Home Features Security Pricing Blog Download

Wuala Blog

Monday, 10 January, 2011

Why Encryption Matters

In this post, I will give you a short introduction into 'client side encryption'. You will learn why 'zero knowledge' is important (Twitter as a recent example) and how you can find out if your online service uses client side encryption. Further, you'll find a short comparison of US and European data protection laws.

Client Side Encryption
Wuala is a 'zero knowledge' service provider. This means that it encrypts all your data already on your PC and your password never leaves your computer (client side encryption). That way, not even we as the operators of Wuala can decrypt your data. Most online storage services handle this differently and have the key to your data. A notable exception that also has 'zero knowledge' encryption is SpiderOak. There are also a number of pure backup services that let you specify a custom encryption key.

The Current Twitter Case
A recent example of why this matters is the subpoena Twitter received from the U.S. government which forced them to hand over customer data. Normally, companies are ordered to keep such subpoenas secret, so not even the affected customers learn about them, but Twitter managed to get an exemption in this case (read the article in the New York Times for more information). Twitter behaved correctly, it had no choice when it handed out the data and it is great that they fought to let their users know about it. But this example shows that when you store data with a service that doesn't have client-side-encryption, you can't be sure that it is safe, even if the company that stores your data is 'nice'.

The 'Password Recovery' Test
If you are unsure if your online storage service is 'zero knowledge', the simplest test is to check if they have a 'reset password' or 'recover password' function. If there is such a function, they can decrypt and access your data. Examples of services that can read your data are DropBox, SugarSync, and box.net. This is nothing unusual, your email provider can read all your emails and Facebook can see everything you upload there. But when it comes to storing sensitive data, you might want to be a little more picky than usual.

Data Protection Laws
Data protection laws are much stronger in Europe than in the U.S. If you care about privacy, you should generally prefer European services. If you are European and intend to store sensitive data online (for example patient records), you might get into legal trouble if you don't choose a storage provider with good encryption. (You can find a German talk about the legal situation in Switzerland here.)

Talk in Zurich
In case you happen to be in Zurich and want to know more about Cloud security, I'll give a talk about this topic on 2010-02-10. Looking forward to seeing you there!

Post Comments

Blogger guenther said...

How are user passwords protected in the Wuala client?

Do you use something like bcrypt (or even better: scrypt) to hash passwords to a key?

January 10, 2011 14:35 PM

Blogger Anonymous said...

"Twitter [...]t had no choice when it handed out the data [...]"

Twitter's notification to the users in question reads like they did not actually hand over data yet: http://rop.gonggri.jp/?p=442
"The legal process requires Twitter to produce documents related to your account.

Please be advised that Twitter will respond to this request in 10 days from the date of this notice unless we receive notice from you that a motion to quash the legal process has been filed or that this matter has been otherwise resolved."

But yes, Twitter's handling of this case appears to be pretty exemplary :-)

January 10, 2011 15:21 PM

Blogger interfaSys Worldwide said...

Patient records may be encrypted, but then doctors use mobile apps to access it over Wifi.
There is always a weak link in every system :(

January 10, 2011 18:45 PM

Blogger interfaSys Worldwide said...

And don't forget Jungledisk that has offered a Zero Knowledge Client Side Encryption syncing service way before Wuala had introduced his.
They also support multiple accounts, which means that you can access both private and business data from one computer.

We love Wuala, it's one of the services we always recommend when users need to backup their data :)

January 10, 2011 18:49 PM

Blogger Ilmar Kerm said...

How do you handle folders that are shared with a web link?
Are you only able to decrypt files when you receive the correct key from the client? Or are you able to immediately decrypt the files when they are shared using a weblink and the key is just a simple server side security check?

January 10, 2011 19:50 PM

Blogger Luzius Meisser said...

@Guenther: Wuala derives you master encryption key from your password using a cryptographic key derivation function. If you have entered the right password, Wuala derives the right key and can decrypt your data.

January 10, 2011 21:30 PM

Blogger Luzius Meisser said...

@Ilmar: when sharing folders with a secret web link, its url contains the key to decrypt that folder. When the URL is entered into a browser, it is sent to our servers who use the provided key to decrypt the folder and return the according web page. Web access is stateless, so our servers can immediately erase the key from their memory again after having served the request. Obviously, this is less secure than using the Wuala client, because the key for the shared folder leaves your computer.

In the long run, we'd like to do the decryption locally in the browser in JavaScript. Unfortunately, JavaScript cryptography is still too slow for that.

January 10, 2011 21:39 PM

Blogger Anonymous said...

Client side encryption is great, but still your application is not open source completely. That's why i can never be sure if there is no backdoor or anything else which compromises my privacy/security.

Because i know there have been other cases of software projects i am also curious if there ever have been requests from a government to implement a backdoor into Wuala so they would have access to user data.

Danke für eine Antwort von euch! :)

January 11, 2011 1:05 AM

Blogger Luzius Meisser said...

@Anonymous: so far, we haven't received any such requests.

January 11, 2011 10:18 AM

Blogger Thomas said...

Even though you can of course never be sure if you can trust us, let me offer the following argument: what interest would we have in having a back door? If we can decrypt our users' data, so can a hacker if he manages to break into our system. Also, since we don't derive any profit from advertising or user profile data (think facebook), we have no motive to spy on our users.

January 11, 2011 13:38 PM

Blogger Anonymous said...

@Luzius and Thomas:

Thank you very much for your honest answer. Keep on rocking&coding! :-)

January 11, 2011 18:33 PM

Blogger Anonymous said...

hi, i'm very interested in wuala but finding conflicting info re the added security of client-side encryption. On a dropbox forum someone representing dropbox and speaking about spideroak said:
"spideroak could just as easily save the key derived from your password when you log in and decrypt your filenames and data. the fact that their server generates output that contains your filenames, etc. is proof that they can still access your data/metadata if they really want to".
Is this true of wuala? I'm hoping to make a fully informed choice. Thanks

February 13, 2011 19:59 PM

Blogger Luzius Meisser said...

@Anonymous: Wuala (or also Spideroak if I understand their technology correctly) could not just simply store your key during login as it is never sent to the server. What we (and every other program you install) could do in theory, is secretly adding a backdoor that logs your passwords and all your keystrokes. This, however, would make that software malware and the authors criminals.

I don't know under what circumstances Spideroak servers generate output that contains filenames (if they are secure, the shouldn't). With Wuala, there are a few circumstances in which this is possible, but only if you explicitely agree, for example when accessing a folder by weblink or when you send in a crash report that contains a filename.

February 15, 2011 16:50 PM

Blogger Anonymous said...

thanks, I'm reassured, sounds preferable to what i'm currently using ie mcafee

February 16, 2011 19:47 PM

Blogger Roberto Valerio said...


I would really like to know how you promote client-side only access and offer web access at the same time? The moment I log into your service using my web browser you should have access to my data, right?

We are planning to offer full client-side encryption as well. But in our case we face the question if we should then separate or deny web browser access for this data.


March 10, 2011 11:01 AM

Blogger Bernd said...

This comment has been removed by the author.

March 10, 2011 13:04 PM

Blogger Bernd said...

yes, as mentioned here http://www.wuala.com/de/support/faq/c/6#id000642 , your file must be decrypted on our server for a short time if you enable a secret link sharing. It will be deleted immediately again after the transfer finished. We suggest not to use the webshare option for very important file.

March 10, 2011 13:05 PM

Blogger CHK said...

FYI: SpiderOak will display your filenames in the browser ONLY if you log in with your account key, ie. voluntarily let go of your key.
The SpiderOak folks specifically discourage this solution - plenty of popups advising you to only ever access files via the client software. Nothing sinister there.
Great services both - Wuala and SpiderOak.

April 19, 2011 12:25 PM

Blogger Anonymous said...


December 19, 2012 15:04 PM

Blogger Anonymous said...

So Mozy can hand over your data to the gov't unless you use your own private key, or can they still hand over your data?

March 1, 2013 18:17 PM

Post a Comment