Avoid Zoolz backup service if you value privacy

Cloud backup services are big business these days (just check out our sister website BestBackups to get an idea of how many companies have jumped on this particular bandwagon), and following Edward Snowden’s NSA revelations there is increasing demand for online data storage solutions that don’t either spy on your data for advertising purposes, hand it over to the NSA (or other government agency), or otherwise spy on the data stored there.

Zoolz, a company which boasts Microsoft, Dell, the BBC and the Washington Post as customers, is one such, promising users that,

Zoolz is designed to process and protect your data with zero knowledge and with the highest security, durability, and availability out there’, and ‘your files will be processed with zero knowledge and even if the company was held at gunpoint to release your data it will still be in its encrypted form.

It also promises end-to-end encryption,

Zoolz encrypts your files before they leave your machine, securely transfers your files, and stores them on encrypted servers using military grade 256 AES Encryption.

Well, a customer by the name of Ryan Gallagher had his Zoolz account cancelled after the company discovered some old .torrent files (not any actual infringing material) among his backed up data. The result was an immediate termination of his backup plan, with a one week timeframe to remove data from his account before it was deleted,

My account and all data (1.3TB) was nuked, they would not budge on deleting specific ‘prohibited file names’ saying they had no way to do it. It’s a complete waste of time and bandwidth.

Hidden away deep within Zoolz’s ToS Product Agreement is the following justification for this action,

‘If Metadata checking (i.e. file names) reveals that an account has content relating to video piracy, software piracy or any copyrighted data with the intent to distribute (i.e. torrents) the account will be immediately terminated.

Um – how exactly is ‘metadata checking’ (filenames, not actual data it should be stressed) in any way ‘zero knowledge’? It also means that when the data is being encrypted client-side, the software is sending this metadata to Zoolz!

When Geoff Akerlunk of the Backup Review website questioned Zoolz over the incident, the company actually accused him of supporting illegal behavior,

We are sad to see you side with illegal behavior, the torrents could mean that the user has the actual media files, and downloading any media file without any proof of ownership is considered illegal.

When TorrentFreak published a highly critical article on this subject, Zoolz responded with the following statement (a similar statement was sent to Akerlunk),

The flagging system is a deviation of the zero-knowledge policy only applicable to abusive home user accounts, not business users. It is completely automated at the time the abuser accesses the files from the web after entering the encryption password. The system will flag any account with suspicious bandwidth use, multiple access from different locations and will only scan for illegal filenames and not actual data. In rare cases the flagging system could generate false positive and we are currently working enhancing this and increasing the grace period. We have tens of thousands of home users who are happily using the system legally and the scanner has never been triggered on their accounts.

So the service is zero knowledge until Zoolz decides it isn’t? AVOID AVOID AVOID!!!!!

Douglas Crawford I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. Find me on Google+

Related Coverage

13 responses to “Avoid Zoolz backup service if you value privacy

  1. Keep well away from this business, it’s not just your privacy at risk!!!

    I had an account with them for little under a year, they managed to make a complete mess of 5 TBs of data on their Business plan at my cost. The support is next to useless, and the tool does not deliver on performance for downloads or uploads. But what most worried me was exactly how safe are my documents were so I did some research and found out this is not actually a UK business, these people are based in the middle-east in Jordan of all places, which is why I moved what documents I could retrieve to a new provider called Datacastle RED who I checked out before signing up to their business plan.

    If you value your privacy and electronic documents then keep well away from this smoke and mirrors business!

  2. Stay FAR FAR away and DO NOT TRUST ZOOLZ. Complete scam. We started with an unlimited plan for $60/year, and they jacked it up to $1620 after 2 years, literally holding 5TB of data hostage unless we paid (though kindly offering a 40% discount – WTF). Absolutely unbelievable, and probably illegal. Who knows how much they would charge to actually restore a lost backup. Please spread the word- this company is BAD NEWS.

  3. I’ve had a pretty bad experience with Zoolz. I wish I could complain about them making intrusions into my privacy but I simply can’t get the service to work. I contacted customer support but they’re useless. Not only that, I discovered after signing up that it takes 3 to 5 hours to view any documents uploaded (if I was able to upload at all!). This is not a great option if you’re searching for a missing file in a hurry. Having paid my subscription my only recourse is to cancel the recurring payment on Paypal and opt for another provider.

  4. You article not fair!!!!
    I know many people are using it , and all are happy, if you upload illegal content , you should be suspended!

    1. Hi Mo,

      That is completely missing the point – if a service that claims to be ‘zero knowledge’ then it should have no ability to determine if files are illegal. It is therefore lying about being zero knowledge…

  5. I download a lot of stuff from torrents — a fair bit of it illegally — and I’m generally not apologetic about it. So much of what I download is not available commercially or is locked into a particular ecosystem that I don’t feel bad about downloading it.

    My problem with Zoolz position is that they’ve arbitrarily decided to make themselves the arbiters of what data is fit for me to download. And why should they care? If I have paid them to store my bits, they shouldn’t give a rip what pattern those bits came in. Their position would be like a cab company saying they won’t give rides to men who are going to visit their mistresses. If the men pay for their rides, why should the cab drivers care why you’re going where?

    Ultimately, however, I had the Zoolz service for a year and it was practically useless to me anyway. It would scan my folders, upload a few files and stop. I would reset the service using the information in their FAQ and restart the process. Then it would re-scan, upload a few more files, and then stop. For the TB of data that I was trying to upload, this process would never have worked for me. Too bad too — there aren’t many providers who will back up and store offline data.

    Then again, once they found out how many torrents I had downloaded, they probably would have banned me anyway.

  6. From the Zoolz wiki (http://wiki.zoolz.com/index.php/how-secure-is-zoolz/): “Like most online services, we have a small number of employees who must be able to access user’s metadata (e.g., file names and locations) for the reasons stated in our privacy policy (e.g., when legally required to do so).”

    This is not zero knowledge. Too bad, since the service seems good, except for this major false claim.

  7. Douglas, dont know zoolz, but i checked their response and seems fine!!! to be honest, dropbox, mozy, just cloud, everybody knows your filenames and if you share or download a torrent they stop you, the guy was storing torrents!!, i used to use just cloud before and they stopped my service for same reason!!!, and if you check the web you will see so many complains about it, also box, dropbox, mozy, crashplan, they all stop your account if you store, share or download torrents!!!, simply if you store torrents, dont use the cloud
    Just to be far

    1. Hi Dani,

      If I was using a service such as Dropbox, JustCloud, etc., I would expect filenames to be scanned, and myself banned if found uploading .torrent files. Zoolz however (its very name means Zero Knowledge incidentally), promises full end-to-end encryption with zero knowledge of what customers upload. Scanning uploaded filenames 100% contradicts this claim (knowing what filenames are being uploaded constitutes a great deal of knowledge), making the service absolutely not suitable for those who want a zero knowledge cloud storage solution… That Zoolz is so blatantly misleading about what the service provides reflects poorly IMHO on its general trustworthiness…

Leave a Reply

Your email address will not be published. Required fields are marked *