14 comments

[ 3.6 ms ] story [ 45.9 ms ] thread
The piece would probably have been improved by staying on your initial course and focusing on Bitcasa's business model, and the impact that certain specific technical choices have on the running costs.

Instead, after a strong introduction, you switched over to discussing these "Potential Flaws", which are no different than those facing every cloud storage vendor. It seems strange to write an attack-piece on this new player, rather than on the industry as a whole.

1. Bitcasa can kick/cancel abusive or uneconomic accounts. Preventing them rejoining is tricky, but no harder for Bitcasa than any other internet service (from some tiny 10-user internet forum via Dropbox right through to Amazon), so why single them out?

2. "any provider of this service could be legally responsible" (my emphasis) is just weasel words.

3. Bitcasa can tell whether I have a particular file, but (at least in the general case) can't tell whether I'm licensed or authorised to have that copy.

4. See 1.

(Also, the "convergent encryption" link is broken.)

1. The issue isn't that bad guys exist and everyone has to deal with it. The problem is that for them to deal with it they have to sacrifice their user's privacy (quotas and stats open clients up to attack). If dropbox does that they don't subject their user's to any (more) security risks as they don't make such a strong assertion.

2. I am not a lawyer, but part of this post is to focus on the viability of the model. What I hope to come out of this is discussion on ways to reduce the legal exposure a company has in this privacy-centric model.

3. That is true but that isn't how copyright lawsuits generally work. For example, if you own a CD and they get you downloading something from bittorrent you'd have to argue that point in court. Even if you did nothing wrong that is more exposure than "client side encryption" would lead most people to believe.

I agree it is strong, though I wouldn't call it an attack piece. I will gladly update this as more information surfaces but I believe my assumptions are plainly explained and are likely to be true. The reason for my focus on them is they did many things exactly how I would have wanted them to, but it is dangerous to advertise a certain level of encryption that is generally understood and then provide something that has a variety of subtle flaws. I'll add an update to clarify #1 as that is important.

Edit: Convergent encryption link is fixed in the post (thanks for the tip)

The problem is that for them to deal with it they have to sacrifice their user's privacy (quotas and stats open clients up to attack)

I can't find the section that demonstrates either assertion.

if you own a CD and they get you downloading something from bittorrent you'd have to argue that point in court

Actually, bittorrent court cases typically focus on the uploading aspect (remember that on bittorrent, downloaders are also uploaders) at least partly because it is much easier to prove that someone doesn't have publishing rights.

It's also not clear if you're aware of the DMCA.

Flaw #3 and the 'shortsighted solutions' for #1 address this. Keeping quotas and logs leaks information about what you are storing. For example, if you keep statistics on the largest file a user has, then it dramatically reduces the number of files that the user's "true" file can hide in. This is a class of "side channel attack" (look that up for more on the subtle issues introduced).

So uploading was covered in #2 in the post. #3 is the downloading/user possession aspect. I am familiar with the DMCA which would reduce the scope the companies liability for #2; however, it does compel them to be compliant which hurts users (covered in #3) and there a variety of subtle situations where the DMCA wouldn't help them. Note that google makes copies of your music (in GMusic) instead of hash matching for similar reasons where Apple secured an expensive license to do this. Certainly Bitcasa doesn't have any special deals like that. So yes, to your point the DMCA reduces liability but I maintain that it is still a potential flaw (which is what the title of that paragraph is).

Keeping quotas and logs leaks information about what you are storing

Who does it leak information to? how? what information anyway? and why is any of this a problem?

For example, if you keep statistics on the largest file a user has, then it dramatically reduces the number of files that the user's "true" file can hide in.

I don't understand what you are saying. Are you claiming that Bitcasa is some kind of steganographic cloud?

and there a variety of subtle situations where the DMCA wouldn't help them

Like what? Are Bitcasa any more vulnerable than every cloud storage provider (other than Apple which, as you say, appears to be a special case)?

This shows that they have to know who has access to each file, even if they don't want to. That is a privacy issue that other services are immune to because they don't actually make the claims that bitcasa does.
the claims that bitcasa does

Where are all these claims listed that you appear to be arguing against? All I see in their (very limited) marketing materials is a mention of client-side encryption, which they do indeed seem to implement.

There is an exciting new company Bitcasa that promises infinite storage for $10 a month and says your data is encrypted client side.

Isn't it what Backblaze has been offering for a few years now for half that price? I cannot say I'm particularly excited.

Re: 2 ("the rapidest share"): you can simply force clients to upload a file at least once before being allowed to download it. That is what Dropbox did after people pointed out this issue.
Did they? I thought they just checked bits and pieces of the file at random.
That is true but it changes the user experience and cost model pretty dramatically. This is designed to save all files including OS, so the de-duplication that they have would be only useful for storage and not bandwidth.
Just wondering: if I were to use such a service and rely on some client they provide, I would probably encrypt all my content myself, then give it to the client. Maybe even install an extra VM just for the purpose, so that the client can get no access to my "real" system.
re. the VM idea. Do you have some reason to believe that their client software is more likely to be malicious than anyone else's?
Not really, but they are in the business of scanning my computer and phoning home, and they propose some weird cryptography scheme which makes them less trustworthy somehow (just a feeling). I just want to make sure they don't store anything on their servers I don't want to give them.

Anyway, I won't implement that plan because I assume it is not in the interest of that company.