File Synching: Dropbox vs Spideroak

written by Geoff Bowers on Friday, 8 July, 2011 @ 12:09 PM

I tried SpiderOak for a while last year. While there's a lot of overlap, Dropbox and SpiderOak are different in nature: Dropbox is a simple-to-use file sync service with limited online backup features, while SpiderOak is a complete online backup service with harder-to-use file sync features.

Some of the differences:

  • Dropbox only retains previous versions of your synced files for 1 month before deleting them completely. SpiderOak retains all previous versions of your synced files for as long as you keep the account (although they may make an exception if you backup a rotating Web server log).
  • Dropbox has a single online storage space shared by all devices on an account, with devices having the ability to opt-out of parts of it (selective sync). SpiderOak has a separate online storage space for each device on an account, and sync works by having sync rules to copy changes from one device's storage space to another. SpiderOak's deduplication algorithm means that even though synced files appear in multiple device storage spaces, the duplicate files do not count towards your quota.
  • Dropbox sync is bidirectional and fast (using the LAN for peer-to-peer sync when it can). SpiderOak sync is unidirectional and slower: each device must first confirm that its backup is up-to-date, then the sync job uses the backup logs to execute the sync. I believe that in SpiderOak you must define an explicit sync for each pair of devices (source and target), so if you want one device to share its files with 3 other devices, you set up 3 syncs. I never had to try it because I only used it with 2 devices. I haven't tried a reverse sync either, but in theory it should work fine. SpiderOak's file history means you can always recover if a sync goes bad for whatever reason.
  • Dropbox uses password security, with the encryption key managed on the Dropbox servers. This means that Dropbox staff can decrypt your data if they need to (this "revelation" caused a stir in the tech media a couple of months back). With SpiderOak the encryption key is managed on the clients, and the encryption is a zero-knowledge system. That means that the server only sees data blocks. Under normal operations the server cannot decrypt the data blocks and cannot even determine what files or folders those data blocks belong to. The only exception to this is when you use the Web interface (in this case the Web app is acting as the SpiderOak client). I've never needed to use the Web interface and have avoided it for this precise reason. The downside to a zero-knowledge system is that if you forget the passphrase AND the secret required to generate a recovery key AND have lost access to all your syncing devices, there's absolutely no way to recover the data.

SpiderOak would make a good choice for things like archiving and distributing database backups, where reliable backup and secure distribution is more important than real-time sync. Dropbox is more convenient for sharing documents between team members in an active project. I suppose SpiderOak would be good for archiving documents in shared projects, but in that case it would be best to designate one computer to manage the archive without sync rather than automatically sync it to every team member's computer.


(repost from the mind of Daemonite, Dennis "Boomfish" Clark)