Even if you don't access their site again, they still have your password in plaintext long enough to make a hash for the webserver to use. If you do ever use their site again (which many people might do: for instance, their site is the only way to buy more space), the login page on their site is a simple POST for the submission of the password so it's easy enough to snatch it there if they were compelled to. That's not even getting into their use of a closed source server and client and unverified crypto implementations (they toss out nice buzzwords on the site you mention, but you don't get to see how they implemented them).

I don't care about taking this up with them, as they have no real reason to address anything. I don't use their service for secure data storage. They state on their site that they are secure with "zero knowledge" and people give them money and post exaggerated inaccuracies about their 1337 security online. It sounds like a great business model to me.

I just want to make sure that everybody uses a little critical thinking when deciding to trust a third party with their data. The fact that their design has holes in it needs to weigh into the decision to use them, even though it's compelling to think that they're a champion for your online privacy.

That's an odd thing to say, since it's demonstrably not true. I just set up a new account with them, picked a password of "1" (which didn't didn't set off any warnings, even though that is the sole secret protecting all of the data), then logged into the website with that password.

Furthermore, you can't change one password separately from the other. As listed on their site:

"In the past, soda and its various strains have been related to depression, irritability, aggression, suicidal thoughts, and delusions of sweepstake-winning grandeur."
http://www.snopes.com/medical/toxins/aspartame.asp
I mean really people, Slashdot editor Soulskill you have reached a new low for Slashdot.

Among many other things, death entails a complete lack of power.

SpiderOak derives your key from (only) the password that you log into the website with. That password is also stored as a hash on their webserver. Make sure you choose a good password, because that few bits of entropy are all that are protecting your data, and it's very probable that the NSA have ever-growing rainbow tables to bypass the hash.

But really, like all third parties, you have to take SpiderOak's claims at face value and decide whether you really want to trust a third party with sensitive data. You have to trust that their security implementations and policies are well-designed and followed properly. You have to trust that they will not cooperate with other agencies and betray you, which they could easily do without you knowing.

For example, you claim that "They. Don't. Have. The. KEY." but they could easily get it without your knowledge. They could capture the password as you enter it into their website or the client and then "They. Would. Have. The. KEY." If they were compelled to do so, as perhaps Lavabit was, then your data would no longer be secure and you wouldn't even know it.

If a CA issued a phony certificate for SpiderOak.com or the NSA got the private keys for the website, they could intercept the password when you log in and then "They. Would. Have. The. KEY."

I have no beef with SpiderOak (except that they aren't terrible upfront about the use of key derivation and reuse of the website password for it), but ultimately you are responsible for your own security and trusting a third party to do it for you (and trusting their unverified claims) does not clear you of that responsibility.

I find a little about myself, but it's mostly stuff that I deliberately put out there, papers I've published, projects I've been involved with. There are some usenet discussions from when I was a kid, but they're all technical and innocuous.

I'm vastly overshadowed by a couple of artists who share my name, though. They're pretty good, so I'm ok with that. I find that it adds a little mystery to the results people get from searching with me. One of the artists is a little loopy, though, so I guess this'll backfire when he starts painting with menstrual blood or something.

Which is scummy, to be sure, but doesn't sound anything like OP's hyperbolic scenario of doom.

That sounds very grand and sinister, but it doesn't actually say much. Care to give some examples?

We're talking about advertising here, not actual purchases. Now, I have no doubt that advertising can influence people to buy things they normally wouldn't buy, or buy Brand Y when they'd normally buy Brand X, and that the first links to come up in a Google search are the ones that most of the time ultimately lead to money changing hands--but no one is actually eliminating choices with targeted ads, for God's sake. Buyers still have the choice to find what they actually want.

If people can live for a thousand years, interstellar travel becomes easier.

Interstellar travel accelerates aging, and thus it must be regarded as a disease not a cure. Besides, you'll be among the five billion people employed in sequestering all radiological sources in the earth's mantle into some deep pit in Nevada. If you survive your 10,000 years term of service at this biologically hazardous occupation, with luck and good behaviour you'll be eligible to take out the one billion dollar mortgage on a 400 sq ft condominium of your very own somewhere in free-wheeling Singapore a full fifty floors above the prison levels exposed to god-knows-what in the lower atmosphere.

You wake up in the garage at 2 AM.

"Car, was it interesting?"

(in Siri-like voice) "Yes. It. Was. Interesting".

"Car, why does it smell like 10W 40 in here?"

"I do not know. What. You are talking. About".

Correct me if I am wrong, but shinkansen sets designed for 320kmh operation typically do not exceed 300kmh, for noise reasons.

I am afraid that we are limited by noise complaints with "conventional" high speed rail. This could be a huge advantage of hyperloop -- it should be very quiet, I suspect.

Maybe you didn't realize it; but you've given us a rather succinct re-telling of the Mexican fisherman story