Most goods and services sold to EU end-users are subject to value added tax (VAT). In particular, electronically supplied services are “VAT taxable” under EU VAT rules and both EU and non-EU businesses must collect VAT on behalf of end-users.

This series explains how we use Stripe payments (down to API usage level) to meet our legal obligations with regard to EU VAT, and the changes (simplifications) introduced in EU VAT rules in 2019.

The first part gives an overview of the legal obligations and how they changed in 2019.

Continue Reading

Any file sync system worth its salt is able to skip transfers of data the receiving side has already. This is known as source (or client-side) deduplication. Many storage systems (both cloud-based and local ones) perform data deduplication, which allows to store a single copy of each piece of data even when it’s duplicated across files or users. (They are usually implemented together, but are actually independent in a strict sense.)

Source and storage deduplication speed up operations and decrease transfer and storage costs. But they also open the door to a number of side channel attacks that threaten privacy, allow service abuse, and expose both users and service operators to legal risk. Popular public cloud services are particularly exposed, because anybody can register and use (plus, as shown below, attack) them. The Sync Appliance, on the other hand, runs on your own computers, and access is thus restricted to allowed users (both regular and guests, with more limited capabilities). It incorporates nonetheless protections against the attacks detailed below.

Continue Reading