Search
Navigation
Tweets
Blogroll
Powered by Squarespace
« Virus scanners for OS X | Main | Don't give me options »
Tuesday
Dec052006

Keepyounotsafe.com

DateTuesday, December 5, 2006 at 07:20AM

The online safe deposit box of KeeyYouSafe.com doesn’t instill much confidence. Their terms of usage are both scary and hilarious.

For example, you cannot store

“any Windows temporary files of any kind (including, without limitation, any .p or ~.* files)”

Huh? What if my .p files are not Windows files?

And while your content seemingly is protected under your password,

“It may also be necessary to access users accounts to verify that the accounts are not being misused, especially with respect to digital copyright laws”

Great, so it means they can see all your files in the clear.

What takes the cake, though, is that this online safety deposit storage company boldly states

“KeepYouSafe.Com maintains regular backups of data (…) However, the most important step for a reliable backup is at the user end - ensure that you have your own copies of the data. You agree to make, maintain and protect current backups of any data stored at KeepYouSafe.Com”

So, tell me again, what good is this service?

A better solution would be to handle it yourself. For the Mac, encrypt it using a secure image, or for the PC, encrypted using the excellent Axcrypt. You can then put these files on a flash drive or in your Gmail account.

AuthorHans | Comment3 Comments |

Reader Comments (3)

But KeepYouSafe is CERTIFIED HackerSafe(tm)! Doesn't that count for anything these days? :-)
December 5, 2006 | Unregistered CommenterBig Dave Diode
Thank you for pointing out these issues in our Terms and Conditions. We take feedback very seriously, and have already taken steps to improve the T&C.

In response to your post, we have updated the Terms and Conditions to remove the windows file restriction (I'm not sure myself why that was there, this was originally written by a paranoid attorney) and also to clarify the "Access your account" stipulation.

To be 100% clear, we will only be able to see that there are things in the box, not the data itself. Without your password we can not see what they are because they are encrypted with 256 bit AES, and we do not keep a copy of your password anywhere to decrypt it!

Have you read our technical white paper? I think it would help address your concerns about the service not being safe. We have done everything that a strong online banking website would have done, and more - including encrypting your data with military-grade 256 bit AES encryption with your own key, full proactive fraud detection and prevention, regular audits & vulnerability assessments, and a hot site in Europe with full data replication.

The URL of the technical white paper is http://www.keepyousafe.com/KeepYouSafe-Technical-Overview-White-Paper.pdf
December 5, 2006 | Unregistered CommenterKeepYouSafe.Com
Thanks for your comment. I did look at your whitepaper and comparing to the new one, it seems very similar, so I'm not sure what changed.

As soon as you have a user encrypt using the authentication mechanism (that is, having the same password both authenticate and encrypt) you leave her vulnerable, since you can store the PBE key away and decrypt her files at will, long after she's logged out of her system. (This effectively cancels out whatever algorithm you use to derive the key from the password.)
December 7, 2006 | Registered CommenterHans

PostPost a New Comment

Enter your information below to add a new comment.
Author Email (optional):
Author URL (optional):
Post:
 
All HTML will be escaped. Hyperlinks will be created for URLs automatically.
Alert
Comment Moderation Enabled
Your comment will not appear until it has been cleared by a website editor.

Notify me of follow-up comments via email.