Wuala Account Setup

Wuala is a cloud storage service by LaCie, a computer storage and display outfit. Like all cloud storage services, Wuala makes it easy for you to backup, sync, share and retrieve your data from any location. How does it differentiate itself from the rest of the pack?

Well, LaCie claims that Wuala is different because “All files get encrypted and are stored redundantly. No one unauthorized – not even Wuala as the provider – can access the files.” Essentially, your data is encrypted locally, on your computer, before it gets uploaded to a server in some remote location.

But how does the system work? It starts with you installing the Wuala client on your computer, followed by an account creation process. Your account password is used to encrypt your data, with the password not transmitted over the wire. Since your password never leaves your computer, nobody else but you know what your password is. So nobody should be able to decrypt your data. The screen shot below shows the account setup screen.
Wuala Account Setup

Sounds good, but could there be a backdoor? And why am I even raising that possibility? It stems from a fundamental understanding of how these things work. You see, the password you specify is used to encrypt and decrypt your data, but it is not the encryption algorithm, which we do not know anything about.

Related Post:  EFF's Guide to Protecting Electronic Devices and Data at the U.S. Border

That, plus aspects of the Terms of Service, which I took the time to read, makes me think that under the right circumstances, you might not necessarily be the only person that can read your data.

This paragraph in the terms of service, under Use of Service, makes me feel very good about it:

LaCie agrees that all files you store using the Service, including their metadata (file name, description, comments, thumbnail images, etc.), (“Data”) will be encrypted such that they can neither be read by LaCie nor by any third party, unless the Data is explicitly shared or made public by you. LaCie has no access to your password, does not know it and cannot reset or recover it. You acknowledge that if you forget your password, your Data will be irrevocably lost.

But not this line, under the same section: “As part of the evolution of the Service, LaCie may discontinue, modify or add new features to the Service without prior notice to you.”

Related Post:  webOS: The latest open source, Linux distribution

The paragraph that made me very suspicious about how private the service is, is this one, under the Privacy section:

“Customer agrees that LaCie may transmit any data stored by Customer to a third party if LaCie believes in good faith that it is required to do so in order to: (a) comply with any law or order issued by any legal authority; (b) avoid infringement of the rights of a third party; or (c) protect the property of LaCie or the personal safety of its users and the public.”

In other words, if LaCie gets a simple letter from a government entity that says, “Give us the data from customer Joe Blow,” they will comply, which they must, under current laws. That leaves the possibility that there could be a chink in the encryption armor (read backdoor) that could make it possible for somebody other than you, to read your data, even without your password. Use these services with care. If I had data that I wanted to keep private, the only way I would use Wuala or any other cloud storage service will be to encrypt it first, before uploading it.

Share:

Share on facebook
Facebook
Share on twitter
Twitter
Share on pinterest
Pinterest
Share on linkedin
LinkedIn

Hola! Did you notice that LinuxBSDos.com no longer runs network ads?  Yep, no more ads from the usual suspects that track you across the Internet.  But since  I still need to pay to keep the site running, feel free to make a small donation by PayPal.

Subscribe for updates. Trust me, no spam!

Mailchimp Signup Form

Sponsored links

1. Attend Algorithm Conference, a top AI and ML event for 2020.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the latest

On social media
Via my newsletter
Mailchimp Signup Form

Partner links

1. Attend Algorithm Conference, a top AI and ML event for 2021.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.
Hacking, pentesting distributions

Linux Distributions for Hacking

Experts use these Linux distributions for hacking, digital forensics, and pentesting.

Categories
Archives

The authors of these books are confirmed to speak during

Algorithm Conference

T-minus AI

Author was the first chairperson of AI for the U.S. Air Force.

The case for killer robots

Author is the Director of the Center for Natural and Artificial Intelligence.

Why greatness cannot be planned

Author works on AI safety as a Senior Research Scientist at Uber AI Labs.

Anastasia Marchenkova

An invitation from Anastasia Marchenkova

Hya, after stints as a quantum researcher at Georgia Tech Quantum Optics & Quantum Telecom Lab, and the University of Maryland Joint Quantum Institute, I’m now working on superconducting qubit quantum processors at Bleximo. I’ll be speaking during Algorithm Conference in Austin, Texas, July 16 – 18, 2020. Meet me there and let’s chat about progress and hype in quantum computing.