Security and privacy are becoming increasingly important in the digital age, yet most online storage companies neglect to tackle these concerns with adequate protection. SpiderOak is one of those rare backup service providers that not only protect your data, but promise that they have absolutely no knowledge or access to it. Should the government come knocking, they couldn’t provide any data, even if they wanted to.
Most of the time, privacy comes at the expense of convenience, or in the cloud storage industry, at the expense of features. We reviewed this service a couple of years ago and found that while it offered a powerful feature set, it did have major download performance issues. However, the company has upgraded its service, rebuilt its software, and replaced its UI. So does the new SpiderOakONE fare any better? Check it out below:
- Solid security and no-knowledge privacy
- Highly customizable backup software
- Unlimited devices
- Backs up file versions
- Secondary backup to, and restore from, local, network, or FTP drives
- Configurable sync folder
- Create secure and private share links
- Mobile apps for iOS and Android
- Fast upload speeds
- Desktop software is a bit buggy
- Inconsistent download performance
- Expensive pricing model
- Sharing is complicated and limited
- No free option outside of 2 GB 60-day trial
SpderOakONE offers an even stronger feature set and improved speeds while still maintaining its rock-solid security and privacy features. But, the new software seems a bit buggy, restore performance is still inconsistent, and the pricing model is especially expensive if you only have one PC. That said, it’s a fantastic suite that’s well worth checking out, especially for the privacy focused.
Security and Privacy
Security-minded users will not be disappointed with SpiderOak.
Data stored on SpiderOak’s servers is encrypted from end to end, both SSL in transit and on the server. Your password, and therefore the encryption keys to decrypt your data, are never stored on SpiderOak’s servers. They have a “Zero-Knowledge” promise that there is literally no way for the company, any third party, or even the government to access your data without having your user account password.
This also means that they do not store any metadata about your files. File types, names, sizes, creation and edited dates, are all hidden from everyone but you. They don’t collect it and have no access to it.
One of the most popular methods hackers use for accessing data is social engineering. Hackers can typically just change your password by finding answers to your security questions using data obtained through internet searches or social media, or accessing your e-mail using the same method to get a password reset message. With SpiderOak, that’s not possible. There is literally no way to change a password without knowing your original password. The best a hacker would get is a password hint that you established.
The only disadvantage is that you really need to pick a password you will remember because just as a hacker can’t reset your password, neither can you. If you forget your password and don’t pick a useful enough hint to remind yourself, there will be no way for you to access your account again. SpiderOak does not have your password and cannot reset it or give it back to you.
Backing Up Files
While you can access your data from the website, the company strongly recommends you don’t do that. Accessing your data from SpiderOak’s website requires that you provide your password to them to view your files, which breaks down their “Zero-Knowledge” policy. As a result, their website doesn’t offer much other than just a way to download files, but the web UI is a rare thing to use with a backup service. Thankfully, the company offers a well-featured and comprehensive software platform on Windows (XP and up), Mac OSX (10.8 and up), as well as Debian, Fedora, and Slackware based Linux distros.
Because of SpiderOak’s privacy focus, you don’t create an account on the website like other storage companies. Your account is created during the software installation process, and your account data and password are then stored on your computer and in the registry. The server validates with your software that the password entered is correct, but the password is never sent to the server.
The software’s backup interface is essentially a file manager. You select files and folders, and then hit a “save” button at the top of the interface, and it will remember your preferences. Need to add more files? Just select and save again. The software will start the backup automatically or on your schedule.
Speaking of changes, the software also tracks multiple previous versions of your files, and will let you restore a file back to a previous version should you make some unwanted changes.
One of my favorite features is the ability to create a secondary backup of any data sent to the cloud to store on a local drive, a network share, or an FTP server of your choice. The data itself is just copies of the encrypted data blocks sent to the server, so it’s still secure on your backups, but it does require the software to access. Using this option to “double-back-up” your data actually has some interesting performance advantages too, as the software will automatically download from this location first if you need to restore.
Speaking of that preferences page, there are a lot of options available to you to customize how the software works. You can set network proxies and set bandwidth limits. You can set unique automatic schedules for back ups, syncs, and sharing. You can set maximum file size limits, age limits, file types, and folder keyword exclusions. You can even turn on and off nearly every feature of the software, force a password check on reboot, and other such options.
Should you want to restore files, you have to go to the “Manage” tab. Here, the software will let you see all the data stored in your backup with their original file structure intact, so you can find your files where you originally had them.
Finally, should you delete files from your backup by accident, there is a “deleted files” folder that you can restore files from. The files remain here until you decide to remove them, but they do count towards your storage total, so you’ll want to clear them out every now and then.
SpiderOak Hive Sync
But backing up files isn’t the only thing the software can do. In case there are files you are constantly accessing and editing across multiple computers or mobile devices, you do have the “SpiderOak Hive” folder.
This folder will back up files dumped inside of it to all computers and mobile devices set up with your account and password information. Changes will be backed up and pushed to all of your other devices. Just like with backups, you can track multiple edits of the file and revert back if you want to.
The service automatically sets up a SpiderOak Hive in your Documents directory, which you can disable in the preferences. But I like that you can also choose your own folders to be synced and the destination to sync to.
It’s cool to see a cloud sync built into such a robust back up service, but there’s one major disadvantage with this setup. Syncing events don’t necessarily take precedence over backup events. If there’s a large backup running, your sync will have to wait, and that means you may not see your files getting updated on your other PC or mobile devices for hours. You can mitigate this problem by forcing a backup schedule outside of your normal working hours, but it is something to be considered if you plan on using the Hive folder.
While it’s possible to share files with SpiderOak, it’s not necessarily quick or easy. First of all, you have to back up any files you plan on sharing. The software has no option to add local files to the share.
Then you create a “public ID” so that your username isn’t being given out publically, followed by a name for the “ShareRoom” followed by a name for the “ShareFolder” that will contain the files you’re sharing, and you can give an optional description as well. All of these steps are to keep your personal privacy secure, so as not to reveal any information about your account or folder structure.
Once you’re done with that, you can create an optional password on the share as well. You’ll be granted a URL link that you can share to others, but there appear to be no other sharing options.
The final link will lead to a SpiderOak website with the files you’ve shared located within, with advertisements for the service included. Link receivers can download the shared files and that’s it. There appears to be no way for users to send files to you or view them in the webpage, but that’s presumably due to the security focus of this service.
A Few Bugs
In my experience, the software was a bit buggy. It doesn’t appear to handle deep folder trees very well, as it would intermittently hang when processing a backup selection that was more than 6 or 7 folders deep. De-selecting the folder and then selecting individual folders would help solve this.
In addition, I could easily break the software by starting a file share and then deleting it within the software before it fully uploaded, especially when the upload included exceptionally large files. The service would continue trying to upload the share, but would never finish because it was no longer there. This case required a complete uninstall and reinstall of the software, followed by hitting the “Clear Upload Queue” button a few times.
The reality is that there should be a way to stop or cancel individual actions within the activity queue, but there isn’t. Instead of actually clearing the task list, the aforementioned button will pause all tasks and close the software, but it won’t clear any actions. When you re-open SpiderOakOne, it will take several minutes to “re-syndicate” the data on your computer with the server, and will finally flash a big green button to resume the very task that you told it to clear before.
SpiderOak offers mobile apps for iOS and Android that allow you to see and download your backed up files. You can find your files organized by the device the backup came from, and you can download them to your mobile device, but there is no built in viewer/player for files. The apps will also show you your most recently used files as well as files you’ve indicated are favorites
The apps will also give you access to any synced “hives” that you’ve created as well as any “share rooms” you’ve created. Should you desire, you can also add new share rooms by setting up the room name and a password.
For those wondering about the security implications of apps, SpiderOak gives you the above warning and explanation. Your password is stored temporarily in encrypted memory, but only as you are accessing files on the apps. Once you’re signed out of the app, the server copy of the password is erased.
Technically, the service is not Zero-Knowledge when you’re using the app. But, the protections they employ should still be good enough to protect you, as your encryption key is actually encrypted on it’s own, making it pretty much impossible for employees, governments, or hackers to get access to it.
For the most part, SpiderOakONE has solved most of the performance issues we found in the previous reviews. Due to the amount of performance testing I wanted to do this time around, I was able to borrow a much faster internet connection than I normally have access to. This service is typically rated at about 50 Mbps on downloads and 5 Mbps on uploads.
The service hit maximums on both metrics pretty easily, which is a good sign considering the service couldn’t easily break 1.5 Mbps download last time. That said, average speeds suffered because I consistently saw large gaps of time between downloading one file and moving to the next.
To rule out network issues, I did several different tests on a few additional networks, but the results were the same. When it was downloading, it was fast. But the restore process would randomly stop at points, and then resume several minutes later.
|Average Upload Speed||5.12 Mbps|
|Max Upload Speed||7.16 Mbps|
|Average Download Speed||17.0 Mbps|
|Max Download Speed||64.7 Mbps|
Like I mentioned earlier, if you take advantage of the software’s ability to back up your cloud data on a locally connected drive or an FTP server, this will significantly improve your performance. In practice, this process actually removed all the performance issues I mentioned earlier. Restoring data in this way was just as fast as a copy/paste function.
SpiderOak’s service isn’t exactly cheap. They offer a paltry 2 GB of storage for free, and then charge anywhere from $80 a year for 30 GB to $280 a year for 5 TB. Unfortunately, there is no unlimited storage option anymore either. But considering the feature set and great security, it’s not a bad price.
|Storage||Monthly Price||Yearly Price|
|Free||Free (60 days)||N/A|
That’s especially true when you consider that these costs include unlimited computers. Many backup services require per computer subscription charges. That said, if you only have one computer, you will be paying more than average.
SpiderOak offers support via an online knowledgebase and a contact e-mail. They do not offer phone support. Free trial customer will get the same level of support, but only for the length of their trial, obviously.
|Average Upload Speed||5.12 Mbps (5 Mbps connection)|
|Average Download Speed||17.0 Mbps (50 Mbps connection)|
|Free Online Storage|
|Mobile Apps||Android, iOS|
|Keep Deleted Files||Forever|
|Back Up to Local Drive|
Sync and Share Features
|Public File Sharing|
|Data Center Location(s)||Illinois and Kansas City, Missouri|