Home Features Security Pricing Blog Download

Security

Wuala protects privacy

Wuala features best-in-its class privacy and data security. All files are encrypted on your computer before being transferred to the cloud. Your password never leaves your computer, so no unauthorized user, not even LaCie employees, could ever access your data.

Client-side encryption

Since encryption occurs before files leave your computer, Wuala effectively wraps a protective wall around your data in the cloud. LaCie employees have very limited access to your data. They can only see how many files you have stored and how much storage space they occupy. The files themselves, as well as all metadata (folder names, file names, comments, preview images, etc.), are encrypted. The following chart illustrates three typical encryption schemes. The scheme in the middle is what is used by most cloud storage providers.


How it works



Comparison of encryption schemes

What matters most when encrypting data is not the particular encryption algorithm (e.g. AES), but how it is used. Basically, three encryption schemes exist in cloud storage:

1. None

No encryption is used. Your data is sent to the storage in plain view, visible to anyone who has access to your network connection as well as to the storage provider. This is a little bit like sending someone a postcard: everyone involved in handling the postcard can read it.

2. Encrypted connection (e.g. SSL)

In this scheme, a secure channel is established between your computer and the storage provider before data is uploaded. That way, no one can eavesdrop on the transfer. However, the provider sees all your data. Often storage providers implement additional measures like creating corporate policies that disallow their employees to view your data. Another additional measure is using encrypted disks to store your data, so someone breaking into the data center and stealing the hard drives won't be able to read it. However, it is still visible to the provider and its employees. This approach has the advantage that the provider can process your data for you, such as for creating a search index. Also, it is technically easy to make the data available in the web browser or through an API. The problem with this approach is that your privacy is limited. The storage provider can, for example, be forced to provide your data to a government agency. What’s more, employees will be able to read your data even if prohibited by company policies. It is also much more likely that bugs or other errors could result in data leaks. This is the most widespread approach implemented by cloud storage providers.

3. Client-side encryption

This approach is inherently more secure than the others. Apart from Wuala, there are only a few other cloud storage providers following this scheme, mostly backup services. All data is encrypted locally on your device before it is uploaded. No one not explicitly authorized by you can see your data. Since not even the storage provider can see your data, they cannot be forced to hand it over to government agencies. The employees are also not able to read your data. As a side effect, it is impossible to recover your password in case you forget it. You can test your cloud storage provider’s security by checking whether they offer password recovery or password reset. If yes, then it does not employ client-side encryption. With client-side encryption, security is embedded deeply in the design of the storage.

One of the main challenges with client-side encryption is key management. If you only want to back up, a single master key is enough. However, if you want to be able to share data selectively, your cloud storage must feature a sophisticated key management scheme. Wuala features such a system, called Cryptree, whose basic principles are described in this paper.

Currently, Wuala uses AES- 256 for encryption, RSA 2048 for signatures and for key exchange when sharing folders, and SHA-256 for integrity checks.

Wuala stores your files in multiple places

To keep your data safe, your files are stored redundantly in many different locations. Our servers are based in Switzerland, Germany, and France.

Publications

Cryptree

Swiss Technology

swiss made software

The label "swiss made software" stands for Swiss values and innovation, openness and flexibility in software development.

Ecology

  Wuala protects the environment - our servers are powered with 100% green energy.