Your data is YOUR data
One of the things that we think separates Jungle Disk from every other online storage provider out there is the transparency with which we handle your data.
When you use Jungle Disk, your files are stored on Amazon.com’s servers using S3, an open web-service based API. They never touch our servers, and we have no idea what (or how much) data you are storing. Access to your data on S3 is restricted at all times by your AWS Secret Key which is never sent to us or any other user. By default, all of your data is encrypted before it leaves your computer, and stays encrypted while stored. For users who prefer to forgo this step, encryption can be disabled.
To further re-enforce the idea that you are in control of your data, we have made available open source code that can be used to browse and download your data without even using Jungle Disk. In addition, we hope that other authors creating S3 utilities will make use of the code to become Jungle Disk-compatible.
Choosing to store your personal data online is always going to be a tough decision. We want to do everything possible to reassure our users that they are in control of their data at all times.
Subscribe to our feed
Taro said,
May 20, 2006 @ 3:19 am
“all of your data is encrypted before it leaves your computer, and stays encrypted while stored”
NICE! But how is it “encrypted”? Too simple to crack 128 bit encryption? What method? What level encryption?
Jungle Dave said,
May 20, 2006 @ 11:06 am
Source code that demonstrates how the encryption is done is available for download on the Jungle Disk downloads page.
More specifically, Jungle Disk uses 128-bit RC4 encryption with a unique key per file. I’m not sure why you would consider 128-bit encryption insecure - that is a considered a strong key length for a symmetric algorithm. Note that public key lengths are a different story, and 1024 or 2048 bit is considered the least length for a secure key. Jungle Disk does not use public key encryption.
xpnctoc said,
June 16, 2007 @ 6:02 am
Just to add to what Jungle Dave said, if you’re really so uncomfortable with Jungle’s encryption, then you could use other backup software. I’ve found that JungleDisk, when mapping to a drive letter (WinXP), allows other backup software to make/recover backups to/from S3, even if they don’t have native S3 support. So you can use any backup software that employs your preferred encryption method.
The only thing you have to watch out for is that JungleDisk’s encryption seems to interfere with some backup software’s index files. Not sure why this should be, but once I disabled JD encryption, the backup software worked fine. But that’s OK. My files were still secure because the software was using 448-bit Blowfish encryption, and I don’t think I need JD to encrypt the encrypted files.
Bill Fruth said,
July 29, 2007 @ 1:22 am
I don’t really need S3 or JD for backup, but would consider it for online storage - to replace MediaMax / Streamload, which seems to be beyond repair. I won’t consider testing the service unless I can link to the files on S3 via HTTP.
In your FAQ there is the statement “are considering supporting “public” buckets in a future release that will allow you to upload unencrypted files that can be downloaded via standard HTTP”, but in this thread xpnctoc wrote on June 16 that he was able to disable JD encryption.
So, which is it?
One other question - I just found about your service this weekend, and the forum link has been broken each time I’ve tried. Is this a short term problem?
Bill Fruth
Jungle Dave said,
July 29, 2007 @ 6:45 am
The software does allow files to be uploaded unencrypted (and always has), however it does not currently have a feature for making a file or bucket public.
This could be done with a 3rd party S3 tool for an ambitious user, but it’s not quite a simple task yet. We are still planning on offering that in the future.
Regarding the forum issue - there was a DNS change that was causing issues. It’s fixed now, but may take a little while to propogate due to DNS caching.