Spideroak HUGE Security Flaw
I've evaluated about 15 offline storage systems this week, and one of the best was spideroak, but there's a huge issue in their shared folder structure and procedure.
When you make part of your data shareable you MUST share a folder from your original disk. This is a real pain. You cannot share specific files like you can on many others.
To initiate sharing your establish your unique username for sharing (different preferably than your spideroak username) the share name, and the room key (password).
While you might expect the share name to be part of the URL that guides you to the share which then accepts your password for access, thats not how it works. Instead spideroak gives you a URL that contains the PASSWORD and does not even mention the share name!!
Therefore anyone you give the URL to has direct access to the share you create (which is what you are trying to accomplish in general) but any browser THEY USE will remember the URL which contains the password, not the share name.
THIS IS A HUGE SECURITY ISSUE since you have no control over how an authorized user is going to access your data and from where and most users are not sophisticated enough to guard against the default intrusion they are going to leave behind.
I've brought this to the attention of their support team with no response as yet.
El Dorado Hills, CA