Bitcasa: Headed for the Abyss

I was an early Bitcasa supporter. I jumped on the bandwagon early and I blew my trumpet loud and far:  Bitcasa: Unlimited storage, version history & sync  (Feb 8, 2013)

bitcasa-sBut consider this shockingly short timeline:

• September 2011: Bitcoin co-founder, Tony Gauda, excites investors with a business model that supports an “Infinite Drive” service.

• Feb 2013: My first year is $49/year for “Infinite” storage. Throughout the year, there are numerous bugs with both uploads, downloads and on both web and PC client. Although the beta had ended, I chalked it up to a learning experience.

• Sept 2013: Bitcasa’s visionary co-founder and charismatic CEO, Tony Gauda, is eased out the door. He is reluctant to explain the reason for his sudden departure, even to his fans and email correspondents.

Listen closely to the first 2 minutes of this interview with Mr. Gauda, and tell me if Bitcasa has executed on plan. “The customer with 10 terabytes of video is ½ of 1%. But we love this type of customer… We don’t care how much data you have. We don’t meter it!”

But don’t blame Tony. Blame the directors, probably influenced by near sighted investors. Tony’s business model was solid. As often happens with visionary entrepreneurs, he was given the bum’s rush. He was shown the exit door practically before he even launched.

• Early 2014: Bitcasa announces a stunning price increase.  For newer users, costs increase 1200% (by twelve times). Early users like me see a staggering 2400% increase (from $49 year to $99 per month). Like many users, I am stunned. I am forced to revisit a history of gushing endorsement: Bitcasa bursts its bubble.

• Feb 2014: Bitcasa charges my credit card without authorization. The cost of my plan has risen from $49/year to $99/month. But in a gesture of magnanimity, the company offers to extend my subscription at my “current rate”  which they consider to be $99/yr (not really my current rate—but I was aware that my actual current rate was a one-time special).

I secure a written promise that my credit card data will not be retained and an explanation of how I can ensure that Bitcasa cannot retain that information. Again, throughout the 2nd subscription year, there are numerous bugs with both uploads, downloads and on both web and PC client. Nothing has improved.

• Nov 2014: The Infinite storage plan is retired (Whaa!?!! We are still in the midst of year #2). Can you imagine how this makes early adopters feel? We were duped into referring other users with incentives and offers related to our Infinite Drive plan.

Bitcasa (cartooned)Bitcasa requires users to migrate data into a new plan with only 5 weeks notice. But wait—there’s more. Let’s get personal…

a) Even though I am in the midst of my year, Bitcasa makes another unauthorized charge to my credit card (Again, and after promising that my card data had been deleted). The hat-in-hand excuse that I receive from the support staff is ludicrous. These schnooks ware fed a line from on high.

b) The migration fails miserably. I am a tiny client. I use only 638 MB, and yet none of my data—whether uploaded or mirrored—can be migrated to the new plan. I have wasted dozens of hours trying the Bitcasa tools and failing to get support. It simply doesn’t work.

c) Perhaps just as alarming, there has never been any progress on the numerous bugs with both uploads, downloads and on both web and PC client.

I could go on. But I think that the writing is on the wall. Fair warning. This one is headed for the abyss.

Oye, Bitcasa! Say it ain’t so! Even if you have contempt for your customers (I don’t think that you do), I doubt that you could have intentionally orchestrated a better demonstration of how to spit in the eye of testers, users, investors, and especially anyone giving their credit card to you in good faith.

Past thoughts on Bitcasa: The good, the bad and the ominous.

Update: Bitcasa bursts its bubble

We first wrote about Bitcasa Infinite Storage back in February, and we amplified our kudos in a brief–but gushing–July update. In fact, lots of folks were impressed. The service model, home grown technology, smooth-as-silk founder, and jaw-dropping price point made for a very compelling story.

Infinite storage? Well, Yes…If you have an infinite bank account! Or at least, if you can accept uncapped cost. Surprise! Bitcasa users have been slapped with a 2000% cost increase. For Wild Ducks, only the future cost is “infinite”, obscene or just random.

Bitcasa (cartooned)We raved over Bitcasa in two past reviews, because they “get it”! At least they did before losing Tony Gauda, co-founder and prescient CEO. Bitcasa was a model for massive, private and always online storage with an unlimited ceiling and intuitive apps. We’ve used it ever since—discovering that a venture upstart can kick a*s with the big boys.

I use it with my own PC. Just this week, I expanded the number of folders that I mirror to their cloud servers. I am also relying on some very capable apps. The few glitches seem relatively minor (The Windows agent commandeers the lowest available drive letter, burns CPU cycles when idle, and has difficulty streaming several popular formats). But the company is responsive to these issues. Based on experience, I suspect that they will resolve the technical issues.

But, oh no! Here it comes: The cost of Bitcasa has ballooned. Not just any balloon, but a very elastic balloon. In fact, it looks more like a Blimp!

Users who signed up early this year (but after completion of the beta period) paid $49. We were warned that subsequent years would cost $99 (or less, for those who refer users). Now, we find that the subscription rate is changing from $49 or $99 per year to a slightly higher $999 per year.

Whazzit?! Come again?!!

The new pricing is effective immediately for newbies. From what I can tell, existing users may be exempt from the new pricing model—for now—but it’s not clear for how long. And, if these ‘grandfathered’ users want access to long anticipated features, such as a Linux client, they lose their privileged status. Even worse, the new plan limits the number of devices that can share a single data store. I can accept a device limitation when using iTunes. After all, the service streams licensed media under agreement from a publisher. But for the user’s personal data? The whole point is to support access from everywhere, I mean, c’mon!                                                                                  [Continue after photo]…

100 dolalrs

Next year, you’ll pony up 12 of Benjamins to store data in the cloud. At street price, you could purchase nine 4TB drives = 36 Terabytes

To be fair, early users recognized that the cost for subsequent years might be refined, slightly. After all:

  • The world economy might experience rampant inflation
  • The raw costs for storage and bandwidth might suddenly rise
  • Bitcasa may find that a high fraction of users are abusing the system or may actually store tens of terabytes. That would throw off a centralized storage model
  • Bitcasa may need a higher cost network architecture to enhance robustness

Guess what? None of these things happened! So, what would cause Bitcasa to screw over its devotees? Was the model unprofitable or unsustainable? I think not. Bitcasa de-dupes files while simultaneously encrypting user data. The technology is remarkably clever. In fact with the inevitable addition of a distributed, P2P storage architecture, the infrastructure costs drops by—oh—perhaps by 90%. RDDC can be incredibly lucrative.


How does Bitcasa explain away a startling blunder? By claiming that only 2% of users need more than 1TB and almost no one needs more than 5TB. Perhaps. But they overlook three things:

  • The higher price goes into effect at 1TB. Anyone with music, movies or years of photos will eat up several terabytes. At 5TB, users experience sticker shock. Hardly “Infinite storage”, Eh?!
  • Fewer than 2% of users may need more than 1TB today (a claim that is highly improbable). But what about tomorrow? Will those users trust that the cost will track the inherent cost of storage back downhill?
  • If very few people use multible TB, then Bitcasa leaves very little money on the table by sticking to its motto: “Infinite storage”. The iconic phrase conveys a powerful and visceral assurance. It is at the core of the platform’s market image and competitive positioning! Changing the rules without the need to do so triggers a vast and negative emotional response from the minions who proselytize on Bitcasa’s behalf, and future users who don’t wish to calculate their storage needs.

Why this? Why now?!

We’re still enamored with founder, Tony Gauda. He is remarkably smart and charming. Incoming CEO, Brian Taptich, is no slouch either! C’mon, Brian. No one expects you to give away service (even though it is exactly what Google does). But you needn’t rain on a parade that your team crafted with brilliance. You have an elegant and profitable model. If you screwed up on implementation, identify the cost overruns. Please fix the problem rather than killing the customer.

Honestly! You can redeem yourself and pull this one out of the fire… But do it quick. In the absence of dissenting opinions (I searched for quite awhile), here is a very typical consenting opinion.

—A loyal fan of the Bitcasa of yore

Update: NSA surveillance, Bitcoin, cloud storage

Just last month, Edward Snowden was honored with our first annual Wild Duck Privacy Award (we hope that he considers it an honor). The vigorous debate ignited by his revelations extend to the US Congress, which just voted on a defense spending bill Edward Snowdento  defund a massive NSA domestic spying program at the center of the controversy.

Although the bill was narrowly defeated, it is clear that Snowden has played a critical role in deliberative policy legislation at the highest level of a representative government. Even if this is the only fact in his defense, why then – we wonder, is Snowden a fugitive who must fear for his life and his freedom?

Snowden saw an injustice and acted to right a wrong. His error was to rely solely on his own judgment and take matters into his own hands, without deliberative process or oversight. But since it is the lack of these very same protective mechanisms for which he engaged in conscientious objection, the ethical dilemma presented a Catch 22.


Stacks of BitcoinRegular readers know that we love Bitcoin. We covered the stateless currency in 2011 and 2013. Just as the internet decentralizes publishing and influence peddling, some day soon, Bitcoin will decentralize world monetary systems by obliterating the role of govern-ments and banks in the control of money flow and savings. Why? Because math is more trustworthy than financial institutions and geopolitics. You needn’t be an anarchist to appreciate the benefits of a currency that is immune from political influence, inflation, and the potential for manipulation.

Now, comes word of a Texas man charged with running a $60 million Bitcoin Ponzi scheme. The story is notable simply because it is the first skullduggery aimed at the virtual currency — other than internet hacking or other attacks on the still fragile infrastructure. Should we worry. Absolutely not. This story has little to do with Bitcoin and falls squarely under the category of Caveat Emptor. Widows and orphans beware!


bitcasa-sIn February, we wrote about Bitcasa, the upstart cloud storage service with an edge over diver-sified competitors and other entrenched players: Dropbox, Google Drive, Microsoft SkyDrive, SugarSync, Apple iCloud, etc. WildDucks learned how to get truly unlimited cloud storage for just $49. Now they are launching unlimited cloud storage in Europe starting at €60 per year.

Bitcasa still captures our attention and sets our pulse racing. While we are disappointed that it lacks the RDDC architecture that will eventually rule the roost, their Infinite Drive technology is a barn burner. More than ever, it is clear that Bitcasa is likely to displace or be acquired by their better known brethren.


Drew Houston-01sWe also wrote about Dropbox, but that posting wasn’t really a review. It was our plea to CEO, Drew Houston (shown at left), to adopt a fully distributed and reverse cloud architecture. That effort failed, but it is still our favorite of the entrenched players. More suited to pin stripe corporate adoption, but in our opinion, not quite a Bitcasa.

In a previous article, we introduced lesser known cloud startups with clever and unique architect-ture that yield subtle benefits: SpaceMonkey, Symform and Digital Lifeboat. That last one was in need of a life preserver. It flopped. But the IP that they created in the area of distributed p2p storage management will live on. We will all benefit.


Stream Music Flowchart-s2Finally, in May we ran down the benefits of cloud music players and their likely future of streaming your own personal library of movies. Now, Jeff Somogyi at Dealnews has created a nifty flowchart to help you decide among many vendors in a crowded market.

Of course, a discussion of Bitcasa, Dropbox, SpaceMonkey and RDDC wasn’t our first discussion of cloud storage. Shortly after AWildDuck launched back in 2011, we applauded PogoPlug and their ilk (Tonidoplug, Dreamplug, Shiva, and other genres consumer grade network attached storage with internet access. They let you create personal cloud services and even stream media from a drive or RAID storage device attached to your home router.


Passfaces: Strong authentication for the masses

This week, Google is pursuing hardware-based schemes for user-authentication, while Apple has just added two factor authentication to iCloud and Apple ID users, sending a verification code to a mobile number that you register in advance.

Security pundits know that two factor authentication is more secure than simple passwords. As a refresher, “Factors” are typically described like this:

  • Something that you know (a password — or even better, a formula)
  • Something that you have (Secure ID token or code sent to cell phone)
  • Something that you are (a biometric: fingerprint, voice, face, etc.)

The Google project may be just another method of factor #2. In fact, because it is small (easily misplaced or stolen), it simplifies but does not improve on security. I suggest a radical and reliable method of authentication. It’s not new and it’s not my idea…


Back in 1999, Hugh Davies (no relation to Ellery) was awarded a patent on a novel form of access and authentication. It capitalizes on the human ability to quickly pick a familiar face out of a crowd. Just as with passwords, it uses something that you know to log in, purchase, or access a secure service. But unlike passwords, the “combination” changes with every use, and yet the user needn’t learn anything new.

Hoping to commercialize the technique, Davies joined another Brit, Paul Barrett, and formed Passfaces (originally, Real User Corporation). Incidentally, it is quite difficult to research Passfaces and its history. Web searches for “face recognition”, “access”, “authentication” and “patent” yield results for a more recent development in which a smart phone recognizes the face of authorized users, rather than users recognizing familiar faces. (Google, Samsung and Apple are all beginning to use face recognition on mobile devices). In fact, the Passfaces method is quicker, uses less resources and is far more reliable.

I have long been disappointed and surprised that the technique has never caught on. It is a terrific method with few drawbacks. Used alone, it is better than other methods of 1 or 2 factor authentication. Add a second factor and it is remarkably secure and robust.

How it Works:

Passfaces-1When accessing or authenticating (for example, logging into a corporate VPN or completing a credit card purchase), you are presented with a tiled screen of individual faces. I prefer a big 15×5 grid = 75 images, but Passfaces uses sequential screens of just 9 faces arranged like the number pad on an ATM.

Just click on a few familiar faces. That’s all! Oddly, Passfaces discourages the use of known faces. Their research, with which I respectfully disagree, suggests that users should train themselves to recognize a few faces from the company’s stock library. In my preferred embodiment, users upload a dozen photos of people they know at a glance—preferably, people that they knew in the past: A 3rd grade music teacher, a childhood friend who moved away, the face on an oil painting that hung in the basement until Dad tossed it in the fireplace. Now, add the boss who fired you from your first job, the prom queen who dumped you for a football jock, and that very odd doorman who stood in front of a hotel in your neighborhood for 20 years. Photos of various quality and resolution, but all scaled to fit the grid. Some are black & white, perhaps scanned from an old yearbook.

Using my preferred example of 75 faces, suppose that 5 or 6 of the images are from your personal shoe box of old photos. The rest are randomly inserted from all over the internet. How long would take you to click on 3 of the 5 or 6 familiar faces in front of you? (Remember: They are old acquaintances. Even a spouse would have difficulty picking out 3 faces from your early life—as they looked back then). Surprise! You will click them instantly, especially on a touch screen. You won’t need even a second to study the collage. They jump off the screen because your brain perceives a familiar face very differently and faster than anything else.

Of course, the photo array is mixed in different ways for each authentication and it incorporates different friends from your original upload. In fact, if a user sees the same faces in the next few transactions, it is a red flag. Someone has spied on the process, perhaps with a local camera or screen logger. In legitimate use, the same faces are not recycled for many days and are never shown together on the same screen.

Facebook uses a variant of this technique when their servers sense your attempt to login from new equipment or from another part of the country. They show you individuals that you have friended, but that were uploaded and tagged by other users. If you cannot identify a few of your own friends, especially the ones with which you have frequent social contact, than it’s likely that your login attempt deserves more scrutiny.

I don’t know why Passfaces or something like it has failed to catch fire. Perhaps the inventor refuses to license the method at reasonable cost or perhaps he cannot find a visionary VC or angel consortium to more aggressively promote it. If I had invented and patented facial-array authentication, I would attempt to market the patent for a short time focusing on very large network companies like Microsoft, Google, Cisco or Akamai. If I could not license or sell the patent quickly, I would hesitate to go it alone. (I have tried that route too many times). Instead, I would place it in the public domain and profit by being the first, and most skilled practitioner at deployment. I would train and certify others and consult to organizations that use or commercialize the technology.

saira.maskI used this approach in promoting my own patent which describes an economic barrier to spam (after failing to exploit the invention with my own company). Later, I started with this approach in my research on Blind Signaling and Response and on Reverse Distributed Data Clouds. I recognized that rapid adoption of transformative technology like facial grid authentication, can be thwarted by defensive IP practice.

« Branching somewhat off topic, a developmental biologist at Imperial College in London, has published a proof that Saira Mohan has the world’s most beautiful face, irrespective of the observer’s race. That’s Saira at left. Her mother is French/Irish and her father is Hindoo.

Ellery consults to cloud storage vendors in areas of security, privacy & network architecture. He has no direct ties to the authentication community.

Bitcasa: Unlimited storage, version history & sync

bitcasa-sBitcasa has just emerged from “skunkworks” mode. The cloud storage startup made waves in 2011 as finalist at TechCrunch Disrupt and runner up at Startup Battlefield. After burning through an initial $2 million, they landed an additional $7 million in June 2012. While there were few updates during 2012, some analysts noted that they filed for 20 patents—a few are really slick! Now, during Feb 2013, they have unveiled a cloud service with an edge over all others (SkyDrive, iDrive, Dropbox, Sugarsync, etc). In my opinion, only Symform and SpaceMonkey come close to the model that I described 3 years ago (search for ‘Ellery’ and ‘RDDC’).

Bitcasa gives every user folder sync, a timeline for version recovery, and cloud storage without limits. And, I really mean limitless! By the end of next month, I may be using petabytes, as in millions of gigabytes! The space available to me shows exabytes are still available.  That’s more than all the grains of sand on the world’s beaches and all the stars in the heavens. How much does this cost? Just $99 a year, or $49 if you sign up early this month. (Promo Code: BETATHANKS). WildDucks can help this Blog by using our referral link. It tacks a free month onto your editor’s subscription.

I can’t guarantee that Bitcasa will be around next year. After all, most startups fail. But in this case, I crafted a substantially identical network architecture years ago. I understand the business model. Even with a high fraction of data hogs, the venture can profitably service users for the long haul. If an understanding of the secret sauce isn’t sufficient to assuage hesitation, this interview with CEO Tony Gauda will floor you. He combines the technical and marketing genius of Steve Jobs with the showmanship of Siegfried and Roy, and the smile of Barak Obama

Damon Michaels, a WildDuck contributor wrote:

Seems like a virtual drive. I need automatic backup of
my important data. I use Carbonite for this right now.

The folder-sync defaults to all drives in their entirety—even external drives and network attached storage! If you accept the default, it always backs up everything. But more importantly, Bitcasa reverses the model. As connectivity becomes more ubiquitous and speedy, they want you to use the cloud as your primary active storage. Eventually, it will even host your live EXE files (your apps) and your “bootable” OS. The synchronized copy on your PC will be the backup – as well as the one that is used when you cannot connect.

I proposed the fundamental principles used in Bitcasa architecture in this Blog, and 3 years ago in other articles. I called it a “Reverse Distributed Data Cloud” (RDDC). My spec adds distributed, P2P storage to the model. This reduces cost, creates redundancy, and makes a far more robust system. Not only does it get rid of the data center completely. With my model, it is unnecessary for the service provider to perform any backups. In effect, the live cloud is a RAID 10,000 constellation.

One architectural trade-off is the desire for massive de-duplication –vs– the compelling need for end-to-end encryption, in which only the individual users have the keys. These two features are incompatible. DropBox and Bitcasa claim that files are encrypted at the sender and that private keys are never given to the service. While technically true, that claim covers up a nasty little detail. They use a method called Convergent Encryption in which encryption keys are derived from a character string within the encrypted file. Although the service cannot decrypt a unique file (for example, your income taxes), they could compare a hash of your file to one provided by a government or alleged rights owner, thus proving that you have stored a copy of contested media. They could block access to movies and music that you have stored or even block your original upload. The good news is that with a full RDDC implementation, the need for de-duplication is greatly reduced or even eliminated. Therefore, a properly implemented RDDC can truly empower its uses with strong, end-to-end encryption.

I’ll report more about Bitcasa after a few months of use. For now, I feel ratified to see my dream taking shape at several American ventures. If you find this field as fascinating as me, check out Symform, SpaceMonkey and Digital Lifeboat. That last venture is floundering, and may be bankrupt by the time you read this. But they have some very compelling technology for p2p, distributed storage.

Reverse Distributed Cloud: New way to backup & access data

In the past, you had several options for data backup—all quite boring, because they did nothing to make your data more accessible as you moved about your life (on those private jets, yachts and islands that we all own). And they certainly did nothing for cross-platform interoperability. That didn’t even factor into your purchasing decision, right? You simply backed up to a locally attached drive, a network server, or even to a remote service. When you lost data, you restored from the same device or server. What more do you need?

In the past year, a new data backup model has evolved: Backing up ‘to the cloud’. For most of us, this phrase simply means moving data or accessing apps that are stored remotely and managed by a service provider rather than accessed from a local drive or attached device. A key benefit, of course, is discipline. If a professional organization stores our data, it may not be as secure, but (we assume that) it darn well better be backed up continuously. Sooner or later–depending upon how much Wild Duck blood runs your veins–you will probably try it. But I submit to you that it can be improved significantly. The improvements will be achieved by the first party to reverse the model! (Are we Intrigued yet?!)

But consider this: What exactly are you backing up? I don’t mean What as in “What content”: Work documents, photos, tax returns, or movies of Aunt Betsy removing her first bunion. Rather, I mean From What. I suspect the question seems silly. You’re backing up local data–The stuff that is stored on your notebook, desktop PC, or handheld device. 1

Of course, the market is already gravitating toward cloud backup solutions like Carbonite, Mozy, virtual drives like DropBox, and access anywhere solutions like SugarSync. (Hint: These services are adept at slightly different user benefits. More about this later). Let’s take Carbonite for example. The Boston based company had an IPO just this past week. For a very modest cost, Carbonite continuously backs up your PC data over the Internet, even as you work and surf. Cool! If you accidentally delete a file, lose your PC, or even if you are simply far from your PC, you can recover whatever files you need.

With a little creativity, there are clever things you can do with cloud storage. In 2007, Katherine Boehret 2 was fascinated by a tiny startup called TubesNow. During the very brief time that the company existed (they closed during the same year), It worked like this: For each friend in your personal TubesNow community, you configured a desktop icon that looks like the end of a pneumatic tube. 3 Then, simply drag and drop files & photos onto any of your Tubes. A weird sucking sound told you that the photo was being whisked through a “tube” onto your friends desktop or into the folder shared with selected friends. Pretty cool. But even so, the company that offered TubesNow closed up during the same year. So did Xdrive, another drive-in-the-sky provider.

Coolness aside, the problem with all these cloud storage and sync solutions, is that they can only do one major task with fluid transparency. Either backing up your data, syncing data, sharing data, or accessing data from different devices. With a few tweaks, we can describe a simple architectural modification that inherently yields all four  benefits. Most importantly, it vastly increases security and privacy, and especially, redundancy.

Intrigued? I hope so. It’s unlikely that I will receive a patent on this idea (I am at the provisional stage). But I certainly hope to be known as the pundit who first described it in sufficient detail to spark widespread development by entrepreneurs.

October 2011 Update: Several start ups (or service reincarnations) are beginning to do what I will describe in Part 2. Symform & SpaceMonkey definitely get it! Symform is perhaps closest to the ideal model described here.

I call this model, Ellery’s Reverse Distributed Data Cloud (RDDC). Stay tuned. In the next few weeks, I will cover the “reverse” idea and then the “distributed” part. For nerds who just can’t wait (I should be so luckily), review my personal crib sheet. It’s a tiny bookmark-size strip of notes from which I will craft the next installments on this topic.

– Ellery Davies
Feedback is always welcome.

1 Let’s please agree to stop calling portable, connected devices “handheld devices. Just call it a phone. After all, Palm is dead, Blackberry is a phone, and both have been usurped by Android and iPhone. For all intents and purposes, when considering the universe of portable and connected mobile devices, Android and Apple are the only two left standing!

2 Walt Mossberg is an editor at both The Wall Street Journal and All Things Digital. In Oct 2007, his colleague, Katherine Boehret featured TubesNow in the Personal Technology column of The Wall Street Journal and at All Things Digital.

3 A pneumatic tube is the suction device used in the drive-thru lane of some banks and pharmacies to move paper and pills between your car and the window clerk. In the 20th century, it was widely used in businesses, stores and warehouses to move all sorts of things, but mostly to move written information. That’s why you don’t see them anymore. Today, information travels electronically and very often, it needs to move beyond a big building.