. Both actions severely weaken the security of the cloud system. Welles believes the solution lies with password managers such as Dashlane, "Dashlane helps you generate and store high-strength passwords and can even automatically input them for you to protect you against keylogging spyware. And yes, keyloggers do exist for iOS."

As a seal on the security lid, Welles says Spideroak users may also mask their IP address when accessing the service, "If a hacker were to target Spideroak for data theft, she would certainly go at the device. Most hacking, tracking and surveillance requires an IP address; but if all your Spideroak access passes goes through an assortment of global IP addresses – by using a VPN Mac proxy, for example – an attacker couldn't use IP look up tactics to find you. And if you cannot be found, the best hacker in the world cannot hack you."

Spideroak's current iOS app only allows users to read and share encrypted files through an iOS device, not to upload to the cloud. The firm is working on a new version that will deliver user data to Spideroak servers, but for the time being an OS X (or Windows) device is needed for this task.

Welles was quick to defend this temporary inconvenience, "Obama has said a trade-off needs to be made between privacy and security at the government level. A similar trade-off needs to be made by the user – between usability and privacy. Without some sacrifices, we will never have control of our personal data; there are just too many parties after it."

Visit www.idcloak.com for more information.

Written by Terence Shull.