Yesterday, an abrupt shutdown notice arrived in my mail from a favorite encrypted cloud storage service, Wuala.
Effective as of today, you will no longer be able to purchase storage or renew existing accounts. Full account service will continue through 30 September 2015, at which point all active accounts will shift to read-only mode. Effective Sunday, 15 November 2015, the Wuala cloud service will terminate.
In short, if you were a consumer or business relying upon Wuala to store and share your files, you’ve been given just over a month’s notice to make alternative arrangements.
Wuala is owned by LaCie, who in turn were acquired by parent company Seagate in 2012. Clearly, for whatever reason, the firm has decided to rethink its plans for offering cloud-based storage services.
One thing that crossed my mind for a moment, was whether Wuala might have fallen for a similar fate as other products and services which had encryption at their heart.
TrueCrypt, and Lavabit, for instance, shut down amongst concerns that they might no longer offer the protection and privacy that users might wish for, after receiving undue interest from law enforcement agencies keen for the secrets customers protect with the services to spill out.
I have no reason to believe that Wuala’s demise is anything more than a commercial decision by LaCie/Seagate, but I am left with no way to easily tell.
After all, *if* the shut down was because Wuala believed it no longer had a way to protect the privacy of users from the undue attention of surveillance agencies, how would it tell me if was also served with a gag order at the same time?
When a company receives a notice that they must share private information with a government entity, the notice is usually accompanied with a gag order that prohibits the company from mentioning that they have been forced to give up the information.
Wuala, unlike rivals such as SpiderOak, does not appear to have a warrant canary which (in its absence) could alert users that something peculiar was afoot.
A warrant canary, named after the canary taken to the coalface of the early days of mining.
Canaries are sensitive to carbon monoxide and other lethal gasses. If a canary in a coal mine stopped singing (and subsequently died), the miners knew that the air had become toxic, requiring immediate evacuation.
A clever method in use by some organizations to tacitly notify clients about any binding gag orders is to pre-emptively state that they have not been issued any such notice in the last few months.
Here is the current SpiderOak warrant canary page, for instance:
It may never be clear why Wuala decided to close down, but its rapid farewell can only make one wonder if there is the remotest chance, like others before it, that it preferred to close its doors rather than comply with a court-order to reveal its encryption keys.
Wuala is thankfully giving customers an opportunity to download their data, and is offering refunds to those customers who have paid in advance for the service. It is also recommending users that they might consider switching to a similar encrypted cloud storage service called Tresorit.
If you find a warrant canary on Tresorit’s site, let me know.