Sarah currently works as a writer for TechCrunch, after having previously spent over three years at ReadWriteWeb. Prior to becoming a professional blogger, Sarah worked in I.T. across a number of industries, including banking, retail and software. → Learn More
TechCrunch Disrupt finalist Bitcasa, a new cloud storage provider, was met with a healthy dose of skepticism last week when it claimed to be able to provide “infinite storage.” How does it do that? It can’t do what it promises! That’s not how encryption works! And so on. VC firm Andreessen Horowitz, along with First Round Capital, Pelion Venture Partners, and TechCrunch founder Michael Arrington’s CrunchFund have invested $1.3 million in the technology, which seems to suggest there’s valuable IP behind the startup’s overly broad promises of cheap, infinite and secure storage.
My initial review of the startup was generally positive because, by all descriptions, it’s doing something innovative and new. While we raised a few general questions (does it slow you down?, will it scale?), it’s hard to review something without going hands-on. For that matter, describing the way the technology works was perhaps overly simplified. For those of you with interest in deeper technical details, here they are (well, it’s a start, at least…).
As a finalist, Bitcasa got drilled by knowledgeable judges including Ron Conway, Hadi Partovi, Marissa Mayer, Roelof Botha, Matthew Cohler and Arrington.
Like you, he wanted to know how Bitcasa’s encryption worked.
To see how Bitcasa CEO Tony Gauda answered those questions, scroll to minute 11:48 of the video at the bottom of the post. But his main explanation is that Bitcasa takes advantage of a technique called convergent encryption, which he explains towards the end before being cut off.
Here’s the transcript of the relevant portion of the conversation.
HP: What do you do in terms of encryption or security?
TG: We encrypt everything on the client side. We use AES-256 hash, SHA-256 hashing for all the data.
HP: So it’s encrypted all on the client side and you can’t look at it on the server side?
TG: Exactly.
HP: So if I upload a file and Marissa uploads the same file, do you store two different copies of that or one?
TG: No, we do de-duplication on the server side. So we actually determine on the server side if it’s there, and if it’s already there, we don’t have to upload it again.
HP: But how do you do that…if it’s encrypted and you don’t have the key?
TG: There’s an academic paper called Convergent Encryption. This is actually something that’s been known for many years in the encryption community. But what we actually do is…we don’t encrypt it in the way that you think we’re doing it….There’s other ways to do it.
HP, giving a weird look: OK.
(Audience giggles.)
Paul Carr: I think the audience would like to know a little more about that…what does that mean?
TG: OK, so convergent encryption….what happens is when you encrypt data, I have a key and you have a key. And let’s say that that these are completely different. Let’s say that we both have the exact same file. I encrypt it with my key and you encrypt it with your key. Now the data looks completely different because the encryption keys are different. Well, what happens if you actually derive the key from the data itself? Now we both have the exact same encryption key and we can de-dupe on the server side.
(Microphone gets really loud at the end).
TG: See how powerful that was? That was powerful!
(Audience laughs).
TG: This is convergent encryption. We didn’t invent this. We invented all types of other things to make this thing awesome. There’s been a lot of talk about “hey, how do you do this?” And the trolls are coming out on Slashdot…
Paul Carr: OK, stop pitching.
A pick out of thousands of applicants, the first round, and now they're here in the finals. So please bring out, onto the stage for one last time, Tony Gauda and Joe Andren from Bitcasa. Good afternoon.
Hello.
Good afternoon. I am Tony Gauda, a co-founder and CEO of Bitcasa. I've been doing software development since I was about eight years old. I did a five-year stint at MasterCard, where I designed AI powered fraud prediction systems for the Credit and debit industries.
My other two co-founders are Kevin Blackam, who actually spent several years at Mosey EMCVM Ware and scaled their infrastructure from two petabytes to almost a hundred petabytes. My other co-founder is Joel Andren, who's worked at several VC-backed start ups in the San Francisco area, in both business development and community development capacities.
So on Monday we revealed our passion, our vision, our dream to the world, and the world responded in an overwhelming fashion. Over 50 thousand people agreed that the current storage paradigm is broken. We received phenomenal responses from people all over the world and it just makes us feel wonderful that that they understand exactly what we're trying to do and we're just really excited about it.
So what is everybody excited about? Well, people love their data, you know, it's, you know the iPads, the desktops, the laptops. Those are cool but, what's most important are our pictures, our videos, our photos; the things that we cherish. And, because of this we're undergoing exponential growth in the consumer storage market.
We're constantly looking for new ways to sink, to share, to back up, keep our most precious memories private. What does all this mean? Well, you're constantly looking Sorry. What this means is that either you are going to run out of space eventually and you're going to start the whole paradigm all over again.
We think, we think that this fundamentally is broken. What if you could access all of your data, all of it, whenever you want it, wherever you want to access it from? What if you never had to worry about storage again? What if your desktop had infinite capacity? That's the Bitcasa promise. So if you... you'll notice something strange about this finder window.
You see it? Seventeen point five nine terabytes of space available. That's not the new Mac-book Air, that's Bitcasa, and that's the largest number that this operating system will display. This desktop is infinite. The folder is infinite. This PC has limitless capacity. Bitcasa actually virtualizes the complete file system.
We stream your data, all of it, to and from the cloud in real time, automatically. It works in the background. You don't have to worry about anything.
So what about videos. That's something that a large file, it's got to be slow, for that right? That's pretty fast. What about seeking? That's interesting. But, you know what's better than one HD video playing? Two HD videos display at the same time. So, that's interesting. So, what does this mean?
Well, you can buy a new laptop, access all of the data from your old laptop without having to copy anything. Never have to worry about USB drives, never have to worry about to and from yourself. You can share any size folder to... with anyone. Just right click on it, email it to them, they click on it, and it opens up as a folder on their desktop, it's completely integrated into the operating system.
And of course... it 's a 100 percent safe. Everything is stored in a data center that's 1,000 times more reliable than your laptop is today. You never have to worry about losing another bit of data. So I know what you're thinking: "What's the catch? There has to be something going on". It's not. It's only $10 a month.
Infinite storage. Never worry about losing another bit of data. We have a premium model that's less than infinite, but you don't have to worry about it. Bitcasa is free for everyone for the beta process. Go to www.bitcasa.com, register and download the software. We're having a great conversation with consumers there's a phenomenal response from the community, really excited about it.
We are hiring. We are looking for phenomenal engineers. Thank you. Bitcasa. Mike, you tweeted two days ago, Bitcasa is a game changer unless they screw up. Can you expand on that?
They're going to win unless they don't. I -
That's a fair point.
I'll say this. There are three investors of DropBox on stage, or maybe two, depending on what Matt's position is. I would actually, I think, you know...
You want the DropBox in? Okay. You're a drop box investor, jump on in.
Well, I'd at least like to say myself and Sequoya are certainly investors.
Okay. You can ask some question, yeah, yeah, so basically ask, yeah, each judge will get a chance to ask questions or...
This is a DropBox related question. Other than infinite storage. I love the things you said about it, is the microphone not on? So my question I guess, if I am a Drop box investor and I'm a huge believer in sort of what you said about not worrying about where your files are, not worrying about storage ever again, I guess how will you grow your user base given there is a company like Drop box offering that vision and with significant attraction among consumers.
I think our very, I think our value proposition is fundamentally different. Drop box allows people to access their data by capping it to multiple different devices. What we offer is a managed storage platform for consumers. We're offering infinite storage because we're actually taking the data, we're saving it in the cloud, and we're streaming it real time to all your devices.
So it's not really a sync paradigm... it's a 'we are your new hard-drive'. The network as the hard drive. Your desktop is nothing but cache.
But what does a user see that's different, other than the infiniteness?
They, they never have to worry about losing their data again. They're, there are count...you have infinite storage. I mean, there's a lot of value in that from a consumer perspective. You disagree?
Other than the infiniteness, I mean, the infiniteness is a big deal.
Ya.
But I at the drop box user, I also don't need to worry about losing my data again either.
So there's obviously overlap. But the one thing about Drop Box is that you have to have the space on the device that you want to copy the data to. So if I were to share, I mean can you share like a five tera byte. That's something you can absolutely do with the Bitcasa. Just right- lick it, copy the link, email it, and then get it.
It's like flash player for storage. Ok, I'm going to bring Marissa in.
I wanted to give you a little bit of a chance to talk about the overall sharing model. Because I do think that with Drop Box being your big competitor that older system the way you can share easily between your devices as well as other people makes a lot of sense and one thing I would worry about in terms of the infiniteness is when you're sharing with the mobile device or a device that doesn't have that much storage.
Are you actually storing things on the client or is it purely just getting streamed? You have to be storing some things there. How do you, how do you allow users to manage what gets put where?
Sure so we have a, so our system is, we changed the paradigm So, traditionally it's been hey your local device has storage and everything else is kind of copied up to the cloud. We actually take the cloud and integrate it into the device itself, and the primary storage is actually the network. So we're streaming everything in real time through the network.
So when you access your data from a network device,we're going to get the things that you need right now and we're streaming everything else as you need it. It figures that out automatically in real time.
So, what do you do when the network is slow?
Oh, that's where the predictive capability comes in. So, when the net...so, what we do is we figure out the things that. you need right now and we start the download for everything that you're going to need in the future. So of course, there's some delay if you know, if this is something new that you haven't ever accessed before.
But networks are actually pretty good now-a-days. And we can, we can...from a user's perspective, they can't determine whether it's local or whether it's through the network, especially for very small files.
Okay, let's bring in [xx]. Oh,
[xx] user interface. So, I mean, is it the case that you have folders? Or no, it's just actually the whole device backed up this way.
We virtualized the complete file system, we back up everything that's on the device, we allow versioning, it's all included.
Okay, Relif.
The challenge I worry about is the, the cost of all that bandwidth, because local storage is going to be a lot less expensive than trying to stream all that data continuously and so I worry about the modeling of your business model, and how much is it going to cost you to stream all of that data.
So that's, that's a great question. We are aggressive and very intelligent with our cashing model. So it actually understands all the things that you do and all the files that you'd actually need and it cashes them locally. So most of the time unless your accessing a portion of the system that isn't caches, there's no network transfer at all.
It's really intelligent about that.
Okay, Matt?
All you test anecdotally, but to kind of just, really, state it specifically, what do you believe is the single most important problem that you solve for consumers that you you solve better than Drop Box does.
It's the USB, it's managing all of your data. So with drop box you have to take your data. You have to put it in a special folder and everything that's in that folder, you have to have the space to fit it in. We are taking - you don't have to do anything different, you install our software, we manage everything behind the scenes.
So we'll take all the things that are important to you, we'll make sure that it's safe up in the cloud, and we'll give you the ability to access it instantly from any device. Everything's safe, and it's really fast. We want to manage your storage. We don't want ever want you to pull out another USB stick or plug in another, you know, external storage device again.
We wanna be the last device or the last service that you have to buy for storage period. Forever.
Let's just get Ron to come in, and then it looks like there's a follow-up question for Rob. Well, I just want to comment that there is going to be a marketing battle between you, DropBox and Boxy, and there are others in this space. I would really focus on what differentiates you from these other services.
The thing that caught my eye was the dual video.
Right.
That was like proof that like, this might be different than the other services. So I'd encourage you to really beef up the marketing because this is going to be a marketing battle.
Ya, I have a question, I guess it's actually two questions. One is what do you do in terms of encryption or security.
Oh we have encryption everything on the client side, so we use AES 256 you know hash, we use shot 256 hashing on all the data.
So it's encrypted on the client side and you can't look at is on the server side?
Exactly.
So if I upload a file and Marissa upload the same file these do you store two different copies of that? We do duplication on the server side. So we actually determine on the server side if it's there, and if already there we don't have to upload it again. But how do you do that if it's encrypted, if you don't have the key.
There's an academic paper called conversion encryption. This is actually something that's been known for many years in the encryption community but what we do is we don't encrypt it in the way that you think we're doing it. There's other ways to do it.
Oh. Yeah, I think the audience would like to know a little more about what that Well, I'd love to...
Jason deKay just said, what does that mean?
So conversion encryption, so if you think about it, I love this question actually. So what happens is that when you encrypt data, I have a key and you have a key and let's say that these are completely different. So let's say that we both have the exact same file. So I encrypt it with my key and you encrypt it with your key.
Now the data looks completely different, because the encryption keys are different. Well, what happens if you actually derive the key from the data itself? So now, we both have the exact same encryption key and we can dedoop on the service side.
See how powerful that is?
Yeah.
That was powerful. Very powerful.
My mic just went on. This is finally working now.
That's a powerful message.
We, right, you derive it. I mean this is conversion encryption this is something, I mean, we didn't invent this. We invented all types of other things to make this thing awesome. So, you know, there's been a lot of talk about hey, you know, how do you do this and the trolls are coming out on Slash Set.
Okay, stop pitching. Let's move back to the questions. Any more follow up questions? So I was wrong, it's 12 minutes in the final for the questions I've just been told rather than six. So we have a few more minutes, so Rolan?
Do you have a Windows client as well?
Absolutely.
And do you have mobile clients ready to launch?
Yes, so everything's written in portable C++ it works on any platform, any microprocessor, is just a compile. We actually have a Mac version that works really well, we've got a Linux version that works really well, working on Windows. a little hard but we'll get it.
So the windows isn't launched yet?
Windows is not launched on it. We're working on it.
And your mobile applications?
Uh, So we have some prototype mobile applications, but they are not for public consumption at this point.
Any other follow-up questions?
I have two questions. One is, I didn't fully understand you relative to what Roelof and Marissa asked . So, if I install it on my computer, is it backing up My entire computer's file system as it is?
Yup, yeah that's exactly right. So, remember we wanna make sure that all your data is safe and secure and we wanna manage all that data, so we literally transfer everything up to the clouds, remember.
Including the OSX libraries?
I love to - so remember, we only keep one copy of everything on the server side So, me saying that hey, these are all your operating system files, doesn't cost me any storage, literally, but I can keep you safe.
But then if I install a Windows computer are you going to be copying my OSX or cache?
You have totally separate partitions across your devices. So let's say you have a a Windows machine and a Macintosh machine. Will those, those we're not commingling the files together in the Cloud. They're actually completely separate. You can choose to decide which files, well which folders that you want to access from which machine, so it's really intelligent on how we do that.
Gotcha. So I go into Mac Documents.
Right. Absolutely. You can access all the files from your Mac, all the files from your Windows machine, from your Mac, and vice versa with zero issues then they're instant.
Can you actually run applications other than the media files from the Cloud.
Yes, you can so remember we, we.
Can you run Word?
Yes. This is for any type of deal. We're not to Bitcasa, it's all data. So, whether it's operating system files or program files or media files.
Pull it up, let's run Word, or, can you do something? I mean, does it.
It's not installed, I mean this is a, you know, it's a demo, that's kind of.
You want to write a letter?
I just don't believe anything until I Yeah.
Is it a premium model, by the way? You said it's ten bucks a month. Do I get anything for free if I, before I wanna subscribe, or...?
Oh yeah, we have, we have a premium model. It's left and we're just trying to figure out exactly what we think that threshold should be, and we're just having a great conversation with consumers. If you have a suggestion, yeah, we can talk about it. I see. You haven't decided your premium threshold yet.
No, no. So, the questions is right. So, our models infinite storage. anything less than that, I mean we're trying to figure out what is compelling enough to get someone to want infinite versus x. So, that's we're trying to figure out. Tony, a lot of the concepts that you talk about were in G drive, why do you think that product wasn't that successful, or hasn't been that successful and why are you going to be successful if that one hasn't been successful.
We, we make this completely seamless to the user. There's a special drive that you have to save it to. This is in the OS, we're doing everything behind the scenes. My mother can use this and she is not a computer expert right? And that's our goal, that's our target costumer, this is You install this, we take care of it, right?
It's the Apple model. We just want it to work.
And do you think the market of everyday consumers who care about infinite storage as a meaningful market intersection.
So, infinite storage, we think it's something that we can offer to consumers, but we don't think that's the biggest value proposition. It's not being, it's not having to, to carry around a USB stick or back everything up to another drive or ever, or ever worry about your USB stick, I mean your external storage devices again.
We literally want to manage everything for you.
Okay, we're out of time, so a big round of applause for Bitcasa. Okay, it occurs to me this is the last generation that's going to be able to say, my mother can use this and she's not a computer user. In 30 years time, that will just be weird.
Founded in 2011 by former employees of Mastercard, VeriSign and Mozy, Bitcasa offers infinite storage paired with best in class security via client-side encryption. Bitcasa’s commitment to data security and reliability means that you will never need to worry about your important files, photos or other digital content. No matter if your computer is stolen or your computer crashes, your data is secure with Bitcasa.
Bitcasa provides secure, unlimited storage on any device. Users can view their entire lifetime of...
