Originally Posted by Rainrider
Why do you trust SpiderOak for not saving your password? The client that generates it is closed source so no way to know it for sure.
|
(1) My password file from PasswordSafe is encrypted already, so even if SpiderOak is lying to me, they can't access my passwords. If they really want to spy on my recipe collection or my user stylesheets, which aren't independently encrypted, well... knock yourselves out, guys. Grab some beers, hire some strippers, lay down some lines of coke, and have a wild party while you read all about how I reskinned Amazon and Duolingo. Oh yeah, baby, check out dat readable font size and dem colors!
(2) I'm more inclined to trust SpiderOak with my data than Dropbox etc. who do not encrypt my files at all, and who have explicitly stated they have full access to the content of my files ("but only a few special people, and we won't look unless someone with a warrant tells us to"). The SpiderOak app as a whole isn't open-source (yet) but many of its components are. If the whole thing is a sham, they've gone through a lot of trouble to write a lot of code they're not even using. While it's possible, I don't think it's very likely, and it doesn't seem like it would be worth the effort for them. Anyone uploading sensitive data to the cloud should be encrypting it independently anyway.
(3) I'm not a FOSS nut. I use plenty of closed-source software, and I bet you do too. I choose software primarily based on the features it offers, not on whether I can read the source code. If there are two options that will satisfy my needs, and one is closed-source while the other is open-source, I'm more inclined to choose the open-source option (with that inclination growing stronger as the amount of sensitive data stored by the app increases), but I don't go through life assuming everyone who writes a useful app is out to get me. And let's be honest here -- who actually reads through the source code of every (or even
any) open-source program they use?