Home Features Security Pricing Blog Download

Wuala Blog

Tuesday, 21 June, 2011

Cloud Security

As Wired reports, one of our competitors suffered from a bug on Sunday that allowed everyone to access everyone else's files for about four hours. As the article points out correctly, problems like these wouldn't be possible if the files were encrypted already on the client, like Wuala does. Encrypting your files before they are sent to the cloud makes Wuala inherently more secure than solutions that rely on server-side encryption. We couldn't expose our users' data to others (neither accidentally nor intentionally), thanks to out commitment to client-side encryption.

I recently talked about this at a security lunch (German link) of the ISSS (Internet Security Society Switzerland).

Post Comments

Blogger Anonymous said...

Hi, I'm a DB user and, after what has just happened, I dont't trust them anymore. So I would like to evaluate other, more secure alternative, such as Wuala. Can I install Wuala on the same computer where DB is already installed? Or could they conflict?

June 21, 2011 15:00 PM

Blogger Bernd said...

You can run Wuala on the same computer. These are completely different solutions and do not harm each other.

June 21, 2011 15:03 PM

Blogger Anonymous said...

I've just discovered Wuala following a link in a Wired article about the recent Dropbox tragedy. I'm going to cancel my Dropbox subscription as soon as I find a viable substitute. At this point I demand just one feature: 100% security and privacy: I'm a tech entrepreneur and I can't tolerate that my precious business data could be read by someone other in the cloud. I'm evaluating Wuala because of its client side encryption but I've found a problem: Wuala uses deduplication across accounts. I'm not a computer scientist but I think a very secure cloud storage service should first encrypt the file and then generate the hash, so deduplication should be limited to files inside one user's account. I think SpiderOak is stronger than Wuala in this respect but frankly I would like to entrust my data to a more solid (and European) firm such as LaCie. I think Dropbox tragic failure could be a huge commercial opportunity for you, but if you want to capture Dropbox disillusioned customers, you have to offer a 100% secure solution, so no deduplication across accounts... Remember: nowdays the success factor in the cloud storage business is security.

June 21, 2011 17:50 PM

Blogger Bernd said...

Hi, we´re aware of it ( see: https://bugs.wuala.com/view.php?id=3339 ). General deduplication has some big advantages for an onlinestorage and for its users, but of course we respect the wish of our user. As you see from the ongoing discussion, we are thinking about ways for implementing an option not to deduplicate files over multiple accounts.

June 21, 2011 18:14 PM

Blogger Vagif said...

I use Wuala and I very like it.
I really love trading feature! I'm already earned more than 500Gb FREE CLOUD storage space!

But, I think as soon as Wuala is still in `beta` many people don't want to use it. And probably it stops people to buy an extra storage space.

June 21, 2011 19:33 PM

Blogger Khurt said...

Anonymous, 100% security? Really? Do you read the news? http://gizmodo.com/5813560

June 21, 2011 22:56 PM

Blogger Anonymous said...

I'm a bit baffled by your General terms and conditions. In practice LaCie can do all and the (paying) customer can demand nothing. I think you should rewrite them in a more balanced way.

June 22, 2011 9:12 AM

Blogger Luzius Meisser said...

@Anonymous: we are currently thinking about revising the terms. If you have concrete inputs, please write to me (luzius AT wuala.com).

June 22, 2011 11:25 AM

Blogger Anonymous said...

At first sight, I read 'Closed Security' instead of 'Clod Security'.

Sure, Dropbox has some serious security issues but Wuala had them too. And both are closed source. It is a matter of trust although we all know that trust does not really work without efficient control mechanisms. People tend to be lazy if no one is looking.

June 22, 2011 11:26 AM

Blogger Anonymous said...

Hi, I'm a newbie and I have a doubt. If I understand correctly, Wuala encrypt my file only before they are uploaded, but when they are on my disc they are normal files, not encrypted files. I don't need any password to open them, copy to other devices, etc. So, as an example, if Windows fails and I have to recover my files using a Linux live CD, I will be able to copy and past them on a pen drive, as usual. Am I right?

June 22, 2011 20:24 PM

Blogger Anonymous said...

Hi, is size the only difference between Free and Personal plans? Do they offer the same features (Backup, Sync, Time Travel, File Versioning)? Thank you.

June 22, 2011 20:36 PM

Blogger Nuno Teixeira said...

@Anonymous 1: If windows fails, all of your files will still be stored online. You only have to download them. If you use sync folders, then the local files aren't encrypted because the Wuala client decrypts them after the download. So yes, you can access them the usual way.

@Anonymous 2: Currently the plans only differ in storage. The Free plan didn't have those features, but that changed :) Now you only pay for more storage.

June 23, 2011 5:28 AM

Blogger Anonymous said...

Is your AES encryption SECRET (128 bit) or TOP SECRET (192/256 bit)?

June 23, 2011 14:21 PM

Blogger Luzius Meisser said...

@Anonymous: we are currently using 128-Bit encryption and considering to move to 256-Bit for marketing reasons. Even though 256-Bit AES sounds more secure to the layman, it is not clear if it actually is as it has a number of weaknesses that 128-Bit does not. See for example
http://www.ecrypt.eu.org/documents/D.SPA.13.pdf
or Bruce Schneier's Blog:
http://www.schneier.com/blog/archives/2009/07/another_new_aes.html

June 23, 2011 14:34 PM

Blogger Brian said...

@Luzius Meisser:

For what it's worth, Wuala's knowledge of that particular weakness in AES is actually a big reason I'm considering switching from Dropbox to Wuala (instead of another client-side encryption competitor). Knowing that level of cryptographic detail indicates that you and the other folks behind Wuala didn't just have "encryption" as an entry in your features checklist and that you actually know what you're doing. In line with the topic of this blog post, that's reassuring :)

July 1, 2011 16:13 PM

Blogger Anonymous said...

Are the Wuala datas under the US patriot act ? Does Lacie use cloud system from US or is it a 100% european system ???

Kind regards.

PS : I'm European and want to have my data in Europe under the European laws...
PSS : you can use another layer of secusitu by using Ecryptfs for example : http://en.wikipedia.org/wiki/ECryptfs

August 15, 2011 9:42 AM

Blogger Oona Grauers said...

Hi Anonymous, see this page: http://wuala.com/en/learn/technology. Data centers are located in Europe, i.e. Switzerland, France and Germany.

August 15, 2011 10:32 AM

Blogger Anonymous said...

Even if the datacenter is in Europe, US partiot act law apply for US based company... Example if google have a datacenter in France, Google is a US based company and patriot act applies...

So if Lacie use Amazon Cloud for data, the datas are under patriot act...

August 15, 2011 11:10 AM

Blogger Oona Grauers said...

Hi Anonymous, what I meant was that our servers are located in Europe, hence we only European providers, i.e. one in France, one in Switzerland and one in Germany.

August 15, 2011 11:38 AM

Blogger Anonymous said...

sounds good :)

August 15, 2011 12:20 PM

Post a Comment