Zoolz Checking Customer Filenames to Prevent Piracy

Privacy

It has come to my attention that Zoolz, an online backup service for home and business users, is checking customer filenames in an effort to prevent piracy.

Zoolz will check filenames, and delete the account if it contains pirated software, music, or video files.  I think people should be aware of this, because Zoolz claims to be a “zero-knowledge” encrypted cloud backup service.

From the Zoolz Product Agreement:

If Metadata checking (i.e. file names) reveals that an account has content relating to video piracy, software piracy or any copyrighted data with the intent to distribute (i.e. torrents) the account will be immediately terminated.

Ryan is one affected user, who first informed me of what Zoolz was doing in a comment on my review of the service.  I’ve removed his last name and original comment, to protect his privacy.

Ryan wrote:

They named five file names and said (repeatedly) there was nothing they could do except delete the entire account … My account and all data 1.3TB) was indeed nuked, they would not budge on deleting specific “prohibited file names” saying they had no way to do it.

Old .torrent files were to blame, which were less than 1MB in total.  Zoolz gave him one week to get all the data off his account, before deleting it.

I emailed Zoolz, asking if they scan business accounts as well.  I also asked if these terms apply to G Cloud Backup, which is owned by Genie9, Zoolz’s parent company.  I haven’t received a response.

Update – Response from Morgan @ Zoolz:

Dear Geoff,

In response to your article, we would like to clarify our point of view.

Zoolz has noticed that our unlimited accounts are being abused, as a single use account accessed from different locations at the same time across the globe. Therefore, this act could cause illegal distribution of pirated copies of material by allowing users to access their account to download the content. Zoolz system flags any suspicious material, by checking filenames and not scanning data as you have falsely claimed in your article. Zoolz adopts machine level zero-knowledge encryption, therefore the service cannot access or scan actual data; as our technical team has pointed out. We advise you to remove this claim as it is false.

Our technical support has even offered him a refund for the rest of his period and gave limited access to the account in order to retrieve the data.

We are sad to see you side with illegal behavior, the torrents could mean that the user has the actual media files, and downloading any media file without any proof of ownership is considered illegal.

http://corporate.findlaw.com/intellectual-property/copyright-law.html

This user did not come upfront with proof of ownership of the actual material that is shared via torrent; as we know that in most of the times the average citizen could be unaware of this being illegal, but instead in order to try to warn users that their act could cause them to be persecuted, you are posting an article that promotes it.

My response:

Hi Morgan,

Thank you for explaining the other side to this issue.

Regarding “scanning data” vs “checking filenames,” I will change this.

How does your flagging system match filenames to copyrighted material?  Would it match a .txt file with a copyrighted term in the filename?  Would it match files in C:\Program Files?  Could it be altered to match every filename on a user’s computer?

And how can Zoolz claim to be “zero-knowledge” if the filenames are known?

Just because I don’t support filenames being “checked” by an online backup service, does not mean I support illegal behavior.

Zoolz response:

Dear Geoff,

First of all, we appreciate your prompt update to your article. I have checked with the technical team for our home accounts. The algorithm only flags home accounts of excessive bandwidth use and check files at time of access this algorithm currently checks for .torrent files. The algorithm could make mistakes, as we mentioned in the automated email; and in this case they should come forward with proof of ownership or show that these files do not contain any sort of piracy.

As for the business accounts, since regulated by their companies policies, Zoolz adopts zero-knowledge filename and data encryption. As proof, we are attaching a screenshot of the output of our copy, encrypt and ship service, which mimics the exact output on how data is stored on our datacenters. Please note that this output is also encrypted with another level of Server Side encryption with 256-AES. If interested, we can send you a free Zoolz business account and a license for this service.

zoolz email

Best,
Morgan

Geoff Akerlund

Geoff Akerlund

Geoff Akerlund is the founder and editor-in-chief of BackupReview.com. He is a cloud fanatic and regularly reviews online backup services. He believes backups should be easy, affordable, and automatic.

Geoff Akerlund

@backupsoftware

Reviews and ratings of the most popular backup solutions

@FabacusSuite Just noticed your tweet! I’m not aware of any cloud storage needs specific to manufacturing. I’m open to insight/suggestions. – 10 months ago

 
  • Daniel Jack

    I dont know Zoolz, but i was using Just Cloud, and they did the same, so they stopped my account without even telling me anything, they said I violated their EULA due to torrent files name!!, and checked their EULA, contains the same text!! , I think you should also mention Just Cloud, Blackblaze and others as most Unlimited cloud services are doing this!!!!, just to be fair for everyone Geoff

    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)
    • Backblaze actually encrypts file names, file paths, and the actual data. Just Cloud does not encrypt files at all, so I’m not surprised.

      VA:F [1.9.22_1171]
      Rating: 0 (from 0 votes)
    • LOL CATS

      My understanding with Crashplan is if that you use a private client-side key, filenames are never visible on their servers.

      VA:F [1.9.22_1171]
      Rating: 0 (from 0 votes)
  • bd1143bc

    This is why I back up to an external HD at my house.

    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)
    • Sasha

      You should do that, AND use a cloud service.

      What if your house burns, or a robber thoroughly ransacks it?

      At the very least, use two hard drives, and keep the second as a long term backup, updated not as frequently but kept in a different physical location.

      VA:F [1.9.22_1171]
      Rating: 0 (from 0 votes)
      • sdfsdf

        2 encrypted external hd, store 1 offsite, rotate monthly or weekly or whatever

        VA:F [1.9.22_1171]
        Rating: 0 (from 0 votes)
  • LOL CATS

    Crashplan is FAR better than these Zoolz clowns anyways….

    “We advise you to remove this claim as it is false.” blah blah blah

    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)
  • leexgx

    not even checked what Zoolz (do not want to google it so it does not push them up the rankings) does is it Just Prue backup? or is it like Drop box where you can share

    the point is if you accidentally have a .torrent file or what ever bad file they deem as bad in your account you lose your account its that simple

    they should not give 1 hoots what they’re backing up, if they are sharing a bad file Fine ban them but Just for having a .torrent file in your backup = a ban is silly policy (dropbox way they handle it is if you have a bad file in your dropbox account you just can’t Share it if the Hash matches the bad list)

    i ask/force for full refund if you can

    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)
    • Zoolz does not do file sharing, it’s backup only. I agree it’s a ridiculous policy.

      VA:F [1.9.22_1171]
      Rating: 0 (from 0 votes)
  • jayarmstrong

    Thanks for researching the issue and getting clarity from Zoolz. I’m mostly concerned about zero knowledge for clients (HIPAA and real privacy) so it’s great to hear they offer that through their business product.

    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)
    • I’m glad you liked the article Jay. Yes, private encryption is an absolute must for HIPAA compliance – good point.

      VA:F [1.9.22_1171]
      Rating: 0 (from 0 votes)
  • aikanae

    I am so confused on this. I have movies and music that I’d like to backup. They represent a significant investment but how do I “prove” ownership? Do they want to see a credit card receipt from 5 years ago showing I made a purchase from Itunes or Amazon even though those aren’t itemized on the receipt showing I paid for the movie or song? This is the reason why I have not backed up my data with any service.

    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)
    • Hi aikanae. I am not sure how they expect to verify ownership either. I should mention that Zoolz is the only service I know of that does this, and there are plenty of backup services that don’t place crazy restrictions on users, such as Backblaze and CrashPlan.

      VA:F [1.9.22_1171]
      Rating: 0 (from 0 votes)
  • The Zoolz position on illegal file sharing is a red herring. Their motives are related to economics and bandwidth—or perhaps multiple, simultaneous access. Their true motives are unrelated to copyright infringement…

    It is not illegal to store a torrent with a filename that matches copyright music or films. It may be the user’s own performance, or a commentary, a Blog video, or an authorized concert video. What if the user owns the rights or has secured permission from the copyright owner?

    Zoolz is fishing, and then asking the user to prove that they are innocent. The very fact that they can fish demonstrates that their service claim (“zero knowledge”) is a pack of lies. There is no way to justify or defend a backup or cloud service that boasts ‘zero knowledge’, but then snoops into customer data. Fishing, Eavesdropping, Demanding customers defend filename practices, and then Terminating. All of these practices are untenable.

    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)
    • Very true Philip. The reasoning never really did make sense.

      VA:F [1.9.22_1171]
      Rating: 0 (from 0 votes)
  • Sam Dolbel

    Thanks for this Geoff, I nearly succumbed to the lifetime special Zoolz are running.
    I was with Backblaze for 2 years, but when my pc crashed and I needed my files, huge chunks were missing, backblaze were no help, except to do a refund of the remaining period.

    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)