Does Free for life mean Free for life? Not to SugarSync it doesn’t

One of my favourite online storage services SugarSync announced on the 10th of December 2013 that they were dropping all their free accounts and you had until the 8th of February 2014 to pay for the service or your account would be deleted along with any data attached to it. Their press release can be read here.

Why they made this decision is unclear but the way they handled this doesn’t sit well with me, I’ve been recommending SugarSync for many years and know of a lot of people using their free 5GB service and many more using their paid services. They could have taken the approach that companies like Google have taken with Google Apps (if you had a free account prior to the changes you get the account free forever) and grandfathered the old free users and I doubt that anyone would have had a problem with this.

As a paid user who had just exceeded the 100GB limit on my $9.99 a month plan I was faced with having to upgrade to the 250GB plan for $24.99 a month to obtain an additional 10GB. I contacted SugarSync in September 2013 who offered nothing except upgrade to the 250GB plan.

“I understand your concern. But currently, we don’t have any intermediate plan between the 100 GB and 250 GB. However, you can earn more storage using the SugarSync referral program.”

Interestingly they raised the option of encouraging friends to sign up the free plan as a way to increase my data allowance, surely they knew about the changes coming in a few months?

  • When you refer a friend who signs up for a 60 GB individual or larger plan, you and your friend each earn 10 GB of free storage, which you’ll both receive after the friend’s first billing cycle.
  • When you refer a friend who opens a 5 GB free account, you and your friend each earn 500 MB of free storage, up to a limit of 32 GB.
  • Note  If your friend opens a free account, then upgrades to a paid account, you’ll both receive just the 500 MB of bonus storage, not 10 GB.
  • You won’t receive bonus storage for referrals who did not use your unique referral URL to sign up.

My SugarSync account is now closed, a small part of this was unwillingness to offer anything between 100GB and 250GB and the other is their shutting down the free service after promising to keep this running forever. I like SugarSync but SpiderOak has come a long way since I last looked at it and it was a straightforward transition.

I’ve helped many of the people that I had referred to SugarSync to user alternative services like SpiderOak who offer their free 2GB plan for LIFE. If you would like to trial SpiderOak an additional 1GB for LIFE free use this referral link by clicking here (this also gives me an additional 1GB for LIFE for free).

SpiderOak offers other benefits including encrypting the data before it is uploaded, read below for an explanation as to why this is a benefit.

Your SpiderOak data is readable to you alone. Most online storage systems only encrypt your data during transmission, and do not encrypt the data while it is resting on their servers. This means that anyone with access to the servers your data is stored on (such as the company’s staff) could appropriate it. Or, even if your data is encrypted during storage, your password (or set of encryption keys) is often stored along with your data, thus making your data easily viewable by anyone with access to those servers.

SpiderOak’s encryption is comprehensive — even with physical access to the storage servers, SpiderOak staff cannot know even the names of your files and folders. On the server side, all that SpiderOak staff can see, are sequentially numbered containers of encrypted data. In this way, we are not capable of betraying our customers.

The secret that keeps your data accessible to you alone is your SpiderOak password, which is never transmitted to SpiderOak in its original form. This means you alone have responsibility for remembering your password or ‘Password Hint’ (which you can create to help you remember.) If the password is forgotten, there’s nothing anyone can do to make the encrypted data readable to you again.

When you first run the SpiderOak software on a computer, a series of strong encryption keys are generated. The keys are themselves encrypted with your password and stored (along with your backup data) on SpiderOak servers in their encrypted form.

To be most secure, encryption key generation needs to happen on a real computer — not in a web browser. However, it’s 2013 and people expect to signup for services on the web. We use some Javascript magic to make this convenient.

If Javascript is enabled in your browser when you fill out the SpiderOak user signup form, Javascript code running inside your browser on your computer will hash your password with the bcrypt algorithm before sending it to the SpiderOak servers. Then when you first run the SpiderOak backup software, it will prompt for your username and that same password to authenticate you into your account. The plain version of the password is never sent to SpiderOak.

If you mistrust Javascript for these purposes, you may disable it when signing up for a SpiderOak account. In that case the form will have no password fields at all. Instead of a password a temporary “activation code” will be automatically created for you, and you can use this activation code when you first run the SpiderOak software to authenticate into your account. The SpiderOak software will then prompt you to create a password.

In either case, when you run the SpiderOak software for the first time and authenticate into your SpiderOak account, strong encryption keys for your account will be automatically generated, encrypted with your password, and saved. No trace of your original password is stored. These are the necessary steps to create a true zero knowledge environment.

Join the Conversation

1 Comment

  1. Noooooooo!!!! you can’t buy technical books in Hobart either.. I was just about to give these guys a ring 2 years too late. 🙁

Leave a comment

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

I agree to these terms.