Below are two incompatible statements made on the bitcasa faq:

Can I access my data from a web browser?

YES!!! Their statement is :

We have a web portal that provides you with secure access to your files over SSL. The web portal requires a browser that supports HTML5 to functional well.

Is my Cloudified data secure?

This is a big NO NO!!! Their statement is :

Yes, only you have access to your data. Bitcasa encrypts and decrypts your data on your computer before uploading to the Bitcasa system. Nobody at Bitcasa can see your data. We can't even see the filenames. All we see are blobs of encrypted data. We don't even know who owns them.

The reality: this statement is absolutely false. Because one can connect to the bitcasa portal, enter email and password, and then obtain full access to the files via a hash key. When returning to the site for a new session, you get the same hash key, and newly uploaded files have become visible.

This means that anybody having accessed the bitcasa portal once will leave in the logs both his login session data and the uri containing the hash key for every single folder, and that very single uri gives access to anything you own!!! Indeed obviously the login session can be faked by an attacker, who does not even need to know your actual password. Data transfered at login hence suffices.

Also note that bitcasa accesses the web to log in on your machine. So again from the server logs, the key that was generated from your password (I hope this at least is kept local) can be used later to decipher all your files. Note that in contrast to this, wuala does not require a connection to be active to log you in your local application.

So if you use Bitcasa, just NEVER access your data via the web portal, since there is no way currently to change your password afterwards. But even then, in the absence of further information from the Bitcasa team, and since Bitcasa enters a network login session each time you start it, very strong doubts exist that your data is safe at all.

Finally, it is worth mentioning that Bitcasa uses your very same password to generate the key that protects your data, to log you in on the portal, and to log you in their community forum.

A discussion involving Bitcasa representatives on this very precise subject currently is taking place here on the bitcasa community.

And Wuala ?

Wuala has no web access except for public folders, or folders that you decide to share using a key.

YOU decide!

Also note that wuala uses a mechanism to let you change your password, that does not require to re-encrypt all your data (your previous password gets encrypted with the new one)


Wuala does not claim for infiniteness of storage (maybe that it could be a little cheaper...) but seems to be definitely more secure.