5 comments

[ 3.4 ms ] story [ 22.8 ms ] thread
I built this solo.. it took about a year to get it this far. Feedback is appreciated.

I wrote the filesystem, webdav server, and a web framework (used for the website and webdav server).

Written in C... and it runs on Debian + Apache + PostgreSQL

The filesystem has support for dedup, encryption, end-to-end checksumming, and a few other features. Copy-on-write... so it keeps a complete history of changes. It uses the userid + filename + date/time to reference files, so the complete history is accessible. The history is controlled by the "erase delay" setting right now, but I plan to create a nicer interface for it later (so you can browse your files at any point in time).

When files are uploaded, control is passed from the WebDAV server to the fs.. so files are encrypted as they're uploaded.

So what do you think?

The most important question: can you, the provider, see/decrypt any data?
I was waiting for this question... The encryption is done on the server.. so it is possible to decrypt the data. However, I haven't written any tools to do that; I certainly don't think I have any right to look at what you store, nor is it useful to me in any way; and I am serious about the ToS -- decrypting the data requires a valid subpoena.

Also you can use client-side encryption (which I cannot decrypt). Everything else will still work -- dedup, history, etc.

I'm surprised more people haven't commented about this. I think what you're doing is awesome.

I've always been hesitant in buying online storage because so many companies say my files would be encrypted on their servers, e.g. Google and Amazon, but in fact, they only encrypt data when it's at-rest or when it's not available online. So while their servers are up and running my files are unencrypted, available online to anyone who can access my account? I think when a company says 'my files are encrypted on their servers' that means in-motion and at-rest, not only when their servers shutdown. Storage providers like Google and Amazon don't actually encrypt customer files because their encryption takes place when their servers aren't in use.

I like the sound of my files being transferred over SSL through HTTPS, not a special service, then encrypted using AES 256-bit at the same time my files are being uploaded. That's sweet dude. And, I don't have to upload terabytes of data to pay only $0.10/gb!

(comment deleted)