Home Features Security Pricing Blog Download

Wuala Blog

Saturday, 3 December, 2011

The patriot act and cloud storage

This article on politico discusses the implications of the patriot act in the US on cloud computing, namely that companies and governments are reluctant to use US based cloud storage because data stored in the US becomes accessible to the US government through the patriot act. The best way to avoid this is to take the Wuala approach of client-side encryption and to encrypt everything before it is uploaded. With client-side encryption, no one, not even LaCie as the operators of Wuala, can see your stored data and therefore also cannot give it to a government agency or anyone else. Furthermore, Wuala's datacenters are all located in Europe which has more data protection laws, giving additional comfort to our users.

Post Comments

Blogger Zsolt Peter Basak said...

That's why I love Wuala. :)

December 3, 2011 12:57 PM

Blogger kalvin said...

Well conceived and welle done guys!

December 3, 2011 15:47 PM

Blogger Guest said...

Lacie is an American company and therefore bound to American laws. It should therefore be assumed that Lacie cooperates with American law enforcement as all companies do in jurisdictions relevant to their business.

(I know Lacie Switzerland is a Swiss company and Lacie is to a certain degree also French. That does not help either, France and Switzerland law enforcement is not bound by data privacy either.)

December 3, 2011 16:01 PM

Blogger Anonymous said...

To "Guest": even if Wuala's servers were in the US instead of Switzerland... they could only hand-over encrypted data whose key is unknown to them.

Good job, Wuala.

December 3, 2011 16:38 PM

Blogger Guest said...

@Anonymous: Sure, and Skype is fully encrypted and legal interception is not possible. Ever heard of backdoors and other access ports for law enforcement authorities?

December 3, 2011 17:36 PM

Blogger Anonymous said...

Best reason yet to open source the client. Transparency creates confidence.

December 3, 2011 21:39 PM

Blogger Luzius Meisser said...

@Guest: LaCie is a French company, not American.

December 4, 2011 10:01 AM

Blogger Anonymous said...

Vive la France!

December 4, 2011 17:22 PM

Blogger Anonymous said...

I apologize if I've missed this somewhere on your site, but I couldn't find an answer to this question: Is Wuala compatible with some sort of local encryption, like Mac's FileVault?

Also, a small stylistic comment about the website. For some people videos are a nice way to get information, but for me, and probably others, text is preferable. It's faster, and doesn't need audio.

December 4, 2011 20:01 PM

Blogger Anonymous said...

A smart move Wuala should do: make the client available in open source.

Many benefits:
1) Wuala would be regarded as the most secure and trustful cloud backup provider
2) Free buzz, resulting in many new customers
3) Free help/improvements from the community
4) After the removal of the trading feature, disappointed people will probably be happy again :-)

Sooner or later, the Wuala competitors will open source their client, and you will be forced to follow. So, it's probably better to do it on your own, and make profit of the good press you will get :-)

BTW, regarding privacy, you should disable deduplication, or you should do it after encryption (in that case, it will be probably useless) or only per account.

My 2 cents.

December 5, 2011 14:52 PM

Blogger willemijns said...

Hummm... AFAIK it is possible to know by encrypted file hash comparison files than you have a certain file (size/CRC) in common with another users...

December 6, 2011 11:45 AM

Blogger Anonymous said...

@willemijns if no dedup is required, then a given file encrypted two times will result in two different encrypted versions, as long as the crypto is done correctly (ie, CBC mode, with random IV).

You can then apply dedup on encrypted data, but as the blocks will be more or less random, the effeciency of the dedup process will be probably poor.

I would be more than happy to pay the price for having a better and safer system *by default*. Of course, nothing prevents you to still use encfs or Truecrypt :-)

December 6, 2011 17:18 PM

Blogger Anonymous said...

real security can only be proven by source code release of relevant parts of the wuala client software or allow for an open pluggable plugin like mechanism for encryption part of wuala which could be provided by opensource community and review the code.

at the current moment all we have is wuala promises and a lot of text. there is zero proof all these years that wuala has no second backup keys, does not transmit the password in some ways back to wuala themselves, does not derive or backup decrypted privatekeys and so on.

please come forward and release a somewhat opensource client software at last or the relevant modules and allow for plugin architecture of the security related parts of wuala at last.


December 6, 2011 17:40 PM

Blogger Anonymous said...


An open source client is the unique way Wuala can claim to be "secure by design !"

December 6, 2011 18:29 PM

Blogger Anonymous said...

How about working a bit less on security and encryption and a bit more on proper file sharing (so mayne pple coming back to ma saying it s not working when i send a link) and a good upload manager? We re not all james bond.

December 18, 2011 15:30 PM

Blogger Anonymous said...

Did you have a close look at the privacy policy (October 2011)?
Read the following:
6. Disclosure to third parties

Basically, your data is not transmitted to third parties. However, LaCie may release personal data if the law requires it to do so or in the good-faith belief that such action is necessary to comply with any laws or respond to a court order, subpoena, or search warrant or to protect LaCie's rights and interests. Furthermore, you expressly agree that LaCie can disclose personal data to identified third parties (e.g. owners of intellectual property rights) and/or government enforcement bodies in order to enforce the General terms and conditions, particularly in case of founded indications that the laws or the rights of a user or of third parties, particularly copyrights, other industrial property rights or personal rights, have been violated , insofar as such is necessary.

December 27, 2011 10:30 AM

Blogger Anonymous said...

@anonymous of 18 december, you don't need to be james bond to take care of your privacy. There are many other services sharing oriented you can use if this is your primary need.

Privacy is the future for business on the cloud and open source is the only way to guarantee you really do what you promise.

December 30, 2011 17:18 PM

Blogger Chris said...

I agree with the open source comments.

I love Wuala and want to stay with the service (I'm paying $79 a year with Wuala and I feel that's a steal). However, I'm closely watching projects like Syncany
http://www.syncany.org and
Own Cloud http://owncloud.com/ simply because they promise the same functionality as Wuala but with less restriction on storage (don't have to use Wuala's servers) and most importantly they are open source so that we don't have to take your word that you aren't back-dooring info.

It would be in Wuala's business interest to seriously consider these open source requests. The future of cloud computing is in security that is not dependent on the corp that is providing the service (ie - client side encryption) and at the same time can be verified secure by ANYONE.

January 6, 2012 20:17 PM

Blogger harpdog said...

no matter if back door or warrants etc. all they get is your own personal encryption. why is that so hard to understand. Here, read my gobble gook.

July 5, 2012 20:28 PM

Blogger Another guest said...

@Guest: They can't cooperate with law enforcement even if they wanted. They don't have the private keys for the user data.

August 21, 2012 12:15 PM

Blogger Anonymous said...

In the end, there is no protection against a government. E.g. without a key they could force Wuala to change the software to intercept the password, they could decrypt your data without key by brute (super) computing power, they could force you in person to decrypt it for them, they could install a keylogger, etc. etc.

January 14, 2013 17:50 PM

Post a Comment