

How to add a second layer of encryption to Dropbox - ohyes
http://lifehacker.com/5813873/how-to-add-a-second-layer-of-encryption-to-dropbox

======
yaix
I am using encFS for all data that gets backed up (on USB disc and in the
cloud). Its easy to set up, and files get not stuffed into a "container" but
they remain seperate files, with their file names and contents encrypted.

If a file is changed on disc, then only that single encrypted file is changed
and Dropbox can upload it like any other file.

I also have one backup of my work PC sync every day to my webserver, using
rsync. Its publicly accessible on the server, but who cares, its encrypted.

------
whakojacko
The unmentioned big issue with truecrypt is that encryption messes up
dropbox's ability to do just do diffs, so syncing is noticeably slower. I'm
fine with that though, because the (important) data I keep there is only
updated 1 or 2 times/year.

~~~
sigil
Yes. I did an experiment to see just how much the diff was amplified by
TrueCrypt. For a 1MB file change inside the TrueCrypt container, DropBox would
have transferred 8x the normal amount. [1]

Fine for scenarios like you mention, but the "Everything" option suggested by
the article is probably not a good idea.

[1] <http://news.ycombinator.com/item?id=2546626>

------
masnick
Dropbox works brilliantly for sharing/syncing non-private files, but I don't
think it makes sense to try to patch on something to make it work for truly
private files. In my experience, the added security of encryption always comes
with some inconvenience, but TrueCrypt volumes sound _really_ inconvenient
(like dealing with conflicts if the volume was mounted on multiple computers
at the same time).

I'd rather lose the convenience of the web interface, etc. and have locally
encrypted files that are only accessible to me.

What about adding encryption on top of a tool like lipsync
(<https://github.com/philcryer/lipsync>) as an alternative to Dropbox for
private files?

~~~
gnoupi
The issue with Dropbox recently is that for 4 hours, there was no password
check. So it's not as much to protect public/shared files, but to protect all
files you have on Dropbox, in the eventuality someone gets full access to your
account.

~~~
masnick
Right, but you should have been assuming all along that your Dropbox files
could be made public given that they are not locally encrypted. The recent
security breach just drives home this point.

My point is that we need something like Dropbox but with local encryption.
Putting a TrueCrypt volume on Dropbox isn't a practical solution, IMHO.

~~~
gnoupi
Yes, of course. From your previous messages it was looking like you were
assuming that private files were "safe", that's why I wanted to add the
detail.

I agree as well on the need for an encrypted solution. I'm surprised that
Dropbox hasn't been proposing this already. Well, unless they intend to have
access to the contents, themselves..

~~~
masnick
Yes, I would love to see a built-in feature for designating a folder in
Dropbox as "super private", e.g. encryption happens on the client side and
there is no web interface or ability to share subfolders.

Until that happens, I'm looking for a non-Dropbox alternative for syncing
files I would prefer remained private.

------
joejohnson
For Mac OS X or Linux users, does anyone know an equivalent script to the
batch script at the end of the post that would make Dropbox wait until the
TrueCrypt virtual drive has been mounted?

------
klous
Seems like there is an opportunity to simplify local encryption with TrueCrypt
/ Dropbox integration into a neat, streamlined package for the layman.

------
nextparadigms
Dropbox and other similar cloud services should prompt you to encrypt your
files before they get uploaded with your own key, by default.

~~~
parfe
Why?

My email contains far more sensitive information than Dropbox holds. I still
let Google see my unencrypted emails without bitching.

I can't comprehend why people who are less than 1% of dropbox users think the
service should change to be something it isn't for a feature they don't get or
demand elsewhere.

