NSA-Free Cloud Storage Promised by Finnish Company
Finnish information-security company F-Secure plans to offer a cloud-storage service that can't easily be accessed by the U.S. National Security Agency.
It joins the ranks of foreign companies seeking to provide alternatives to U.S.-based online services that might be compromised by the NSA.
"We believe in people’s right to privacy," says the website for F-Secure's planned cloud service, Younited, which went up this morning (Sept. 30). "No spying. No backdoors." (A backdoor is a hidden entry point into an otherwise secure system.)
"We wanted to provide you with a place where privacy is guaranteed and your stuff remains yours," the Younited website adds on its "About" page. "We say NO to the prying eyes of governments and we don't sell your information to advertisers."
The Younited service is not available yet, although prospective users can sign up to be notified further. Pricing and storage capacities were not announced.
Nor was it clear whether Younited would encrypt user data, or would be subject to Finnish police or governmental requests for information. An email sent to Younited and F-Secure press contacts seeking clarification was not immediately returned.
Like the existing cloud-storage services Dropbox, SkyDrive and Box, Younited promises to be accessible from Windows PCs, Macs and iOS and Android mobile devices. But it also plans to somehow access or aggregate data that users have stored on rival services.
"We welcome other clouds," says the Younited website. "Already using Facebook, Picasa or Dropbox? Get them all younited and have everything in one safe place."
Younited also promises to have a cross-platform, cross-service search engine to let users search all their uploaded data, as well as a logging backup system with restore points in case data is lost or corrupted.
(Details regarding how each of these features would work were not available. We will update this story once we receive a response from Younited.)
Other overseas companies are already marketing themselves as more trustworthy than American online service providers. In August, three large German webmail providers joined forces to create "E-Mail Made in Germany," a public initiative to store all their user data on servers physically located in Germany, and to encrypt all emails during transmission.
German information-security experts dismissed "E-Mail Made in Germany" as a gimmick, since email messages would still be archived in unencrypted form and would be subject to German governmental requests for access.
In a story published Friday (Sept. 27), The Wall Street Journal reported that Brazil may soon require that online services with Brazilian users store those users' data on Brazilian servers, and that India may soon forbid government officials from using Gmail and Yahoo Mail.
Unlike Germany, neither Brazil nor India has a strong tradition of data privacy.
In July, after years of resisting, BlackBerry agreed to let the Indian government monitor BlackBerry customers' email messages and BlackBerry Messenger accounts. The Journal notes that Brazil doesn't protect online privacy, and that in the first half of 2013, the Brazilian government made 715 requests to Facebook for user data.
Even if the Finnish government promises to keep its hands off Younited, that doesn't mean that the NSA or other agencies couldn't find another way to address user data, such as by guessing a user password or tapping transmissions to Younited servers.
Yet the fact that non-U.S. companies are trying to capitalize on the trust U.S. companies have lost should be alarming.
"Moving your cloud storage to Finland is not going to prevent surveillance," tweeted Johns Hopkins University cryptography researcher Matthew Green this morning. "But it might get lawmakers' attention."