Representatives at Spider Oak, one of the vendors mentioned in the report who market having a "zero knowledge" service, said they agree with some aspects of the study's finding. Spider Oak encourages customers to use a desktop application to transfer files instead of doing so through the company's web portal. Using Spider Oak's desktop application will ensure end users are verified to unencrypt the data, eliminating the opportunity for the vendor to compromise the data. Upon signing into Spider Oak's service users are required to check a box indicating that they understand that to achieve true zero knowledge that a desktop application must be used.
SpiderOak says it hopes to allow collaboration services around its cloud platform, meaning data would be transferred within its cloud. To enable this functionality Spider Oak says it plans to use a combination of RSA secure identifications along with a key and encryption platform. It also hopes to provide users a way to securely verify the identity of whoever is viewing the files. Some vendors, like encrypted communication provider Silent Circle, use a voice recognition tool to provide this functionality, and Spider Oak says they are investigating similarly "elegant" ways to verify that data is only shared with people approved by its owner.
Sign up for CIO Asia eNewsletters.