SpiderOak Review

SpiderOak One Backup is a US-based cloud storage service with a strong focus on privacy. 

In 2014 NSA whistleblower Edward Snowden urged Guardian readers to stop using Dropbox because it is hostile to privacy. He instead recommended using a zero-knowledge alternative and named SpiderOak. In this SpiderOak review, we find out why Edward Snowden, and others, recommend that you use spider Oak.

Our Score
3.5 / 5
$5.75 - $26.67
United Staes
Visit SpiderOak



  • Not open source
  • Based in the US
  • Mobile apps are not great
  • No 2FA


ONE Backup is SpiderOak’s consumer-focused product (an Enterprise version is also available). Different pricing plans relate solely to how much online storage is available. They otherwise share the same features, and can all be used on an unlimited number of devices.

A generous 21-day free trial is available, with an equally generous 250GB storage limit. Payment is made via credit or debit card. PayPal and cryptocurrencies are not supported, although it SpiderOak does accept pre-paid credit cards for those who do not wish to provide it with personal details.

Visit SpiderOak


  • Zero knowledge
  • End-to-end encrypted
  • Cross-platform apps (but limited on mobiles)
  • File versioning
  • File sharing support
  • Cross-platform folder synchronization (desktops only) 
  • OS integration (Windows only)

File versioning

ONE Backup retains historical versions of backed up files. Not only is this great for recovering documents which you have overwritten by mistake, but it allows Point-in-Time recovery of files and folders that become infected with malware.

File sharing support

ONE Backup makes it easy to share files with others. This can be done through its ShareRoom feature which creates a shared folder, or via creating temporary, self-destructing links to individual files.


The desktop client is available for Windows, macOS, and Linux (Deb, RPP and Tarball). A mobile app is also available Android and iOS, although this has greatly reduced functionality. Backups can also be accessed and managed via a web interface from any browser (including mobile). 

OS integration

This feature adds right-click menu options for SpiderOak One in Windows. 

Spider Oak One OS integration

Privacy and security


SpiderOak is a US company which stores backed-up data on servers located in the United States. The US is a terrible place for online privacy, where it should be assumed that the NSA has access to all data stored in the country and all information held by companies located there.

The good news is, SpiderOak is also a zero-knowledge company that offers full end-to-end encryption of files backed-up to its servers. We’ll examine exactly what this all means in a moment, but it, in theory, it should make the fact of it being a US company irrelevant as it does not retain information that can compromise its users' privacy, or store data that can be accessed by the NSA.

Zero Knowledge

When using a ONE Backup app, SpiderOak is a zero-knowledge cloud provider. This means it knows nothing about the data your store, “not even your folder or filenames. On the server, we only see sequentially numbered containers of encrypted data.”

Data is encrypted and decrypted client-side by the apps on your devices only, with only you holding the encryption keys. ONE Backup thus offers true end-to-end encryption of your data. This is great, but there are some major caveats.

Only when using its apps

The first is that zero-knowledge only applies when using ONE Backup apps. When logging in via your browser you give your primary encryption key to SpiderOak’s servers.

SpiderOak promises to look after this key very carefully, but this does require a degree of trust in SpiderOak - both in its desire and its ability to keep your key safe.

Many will quite understandably consider the trade-off with convenience worth the loss in security, but those who require a true no-knowledge service, file management should always be performed using the app.

In fairness to SpiderOak, it does a good job of alerting users to this fact when they login to the web portal.

Desktop apps are not open source

Which brings us to the second issue. Trust. As far back as 2009, SpiderOak promised that it would move towards implementing only 100 percent open source code, but in 2024 the desktop client remains closed source.

The One Backup mobiles apps have been fully open source since 2016, and various other products by SpiderOak are also open source. But the One Backup desktop client, which is the heart of this product, is not.

As with any closed source product, this means there is no way to know for sure that it is doing what it is supposed to, and only what it is supposed to. We just have to trust SpiderOak, which is hard to do with a US company in light of Mr. Snowden’s NSA revelations.

Other issues

Although the zero-knowledge claim appears accurate in relation to using the ONE Backup service itself, users should be aware that the website logs visitors’ IP addresses and collects information on them using a variety of web trackers.

SpiderOak also (and quite understandably) keeps track of account payments, which are processed by third-party companies. We do not consider either of these issues to be a major concern for most users, but they are worth noting.

Technical security

Passwords are hashed with the PBKDF2 derivation function, which uses SHA256 and a minimum of 16384 rounds and 32 bytes of random data (salt).

Keys are unlocked with a password created using an AES-256-CFB cipher and HMAC SHA256 hash authentication.

Perfect forward secrecy ensures that data is encrypted with a new key for each file, folder, and a version of your files. This allows SpiderOak to back up multiple versions of the same file for file versioning, and for retrieval and recovery at a later date.

Traffic in transit is secured using TLS/SSL with Certificate Pinning to help prevent Man-in-the-Middle attacks.

The only thing to note is that that ONE Backup accounts cannot be secured using two-factor authentication (2FA), although this feature is promised in the future.

Visit SpiderOak

Ease of Use

To start using ONE Backup, simply download its desktop app for your platform and create an account. Note that when we first signed up for the service, storage was limited to just 2GB but this expanded to a 250GB trial account limit the next day. 

The Desktop app 

The first thing to do is assign which folders you would like backed up to the cloud. 

Spider Oak One desktop app

You can select (or create) one or more Hive folders which will be synced across all desktop computers with One Backup app installed. One of the easiest ways to share files is to create a shared folder (ShareRooms). Anyone with the correct link and password can access and modify files stored in it.  

Each time you save a file a new version is created, making it trivially easy to restore corrupted files or otherwise revert to an earlier version of the file. You can also create shareable links to individual files which automatically expire after three days.   

Manage documents in Spider Oak desktop app

We tried the desktop app on Windows, macOS, and Linux (Ubuntu), and it’s basically the same app. There is no OS Integration in macOS OS and Linux, however. 

Mobile (Android and iOS)

As with the desktop app, the mobile app is effectively identical across supported mobile platforms.

The first this to note is that the mobile app does not back up or synchronize files stored on your phone or tablet. You can download backed-up files and view your ShareRooms, but can do so only on a strictly read-only basis.

The apps, therefore, act as read-only accessory to what is primarily a desktop service.

Spider Oak One Mobile App

We also found the app rather slow and unresponsive a 2017 iPad and even on Samsung Galaxy 10+. We, therefore, have sympathy with the large number of complaints about this issue left on both the App Store and Play Store pages.


As already discussed, accessing your stored files via the web interface in your browser presents a (minor) security risk, but is undeniably useful in certain situations.   

Spider Oak One in Browser

With the web interface, you can download stored files, share files, and access Hive sync folders. What you can’t do, however, is upload files in any way.

Final thoughts

Despite Ed Snowden’s endorsement, being a US company plus using a closed source client for its core functionality is not a watertight combination when it comes to privacy.

Other than that, ONE Backup is a secure privacy-focused cloud backup service that does what it says on the tin. The desktop client is smart looking, intuitive to use, and matches the likes of Dropbox and Google Drive in terms of features undoubtedly much more private than these services.

We are somewhat disappointed by the mobile app, which is a read-only accessory to the main desktop service (and can be slow). This unlikely to be a major concern, however, for anyone primary looking for a secure desktop backup solution. 

Visit SpiderOak

0 User Reviews

Leave a Review

Your comment has been sent to the queue. It will appear shortly.

Thanks for your review!

Written by: Douglas Crawford

Has worked for almost six years as senior staff writer and resident tech and VPN industry expert at ProPrivacy.com. Widely quoted on issues relating cybersecurity and digital privacy in the UK national press (The Independent & Daily Mail Online) and international technology publications such as Ars Technica.

1 Comment

on August 10, 2021
I have been a customer of SpiderOak for some years, and have an unlimited account. It has always been a slow and CPU heavy system, sometimes taking hours to 'syndicate'. However, recently, I found my macbook becoming unusable due to 100% CPU for hours on end doing nothing. I tried reinstalling etc. to no avail, so asked support, followed their instructions and promptly lost just about all of the data out of the Hive (sync) folder. This has been repeated, it appears, across all my machines. So, firstly, if you want to use SpiderOak One Backup make sure you have all your data backed up, it cannot be trusted. Secondly, comlaining about this has resulted in an apparent stonewall from support so I am left with trying to sort it out for myself, at least temporarily until I find an alternative. So, if you are considering to use SpiderOak, consider carefully. The syndication process will flatten a macbook battery in under two hours and make it so hot you can't keep it on your lap. It's likely to go wrong at some point, and you WILL have to contact support (this is the 3rd or 4th time for me with a major issue). Support used to be good. Now they just seem to want rid of you if you have issues that are difficult to solve. I have an unlimited account and I wonder if that is something to do with it - they would rather allocate resources somewhere more profitable. Reviews like this one don't show what a service is really like. Long term use in different circumstances shows up the cracks and flaws, like I and others have experienced.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives: