Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Businesses Cloud Data Storage Encryption

Wuala Encrypted Cloud-Storage Service Shuts Down 128

New submitter craigtp writes: Wuala, one of the more trusted cloud-storage services that employed encryption for your files, is shutting down. Users of the service will have until 15th November 2015 to move all of their files off the service before all of their data is deleted. From the announcement: "Customers who have an active prepaid annual subscription will be eligible to receive a refund for any unused subscription fees. Your refund will be calculated based on a termination date effective from today’s date, even though the full service will remain active until 30 September 2015 and your data will be available until 15 November 2015. Refunds will be automatically processed and issued to eligible customers in coming weeks. Some exceptions apply. Please visit www.wuala.com for more information."
This discussion has been archived. No new comments can be posted.

Wuala Encrypted Cloud-Storage Service Shuts Down

Comments Filter:
  • WtF? (Score:3, Interesting)

    by Anonymous Coward on Monday August 17, 2015 @07:22PM (#50335889)
    NSA strikes again...
    • by Anonymous Coward

      more like wuala's competition, with more access to lawyers, with more ability to and benefit from submitting claims to the NSA, whined up all the right channels to profitability.

      box.com might just make it out of their mess

    • Re:WtF? (Score:4, Insightful)

      by HiThere ( 15173 ) <[ten.knilhtrae] [ta] [nsxihselrahc]> on Monday August 17, 2015 @07:45PM (#50335993)

      You can't be certain that's true. It could look the same way whether it was NSA action or not. That's what an NSL is intended to ensure.

      So it's quite reasonable to assume that this is NSA action, but don't be close minded about it. There could be other reasons.

      • Re:WtF? (Score:4, Informative)

        by FatdogHaiku ( 978357 ) on Monday August 17, 2015 @08:14PM (#50336095)
        So, no canary?
        SpiderOak updates their canary every six months:
        https://spideroak.com/canary [spideroak.com]
        • by HiThere ( 15173 )

          IIRC there has been a court decision, though I can't remember which court, in what context, or whether it was a binding precedent, that to kill a canary is to violate the terms of the NSL.

          Possibly it was in the context of a secure communication company closing down because it could no longer protect it's customers.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Lol. Yes. I'm sure the NSA just _hates_ the idea of people uploading stuff to a central location they think is encrypted with 100% security.

      Bollocks. The NSA would prefer a service like this they can get to to people just encrypting stuff on flash drives.

    • Just as likely somebody identified an incorrectable zero-day flaw in their system and was 'nice' enough to give them time to fix it or shut down before revealing it

      • by mysidia ( 191772 )

        There are thousands of other possible reasons to shutdown that have nothing to do with security, for example: business not doing well enough to continue: poor market penetration, people not interested in their product, competition eating their lunch.

  • by LunaticTippy ( 872397 ) on Monday August 17, 2015 @07:39PM (#50335967)
    Sad to see it go, but I applaud them giving notice. A month is plenty of time to set up another provider. I hope none of their customers miss the announcements.
    • by mhkohne ( 3854 )

      The one month is till it goes read-only - your data is safe till 15 November, which is better than a lot of services have done in the past.

  • by kheldan ( 1460303 ) on Monday August 17, 2015 @08:45PM (#50336221) Journal
    It's called 'the hard drive in the computer on my desk'.
    • Combined with a bit of owncloud that's a very good alternative.

    • by Dutch Gun ( 899105 ) on Monday August 17, 2015 @09:51PM (#50336509)

      I hope you have an offsite backup as well. Because what could possibly happen to that "hard drive in the computer on my desk", right? We all know "the cloud" is ridiculously overhyped, but automatic offsite backup is really one of it's killer applications.

      • by nnull ( 1148259 )
        And then you get a notice like this and your offsite backup is gone. My hard drive outlast most of these cloud services, not because the hardware is reliable but because the damn company itself is unreliable.
        • Bingo. Also, trying to back up more than 1TB of data on 1Mbit upload bandwidth is an exercise in futility.
        • You're not thinking this through... your hard drive is not going to survive a fire or theft, or you being momentarily stupid and accidentally formatting your disk, or a virus doing it for you, etc.

          First... it's a backup, which implies you already *have* a local copy of all your data (preferably two copies). It doesn't matter if your backup provider shuts down. You can just get a new one, and you're backed up again as soon as your files finish uploading. As you saw, this provider is providing months for

          • There is nothing on my computer that I can't live without. That is by design not chance, by the way. My computer, my phone, and any other electronics I have are just tools and conveniences, not a lifestyle. The house burns to the ground? Life goes on.
        • by lgw ( 121541 )

          The point of the offsite back is not to be there forever, but to be there if you lose your local hard drive in the near future. That's why it's a "backup". If it vanishes, make a new backup. Without the cloud, it's a royal pain to keep offsite backups current.

        • Does your hard drive give you a 3 months notice before it breaks and leaves you without a backup?
          This cloud provider just did.

      • by mirix ( 1649853 )

        So make an encrypted blob and throw it on S3 for 25 cents a month? Something like that that likely won't fall apart overnight, and the encryption is on your end so the NSA can get stuffed.

        What's the point of encrypted cloud where you need to trust the host..?

        • That's actually what I do. I use a NAS device to backup my computers, and it backs itself up to an Amazon S3 folder.
           

          • Re: (Score:2, Funny)

            by Anonymous Coward

            Pfft...

            I use steganography and hide my personal files in the bit torrent cloud of porn.

            That stuff is forever.

      • by Nel_IT ( 4228803 )
        I use pCloud's desktop app - pCloud Drive - for backup. It's very easy to use because it creates something like a virtual drive that does not take space on your computer. I.e. your files are not duplicated on your computer and on the cloud. You just place the content you need to backup in your pCloud Drive. It's pretty fast compared to anything else I've tested. With most cloud services backup takes ages when you store large content.
    • In either scenario the files are all sitting on the hard drive under your desk. Basically all you said is: "My preferred alternative is no backups."

    • by Troed ( 102527 )

      Yes. And then Seafile (http://seafile.com) open source encrypted cloud storage to access it.

  • by JustAnotherOldGuy ( 4145623 ) on Monday August 17, 2015 @08:53PM (#50336257) Journal

    I'm sorry they're shutting down. At least they're giving their users some notice, which is good.

    I suspect there's a niche market in encrypted storage online that would be marketed as (supposedly) "NSA proof", if such a thing is even possible. I suspect that the current reach of the NSA is for all intents and purposes unlimited in the US. I doubt there's much they couldn't get into if they wanted to.

    I mean, we know that Wall Street has been thoroughly and utterly penetrated and is basically the plaything of corporations and financial houses.Add in the activity by blackhats ripping off whatever they can from the major brokerage houses and Wall Street is a joke in terms of any fairness.

    Given that, is it so far-fetched to surmise that the NSA has managed to get it's taps into virtually every communication medium we use? (Especially after the recent revelations about AT&T being in cahoots with the NSA.) At this point I'd be more surprised if they didn't have everything tapped.

    • Re: (Score:2, Redundant)

      I doubt there's much they couldn't get into if they wanted to.

      In the United States, there is literally NOTHING they cannot get into. As long as the owner of whatever service or software they want to get into lives within or visits the physical jurisdiction of the United States, there is absolutely nothing stopping them from serving a National Security Letter that gives that person the opportunity to cooperate or be thrown in jail until they cooperate. The only way to have a service that's even semi- "NSA proof" is to have it reside entirely outside of the United State

      • by pz ( 113803 )

        Which is why if you want real security, you roll your own encryption, no?

      • Re: (Score:2, Troll)

        by Spy Handler ( 822350 )

        In the United States, there is literally NOTHING they cannot get into.

        Except ClintonEmail.com server. NSA couldn't get into that.

    • by AmiMoJo ( 196126 )

      The best option is to use a normal, un-encrypted storage provider and do your encryption client side. Don't rely on their security or resistance to NSLs etc.

      My current preferred combo is OneDrive and CloudBacko. OneDrive is cheap and if you go here [onedrive.com] you can get unlimited storage, otherwise it's 1TB. CloudBacko is cheap and based on established server backup software. It's configurable enough to do what I want and seems to implement encryption properly (including file names, files added to encrypted archives

      • OneDrive? Does it work straight forward and reliable under Linux?
        Some of us live in both worlds. (Or even 3, throwing OS X in the mix.)

        • by AmiMoJo ( 196126 )

          It does. CloudBacko has a Linux version that supports OneDrive, and you can access it via the web interface for non-encrypted stuff.

  • NSA is plausible. (Score:4, Interesting)

    by blang ( 450736 ) on Monday August 17, 2015 @08:56PM (#50336277)

    But also plausible might be that the encryption has been cracked or breached lets say by white or black hats, and the site decides to let the customers get their data out and shut down before the breach is known across the the full hat population.

  • by jest3r ( 458429 ) on Monday August 17, 2015 @09:02PM (#50336303)
    I've been using Sync.com [sync.com] for the past year. They've been sort of in beta but releasing features. 5GB free.

    SpiderOak [spideroak.com] is decent but they recently dropped their free plan, so not sure what's going on there.

    MEGA [mega.co.nz] was great but Kim.com said last week in Wired [wired.co.uk] that the company is run by criminals

    Tresorit [tresorit.com] is good but expensive. Maybe that's why they've been around so long.
    Bitcasa [bitcasa.com] pulled a Wuala last year and closed down their consumer cloud storage after a lawsuit [engadget.com]. That's pretty much it. There's OwnCloud [owncloud.org] which is do it yourself. And BitTorrent Sync [getsync.com] which is kind of do it yourself but they've been adjusting pricing so it's bait and switch as well.
    • by Trepidity ( 597 )

      These are more techie-oriented rather than for general desktop use (they don't have shiny GUI sync clients, and are aimed at Linux/BSD users), but two I'd recommend:

      rsync.net [rsync.net]. Remote ZFS filesystem you can scp files to, or access over ssh via a restricted shell that supports a range of backup tools. For encrypted backups, if you're on a unix machine, you can point duplicity [nongnu.org] at it. They've been around a long time, and have a warrant canary [rsync.net], though if you encrypt the files client-side with something like dupl

    • by cutinf ( 1261120 )
      I don't get these "encrypted" cloud storage providers. The only way to truly trust them, is to never hand them the keys in the first place, encrypt client side. Many customers security savy enough to want encryption also realize server side cloud encryption is broken by design. No surprise to me they shut down, I don't see who would be there customers.

      Encrypt locally using any of the good open source crypto libraries, or a free tool like TrueCrypt, and THEN store in the cloud with standard mechanisms
      • by Troed ( 102527 )

        You don't get Wuala - yet client side encryption was precisely their thing.

        • by chihowa ( 366380 )

          You mean "client side encryption" conducted by closed source binaries delivered from their servers (and updated automatically)?

          You don't seem to get the trust issues here. Having one company handle both the encryption and the data storage is folly. The whole "client side encryption" aspect may or may not be true, but since you can't verify it it amounts to nothing more than marketing.

    • by AmiMoJo ( 196126 )

      Just use a backup app that supports multiple cloud services, instead of relying on their client software. Then you can use any random service, like Google Nearline ($0.01/GB/month, instant access) or OneDrive or Dropbox or a combination of them all.

      It's more secure that way too, since you are not relying on the security of the cloud service, you are doing all the encryption at your end and using client software that they can't be forced to backdoor with an NSL.

    • by cdrudge ( 68377 )

      MEGA [mega.co.nz] was great but Kim.com said last week in Wired [wired.co.uk] that the company is run by criminals.

      Microsoft and Apple were both ran at one time by criminals. Yet billions of individuals continue to do business with those companies.

      • by MouseR ( 3264 )

        Care to back this up with some facts?

        • by cdrudge ( 68377 )

          Both Jobs and Gates have have been arrested or at least had arrest warrants issued for driving infractions. Jobs also admitted to phone phreaking and drug use [appleinsider.com]. I'd be extremely surprised if Gates also didn't have something in his past more serious than traffic violations. Regardless though, they are criminal although petty offenses.

          As far as I can tell, Bill Liu/William Yan/Donghua Liu/whatever other name he might go by has yet to be actually convicted of any crime. So currently he's just as much a crimi

  • I wonder if the service is able to cope with all its users rushing to retrieve their data before the deadline.
  • by mattb47 ( 85083 ) on Monday August 17, 2015 @09:31PM (#50336427)

    Wuala is owned by Lacie. Lacie was purchase by Seagate in 2014. Seagate has it's own online backup products. Maybe Seagate wants to eliminate a redudant or money-losing service? It happens...

    Yes, the NSA is the bogeyman, and is a threat to secure encryption everywhere. But the invisible hand of capitalism can slap someone as well.

    • Wuala is also something I've *never* heard of despite being generally well informed in this arena.

      When you have virtually zero brand recognition, that's not a good sign.

      • A friend of mine needed me to use it to do some work for him overseas. I couldn't get the desktop (java) client to work. The web client sorta worked, but the way the groupings and folders worked was unique among permission models I'd encountered, and sometimes what you expected to work didn't do anything. And then I hadn't logged in in a while and they sent me a few notices to "use it or lose it" and since I wasn't using it they eventually deleted my account, so I had little incentive to try it again.

        I c

    • by Anonymous Coward

      Wuala is owned by Lacie. Lacie was purchase by Seagate in 2014. Seagate has it's own online backup products. Maybe Seagate wants to eliminate a redudant or money-losing service?

      Bingo

  • How is Dropbox doing lately? This is what worries me about "the cloud"...how to pick the winner to adopt before the end of the contest.

  • by Anonymous Coward

    Get a friend to agree to peer with you, or set up a second old netbook or something with a spare drive. Safer than the cloud, no third parties to trust.

    It's like btsync, but GPL and no folder limit.

  • by ledow ( 319597 )

    Before we start on the conspiracy theories - ANYONE who relies on a third party to encrypt their stuff is not worried about security. Not really.

    And any cloud provider will accept and store encrypted files that ONLY YOU have the key to.

  • Stopped using it after they killed that feature a few years ago.

    • by sims 2 ( 994794 )

      Same

      The storage sharing and the social features (groups) were the two killer features it had.

      I have yet to find any other working service that's doing distributed storage in such a way. The only one I know of similar in the works is storj.io

      I have yet to find anything to replace the groups functionality of wuala. I think DCC would be the closest thing I am aware of.

      I really hope someone makes something that includes both of the features.

      Wuala sure was a lot of fun though when they allowed storage sharing. a

  • People really should ask about the mean time to failure for cloud storage companies before using them for storing data they dont have redundantly backed up elsewhere.

    • by mhkohne ( 3854 )

      Interestingly, I doubt anyone you could talk to would be able to answer. Their engineering and operations staff might know (at the least, they'd be able to look at MTBF on their drives, and what their redundancy is), but the overall failure rate of the system depends on many more factors than that - if there's a software bug at a higher layer, the system as a whole might not replicate correctly, or might delete something it thought was replicated, only to find out later that it's not.

      I doubt they have any i

  • I am really sorry to hear that. I have been using Wuala for about a year and I can say it was just fine for my needs. However, I have also been using other cloud services that are highly focused on security, such as pCloud and Tresorit, and I'd like to say, those are very good as well. On one hand, in Tresorit security is the one and only priority, which is very good because I store a lot of sensitive data. On the other hand, pCloud is just as secure as Tresorit, but is a lot more user friendly, and is suit

If all else fails, lower your standards.

Working...