Our NSA worries are all over, ladies and gentlemen! An Australian company claims to provide the world's most secure cloud storage platform.
Wow! Upon hearing this news, I clocked out of work early, ran home, downloaded the source code, and audited it for every obvious cryptography weakness under the sun, and it passed them all with flying colors. Most secure product EVER!
Just kidding. Happy April Fool's Day, everyone! Their source code isn't available for security researchers to independently verify their claims.
What is available, however, are a plethora of promotional statements and legal disclaimers. Let's take it point by point.
- Here, they claim to be the only solution for secure online storage.
Their front page says:
Share with confidence – You choose who can see your documents. Even witnesses can't read them without your permission! Nor can we.
Their FAQ page describes a
feature called CryptoLoc as
unique encryption technology that provides an impenetrable extra layer of security for Your Digital File; their security page further describes it as
our advanced two-stage encryption algorithm based on high security Public Key Encryption.
- Tarsnap. Tahoe-LAFS. The are legitimate secure cloud backup services. How is YDF any better?
If your Private Key is lost or misplaced you must follow the procedure outlined in the
Account Recoverysection of the login page to recover your account. You acknowledge that an Escrow Agent, appointed by Your Digital File, holds part of your file encryption keys. You acknowledge that an undertaking will be given to you by the Escrow Agent, that unless otherwise required by law, your file encryption keys will not be released until you have fulfilled the verification procedure required by Your Digital File and both you and Your Digital File have directed the Escrow Agent to release your file encryption keys. There is a fee payable to Your Digital File for the retrieval of your encrypted files. A new password will be required and a new Private Key will be generated for your account. Account recovery fees will be added to your monthly invoice.
- Two-stage (public-key then symmetric) encryption isn't anything new; that's how SSL works! Any service that deploys your files to the cloud over an OpenVPN connection can make these security claims.
I could go on, but at this point I think it's safe to say that the horse is braid-dead and take it off life-support. No further flogging required.
If this product isn't complete snake oil (if you're not familiar with this term, just imagine butt-rape), then they should publish their source code and release white-papers on how their solution is any better than other secure providers.
After reading that, are you thinking about paying for Your Digital File? Just remember Y.D.F. — "You Dumb-Fuck."