I just read a blog post about a user’s experience with Mozy. He had great user experience. No problems installing it, configuring it, etc. Then he read the terms-of-service (TOS) and got scared.
C’mon people, do you actually think a company would just hand over your data to anyone with a badge that walks in the door? I don’t care what company it is. I don’t care what country its in. NO company would want the P.R. nightmare that would accompany giving up their customers’ data.
Of course Mozy’s TOS says that they will comply with a court order to hand over your data if subpoenaed. That’s the law. But here’s the thing… if you’re concerned about it… use the dang private key. Mozy offers it for a reason: IT REMOVES THE COMPANY’S ABILITY TO DECRYPT YOUR DATA.
So supposing a federal official did come along and ask for your data; and suppose he did have a valid warrant; and suppose Mozy’s lawyers were unable to contest the subpoena and had to had over your data… guess what that federal official would get… that’s right… a bunch of ones and zeros. It would be completely meaningless information and impossible to decrypt.
So go ahead and try Mozy. And if you’re still not satisfied… wait until the data center is open in Europe. 
(Disclosure: Yes, I work for Mozy. No, this isn’t an official company blog.)
10 responses so far ↓
fork() » Blog Archive » Mozy, update // June 21, 2008 at 11:34 PM |
[...] employee (Ryan?) picked up on my rant about Mozy, Inc.’s privacy agreement, and decided to debunk my statements. I am not really all that impressed with his [...]
Mozy: Privacy an illusion? -- Bloggings of randomness // June 22, 2008 at 3:02 AM |
[...] on now – you can’t be serious? Apparently, according to someone who seems to be an employee, they are. The post doesn’t mention the last of the three clauses, though, but merely the cases of [...]
Ryan // June 22, 2008 at 7:57 AM |
Recently, I tried to clarify a couple of concerns that a gentleman named Søren and his friend had about Mozy’s backup system. And to be honest, they make some valid points. They certainly had some great suggestions. They don’t have comments enabled on their blogs though so I’ll have to do the best I can here.
Søren, good point about the wording of that third clause. I’m assuming the lawyers required it just in case something ever happens where the world is in danger and some data on the company’s servers can prevent a major catastrophe (but that’s just me talking). But I would expect that the company would only retrieve information if it were ABSOLUTELY necessary. Accessing a user’s information without permission could harm the company’s reputation, and that would be quite a high price to pay. That fact, in-and-of itself would seem to be a pretty high motivation to keep everything secure. And for those individuals that are still hesitant, I repeat, use the private key.
I appreciate your suggestions though. Your newest post is even more helpful. I invite you to add other suggestions in the comments and I’ll pass along what I can. We’re always looking for ways to improve the product.
(And no Søren, I’m not in charge of PR or security, I’m just an employee that wants to clear up a little confusion.)
fork() » Blog Archive » Privacy and online backup solutions // June 23, 2008 at 12:39 AM |
[...] days ago I wrote a post on Mozy Inc.’s privacy policy. A Mozy Inc. employee then decided to go ahead and tell me that I “just don’t get it”. So, to determine whether Mozy Inc.’s draconian privacy policy is representative of online [...]
mihtjel // June 23, 2008 at 7:22 AM |
I do have comments enabled on my blogs – Søren hasn’t on his
I merely reflected Søren’s views and added my own on my blog, since I felt it was an area that would be of some interests to my readers as well.
I’m glad that you’ve chosen to comment a bit on the 3rd section of the clause, the one that really troubles me. While I’m sure that your intentions are most likely very good, the intention of a privacy policy as a binding document is to make sure that they are – and the one offered by Mozy simple doesn’t deliver. The two other examples Søren mention deliver much stronger language, and thus better protection, should the matter come before a court or law.
It is my hope that Mozy will take this discussion as a starting point to reviewing this clause of their privacy policy.
John O'Neill // August 21, 2008 at 12:44 PM |
The issue here is the balance between what data your provider must hand over and how useful that data is to those gaining access. If your encryption is configured correctly your providers requirement (and even any possible desire) to hand over your data would be negated by you being the only encryption key holder.
http://backupanytime.com/blog/?p=138
Gert Poulsen // September 10, 2008 at 12:30 PM |
I think online backup tool are the way to go and that mozy is one of the best tools out there. I suggest you read why on the articles found here: http://www.internet-backup-service.com
T.J. Crowder // February 22, 2009 at 8:10 AM |
Ryan,
More than a half a year later, and at least one update of the privacy policy later (as it’ s currently dated Nov 17th, 2008), that third paragraph is still there.
That stops me in my tracks. A good friend of mine highly recommend Mozy as being really incredibly easy to use, unobtrusive, having a great stance on how much you can back up (he warned Mozy he had a *lot*, and the response was just “Bring it on”), etc. I was jazzed.
But sorry, no, you are not the arbiters of public safety. That’s the whole point of court orders. If someone is in imminent danger, the relevant court can have a subpoena in your hands in no time. And as for protecting your policies, well, that’s not a good enough reason to hand over my data to third parties. It’s not even a close call.
If Mozy ever want to revise that policy to be more like Carbonite’s, I’m in. Meanwhile, I guess I have to go deal with their stuff.
–
T.J. Crowder
tj / crowder software / com
toporganicseo // September 29, 2009 at 9:50 PM |
Hi,
NICE ARTICLE
toporganicseo // September 29, 2009 at 9:57 PM |
Hi,
Good work