[nextparadigms]

"HP: What do you do in terms of encryption or security?

TG: We encrypt everything on the client side. We use AES-256 hash, SHA-256 hashing for all the data.

HP: So it’s encrypted all on the client side and you can’t look at it on the server side?

TG: Exactly"

Finally, a company that gets it. I've been asking for this for a while now. I wish Dropbox and all the others would do this, too. I get it that some of Dropbox' customers may not want to deal with the encryption on the client side, but they should at least offer the option to everyone, and it should be right there every time someone wants to upload something. It would be best if it was the default option, too.

This way they won't get into the mess they got into last time with the feds asking for user data, and the clients who want full security of their data won't have to be worried about it anymore.

[SkyMarshal]

SpiderOak does this.

https://spideroak.com/engineering_matters

Disclaimer: no affiliation, just like the product. I use SpiderOak to backup private things like AWS keys, KeePass data file, Bitcoin wallet, etc., and Dropbox for documents, photos, and everything else not quite as sensitive.

[rednaught]

In addition to Wuala, Spideroak does this as well.

A problem remains "with full security" in that you have no idea what's going on in the binary client program. Reveal or open-source the client program and allow customers who need this end-to-end security to compile the program themselves.

[SODaniel]

We at SpiderOak in fact do not cross-account deduplicate AT ALL and provide a full zero-knowledge environment with no access to client side encryption key info.

We feel that the possible cost savings involved with deduplicating data across user accounts is just not worth the inherent security risks.

[mkuhn]

Wuala has been doing this since they started in 2007 or 2008.