Douglas Crawford

Douglas Crawford

August 26, 2014

Cloud backup services are big business these days (just check out our sister website BestBackups to get an idea of how many companies have jumped on this particular bandwagon), and following Edward Snowden’s NSA revelations there is increasing demand for online data storage solutions that don’t either spy on your data for advertising purposes, hand it over to the NSA (or other government agency), or otherwise spy on the data stored there.

Zoolz, a company which boasts Microsoft, Dell, the BBC and the Washington Post as customers, is one such, promising users that,

Zoolz is designed to process and protect your data with zero knowledge and with the highest security, durability, and availability out there’, and ‘your files will be processed with zero knowledge and even if the company was held at gunpoint to release your data it will still be in its encrypted form.

It also promises end-to-end encryption,

Zoolz encrypts your files before they leave your machine, securely transfers your files, and stores them on encrypted servers using military grade 256 AES Encryption.

Well, a customer by the name of Ryan Gallagher had his Zoolz account cancelled after the company discovered some old .torrent files (not any actual infringing material) among his backed up data. The result was an immediate termination of his backup plan, with a one week timeframe to remove data from his account before it was deleted,

My account and all data (1.3TB) was nuked, they would not budge on deleting specific ‘prohibited file names’ saying they had no way to do it. It’s a complete waste of time and bandwidth.

Hidden away deep within Zoolz’s ToS Product Agreement is the following justification for this action,

‘If Metadata checking (i.e. file names) reveals that an account has content relating to video piracy, software piracy or any copyrighted data with the intent to distribute (i.e. torrents) the account will be immediately terminated.

Um – how exactly is ‘metadata checking’ (filenames, not actual data it should be stressed) in any way ‘zero knowledge’? It also means that when the data is being encrypted client-side, the software is sending this metadata to Zoolz!

When Geoff Akerlunk of the Backup Review website questioned Zoolz over the incident, the company actually accused him of supporting illegal behavior,

We are sad to see you side with illegal behavior, the torrents could mean that the user has the actual media files, and downloading any media file without any proof of ownership is considered illegal.

When TorrentFreak published a highly critical article on this subject, Zoolz responded with the following statement (a similar statement was sent to Akerlunk),

The flagging system is a deviation of the zero-knowledge policy only applicable to abusive home user accounts, not business users. It is completely automated at the time the abuser accesses the files from the web after entering the encryption password. The system will flag any account with suspicious bandwidth use, multiple access from different locations and will only scan for illegal filenames and not actual data. In rare cases the flagging system could generate false positive and we are currently working enhancing this and increasing the grace period. We have tens of thousands of home users who are happily using the system legally and the scanner has never been triggered on their accounts.

So the service is zero knowledge until Zoolz decides it isn’t? AVOID AVOID AVOID!!!!!

Douglas Crawford
August 26th, 2014

I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. You can now follow me on Twitter - @douglasjcrawf.

24 responses to “Avoid Zoolz backup service if you value privacy

  1. Just installed zoolz but my AVG caught zoolz.exe trying to “modify/delete” a csv text document containing bitcoin addresses. They are apparently trying to make me deposit to a criminal’s bitcoin wallet when I thought I was depositing to my own! VERY BAD for zoolz

    1. Hi Jeff,

      Yikes! That is even worse behavior than discussed in this article. Yes – avoid Zoolz!!!

  2. BOYCOTT BOYCOTT BOYCOTT AND THEN BOYCOTT AGAIN
    ALL BUSINESSES LIKE ZOOZL WHICH MAKE FALSE PROMISES AND THEN BAIT AND SWITCH FORSAKING TOTALLY THEIR CUSTOMERS AND THE PROMISES THEY MADE TO THEM AS IF WE OWE THEM OUR BUSINESS.
    PAY NEVER IN ADVANCE BUNDLE OFFERS AND BIG PACKAGES FOR MORE MONTHS OF SUBSCRIPTIONS OR EVEN LIFETIME TYPES OF SCAM BUT TRY MONTH TO MONTH SERVICE WITH NO CONTRACT AND SEE HOW IT GOES SO YOU HAVE THE UPPER HAND ON THEM AND CANCEL SERVICE AND STOP ANYTIME GIVING THEM YOUR BUSINESS.

  3. Zoolz Absolutely Awful. Their service shut down my computer 3 times. I asked for refund they never gave one, their customer service is beyond bad and I would recommend anything except them. I am STILL awaiting a refund when I used the product for 2 hours (while it corrupted my pc!) and now paypal assisting. Pirates. Avoid. Then they pretend on forums like this they will help and they do not. Thieves and pirates. Refund me!

Leave a Reply

Your email address will not be published. Required fields are marked *