Wuala Encrypted Cloud-Storage Service Shuts Down 128
New submitter craigtp writes: Wuala, one of the more trusted cloud-storage services that employed encryption for your files, is shutting down. Users of the service will have until 15th November 2015 to move all of their files off the service before all of their data is deleted. From the announcement: "Customers who have an active prepaid annual subscription will be eligible to receive a refund for any unused subscription fees. Your refund will be calculated based on a termination date effective from today’s date, even though the full service will remain active until 30 September 2015 and your data will be available until 15 November 2015. Refunds will be automatically processed and issued to eligible customers in coming weeks. Some exceptions apply. Please visit www.wuala.com for more information."
WtF? (Score:3, Interesting)
Re: (Score:1)
more like wuala's competition, with more access to lawyers, with more ability to and benefit from submitting claims to the NSA, whined up all the right channels to profitability.
box.com might just make it out of their mess
Re:WtF? (Score:5, Interesting)
Did you know that Box's CEO pays himself a very modest salary, lives in a tiny apartment near the office, drives an old car, and got a very small stake in the IPO (something like 4%)?
The guy has been working like a madman for over 10 years. I'm not a big fan of him, I find him obnoxious, but he is definitely not a scammer.
Re:WtF? (Score:4, Insightful)
You can't be certain that's true. It could look the same way whether it was NSA action or not. That's what an NSL is intended to ensure.
So it's quite reasonable to assume that this is NSA action, but don't be close minded about it. There could be other reasons.
Re:WtF? (Score:4, Informative)
SpiderOak updates their canary every six months:
https://spideroak.com/canary [spideroak.com]
Re: (Score:2)
IIRC there has been a court decision, though I can't remember which court, in what context, or whether it was a binding precedent, that to kill a canary is to violate the terms of the NSL.
Possibly it was in the context of a secure communication company closing down because it could no longer protect it's customers.
Re: (Score:2)
Re: (Score:2)
That can be interpreted as killing the canary. I'll agree that it shouldn't be illegal, but then most of what NSL letters authorize *should* be illegal.
Re: (Score:2)
"We're not aware of any case where a court has upheld compelled false speech"
It's in the fifth question up from the bottom of the FAQ
Re: (Score:2)
https://canarywatch.org/faq.html [canarywatch.org]
Re:WtF? (Score:5, Insightful)
afaik, they're swiss. not the parent company (lacie) or the parent's parent company (seagate) but wuala itself was incorporated in switzerland to give it some protection from NSA's claws. I think they simply priced themselves out of the market. I used to recommend them (their free tier was great) when ubuntuONE shut down but when they went for paid only accounts, the price was just too high compared to competition.
Re: (Score:2, Insightful)
Lol. Yes. I'm sure the NSA just _hates_ the idea of people uploading stuff to a central location they think is encrypted with 100% security.
Bollocks. The NSA would prefer a service like this they can get to to people just encrypting stuff on flash drives.
Re: (Score:3)
Just as likely somebody identified an incorrectable zero-day flaw in their system and was 'nice' enough to give them time to fix it or shut down before revealing it
Re: (Score:3)
There are thousands of other possible reasons to shutdown that have nothing to do with security, for example: business not doing well enough to continue: poor market penetration, people not interested in their product, competition eating their lunch.
So it goes... (Score:3)
Re: (Score:3)
The one month is till it goes read-only - your data is safe till 15 November, which is better than a lot of services have done in the past.
Re: (Score:3)
Re:Oh well (Score:5, Funny)
You can't even spend $9 to back your joke by buying the domain and putting up a quick website? Lame.
That's the problem with kids nowadays. No follow-through.
Re: (Score:2)
My preferred alternative to Wuala (Score:4, Insightful)
Re: (Score:3)
Combined with a bit of owncloud that's a very good alternative.
Re:My preferred alternative to Wuala (Score:4, Informative)
I hope you have an offsite backup as well. Because what could possibly happen to that "hard drive in the computer on my desk", right? We all know "the cloud" is ridiculously overhyped, but automatic offsite backup is really one of it's killer applications.
Re: (Score:1)
Re: (Score:3)
Re: (Score:2)
You're not thinking this through... your hard drive is not going to survive a fire or theft, or you being momentarily stupid and accidentally formatting your disk, or a virus doing it for you, etc.
First... it's a backup, which implies you already *have* a local copy of all your data (preferably two copies). It doesn't matter if your backup provider shuts down. You can just get a new one, and you're backed up again as soon as your files finish uploading. As you saw, this provider is providing months for
Re: (Score:2)
Re: (Score:2)
The point of the offsite back is not to be there forever, but to be there if you lose your local hard drive in the near future. That's why it's a "backup". If it vanishes, make a new backup. Without the cloud, it's a royal pain to keep offsite backups current.
Re: (Score:2)
Does your hard drive give you a 3 months notice before it breaks and leaves you without a backup?
This cloud provider just did.
Re: (Score:3)
So make an encrypted blob and throw it on S3 for 25 cents a month? Something like that that likely won't fall apart overnight, and the encryption is on your end so the NSA can get stuffed.
What's the point of encrypted cloud where you need to trust the host..?
Re: (Score:2)
That's actually what I do. I use a NAS device to backup my computers, and it backs itself up to an Amazon S3 folder.
Re: (Score:2, Funny)
Pfft...
I use steganography and hide my personal files in the bit torrent cloud of porn.
That stuff is forever.
Re: (Score:1)
Re: (Score:2)
In either scenario the files are all sitting on the hard drive under your desk. Basically all you said is: "My preferred alternative is no backups."
Re: (Score:2)
Yes. And then Seafile (http://seafile.com) open source encrypted cloud storage to access it.
At least they're giving notice (Score:4, Insightful)
I'm sorry they're shutting down. At least they're giving their users some notice, which is good.
I suspect there's a niche market in encrypted storage online that would be marketed as (supposedly) "NSA proof", if such a thing is even possible. I suspect that the current reach of the NSA is for all intents and purposes unlimited in the US. I doubt there's much they couldn't get into if they wanted to.
I mean, we know that Wall Street has been thoroughly and utterly penetrated and is basically the plaything of corporations and financial houses.Add in the activity by blackhats ripping off whatever they can from the major brokerage houses and Wall Street is a joke in terms of any fairness.
Given that, is it so far-fetched to surmise that the NSA has managed to get it's taps into virtually every communication medium we use? (Especially after the recent revelations about AT&T being in cahoots with the NSA.) At this point I'd be more surprised if they didn't have everything tapped.
Re: (Score:2, Redundant)
I doubt there's much they couldn't get into if they wanted to.
In the United States, there is literally NOTHING they cannot get into. As long as the owner of whatever service or software they want to get into lives within or visits the physical jurisdiction of the United States, there is absolutely nothing stopping them from serving a National Security Letter that gives that person the opportunity to cooperate or be thrown in jail until they cooperate. The only way to have a service that's even semi- "NSA proof" is to have it reside entirely outside of the United State
Re: (Score:2)
Which is why if you want real security, you roll your own encryption, no?
Re: (Score:2, Troll)
In the United States, there is literally NOTHING they cannot get into.
Except ClintonEmail.com server. NSA couldn't get into that.
Re: (Score:3)
The best option is to use a normal, un-encrypted storage provider and do your encryption client side. Don't rely on their security or resistance to NSLs etc.
My current preferred combo is OneDrive and CloudBacko. OneDrive is cheap and if you go here [onedrive.com] you can get unlimited storage, otherwise it's 1TB. CloudBacko is cheap and based on established server backup software. It's configurable enough to do what I want and seems to implement encryption properly (including file names, files added to encrypted archives
Re: (Score:2)
OneDrive? Does it work straight forward and reliable under Linux?
Some of us live in both worlds. (Or even 3, throwing OS X in the mix.)
Re: (Score:2)
It does. CloudBacko has a Linux version that supports OneDrive, and you can access it via the web interface for non-encrypted stuff.
NSA is plausible. (Score:4, Interesting)
But also plausible might be that the encryption has been cracked or breached lets say by white or black hats, and the site decides to let the customers get their data out and shut down before the breach is known across the the full hat population.
Re: (Score:2)
Astutely put.
Basically the company has carved out a non-existing and non growable niche.
Alternative Encrypted Cloud Storage Providers (Score:5, Informative)
SpiderOak [spideroak.com] is decent but they recently dropped their free plan, so not sure what's going on there.
MEGA [mega.co.nz] was great but Kim.com said last week in Wired [wired.co.uk] that the company is run by criminals
Tresorit [tresorit.com] is good but expensive. Maybe that's why they've been around so long.
Bitcasa [bitcasa.com] pulled a Wuala last year and closed down their consumer cloud storage after a lawsuit [engadget.com]. That's pretty much it. There's OwnCloud [owncloud.org] which is do it yourself. And BitTorrent Sync [getsync.com] which is kind of do it yourself but they've been adjusting pricing so it's bait and switch as well.
Re: (Score:2)
These are more techie-oriented rather than for general desktop use (they don't have shiny GUI sync clients, and are aimed at Linux/BSD users), but two I'd recommend:
rsync.net [rsync.net]. Remote ZFS filesystem you can scp files to, or access over ssh via a restricted shell that supports a range of backup tools. For encrypted backups, if you're on a unix machine, you can point duplicity [nongnu.org] at it. They've been around a long time, and have a warrant canary [rsync.net], though if you encrypt the files client-side with something like dupl
Re: (Score:1)
Encrypt locally using any of the good open source crypto libraries, or a free tool like TrueCrypt, and THEN store in the cloud with standard mechanisms
Re: (Score:2)
You don't get Wuala - yet client side encryption was precisely their thing.
Re: (Score:2)
You mean "client side encryption" conducted by closed source binaries delivered from their servers (and updated automatically)?
You don't seem to get the trust issues here. Having one company handle both the encryption and the data storage is folly. The whole "client side encryption" aspect may or may not be true, but since you can't verify it it amounts to nothing more than marketing.
Re: (Score:2)
Just use a backup app that supports multiple cloud services, instead of relying on their client software. Then you can use any random service, like Google Nearline ($0.01/GB/month, instant access) or OneDrive or Dropbox or a combination of them all.
It's more secure that way too, since you are not relying on the security of the cloud service, you are doing all the encryption at your end and using client software that they can't be forced to backdoor with an NSL.
Re: (Score:2)
Microsoft and Apple were both ran at one time by criminals. Yet billions of individuals continue to do business with those companies.
Re: (Score:2)
Care to back this up with some facts?
Re: (Score:2)
Both Jobs and Gates have have been arrested or at least had arrest warrants issued for driving infractions. Jobs also admitted to phone phreaking and drug use [appleinsider.com]. I'd be extremely surprised if Gates also didn't have something in his past more serious than traffic violations. Regardless though, they are criminal although petty offenses.
As far as I can tell, Bill Liu/William Yan/Donghua Liu/whatever other name he might go by has yet to be actually convicted of any crime. So currently he's just as much a crimi
Data rush (Score:2)
Maybe not the NSA -- it might just be business (Score:5, Interesting)
Wuala is owned by Lacie. Lacie was purchase by Seagate in 2014. Seagate has it's own online backup products. Maybe Seagate wants to eliminate a redudant or money-losing service? It happens...
Yes, the NSA is the bogeyman, and is a threat to secure encryption everywhere. But the invisible hand of capitalism can slap someone as well.
bad marketing, most likely (Score:2)
Wuala is also something I've *never* heard of despite being generally well informed in this arena.
When you have virtually zero brand recognition, that's not a good sign.
Re: (Score:2)
A friend of mine needed me to use it to do some work for him overseas. I couldn't get the desktop (java) client to work. The web client sorta worked, but the way the groupings and folders worked was unique among permission models I'd encountered, and sometimes what you expected to work didn't do anything. And then I hadn't logged in in a while and they sent me a few notices to "use it or lose it" and since I wasn't using it they eventually deleted my account, so I had little incentive to try it again.
I c
Re: (Score:1)
Wuala is owned by Lacie. Lacie was purchase by Seagate in 2014. Seagate has it's own online backup products. Maybe Seagate wants to eliminate a redudant or money-losing service?
Bingo
Sooooooo (Score:2)
How is Dropbox doing lately? This is what worries me about "the cloud"...how to pick the winner to adopt before the end of the contest.
Set up your own.. syncthing.org (Score:2, Interesting)
Get a friend to agree to peer with you, or set up a second old netbook or something with a spare drive. Safer than the cloud, no third parties to trust.
It's like btsync, but GPL and no folder limit.
Re: (Score:2)
Hold Alt (in Firefox, at least). Although that is certainly more of a pain than just clicking on a link [syncthing.org].
You get bonus points if you actually give the right link [syncthing.net] too.
Sigh (Score:2)
Before we start on the conspiracy theories - ANYONE who relies on a third party to encrypt their stuff is not worried about security. Not really.
And any cloud provider will accept and store encrypted files that ONLY YOU have the key to.
Loved it when it was distributed (Score:1)
Stopped using it after they killed that feature a few years ago.
Re: (Score:2)
Same
The storage sharing and the social features (groups) were the two killer features it had.
I have yet to find any other working service that's doing distributed storage in such a way. The only one I know of similar in the works is storj.io
I have yet to find anything to replace the groups functionality of wuala. I think DCC would be the closest thing I am aware of.
I really hope someone makes something that includes both of the features.
Wuala sure was a lot of fun though when they allowed storage sharing. a
Drive Failure and False Economy again (Score:2)
People really should ask about the mean time to failure for cloud storage companies before using them for storing data they dont have redundantly backed up elsewhere.
Re: (Score:2)
Interestingly, I doubt anyone you could talk to would be able to answer. Their engineering and operations staff might know (at the least, they'd be able to look at MTBF on their drives, and what their redundancy is), but the overall failure rate of the system depends on many more factors than that - if there's a software bug at a higher layer, the system as a whole might not replicate correctly, or might delete something it thought was replicated, only to find out later that it's not.
I doubt they have any i
Wuala is a decent service, but not the only one (Score:1)
Re:once again: the CLOUD is NOT (Score:5, Insightful)
Who said it was? In this case you paid for space, and you got it. They are closing down and you get your files back AND a refund. I see no issue here. no different than if you had your crap in a storage unit and they decided to close down mid contract.
This is how a business runs, and when it closes, how it properly closes.
Re:once again: the CLOUD is NOT (Score:5, Insightful)
Re: (Score:1)
Well .... yes you did pay for space .... but not always with money.
Wuala used to let yet trade local { space, uptime, bandwith } for cloud space.
They got rid of that a while ago.
That was quite annoying as I'd built up a 50Gb cloud space and was using about half of it for archive ... more fool me!
They cancelled the trading arangements ... cancelled that cloud space ... and then wouldn't let you log back it to clean the over-space amounts once they'd reset your account back to the fremium levels.
It's no wonde
Re: (Score:1)
>They are closing down and you get your files back AND a refund.
Of course copies your files may go to various government agencies as well.
Re: (Score:2)
Considering that the data is encrypted on the client and only stored in encrypted form on the servers, that won't do much good.
Unless, of course, Wuala secretly copied the encryption keys.
Re: (Score:2)
NSA checks your credit card history.
NSA finds a payment to a storage unit.
NSA gets in a car.
NSA drives to a hardware store.
NSA buys a bolt cutter.
NSA drives to the storage unit.
NSA rummages through your stuff after using the 'key' they just bought.
Yep, very secure. I'd look up that XKCD comic with the five dollar wrench if I felt like it.
Re: (Score:2)
scalable: free surplus storage (unencrypted) if you click here*.
* this button will unencrypt ALL your data
Re: (Score:2)
In fact, "crap in a storage unit" is probably one of the most secure, low cost way of storing backups
Except in a generic storage pod..... any random thief is one pair of bolt cutters away from raiding your unit for anything interesting, and insurance only covers the replacement cost of the media itself, not the data on it.
Re: (Score:2)
I'll make my own cloud, with blackjack and hookers! ...
wait, that's just owning a computer, an internet connection, a blackjack game, and hookers.
Wind of change (Score:2)
President Trump will change that flawed perception that Republicans are dishonest morons.
Re: (Score:1)
Yeah whatever. neocon 'christians' or 'liberal' marxists, what's the difference? Both are dogmatic, big statist ideologues who always want a bit more of my money, a bit more control over my property, and a bit more of my liberty. Whether it's for jesus, the children, or for the latest socjus oppression quest, the excuse is the same and it's getting old and foul smelling.