Bitcasa Web App Encryption

At Bitcasa, we take security very seriously. When we first started to build our web platform, we spent a lot of time thinking about how to secure our users' data as much as possible. The first step was deciding whether it was going to be feasible to continue with client side encryption on our web app. It became clear that while we were able to still build an extremely secure browser platform, client side encryption from a browser just wasn't option. Here's why - 

Browser client side encryption significantly restricts the features we can offer that our users have come to appreciate. We wouldn't be able to thumbnail images for optimized mobile experiences. Transcoding your videos so you are able to watch from from any device wouldn't be an option. It would also mean a noticeably slower experience, intensive memory & CPU usage, along with a string of other issues. 

So, coming to terms with the fact client side encryption wasn't available for our web app, we began exploring other options that would ensure user data would remain secure. 

The first level of protection is password hashing. We chose bcrypt, a hashing algorithm based on the Blowfish encryption algorithm. Bcrypt is an excellent choice for password hashing because it's slower to calculate hashes (about half a second per hash on the typical consumer's hardware) and has salting built right. 

Right when a user signs up we generate a unique, random key for that user which will be used to secure high level user metadata. Essentially this key is the gateway to the user's account; we call this the "user key". Next, a differently salted, hashed version of the password, that we call the "user key key" (bear with us, here) is used to encrypt the "user key". The encrypted "user key" is then stored in the database. 


You may be wondering how user data is still accessible during a session. Are we storing a password, or "user key" or even the "user key key" somewhere? Well, yes we do, but we did a lot of work to also ensure that the live session data is secured from prying eyes. 

Upon login, we generate a unique session key. This session key is then used to encrypt your "user key", along with all other session information in our session cache. At this point, that session key is set as a cookie in your browser and sent on every request, allowing Bitcasa to only access as you make requests to us. 

Your data, user key, password and all other sensitive information that would provide access to your account data is obscured from attackers via industry standard AES encryption, only being decrypted and held in memory for the duration of a request. 

When a file is accessed, it's streamed in realtime, decrypting (and sometimes manipulating in the case of thumbnails and transcoding) the data as it is sent to your browser. Similarly for uploads, Bitcasa reads the incoming stream of data, chunking and encrypting it before it's written to anywhere persistent. 


As always, security is of the utmost importance to Bitcasa and we take your privacy very seriously. We really hope this alleviates some confusion regarding how encryption works for our web app! 

- David Lawrence, Bitcasa Infrastructure Engineering Manager


Posted on January 28, 2014 .

Everything You Need to Know About Deleting Mirrored Folders

Have you ever tried to delete a mirrored folder and received one of these messages?

Image 1.png
Image 2.png

Well the secret here is that you actually cannot delete a mirrored folder! (at least not the same way you delete your other files)

What’s so special about mirrored files anyway?

The Bitcasa Desktop App mounts just like an external hard drive but instead of connecting a USB cable it’s connected to the Internet. Because of this, you can manage the files in your Bitcasa Drive just like any other file stored on your computer… except when it comes to mirrored folders.

Files within a mirrored folder are special because they are a reflection of folders that exist on one of your computers. In order to “delete” the mirrored copies of these folders from your Bitcasa Drive, you must use the Bitcasa Desktop App to “stop mirroring” the folders.

So how do I get rid of these things?

To stop mirroring a folder, follow these easy steps:

  1. Open the Bitcasa Desktop App.

  2. Navigate to the Mirrored Folders for the computer that it’s mirrored from (e.g. Jane’s MacBook Air).

  3. Right-click the folder you wish to stop mirroring, click Bitcasa, and then click Stop mirroring to Bitcasa.

Image 3.png

What if I don’t see the option to stop mirroring?

Make sure you’re not trying to stop mirroring on the “Mirrored Folder” folder or the “Device Name” folder; or else the option to stop mirroring the folder will be greyed out:

Image 4.png

You’ll want to make sure you right-click on the folder that represents the actual folder from your computer in order to see the “Stop Mirroring to Bitcasa” option.

Image 5.png

And now your folder cleanup is done!

So that’s how you go about removing your mirrored folders from your Bitcasa Drive!

Happy… deleting?



Posted on January 15, 2014 .

Bitcasa - Your External Drive, In the Cloud

We have always described Bitcasa as the external hard drive that lives in the cloud. This means that not only are you able to ditch that bulky external hard drive, but you also free up room on all your devices and never have to worry about running out of space! Because of the way Bitcasa works, you're still able to get the same great benefits you're used to from an external drive:

- Using Bitcasa is like plugging in a drive through your USB port, except that it's connected through the internet and your data is available on any device

- Copy your files over just like you would on an external drive. You can even drag & drop your data to copy it into your Infinite Drive!

- Create, move or rename folders the same way you would for your external hard drive. 

Bitcasa still offers all the same features of your external hard drive, but also brings a variety of additional benefits. Things like Share URL Links, mirroring, mobile password lock and Quick Search (just to name a few) make Bitcasa a whole new way to backup your files. Aside from the fact you'll never have to lug around an external drive again, you're also provided unlimited space to store your content. Your data is safe, secure and you can your files, photos, videos and documents from anywhere on any device!


Posted on October 30, 2013 .

The Basics of Mirroring

We all know that Bitcasa gives you a stellar, cloud-based Infinite Drive, but there's another feature called "Mirroring" that can be a really useful way to transfer your data. When you mirror a folder, Bitcasa automatically reflects those changes in your Bitcasa account. 


looking gooooood

So why would you want to use mirroring? 

  •  Changes are automatic and continuous. As you make updates to local files mirrored to Bitcasa, these changes are automatically reflected in your Infinite Drive. 
  • Offline access. Should you happen to go offline, your local files are still available on your computer, just as they normally would be. Once you hop back online, any changes you've made to your mirrored folders will sync with your Infinite Drive. 
  • See your files from multiple devices. View your files from another device within your Infinite Drive, under the "Mirrored Folders" folder. (Note: You can't make changes to a file that is mirrored from another device. Sorry!)

Ok, Let's Mirror a Folder!

1. Let's say you have a folder called "Images" that you want to mirror. 

2. Right click that folder, select Bitcasa and then click Mirror this folder to Bitcasa.  


3. You'll see a notification appear in your system tray. This is to let you know that the folder is being mirrored (uploaded) to your Infinite Drive.


4. That "Images" folder should have a neat little blue icon, showing the mirror is in progress. Once mirroring is complete, the icon will change to a green one. Yay! 

5. After the mirror is complete, you can open your Infinite Drive and that folder will now be under Mirrored Folders  for that computer. Ta-da!


Making Changes to a File Within a Mirrored Folder

  1. Open your local folder as you usually would, make any updates you need and then save your changes so that they are reflected in your Bitcasa Drive. 
  2. These changes are automatically backed up so long as you are connected to the Internet. If you're offline, these changes will be synced once you're back online. 

Note: You cannot make changes to a file that is mirrored from another computer. You can only make changes to a locally stored file from the computer you're working from. 

However! You can follow these steps as a workaround: 

  1. Save or copy the file to your desktop
  2. Make your changes then save the file
  3. Copy the file to your Infinite Drive  

How to Stop Mirroring a File

    If you ever want to stop a folder from being mirrored to your Bitcasa Infinite Drive, no worries! Here's how to make that happen:  

    1. Use Windows Explorer (PC) or Finder (Mac) to find your computer's local version of the folder.

    2. Right-click the finder and select the Bitcasa menu. 

    3. Choose "Stop mirroring to Bitcasa".


    4. Boom! That's it. Bitcasa will no longer mirror the folder and the data will be removed. You can mirror the folder again at any time in the future. No hard feelings.  

    A Few Extra Tidbits

    • You can see all mirrored folders for your connected devices by viewing the "Mirrored Folders" location within your Infinite Drive. You can also remove a mirrored folder from this location, including folders mirrored from your other computers.
    • It's currently not possible to mirror external drives  (on any platform). Development for this option is underway so stay tuned!  


    Internal Drives: You can mirror content from any internal drive on your PC. 

    Exceptions: Folders used by software and Windows, which are located in the root of your system drive (C:\Program files, C:\Windows, etc.) cannot be mirrored.  

    Drive Letters: Resist the urge to mirror content at the drive-letter level (F:\, etc.). Pretty please! When a folder is mirrored, Bitcasa creates a folder on the server the with same name. Windows doesn't recognize folders with a ":" in their name (like F:\), so the mirrored content on the server becomes invisible. No dice. Try mirroring the sub-folders, instead! 


    Internal Drives: You can mirror content on the same internal drive that your operating system is installed on. 

    Exceptions: You can mirror any folder within your HOME directory ("~/" or "/Volumes/Users/<user_name>"). You will not be able to mirror any folders located in the root of your system drive (/Applications, /Library, /Systems, etc.), including user-created folders.  

    And There You Have It!

    So those are the basics of mirroring and how to get the best experience using the feature in Bitcasa. Feel free to post any questions you have, read up more in the Bitcasa Help Center or start a discussion in the Bitcasa Community Forums

    Happy uploading,

    The Bitcasa Support Team

    What does "Infinite" storage mean, anyway?

    Recently, we've seen a lot more people asking what the heck the Bitcasa Infinite Drive really is. Well, the Bitcasa Support Team is here to help! We put together a few of the top questions we've received in order to provide a more clear perspective as to what you really get with the Infinite Drive and how you can really get to know one another. 



    What does "Infinite" mean, really?

    Infinite means unlimited space. Really. And, no, that's not too good to be true! We have access to some really smart technology which allows us to store a lot of stuff at a low cost to us. We just pass that same opportunity along to you! 

    Are there file size limits?

    Nope! You can store any file of any size on Bitcasa. There is a 2GB file size limit for uploads via the web and mobile apps, but desktop apps don't have any file size restrictions. Hoorah! 

    So, will my account be throttled if I upload a lot? 

    Not one bit! 

    Is there a limit to the number of devices I can use with Bitcasa?

    No, not at this time.  

    However, we are considering the possibility of enforcing a 5 computer limit (with unlimited mobile devices). We feel this would be sufficient for the average, individual user which would also deter abuse and piracy. 

    Remember: With great power, comes great responsibility. 

    We just want to remind you that at this time, Bitcasa is for individual user accounts only. Sharing of accounts between multiple users, use by a business or for distributed file sharing are strict violations of our Acceptable Use policy. If you're a small or medium business, in need of an enterprise account or are looking for a family plan - don't worry. We will have accommodating plans available soon! In the mean time, just shoot us an email to and we will do everything we can to get you set up.    

    We really do hope this helps provide a little more insight as to how the Bitcasa Infinite Drive works. If you still have any questions, you can dive in deeper on the Bitcasa Knowledge Base or poke around in the BItcasa Community Support Forums. Alternatively, you can read the full Terms of Service here

    Happy Uploading!

     - The Bitcasa Support Team

    Posted on September 17, 2013 .