#1 is not true. SpiderOak and Wuala both have products in the marketplace today that demonstrate the effective use of encryption in a backup and sync app. SpiderOak has no ability to examine or to give the plaintext of a user's data to a government or anyone else - not filenames, folder names, etc. On the servers, we just see sequentially numbered encrypted containers. We are incapable of betraying our customers in this way.
I'd never heard of SpiderOak before. Reading some info on their site here is how they explain how they allow access to your files from a browser.
"When you access your data via the website, in order for the SpiderOak server to send you your folder and filenames, and send your browser the plain text versions of your data, you must type in your password, which exists in the SpiderOak server's memory for the duration of your browsing session. Your password is only stored only in encrypted memory (and never written to an unencrypted disk) and is destroyed when your browsing session ends."
Seems pretty cool. I might have to check them out.
> "which exists in the SpiderOak server's memory for the duration of your browsing session"
It would be entirely possible for SpiderOak to be compelled to store this key for the government. Once you hand over your private keys to anyone, you've lost control.
