It has come to my attention that Zoolz, an online backup service for home and business users, is checking customer filenames in an effort to prevent piracy.
Zoolz will check filenames, and delete the account if it contains pirated software, music, or video files. I think people should be aware of this, because Zoolz claims to be a “zero-knowledge” encrypted cloud backup service.
From the Zoolz Product Agreement:
If Metadata checking (i.e. file names) reveals that an account has content relating to video piracy, software piracy or any copyrighted data with the intent to distribute (i.e. torrents) the account will be immediately terminated.
Ryan is one affected user, who first informed me of what Zoolz was doing in a comment on my review of the service. I’ve removed his last name and original comment, to protect his privacy.
They named five file names and said (repeatedly) there was nothing they could do except delete the entire account … My account and all data 1.3TB) was indeed nuked, they would not budge on deleting specific “prohibited file names” saying they had no way to do it.
Old .torrent files were to blame, which were less than 1MB in total. Zoolz gave him one week to get all the data off his account, before deleting it.
I emailed Zoolz, asking if they scan business accounts as well. I also asked if these terms apply to G Cloud Backup, which is owned by Genie9, Zoolz’s parent company. I haven’t received a response.
Update – Response from Morgan @ Zoolz:
In response to your article, we would like to clarify our point of view.
Zoolz has noticed that our unlimited accounts are being abused, as a single use account accessed from different locations at the same time across the globe. Therefore, this act could cause illegal distribution of pirated copies of material by allowing users to access their account to download the content. Zoolz system flags any suspicious material, by checking filenames and not scanning data as you have falsely claimed in your article. Zoolz adopts machine level zero-knowledge encryption, therefore the service cannot access or scan actual data; as our technical team has pointed out. We advise you to remove this claim as it is false.
Our technical support has even offered him a refund for the rest of his period and gave limited access to the account in order to retrieve the data.
We are sad to see you side with illegal behavior, the torrents could mean that the user has the actual media files, and downloading any media file without any proof of ownership is considered illegal.
This user did not come upfront with proof of ownership of the actual material that is shared via torrent; as we know that in most of the times the average citizen could be unaware of this being illegal, but instead in order to try to warn users that their act could cause them to be persecuted, you are posting an article that promotes it.
Thank you for explaining the other side to this issue.
Regarding “scanning data” vs “checking filenames,” I will change this.
How does your flagging system match filenames to copyrighted material? Would it match a .txt file with a copyrighted term in the filename? Would it match files in C:\Program Files? Could it be altered to match every filename on a user’s computer?
And how can Zoolz claim to be “zero-knowledge” if the filenames are known?
Just because I don’t support filenames being “checked” by an online backup service, does not mean I support illegal behavior.
First of all, we appreciate your prompt update to your article. I have checked with the technical team for our home accounts. The algorithm only flags home accounts of excessive bandwidth use and check files at time of access this algorithm currently checks for .torrent files. The algorithm could make mistakes, as we mentioned in the automated email; and in this case they should come forward with proof of ownership or show that these files do not contain any sort of piracy.
As for the business accounts, since regulated by their companies policies, Zoolz adopts zero-knowledge filename and data encryption. As proof, we are attaching a screenshot of the output of our copy, encrypt and ship service, which mimics the exact output on how data is stored on our datacenters. Please note that this output is also encrypted with another level of Server Side encryption with 256-AES. If interested, we can send you a free Zoolz business account and a license for this service.