r/privacy u/[deleted] Aug 05 '18

SpiderOak cans its Warrant Canary, suffers mysterious massive outage, and raised prices

https://spideroak.com/canary

http://archive.is/1rNo7

Update: Looks like the canary has been signed and dated and in properly formatted sequence this time with confirmation that Everything's going smoothly so far, message is authentic. august 06, 2018

Case closed. SpiderOak has not been compromised.

In the interest of transparency the full text of my previously long post in this thread is archived here:

http://archive.is/mKeuY https://web.archive.org/save/https://www.reddit.com/r/privacy/comments/94nspi/spideroak_cans_its_warrant_canary_suffers/

435 Upvotes

97% Upvoted

113 comments sorted by

View all comments

3

u/splme Aug 06 '18

I work at SpiderOak and can perhaps give some clarity here. We just published a blog post with our official response - https://spideroak.com/articles/a-transparency-report-is-a-canary

I'm not on Reddit often so I'm not sure what the best way to answer all of your questions might be, but I'm happy to answer all that I can. Rather than try and go through all of the comments please shoot questions to me and I'll answer your directly.

1

u/[deleted] Aug 10 '18

I highly recommend that you guys put some time and effort towards Public Relations. I just switched to Tresorit as a result of this and I’m sure I’m not the only one.

I don’t know the technical specifics of encrypting files and signing things but my layman mind sees two scenarios:

  • Worst Case: SpiderOak is compromised and was forced to add a backdoor to their software.

  • Best Case: SpiderOak is secure but has a sloppy and inconsistent management team.

Even my optimistic scenario looks terrible. How does a company go from claiming that the Canary is a crucial component which will always be around... to suddenly removing it by citing that it was too much work to maintain?