DataWraith's dashboard

Hm, okay. Then I'm out of ideas. I usually just copy my data into Wuala the normal way and then keep it in sync with unison. Trying to do the initial copy with unison seems to fail for some reason, but after copying, and once unison has built the index of what is where, things seem to work out fine. Then again, basically all my data fits into the 5GB local cache... sorry I could'nt really help. :-/ – DataWraith, on May 02, 2008 17:43

Hm. Unison works fine for me.

I'm not 100% sure what you meant with input/output errors (Wuala's, Unisons?), but there are two things you could try: Download everything yout want to sync that has already been uploaded to Wuala, to make sure it is in the local cache. That way you rule out that Wuala has trouble finding the files instead of unison having trouble (I had that once or twice).

The other is disabling the synching of permissions. Just add "perms 0" to the configuration file. Wuala doesn't seem to support permissions yet, and unison usually complains when it can't set the permission correctly. – DataWraith, on May 01, 2008 07:10

Hi.

Wuala doesn't have a sync-option (yet?). Personally I'm using unison (http://www.cis.upenn.edu/~bcpierce/un...) to two-way sync a local folder to Wuala via the file system integration. The downside is that you have to start it manually, so I would also love to have automatic sync.

I'm not an expert, but I guess a shared disk file system such as OCFS would probably be better suited for that. On the downside you'd have to reformat the machines to use it.

http://en.wikipedia.org/wiki/Shared_d...
http://oss.oracle.com/projects/ocfs2/

Wow, great! Finally I can use my convenient backup programs directly =)

I had a few crashes at first, but the last update seems to have resolved that.

Yeah, that sort of occured to me after the fact too... XD

But clicking the button _does_ bump the thread to the first page of the getsatisfaction.com listing, so yeah... I'll try not to do it again...

Ah, sorry for bumping this.

I accidentally clicked on "I have this problem too"-button while trying to scroll down with the mouse wheel ^^;;

I reread the paper a few minutes ago.

I didn't remember why it actually was that Wuala still allows access to old shared files:

The problem with the encryption is, that once you have shared an encrypted file/folder the other person knows the encryption key for the file(s). If you wanted to deny him/her access, then the only thing you could do is to encrypt the file with a different key, upload the file again and give all your other friends the new encryption key.

Because that is very, very inefficient, it was decided that it was an acceptable tradeoff to allow people to see files they could have copied earlier.

A newly uploaded file does not really solve the problem (my mistake, sorry). The new file will not be visible for the person whose access rights were revoked, because then (basically) a new key is generated and the new file encrypted with the new key, while the old key remains in use for the old file(s).

However, adding a file to a folder will cause the new directory listing of that folder to be stored online, with a new key, so that the other person loses access to the directory listing while (theoretically) still being able to decrypt the files that were in that folder previously. This is what I was referring to in my original answer.

If you want to read the paper yourself, take a look at http://wua.la/Luzius/Documents/Papers....

Hello Ihrgendwehr.

As far as I understood Wuala's design from the paper, this is intentional.

If you share a folder with someone and then later revoke the right to view that folder, it will still be visible to that person _until_ you change something about that folder, such as uploading a new file.

This is because you shared the encryption key, and as far as I can recall, a new one is not generated until the change. The rationale behind this is that the other person could just as well have copied the entire folder you shared while he/she had access to it, so in theory it doesn't make a difference if it is still accessible in that form until changed.

Hi everyone. Here's the official response. Sorry for the delay.

Wuala is secure by design. However, it is (for good reasons) not completely anonymous (you can for example always see which user the owner of a published file is). I'll explain all of this including the catch related to duplicate files here in detail.

1. Wuala is secure by design. Only you and those authorized by you can access your data. Not even we, the Wuala admins, can see your files unless you publish them. We do not know your password.

2. When inserting a file, it gets encrypted with a key that is generated from the hash (SHA-256, not MD5) of its content. That way, files with identical content will get encrypted the same way and we can still detect them as duplicates even after encryption. This saves storage, but it might allow others to find out if your computer is storing or accessing a file whose content is known.

3. So, what could a clever hacker find out about you and your files?
A clever hacker could trade some storage in the Wuala network and monitor Wuala's traffic. That way, he can detect whenever another computer in the Wuala network tries to store or retrieve a file fragment stored on his computer. If the hacker knows the file the fragment belongs to, he can assume that whatever user is sitting at the other computer (identified by its IP address) is accessing/storing that given file. However, we are considering to introduce anonymous maintenance (see below) which would (as a side effect) make it impossible to tell for sure whether the given file has really been accessed/stored by a user or whether it was just an anonymous maintenance upload/download.

Anonyomus Maintenance: this is a feature we have planned to introduce soon but have not officially announced it until now. One of the problems when storing lots if data in Wuala is the need for a local backup which occupies lots of local storage space. Currently, we use the local backup to perform file maintenance. In future, however, file maintenance won't be done by the owner any more, but by random computers in the Wuala network and our servers when they don't have much else to do. With random maintenance enabled, your computer will sometimes download and reupload random files (without being able to encrypt them) to ensure their availability. The main advantages are that your files will still be maintained even if you are on a long vacation, that we can get rid of the local backup and that we can globally focus on maintaining those files whoes availability is the most critical. Also nice is the side effect of having better anonymity as mentioned above. What do you think about this feature? Would you enable anonymous maintenance?

4. What a hacker won't find out.
So a clever hacker might find out that a computer identified by its IP-Address is uploading or downloading a given file, but won't be able to tell for sure that whatever user sits at that computer is viewing/storing the file. Furthermore, the hacker won't see any metadata at all (filename, comments, owner, etc.). He won't see any information about in which folder the file has been stored and can't tell whether the file has been shared or not.

We believe that we have found a reasonable design that allows for high security without significantly hurting performance. We could for example increase anonymity by relaying all traffic over multiple stations (like freenet or tor is doing). However, that would render any streaming or fast file access impossible. To answer the initial question: Yes, Wuala is secure. However, we ask you to use Wuala responsibly and in accordance with the law (see also our terms of service).

Hm. I seem to have the same problem (on a single machine).

That's either a bug, or the number is rounded down to the next gigabyte. I noticed it a couple of days ago, but wanted to see whether it would go up once I reached a gigabyte.

Anyway, the two displays should probably be made consistent, since inconsistency is never good in a UI.

No, the privacy policy explicitly states that if an adversary knows the *exact* content, they could possibly prove that you are storing that file.
As far as I understand the Wuala system, they could not, however, prove that you actually shared that file with someone else, even if you did.

I'm not an employee, so I might very well have misunderstood that part, though.

In the Google Talk it was mentioned that Wuala can avoid storing the same file, uploaded by different users, twice, so my guess would be that files are encrypted using the hash of that file. So if someone has the exact same file, they might be able to find other instances of the file in the network. Again, I don't think they could actually prove that you shared it with anyone else (though, again, I might be wrong, and they just can't say with whom you have shared something).

An official response would be good to have, though.