"I realize that not everybody works on such elaborate file-shuttling projects. But try Dropbox for its ability to keep your important files everywhere at once. Or try it as an automatic, silent, encrypted backup of your essentials. Or try it so that you can get at your computer’s files from your phone."
When will Dropbox implement client-side encryption? Dropbox is a pleasure to use. Recommending Dropbox as a backup of certain documents is fine. Recommending Dropbox as a backup for important/essential documents where privacy is a concern is not ok.
Dropbox is just a regular directory on disk. There is no magic. There just happens to be a process watching that directory for changes. (or not. you can always kill the dropbox process, and your files are still accessible)
Of course most users don't encrypt their local file systems in the first place, so whether dropbox has something for local security is irrelevant.
For people interested in securing files on disk the same solutions you would use without dropbox are the same ones you can use with dropbox. In a nutshell, either encrypt your whole volume or mount a file-based volume.
Personally I use a Truecrypt volume, and I placed my drop box folder inside it. I do this so I can still access all the files from the web and mobile and have the versioning. Alternatively you could place the volume's data file itself in the dropbox folder to be synced. You would of course lose the per file granularity, but you do get a "snapshot" feature since you can restore your whole volume with the versioning.
Keep in mind that if you place a trucecrypt volume inside drop box, then it will only get synced when it is unmounted.
Truecrypt is not an option for the majority of users. You've gone from a slick user experience to one of..."Why not just keep things on my USB stick again?"
These are solved problems as evidenced by other providers like Spideroak and Wuala where encryption happens by default on the client's device.
At the very least, Dropbox can offer this as an option. With the recent funding, if they are planning to offer business plans...surely encryption will be default there at least?
A little more sophistication in their Selective Syncing would be nice as well. And maybe some response to questions on the forums, at least for paying customers.
I'm a paying customer, but I'm not a happy paying customer.
TrueCrypt works. The client program needs polish (and I wish it could resize on the fly), but it once it mounts an encrypted volume, that's that. Even Dropbox's incremental sync works with TrueCrypt.
Yes it does. The problem is explaining the purpose of Truecrypt and it's use to the audience of those who read mainstream press articles such as written by Pogue. If the incorporation of encryption is not as slick as the rest of the product experience then it won't be used.
I don't mind my recipes for oatmeal cookies falling into the wrong hands. But the new junior food scientist at Coca-Cola who decided to store a copy of the secret recipe on their Dropbox folder so they can do some testing at home might be forewarned of this problem. Or for a real world example, the poster a few comments below who stores student grades on a Dropbox folder. I cringe.
"I realize that not everybody works on such elaborate file-shuttling projects. But try Dropbox for its ability to keep your important files everywhere at once. Or try it as an automatic, silent, encrypted backup of your essentials. Or try it so that you can get at your computer’s files from your phone."
When will Dropbox implement client-side encryption? Dropbox is a pleasure to use. Recommending Dropbox as a backup of certain documents is fine. Recommending Dropbox as a backup for important/essential documents where privacy is a concern is not ok.