​Encrypted in the Cloud

Picture
Your files are automatically encrypted on your device, before being uploaded to the cloud.

  • We can't read any of your files.
  • We can't even read the filenames.

Only you hold the keys to decrypt your files. So only your devices, and those people you explicitly share with, can do so.

​Which means if hackers get into your cloud storage, well... they're out-of-luck.

Other cloud storage providers may try to trick you by telling you they use encryption. They'll often say something like, "Your data is encrypted at rest...". What they're not telling you is that they hold the encryption keys ! And if they hold the encryption keys, then they can decrypt it ! For true privacy, security & peace of mind, simply ask: who has access to the keys ?
Your files are automatically encrypted on your device, before being uploaded to the cloud.

  • We can't read any of your files.
  • We can't even read the filenames.

Only you hold the keys to decrypt your files. So only your devices, and those people you explicitly share with, can do so.
Other cloud storage providers may try to trick you by telling you they use encryption. They'll often say something like, "Your data is encrypted at rest...". What they're not telling you is that they hold the encryption keys ! And if they hold the encryption keys, then they can decrypt it ! For true privacy, security & peace of mind, simply ask: who has access to the keys ?
TIP: Read our blog post:  The problem with “secure” cloud storage
We explain the encryption "lingo" that cloud storage providers often use, and dispel the common myths.
​Download our white paper for more technical information:
Storm4 Cryptography Overview.pdf
File Size: 247 kb
File Type: pdf
Download File

​2FA+

2-Factor Authentication (2FA) has become mainstream today. Think about all of those websites that send you an SMS code after you type in your password. This has become so popular simply because it's effective.

The rise of 2FA means that a very large number of organizations have taken a stand, and have declared: "A username & password alone is not enough to safeguard access to your account."

Which highlights the shortcoming of "secure" cloud storage providers that allow you to access your data using only a username & password. It's like they missed the last 5 years of the Internet.
We wanted to take 2-Factor Authentication to the next level. So in Storm4, your data is protected by a 2 step process.

  • First you need to be able to login to your account. (see next section)
  • Second you need to provide an access key
    • this is a randomly generated key
    • generated on your device when you create an account
    • we don't have this key, only you do
    • you can scan it using a QR code
    • or type it using a mnemonic representation

We're calling it 2FA+  (short for 2-Factor Authentication + Access Key).
We wanted to take 2-Factor Authentication to the next level. So in Storm4, your data is protected by a 2 step process.
  • First you need to be able to login to your account. (see next section)
  • Second you need to provide an access key
    • this is a randomly generated key
    • generated on your device when you create an account
    • we don't have this key, only you do
    • you can scan it using a QR code
    • or type it using a mnemonic representation
We're calling it 2FA+  (short for 2-Factor Authentication + Access Key).
Tech Note: 2FA using SMS or Google Authenticator can generally be classified as "administrative security". That is, the companies themselves have access to your data, they are just requiring you to perform the extra authentication step. Our system is different. We do NOT have access to the data. And the extra step is required in order for your client application to be able to decrypt any of your content.

Better Security at Login

2FA+ provides an unrivaled security layer. But we also wanted the best login experience. So we started by researching how the big tech companies secure access to their accounts. And we were impressed. Advanced algorithms provide anomaly detection. And lots of them are already using something like Google Authenticator. Facebook allows you to restore access to your account by getting verification from friends. And the continued R&D on this topic is fascinating. We read about retina scanners, facial recognition, voice recognition and more. There is clear indication that the identity security systems of these companies will vastly improve over the course of the next several years.

So we thought, "Let's allow users to identify themselves by logging in using one of these large companies." (I.E. Google, Microsoft, Amazon, Facebook, Twitter & 10 others.) "This way our users can benefit from the security systems implemented by these giants. Both today & tomorrow."

(Of course, 2FA+ means that logging in alone won't give you access to your data.)

So with Storm4 you have 2 options:
  1. Create a traditional account with us
  2. Or login using an identity provider (i.e. huge tech company)
Picture
2FA+ provides an unrivaled security layer. But we also wanted the best login experience. So we started by researching how the big tech companies secure access to their accounts. And we were impressed. Advanced algorithms provide anomaly detection. And lots of them are already using something like Google Authenticator. Facebook allows you to restore access to your account by getting verification from friends. And the continued R&D on this topic is fascinating. We read about retina scanners, facial recognition, voice recognition and more. There is clear indication that the identity security systems of these companies will vastly improve over the course of the next several years.

So we thought, "Let's allow users to identify themselves by logging in using one of these large companies." (I.E. Google, Microsoft, Amazon, Facebook, Twitter & 10 others.) "This way our users can benefit from the security systems implemented by these giants. Both today & tomorrow."

(Of course, 2FA+ means that logging in alone won't give you access to your data.)

So with Storm4 you have 2 options:
  1. Create a traditional account with us
  2. Or login using an identity provider (i.e. huge tech company)
Note that when you login using a 3rd party "identity provider", you are NOT giving us the credentials to access that account. (Or post on your Facebook, or any other such violation of your trust.) Essentially what happens is this:

  • We send you to the login page for the identity provider (e.g. Google)
  • You login to Google as usual
  • Google sends us a "signed document" that basically says, "I, Google, declare that this person is indeed alicewaterman321@gmail.com"

Since we can verify Google's signature, we can trust the identity assertion of the document.
Tech Note: This is usually accomplished via the OpenID Connect protocol.

Blockchain backed Public Key Verification

We use the ethereum blockchain to solve the man-in-middle problem.

Our open source smart contract means the public keys of our users are verifiable & tamper-proof. Blockchain tech is just another way that Storm4 works to protect your privacy and your intellectual property.

Read all about it on our blockchain page.

4th Amendment

​We named our company "4th-A Technologies" in honor of the 4th Amendment:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated

​- 4th Amendment, United States Bill of Rights, 1789
We're not a cloud storage company that does security. We're a security company that does cloud storage.

Bruce Schneier says it succinctly in his book Data and Goliath:
Freedoms we now take for granted were often at one time viewed as threatening or even criminal by the past power structure. Those changes might never have happened if the authorities had been able to achieve social control through surveillance.

This is one of the main reasons all of us should care about the emerging architecture of surveillance, even if we are not personally chilled by its existence. We suffer the effects because people around us will be less likely to proclaim new political or social ideas, or act out of the ordinary. If J. Edgar Hoover’s surveillance of Martin Luther King Jr. had been successful in silencing him, it would have affected far more people than King and his family.

About

Policies

FAQ

​Login
© 4th-A Technologies, LLC