How BuddyBackup keeps your data secure

September 8, 2014


So, we all heard about that iCloud leak last week. Over one hundred high-profile, celebrity accounts were hacked and their personal photos were leaked. What is perhaps most frustrating is how easily the whole thing could’ve been avoided.

Apple has stated that there were no known security vulnerabilities and no signs of a breach of their systems. After 40 hours of investigation, it was concluded that the hackers targeted individual accounts, guessing passwords until they eventually hit the jackpot.

We can’t stress enough how important it is to use strong passwords (mixed upper case and lower case, include numbers and punctuation, no pets names, etc) and change these regularly. Don’t use a password that you’ve already used in the last 12 months, and don’t use the same password on more than one site.

But, even with the most secure password, if a hacker finds their way in to a cloud storage service like Dropbox or iCloud, they can gain access to your data. Most consumer cloud products don’t encrypt your stored data, or when they do the encryption is not particularly strong.

BuddyBackup is different. We take your privacy very seriously. All of your data is encrypted locally before it even reaches your Buddy’s computer – this means nobody, not even your Buddy, can access your files. If your Buddy’s computer was hacked, your data would be completely unreadable. The full list of encryption we use can be found below.

A copy of your encryption key is kept on the BuddyBackup server. This is so that when you recover a lost account, the keys can be securely sent to you to enable you to recover your files. But these keys are encrypted on your password so that not even members of the BuddyBackup team can access them.

A copy of your password may also be saved securely on our server so that if you forget it, we can send you a reminder. For maximum security though, you can choose to disable this feature and permanently remove your password from the BuddyBackup server.

Integrity and authentication checking is done at all stages of backup and recovery to protect against accidental or malicious corruption of data. In particular we aim to ensure:

  • A Buddy cannot send your encrypted data to someone other than you
  • A Buddy cannot maliciously send you tampered backups when you are restoring data
  • You know the files you receive are really from your Buddies, and no one else.

The technical stuff

  • AES – 256 keys for file data. Certified by the US NSA for use with classified information. Separate AES keys for file contents and file names.
  • RSA – 2048 Public Keys for authentication – the same technology used by SSL on websites
  • SSL (TLS) encryption between client and BuddyBackup servers
  •  Salsa20 stream cipher used for buddy – buddy communication (note this is in addition to the AES – 256 encryption of files).


Author: Cassie Holmes, BuddyBackup

Who is the mobile broadband provider of the year?

August 11, 2014


A reliable mobile broadband connection is becoming more and more of a necessity in our day to day lives. Remote working, social media, Netflix and Spotify – we do pretty much everything on the move, and mobile broadband is integral to it all. Without it, we’d be lost.

When you’re trying to stream the latest episode of House of Cards on your long train journey home, buffering is annoying. When you’re trying to conference-in to your important business call and the call keeps dropping, or you’re desperately trying to finish that Google Doc before you arrive at your meeting, it’s a much bigger issue.

Broadband aficionados Broadband Genie recently conducted their 6th annual mobile broadband road trip, which sees the team travel the length of the country testing the latest broadband dongles from the UK’s biggest providers. Each dongle performs a set list of tasks in an allotted time period as the team travels from London to Edinburgh measuring performance. Travelling by train means the dongles had to deal with moving rapidly through areas of varying coverage, so the results are pretty exhaustive.

The dongles under scrutiny were:

EE 3G: Huawei E3131
EE 4G: Huawei E589
O2 3G: Alcatel X230D
O2 4G: Huawei 4G Mobile Wi-Fi
Three 3G: Huawei E3256
Three 4G: ZTE MF823
Vodafone 3G: Vodafone K4203
Vodafone 4G: Vodafone R212

Three came out on top as the overall “best mobile broadband on the move”, with EE not far behind them. In fact, Three topped every single category (pretty significantly in some cases) – you can see all the results here.

Compared to last year, speed and reliability were up overall. As cloud backup enthusiasts, here at BuddyBackup we were excited (but not surprised) by the results. As with most backup services, our peer to peer software requires an internet connection in order for data to be transferred. The quicker and more reliable the connection, the more chance you have of staying 100% protected.

The improvements in speed we’ve seen as a result of improved 4G coverage are already huge – we’ve significantly reduced upload and download speeds. And with 5G (yes, we know it’s still a long way off) promising speeds up to 100x faster, you could be backing up your computer in seconds rather than minutes – even on train journey from London to Edinburgh.

Author: Cassie Holmes, BuddyBackup

Net Neutrality: bottlenecks and buffering

July 1, 2014


“Net neutrality regulations could have the power to stifle or preserve technological innovation and freedom of speech, as well as influence how quickly you get emails, whether your Netflix streams buffer, and how much you pay for Internet connection and services that exist there.” – CNET

Recently, comedian John Oliver crashed the FCC’s website following his 13 minute rant urging viewers to stand up against upcoming changes to net neutrality regulations in the US.

It’s impressive that so many people felt enthused enough about the subject to actually log on and express their opinion – enough people to render the online comment system useless for a few hours – but what’s worrying is that it’s taken so long for awareness to grow as to what an internet “fast lane” would actually mean for the consumer.

Until now, there hasn’t really been a a real explanation of what net neutrality is, or the consequences it can have. You could either try to wrap your brain around the technical jargon spouted out by the internet giants, or you could read into the melodramatic newspaper headlines that warn of your internet speeds dropping to a snail’s pace.

Neither gives a true depiction of the situation, I suspect.

What is “paid priority”?

Paid priority allows providers to avoid congestion by paying a premium to send their data through an internet “fast lane” as opposed to over the regular internet. So when you’re trying to watch an episode of Breaking Bad after work, instead of it buffering relentlessly, Netflix can override the traffic to deliver your data as a priority, so that your viewing quality is not disrupted.

Does this mean if I don’t pay for priority my regular internet speeds will suffer?

This is the big question. The FCC assures us that the changes would see no difference to regular internet speeds but will merely be the introduction of a higher tier of internet that will sit above it. They also say that this additional tier would only ever be used in times of congestion.

In reality though, when you’re giving certain providers priority on a network, the others are bound to suffer. That’s why we have congestion in the first place – the network just isn’t wide enough to give everyone equal speeds. So when someone is prepared to pay more for preferential treatment, the quality of service provided by regular companies is going to be affected.

So how will it affect me?

Well, if you’re prepared to pay the premium you can expect superfast streaming, instant load times and a strong connection even during peak hours.

If you can’t afford to upgrade, you may have to brace yourself for a future of internet bottlenecks and a lot of buffering.

It’s worth pointing out though, that these changes are only applicable to the US. The European Parliament has in fact taken a wholly opposite view on the matter by voting in favour of net neutrality. The law still needs to be officially passed, but a spokesperson for the European Commission was confident that if the proposal “cleared its remaining hurdles”, the law could be in place by the end of 2014.

Author: Cassie Holmes, BuddyBackup

What the Internet of Things means for data privacy

June 4, 2014


If we had computers that knew everything there was to know about things – using data they gathered without any help from us – we would be able to track and count everything, and greatly reduce waste, loss and cost. We would know when things needed replacing, repairing or recalling, and whether they were fresh or past their best.

This Techopedia definition of the Internet of Things (IoT) sums up the benefits pretty nicely. And while they’re all completely true, the scale of personal data collected by these so-called “smart devices” is staggering and has the potential to cause a lot of problems down the line in terms of privacy.

Trust is just starting to strengthen between consumers and cloud service providers. We’ve reached a point where most initial security concerns aren’t seen as barriers to adoption anymore, and people are able to use consumer cloud services like BuddyBackup with confidence. But the IoT bound to disrupt this new-found status quo.

Every action we make generates data. If devices are monitoring us and our homes 24 hours a day, the amount of data collected is enormous – and it all has to go somewhere. Privacy policies will need to evolve at a rapid pace in order to keep up with data protection on such a large scale. Coupled with recent surveillance scandals, the idea of such huge volumes of personal data being gathered and stored by third party providers is not going to sit comfortably with everyone.

Transparency is going to be the key to long-term success. Providers need to be completely open with users about what information is being collected, how it’s being used, and most importantly, who has access to it. Privacy policies need to be explicit, and should make it easy for you as a user to control exactly how much data you’re happy to share, rather than having to navigate complicated privacy settings to protect yourself.

The Internet of Things is unavoidable. As with any new shift in technology, there is bound to be teething problems that should be addressed with caution. But the potential will far outweigh the risks in time as providers work to earn trust in this new arena. If they fail to look after their customers’ data, they’ll undoubtedly face the consequences.

Author: Cassie Holmes, BuddyBackup

Is it time to drop Dropbox?

May 2, 2014

ImageCondoleezza Rice’s appointment to the board of directors at Dropbox has sparked debate and fury amongst many of its users, with the most enraged pushing for a total boycott (

The former US secretary of state is infamous for publicly backing the NSA’s snooping activities, which understandably does not sit well with users looking for a safe place to store their data.

From a business perspective, sure, she’s a solid candidate for the job. She’s a highly-regarded intellectual with reams of experience in the tech industry, and her long list of influential contacts will probably open a lot of doors for the company. But users don’t care about any of that.

As users, we want secure cloud storage, with a provider that we feel comfortable with – which is exactly what Dropbox has always professed to be. In response to the angry backlash they have faced over the last few weeks, CEO Drew Houston commented:

“There’s nothing more important to us than keeping your stuff safe and secure. It’s why we’ve been fighting for transparency and government surveillance reform, and why we’ve been vocal and public with our principles and values.

We should have been clearer that none of this is going to change with Dr. Rice’s appointment to our Board. Our commitment to your rights and your privacy is at the heart of every decision we make, and this will continue.”

They’ve stuck to their guns, but whether or not this statement will be enough to appease or reassure Dropbox users is yet to be seen. Unfortunately, with services like Dropbox, we only tend to find out about any snooping once a data leak makes it into the press and the damage is already done.

There aren’t many ways around it, either. Aside from paying for expensive, private cloud storage that ensures encryption of data, you don’t have much choice but to leave security in the hands of your cloud storage provider. We can’t stress how important it is to read the privacy policy for services like Dropbox to know exactly where you stand in terms of data protection. Any service provider that handles your data should be totally transparent about how it is stored and who has access to it. Our privacy policy is readily available on the BuddyBackup website, and includes details on the methods of encryption we use when transferring your data from one buddy to another as well as what access we have to it (none).

A final piece of advice would be to store any sensitive information locally rather than in the cloud, and use a service like BuddyBackup to securely back it up to a trusted friend, relative or a second PC. That way you know exactly where your data is, and who has access to it, at all times.

Author: Cassie Holmes, BuddyBackup

Will a mobile “kill switch” be the death of smartphone theft?

March 19, 2014

ImageLast month, the US proposed a new law: the Smartphone Theft Prevention Act. The bill attempts to address the growing problem of mobile phone theft, which is currently costing consumers over $30bn annually in the states alone, by installing a “kill switch” onto all smartphones.

Not only is your phone being pinched a massive inconvenience (and potentially pretty costly) but there’s also the chance that your personal data gets into the wrong hands. So could the answer to our woes be a remotely transmitted kill message, rendering the device useless if triggered?

Obviously its purpose is to protect us as consumers, but that kind of judicial power could so easily be abused once the infrastructure is up and running. What if the system was cracked by hackers, who could then quite easily disable huge numbers of smartphones at a time?

It would be damaging enough if it were just consumers affected, but imagine if hackers targeted groups like the emergency services or the Ministry of Defence. The consequences would be catastrophic. The process could be designed to be reversible, but if hackers are smart enough to crack the system in the first place they would surely have no problem getting around that.

And so the mobile industry finds itself at a crossroad. Providers have so far been hesitant to employ such drastic tactics, suggesting the use of less invasive software tracking and data erasure options instead. Apple already has a similar function available on their smartphones, but at the moment you have to opt-in to activate it. If this bill passes, it would mean the kill switch was automatically activated on devices and consumers would have to opt-out in order to bypass it.

It seems that the price we’re paying to protect ourselves against today’s cyber criminals is growing. We’re ending up losing the control over our data that we were trying so hard to hold on to in the first place. The key to moving forward is going to be in finding a balance between security and control –whilst simultaneously driving crime figures down.

At BuddyBackup, we’re obviously very passionate about protecting your data by backing it up to another device, just in case disaster strikes. We’re more dependent on our smartphones than ever before – they pretty much contain our entire identity these days. While BuddyBackup doesn’t currently support mobile devices, there are apps out there that do and we’d strongly recommend checking them out.


Author: Cassie Holmes, BuddyBackup

Intrusive technology: Is 2014 the year the consumer puts its foot down?

February 3, 2014


It’s no secret that technology is evolving at a rapid pace. It gives us an incredible amount of choice, and enables us to do much more with much less. But an increasing number of privacy scandals in the media has prompted consumers to question if they’re actually becoming victims of the technology they can’t live without.

2014 sees us on the edge of a dilemma: is this the year the public puts its foot down and demands more privacy and tighter regulation, or are we OK with giving away our information as long as we get something worthwhile in return?

Towards the end of last year, supermarket giant Tesco announced it would be installing facial recognition screens to its petrol stations that would scan the eyes of queuing customers to distinguish age and gender, as well as monitor customer purchases. Using this information, as well as other contributing factors like time and date, Tesco can tailor the digital ads a customer sees in-store.

A step too far?

Some argue that this is a milestone advance in the way we create and consume advertising. By learning more about us, companies are able to provide us with more relevant information and create a more enjoyable shopping experience. Fair enough. But how much are we willing to give away in this trade-off? There is an entire personal profile of each of us sitting in a big database somewhere, and we have no choice but to trust that companies are using this for our benefit.

Facebook recently admitted they not only track and analyse user clicks, but also their mouse movements, in order to create the most intuitive on-screen experience. And although Google maintain that they have always operated transparently, it’s only recently that the intrusive nature of their email scanning has fully entered the public domain. Even though these internet giants state they don’t use “sensitive” information for advertising, this still seems like a step too far. We’re nearing ever closer to the line between justified market research, to an invasion of privacy, to just downright creepy. The problem is: who decides where that line is? Google’s mantra is “don’t be evil”, which seems noble enough. But why do they get to decide? People are starting to make their own minds up on the matter.

The backlash is imminent

Figures from Databarracks’ 2013 Data Health Check show that nearly two thirds (64%) of UK organisations have started restricting employee use of cloud services like Dropbox and iCloud for fears of security issues, and it’s just a matter of time before consumers start regulating their personal use too.

The recent increase in media attention on the subject of privacy has made us more aware of the risks of sharing information online. At BuddyBackup, we tend to hear from a lot of people who feel much more comfortable sharing their data with family or friends, or setting up their own system, rather than relying on a third party service.  Even so, the most common questions we receive are about how we handle data and what information we need to hold in order to be able to connect one Buddy to another. Consumers are becoming more proactive than ever in restricting what companies can share, as well as backing up and encrypting what is stored on personal devices.

While we can control what we share online for the most part, intrusive technologies like facial recognition and email scanning can’t be opted out of, unless the service is boycotted completely. Consumers don’t want to sacrifice personal information for good service – companies either have to increase transparency of the way they collect and use our data, or face the imminent backlash of the more privacy-savvy customer in 2014.

Author: Cassie Holmes, BuddyBackup

Your New Year’s resolution cheat-sheet

January 7, 2014


New year, new you, right? It’s that time of year again where we all swear blindly that we’re going to drink less alcohol, lose 2 stone, and go to the gym AT LEAST 3 times a week. But how long does anyone actually keep these promises to themselves? Not long, apparently. It’s the 6th of January, and already the appeal of the leftover Christmas chocolates is starting to grow.

Getting fit, losing weight and being more organised all topped the list of most common New Year’s resolutions for 2014. But a study by British psychologist Richard Wiseman suggests that about 88% of us will break our resolutions at some point before the year is out. Research says that we’re trying to do too much, and our poor over-worked brains can’t cope. By overloading our pre-frontal cortex with so many rules and restrictions, we’re actually lowering our ability to self-regulate. Hence, the inflated allure of that tin of Quality Street.

So maybe we need to break things down a bit, and just keep it simple.

Get fit

For most people, going to the gym every day is unrealistic. We have work, uni, a social life, and honestly, sometimes we just can’t be bothered. And that’s OK – we shouldn’t beat ourselves up about being human. Instead of feeling guilty about not working out every day, aim to put aside about 2 hours a week for exercise. No one is too busy to find 2 hours. It doesn’t matter how you spend it – whether you fit in a 20 minute jog every day, join a class at the gym or even do a fitness DVD in your living room a couple of times a week – you’ll feel better for it.

Lose weight

As the saying goes, you get fit in the gym but you lose weight in the kitchen (or something like that). Small changes make a huge difference when it comes to food and it’s important not to deprive yourself. Starving yourself will just lead to sugar cravings and when you inevitably cave in; your body will immediately store all that sugar as fat. Swapping your daily sandwich from white bread to wholewheat, frozen yoghurt instead of ice-cream, nuts instead of crisps – all of these things will slowly start to make a difference without feeling like you’re missing out, and without any food guilt.

Be more organised

Getting organised is easier said than done, and it usually starts off well. You write lists and you swear to meet every deadline with time to spare, until the novelty wears off and you slip back into your old ways. It’s impossible to keep on top of everything, but if there’s one thing every unorganised person should do this year, it’s take control of their digital life.

There’s nothing worse than your laptop crashing and you losing everything – photos, films, that report you’ve spent a week writing. Installing a free, peer-to-peer, online backup program like BuddyBackup allows you to securely back up files to your “buddies” (anyone from friends and family, to your second PC). That way, the things that are most important to you – last semester’s projects or your financial records from 2013 – will be protected in the year ahead.


Author: Cassie Holmes, BuddyBackup

The Oculus Rift: virtual reality just got real

December 10, 2013

Oculus Rift

Virtual reality (VR) is on the brink of something pretty huge. The Oculus Rift is being dubbed the ultimate 3D gaming experience. The headset, created by virtual reality enthusiast Palmer Luckey, was designed specifically for the gaming community, but its impressive feature-set is proving far more versatile than that.

Its killer features include immersive stereoscopic 3D rendering, a massive field of view (allowing you to see up to 100 degrees around you as opposed to the 40 degrees most headsets currently offer), and ultra-low latency to allow for near-instant head tracking. You can imagine how this creates a pretty surreal experience, really putting the gamer “inside” of the game. But the benefits aren’t limited to gaming, and demand is growing in a whole host of other areas.

Take Computer Aided Design (CAD), for example. Just as with a game, the Rift allows designers to actually get inside of their designs, taking testing and development to a whole new level. Being immersed like this gives invaluable insight and the ability to fine tune at the design stage rather than building expensive prototypes.

In terms of price, the Rift is pretty reasonable when compared to existing headsets; meaning just about everyone can afford to get in on the action. The teaching profession are getting excited at the possibilities of integrating virtual reality into their lessons plans. Rather than reading about The Battle of Hastings, students can go back in time to experience it first-hand. Teachers are optimistic that by introducing technology more heavily into education, they can reignite students’ imaginations.

You can also to record your sessions and download the data to your PC, for future reference or further analysis. When we first started taking digital photos and downloading music, we had a sudden need for more storage. Now, with cloud computing, the storage possibilities are endless. As we become more dependent on all of this digital information, it’s important to remember to back it up. This is where BuddyBackup comes in.

You could back up using a third party service provider, or you could back it up for free to the people you trust the most. You don’t want to store your data with just anyone, and with BuddyBackup you don’t have to. Your “buddies” can be your closest friends, family, or even your work computer. As long as both PCs have the free software installed, your backups are stored securely. They’re fully encrypted too, so there’s no risk of anyone snooping about in your files.

Watch some of the funniest reactions to the Oculus Rift here.


Author: Cassie Holmes, BuddyBackup

Is your digital footprint stomping on your chance of career progression?

November 4, 2013

images (3)

You hear a lot these days about the dangers of hackers, cloners and spyware, and the risks they pose to your identity. But how much thought do you give to the information you voluntarily share online? Your digital footprint could pose more of a threat than you think.

We’re constantly being encouraged to be digital, to share our opinions on discussion boards, to post our photos on social media sites – but this freedom of speech can be very damaging to your personal and professional reputation. The state of California has recently introduced a law allowing teenagers to delete certain elements of their digital footprints, in the hopes of giving them a better chance of employment. But, with over a third of employers checking candidates’ social media sites during the interview process, surely it would just be better to prevent the need for damage control in the first place?

Keep track of your footprint

Search for yourself regularly online and browse the results. A lot of sites aren’t exactly forthcoming about their privacy policies – you’ll usually need to change your settings from the defaults in order to ensure your information is not searchable by anyone else. Keep on top of policy updates too, because more often than not you’ll have to opt out of new policies in order to protect your privacy.

Go through search results and remove yourself from directories and mailing lists that you may have inadvertently signed up to, as they could be storing personal information that is publicly accessible.

Use it to your advantage

Of course, the internet can be used to your advantage. You can create a positive online name for yourself that can enhance your chances of progression. Showcase your creativity by posting engaging content or interesting blog posts, so when employers search for you online, what they find are the musings of a knowledgeable and passionate employee.

Sites like LinkedIn and Twitter are the perfect place to do some professional networking. You can connect with colleagues and industry peers, contribute to online discussions, and create a strong profile that will stand out from the crowd. It’s a good idea to create separate accounts for personal and business use, so the pictures from your wild night out are kept hidden.

Don’t forget about it

Privacy policies are continually changing, and new ways of sharing information online are being developed all the time. Every time you sign up for a new site, or agree to be added to a mailing list, you are adding to your digital footprint. Every few months revisit your settings, and delete anything that you wouldn’t want your employer to see.

We are completely open with our privacy policy (if you want, you can have a read of it here!), and we will always notify our users of any changes that will affect them. Protecting the privacy of your data is a big factor, especially when using a cloud-based backup service, and so we try our best to prove security is our priority.

Ultimately, digital footprints are unavoidable; most people these days have one before they’re even born. But they’re not going anywhere, and they’re not something to be feared if you keep on top of them. Capitalise on yours and turn into your own unique selling point – it could become a unique tool for career progression.


Author: Cassie Holmes, Buddy Backup