If you think Dropbox is bad, what about the recent preview of Office 2013 that stores all business documents in the cloud by default? (I haven't been able to find any mention of client-side encryption.)
Non-US governments should seriously consider anything from sales bans to education in order to protect their citizens' privacy and business secrets.
Why do people keep saying such things regarding previews and demos?
He is not complaining about a bug. Nor does he complain about a not ready for primetime feature in some early development version. Those are expected.
He is complaining about how a feature is implemented. Features such as this, rarely, if ever, change between preview/demo and final release. If it does change, it will be mostly because of the outcry, not because it was supposed to change in the final all along.
I find this kind of odd. I wouldn't store anything valuable on my own systems either unless I held the encryption key.
When it comes to accidental data loss, I trust cloud services a lot more than my own little server. Ditto as far as security is concerned (in that I assume neither of them are safe from being compromised).
If you encrypt it yourself, Dropbox is an excellent place to store anything valuable. Just make sure it's not the only place you store it.
> Just make sure it's not the only place you store it.
This is the main problem for me. I'd love to have my working files (say photoshop files) in dropbox so I could access them on any mac I use, but I don't trust it to hold the master file. All it takes is for it to be flattened in one place and I lose layers everywhere.
Does anyone know of products that clone files to Dropbox? Almost like TimeMachine with dropbox as the target?
Setup your backup software to backup any content you add to Dropbox. That way you have multiple copies. If DB kills your account and somehow deletes everything from your local disk you'll still have everything.
I use it exactly as a master for my PSDs for a year or so and I've been really happy with it, even when the file is open on another machine or two while I'm editing it on a a third. If there's a potential to flatten the file upon save, I'd create a second directory for those files and keep them separate from the PSDs. If you really don't trust accidents not to happen, maybe create read-only or password-protected masters in addition to those editable PSDs. They've also got the backup/versioning service you can pay for.
It's not a version control system for Dropbox -- but you could also use LayerVault (http://layervault.com/) to keep a nice backup of your files incase Dropbox does fail.
All files are backed up to Time Machine (including DB shares) and Backblaze. Then all files are saved and shared via DB. This covers our asses all over the place, is relatively low cost and works.
Nice to see a sync solution that lets me sync arbitrary folders. I was thinking of building a layer on top of dropbox for myself, but this works great. Thanks for the recommendation!
I believe he uses fastmail.fm. He mentioned this on B&A and on his blog in the past when talking about having control of your identity on the Internet.
I wish. Mail is designed to be not private at all. It is transferred unencrypted through the internet unless you as user take care of upper level encryption.
I don't see any reason to be shocked about marcos statement about dropbox.
Dropbox has the only advantage to be the first cloud-storage provider who get's the job done right. It's not Dropbox's security that made it so popular, it's just the way how simple it is to setup. Create an account, download the client, insert credentials and BAM you're ready to go.
There is also an alternative to Dropbox called "Sparkleshare" (http://sparkleshare.org/) it's nearly equal to dropbox's functionality (except the webinterface). The only reason why i'm not using it (yet) is the fact that they use there own IRC server to keep your data in sync (some kind of sync-messaging between your client machines).
So if you're having real security concerns, you can use sparkleshare and use your own IRC server (https://github.com/hbons/SparkleShare/wiki/Notification-serv...). Rent a small/slowish VPS with enough hdd space for your needs, run sparkleshare on it and you have your own dropbox. :)
That's fine if you're storing only small files, but sparkleshare is based on git and absolutely chokes on large files. So photos, home movies, and the like which live happily on Dropbox are a disaster on Sparkleshare. The main reason seems to be that it wants to buffer the entire file in RAM during the sync, which rapidly kills most consumer-grade machines.
“Anything that is really sensitive or extremely valuable or needs to be kept very secret, I wouldn’t store on anybody else’s servers. That, to me, seems ridiculous unless I held the encryption keys like with the online backup service that I use.”
He doesn't say anything specific about Dropbox that couldn't be applied to other cloud-storage locations.
Several cloud storage vendors including SpiderOak, Wuala, and Tarsnap do encryption client side, encrypting the data before it leaves your machine and only decrypting it back on your machine. In the SpiderOak case, all we see server side are sequentially numbered containers of encrypted data.
Unencrypted data is the main reason I am trying to move away from Dropbox to Spideroak that at least claims to encrypt stuff without knowing the key (cannot verify that as their client is closed source). The setup of Spideroak seems a bit more complicated compared to Dropbox though.
I just throw sensitive stuff inside a truecrypt volume. Dropbox works pretty well for that, as long as you don't leave the volume open on one pc and then log into it from the next. Even then you just have a second copy you have to reconcile with the first.
I do this too. The only problem I have is that, for my larger sensitive folders, any small change will result in Dropbox having to sync the whole (often multiple gig) volume. Which is only really annoying if you're trying to access these things through a slow connection.
I use encfs instead because it encrypts at the individual file level, so there is no need to sync an entire volume. Additionally the volume can be mounted on multiple computers simultaneously without causing sync conflicts.
While I agree, this is kind of a no-brainier. Dropbox is a great service, especially for keeping settings and such in sync, but anything that needs to be kept private shouldrpbably be kept...private.
Can we please get a good cloud storage provider from Europe? I'm getting really tired of American companies snooping on our data at will, or the US Government snooping on it at will as well, without even a Court order, just because they passed a law that says they can do that, or sometimes even illegally.
If you're worried about "US government" snooping, you should really be worried about UKUSA snooping, and keep your data out of all participating countries.
I'd be concerned that it would be relatively easy for someone to bribe a government/police/datacenter official to physically get at the servers located in a developing country that held my data.
Yes, but out of 25,000,000 users, how many of them know what encryption is, nevermind EncFS? The important point is that it's generally a good idea to treat anything you don't control as nearly public.
How many of those users care or need to know what encryption is? The argument appears to be that users treat Dropbox like a private store when it isn't, and somehow that's Dropbox' fault.
Their privacy policy contains some interesting stuff about your actual privacy: "Compliance with Laws and Law Enforcement Requests; Protection of Dropbox's Rights". Also, the "Security Overview" page explains that the files are encrypted by themselves after they are uploaded, plus the fact that they manage the encryption keys. Combine that with the previous statement. Dropbox is responsible for what they say. It isn't responsible for what the user understands, or the fact that people don't properly read/understand ToS'es.
People that care about their privacy, take measures.
Nobody stops people to use a stackable encrypted filesystem such as EncFS or eCryptfs over Dropbox.
I have never tried, and don't know, but does Dropbox deal elegantly with encrypted filesystems? If I have a 1GB encrypted volume sitting in my dropbox folder, and I save a change to a 1KB text doc in it, what does dropbox transmit?
My suspicion is that they transmit the entire 1GB file (falling ever behind each time I do a save in it). They don't do low level file hooks, to my knowledge, and there's no way they're doing large scale binary diff'ing.
Encfs encrypts each file on its own. It also encrypts the name. So if you edit your 1KB "passwords.txt" file, Dropbox sees an updated 1KB "mOvTBivPznAWPrQSuflgVXFJ" file.
I haven't used either, but http://sparkleshare.org/ and http://owncloud.org/ seem to be the best open source options. I may give them a try soon - I'm getting more and more concerned by Dropbox.
I use TrueCrypt to create encrypted files containing the sensitive data I want on the cloud. TrueCrypt is free and quick to install, so I can pretty easily access the files from any computer if I need to.
While this (and other things mentioned like EncFS) is a solution, it integrates badly with user experience. I cannot access my data via web interface or smartphone app and I value this very much.
It is a bit complicated, but you _can_ create smartphone application and web interface for the data encrypted on a server.
With Crashplan you can also host your own server (setting that up myself); it's an annoying piece of Java, but we had a spare 40TB box or two lying around.
Non-US governments should seriously consider anything from sales bans to education in order to protect their citizens' privacy and business secrets.