Forgot your password?
typodupeerror
Cloud Privacy Security Your Rights Online

Open Source Alternative To Dropbox? 482

Posted by CmdrTaco
from the post-it-notes-on-telephone-polls dept.
garry_g writes "While 'the cloud' may be one of the major buzzwords of the Internet industry, anybody concerned with security and privacy will most likely not touch it with a 10-foot pole. While I am guilty of using Dropbox for occasional data storage or quick picture snaps with my Android phone, I do watch out not to store anything important on there (or incriminating), no matter what the "privacy policy" may be. I was wondering: what useful alternative is there to Dropbox on the FOSS market, which will allow access by both windows/linux boxes, but also mobile devices (specifically Android). I know there are front-end add ons for Windows (and Linux tools of course) e.g. for SVN, but most likely no implementations for mobile use as far as I can tell... And, of course, the backend should run on a Linux box ;)"
This discussion has been archived. No new comments can be posted.

Open Source Alternative To Dropbox?

Comments Filter:
  • Sparkleshare (Score:5, Informative)

    by Moderator (189749) * on Thursday June 16, 2011 @12:45PM (#36464670)

    Sparkleshare [sparkleshare.org] is still under development, and it seems to have the most traction of any user-friendly project. When released, it will be the open-source Dropbox replacement.

    I agree though, it's very hard to get rid of the convenience of Dropbox. Not just for saving files, but for syncing your configuration across machines (save your .dotFiles in ~/Dropbox and then symlink to ~/). But when they refuse to support the BSD's (2 out of the 4 machines I regularly work on), and their Linux implementation starting requiring disabling SELinux [dropbox.com], they pretty much did it to themselves. Not to mention the whole thing where the Dropbox CTO admitted they could look at your files [bnet.com] if they wanted.

    • by jdray (645332)

      In Korea, only old people use Dropbox.

      [Sorry, I haven't been around in a while...]

    • Re: (Score:3, Interesting)

      By the time any of these open source projects push out anything worthwhile the world will have moved on and nobody will be looking for their clones. And even then they'll have none of the simplicity and ease of use of the originals, let alone the integration into other software. Seriously, when is the FOSS world going to take the lead on creating something cool for a change instead of rushing after the trend du jour ?

    • Re:Sparkleshare (Score:4, Informative)

      by tehniobium (1042240) <lukasNO@SPAMimf.au.dk> on Thursday June 16, 2011 @02:03PM (#36465932)

      The SELinux issue appears to be a temporary bug. The thread you linked says: a) next version will have it fixed and b) gives you a one-liner for how to fix it yourself.

    • If you know enough about security to deal with SELinux, you can't have been surprised to find that Dropbox employees, and NSA/CIA/FBI with Dropbox-supplied access, can read your files. Regardless of whether they are encrypted by Dropbox while on the Dropbox servers or not, there is no other way they could send and receive arbitrary files without this capability. Either you are pretending to know nothing about security, or pretending to know something.

    • by Eivind (15695)

      SpiderOak is actually a lot more convenient than DropBox.

      It's not open-source, but it has 3 other serious advantages. First it's based on a zero-knowledge architecture, this means that all your files are encrypted locally, before being put in the cloud, and the keys are handled (derived from a passphrase) in a way that ensures that nobody, not even employees of SpiderOak, can see your files. (for me this is an absolute requirement for storing files in the cloud)

      Second, you can select more than one directory

  • It has been a cloud type service that has been around for how long? Granted it's not private, but all you have to do is encrypt your files. And as for privacy, considering the things that people continuously post there, and don't get caught, speaks to the possibilities. Yeah I suppose, data retention has only in the last few years gotten good enough to make a difference. But there have got to be some things we could learn about making the cloud work better from it.
  • Ubuntu One (Score:5, Informative)

    by arisvega (1414195) on Thursday June 16, 2011 @12:50PM (#36464754)
    Ubuntu One [wikipedia.org], but the server-side is proprietary. And it is rather buggy on other platforms.
    • Re: (Score:3, Insightful)

      by edmicman (830206)

      Ubuntu One [wikipedia.org], but the server-side is proprietary. And it is rather buggy on other platforms.

      So, like a lot of open source software, it's a solution...but not really.

      • Re:Ubuntu One (Score:4, Insightful)

        by cratermoon (765155) on Thursday June 16, 2011 @01:53PM (#36465814) Homepage
        Like a lot of open source software, it's like a lot of other open source software that attempts to do pretty much the same thing, but in a different way and with different bugs and missing features. The solution, of course, to this mess of half-finished, buggy, and abandoned OSS with horrid UIs is easy. Start another project to do the same thing, only this time, we'll do it right. It'll be feature-complete quickly and free of serious bugs because all those other developers working on similar software will immediately see how superior we are and join us.
      • by arisvega (1414195)

        You be trollin'. I am definately not in the mood of advocating Ubuntu, but;

        They are working on it, AND they are giving out 2GB for free, AND if you skip the autosync features you can open a crapload of different accounts, AND you get 20GB more for the price of two icecreams per month.

        Granted, $36/year may give you a sour face, but have you seen the prices of the competitors?

  • Hosted Alternatives (Score:5, Informative)

    by slifox (605302) * on Thursday June 16, 2011 @12:51PM (#36464782)
    There are some decent-looking hosted alternatives to dropbox which do client-side encryption. I've looked into this a bit, but I haven't tried any of these yet, so YMMV...

    One particularly interesting one is TarSnap. The best part is the client is OSS, so you can verify that encryption is done properly (strong & client-side). You could even reverse the protocol and design your own server software, if you want.
    http://www.tarsnap.com/ [tarsnap.com]

    Another interesting one is SpiderOak. However their client is not OSS, so you have to trust that they're doing the encryption properly
    https://spideroak.com/ [spideroak.com]

    Here are some other potential hosts, but I'm not sure exactly how proper the encryption is:
    http://www.boxcryptor.com/ [boxcryptor.com]
    http://syncplicity.com/products/ [syncplicity.com]
    • by metlin (258108)

      I've always thought about this -- how about a distributed storage network? Anyone using this needs to have a dedicated line and allocate at least 1 GB of their personal storage, and in return, they get 0.5 GB of distributed storage. The idea is similar to a P2P network, only, the data is distributed and redundant across every peer on the network (hence the reason you only get half of what you put in). As long as the encryption is quite secure, and there's a central server tracking the users, it should be fa

      • by edmicman (830206)

        I've wondered about this for even a local network. At my last job we'd have desktop machines with gobs of free hard drive space. Wouldn't it be nice if you could capture that free space on each machine and pool it all as sort of a local distributed network storage? Heck, build it into the OS and you'd be set.

  • by Mephistophocles (930357) on Thursday June 16, 2011 @12:53PM (#36464812) Homepage
    Dropbox is secure - just use PGP to encrypt everything you put up there, and decrypt it upon arrival at your host machine. I suppose that would require a jail-broken Android, but that's not all bad... I don't generally accept arguments that the cloud isn't secure. It is, if used correctly (see above). The cloud is like a public restroom - you treat it differently than the one in your house by being much more conscious about cleanliness and such (in the cloud, more conscious about security), but it's perfectly acceptable to use both.
    • Re: (Score:3, Funny)

      by Anonymous Coward

      The cloud is like a public restroom

      In that they're both full of other people's shit.

  • by jojoba_oil (1071932) on Thursday June 16, 2011 @12:53PM (#36464818)
    Why is SVN being compared to DropBox? There's no mobile app for SVN access because, typically, people don't do development on their phones...
  • by icebike (68054) on Thursday June 16, 2011 @12:54PM (#36464840)

    Why would he need dropbox for pictures snapped from his android phone?
    If he has Android, he has google.
    If he has google he has Picasa.
    If he has picasa his android will sync with it at will.

    • If he has Android, he has google.

      Not necessarily. Android-powered devices not using the Open Handset Alliance version of Android don't get the non-free Google apps.

  • rsync.net FTW. (Score:4, Informative)

    by enselsharon (968932) on Thursday June 16, 2011 @12:54PM (#36464842)

    I've had personal and business accounts at rsync.net going back over 5 years.

    It's simple, it's straightforward, and it works out of the box with everything I use.

    Oh, and there's this:

    http://www.rsync.net/resources/notices/canary.txt [rsync.net]

    It's not the cheapest offering, but my employers' account @ 2TB is around 28 cents/GB, per month.

  • ownCloud or Wuala (Score:5, Informative)

    by DVega (211997) on Thursday June 16, 2011 @12:56PM (#36464890)

    On the open-source front, the only option I know is ownCloud [owncloud.org]. It provides the software to build your 'Cloud' storage, but you must provide your own hardware.

    On the other side, you can try Wuala [wuala.com]. It is not Open Source, but it encrypts all your files before uploading them. There are clients for almost every platform.

    • by imamac (1083405)
      I use owncloud. It it certainly not as robust as DropBox, but it works for my needs. It also has a plugin system for functionality expansion.
  • ifolder (Score:3, Informative)

    by bsmokeman (303354) on Thursday June 16, 2011 @12:56PM (#36464894)

    Novell open-sourced ifolder. there are clients for linux, windows, mac, and even iphone. Someone just needs to write a client for android.
    We are implementing it on a large scale, with Active Directory integration, and 270 mobile laptop users. I understand novell is moving to neutron (their new file/folder sync technology). It should solve some of the issues we had, such as integrating with a windows server, however it will not be open-source. We just used the ifolder client, and a proxy user for everyone's folder to bypass that issue. We looked extensively for a solution, and settled on ifolder, however mobile phones weren't part of the requirement.

  • It might not be as convenient and be designed for an entirely different purpose, but it works for me.

  • ssh + rsync = win! (Score:4, Informative)

    by WWE-TicK (593858) on Thursday June 16, 2011 @12:57PM (#36464904)
    I put a Linux box with an SSH server and rsync on my FIOS line. Then I use rsync for Android to sync file shares between the Linux box and my Android tablet. This has been working fine for me. It might even be more secure than Dropbox.
    • by spinkham (56603)

      Unison is like rsync, but handles 2 way syncing better.

      • by drinkypoo (153816)

        AFAICT both ends have to run the same version to sync. In practice this means you have to either have a totally homogeneous network or build Unison everywhere but possibly one device whose version you have to match. If I am wrong then I am silly. If I am right then Unison sucks.

  • Pretty sad isn't it?
    SFTP is far better than both and is open.
    • That's just the communications protocol and is only part of the service. There are other crucial parts, such as figuring out what to sync, and which direction to sync it, and of course how to store the files on the server securely.
    • SFTP is far better than both and is open.

      ...and insufficient in terms of functionality. Oops.

  • rsync (Score:4, Interesting)

    by GreatBunzinni (642500) on Thursday June 16, 2011 @12:58PM (#36464934)

    I believe that rsync is able to cover most of dropbox's features, if not all. By using rsync you aren't bound to any service provider or even internet access. You may not have the flashy web interface and flashy android/desktop client but it is somewhat trivial to implement a front-end to rsync that abstracts all implementation details. If you wish to have some sort of history log then you can always set your clients to implement some form of incremental backup of your repository.

    • by profplump (309017)

      And unison [upenn.edu] extends the rsync model to do bi-directional syncing with basically no user intervention and no strict need for a centralized server. It's not quite mobile-ready, but there's real work being one on an ocmal runtime for android [github.com], which is probably 99% of what you need to get unison working there as well.

  • ownCloud (Score:5, Informative)

    by reldruH (956292) on Thursday June 16, 2011 @01:01PM (#36465000) Journal
    Sounds like you're looking for ownCloud. It's still under heavy development but the file storage functions work very well and it's accessible on Mac, Windows & Linux via webdav and from everywhere else via a web interface. There are also a couple of mobile apps in the works and it runs on a standard LAMP stack. http://owncloud.org/index.php/Main_Page [owncloud.org] And a blog post about the current status: http://owncloudtest.blogspot.com/2011/06/owncloud-20-just-merged-with.html [blogspot.com]
  • Unison (Score:3, Informative)

    by human spam filter (994463) on Thursday June 16, 2011 @01:11PM (#36465164)
    If you have Linux PC that is accessible from the internet, then just use Unison (http://www.cis.upenn.edu/~bcpierce/unison/). I use it all the time to synchronize my PC at work, my PC at home, and my laptop. It is quite fast, my synchronized folder is currently ~7GB and it takes maybe 10s to check for changes (not sure how Unison manages to do this).
    • by drinkypoo (153816)

      Unison creates index files which it uses to keep house. Unfortunately, when I looked into using it to copy data between my desktop and my Dockstar running Debian, it told me the versions were mismatched. So I looked into it and from what I could tell the actual version numbers have to match on both ends. This is pretty much a deal breaker when you bring mobile devices into the mix, especially since it doesn't exist for them yet (unless you have a N900 or similar.) So I still use rsync, I just run it twice.

  • Pogo Plug? (Score:4, Informative)

    by Nexus7 (2919) on Thursday June 16, 2011 @01:13PM (#36465206)

    I thought of this when I read the posting, because B*y.com sent me junk mail today about a sale on Pogo Plug Black. There's a Linux distribution for these - http://plugapps.com/index.php5/Main_Page [plugapps.com].

    Your own cloud.

  • People actually have enough time these days in their daily lives to fill up their phones memory/micro sd cards on every day usage? Or is this just people trying to look busy so others think they have somthing going on in their lives.

    If you take so many photos you abviously want some quality in the image so why not just get any of the 100's of digital pocket cameras out there?

    • by thebra (707939)

      People actually have enough time these days in their daily lives to fill up their phones memory/micro sd cards on every day usage? Or is this just people trying to look busy so others think they have somthing going on in their lives.

      If you take so many photos you abviously want some quality in the image so why not just get any of the 100's of digital pocket cameras out there?

      I own an Android phone that I use for video/photos when I don't want to bring my DSLR with me. The picture quality is fine for snapshots from my HTC Thunderbolt. Also my phone does 720p video which obviously requires a lot of space. I can see how it is quite easy to fill up your phones memory with video and images.

  • by higuita (129722) on Thursday June 16, 2011 @01:20PM (#36465308) Homepage

    For share with others, a perfect replacement for FTPs i use nephthys [netshadow.at]. Its based in webdav with a very simple web interface to allow users to share files. It auto expires shared files, so you do dont waste space with forgotten shares.

    the git needs a few tweaks to work in a recent debian ( i will send a patch do the developer in a few days/weeks)... the .deb packages didnt worked for me

    yet this is a very simple solution and works very in windows, macox and linux

    it is almost unknown, but it saved me from thousand of user calls asking for help with ftp problems (clients, access, quotas and transfer)

  • In this discussion a lot of people are totally overlooking the user-friendly aspects of Dropbox, which is really its main selling point (yeah, I realize it's Slashdot). Once set up, the end user doesn't even have to think about it. And the cross-platform clients work well enough that you don't have to really think about whether you're on a Windows box, a Mac, or an Android phone.

    I wouldn't use Dropbox for anything sensitive, but it's great for stuff like keeping the family's grocery list. I even use it for

    • by edmicman (830206)

      Plus you can easily share a dropbox folder with another user, and collaborate on those files. And everything stays in sync there, too.

  • If you have incriminating files, why are you storing them on the cloud at all? It seems doubtful that the fourth amendment would protect stuff stored via cloud computing. [wordpress.com] Maybe it was just an odd choice of words, or not "legally" incriminating, but if physically securing your files is an option, that would probably be better. I have a hard time putting my faith in data storage I can't see. My gut feeling is that for -most- circumstances, a USB drive on your person would be more secure than anything on t
  • Is there a reason not to use WebDAV for this? I know there's a WebDAV server (optionally) built into Tomcat, and I expect that there are others out there. I know there's terrific WebDAV client access from MacOS, Windows, and iOS, and the last time I checked (many years ago) there was adequate client access from Linux if you went looking for it -- I assume the situation on a modern desktop is completely adequate now?

  • by emt377 (610337)

    rsync or sftp

    Of course, if you have incriminating evidence on your phone/server then privacy won't help much if law enforcement shows up with a search warrant. It's easier to obey laws in the first place to void this particular problem.

  • Are there any options that would work for internally hosted solutions (your data center not theirs) that would have support?

    I have heard this question multiple times, but one of the requirements for some enterprises is to have support. Do any of these products (or similar, open source or not) that include support?

  • I've skimmed the threads here for alternatives and for various reasons they're not ideal. So I wanted to ask about an alternative approach: What about encrypting each individual file? What about using WinRar or .ZIP and password protecting (and compressing!) the file individually? Preferably something where I could right-click on the file, enter a password, then there's a password-encyrpted file ready to be sent through DB.

    Is there a secure solution this way? Is it both PC and Mac compatible?

  • 1. Get a cheap VPS.

    2. SSH -> sshfs for linux or expandrive for windows.

    3. Have a folder named public in the folder you sshfs. Have that be the root of your webserver directory.

  • ifolder, from Novell, but open sourced now. secure and encrypted and you can make it as big or small as you want. And it has a web interface..... ifolder.com
  • You can use rsync for this. And if you want it more complex and fully automated, you can add lsync to automatically push local changes to the "Master" server, and a post-xfer-exec script on the "Master" server to push changes back out to the other "Slave" servers (If they're connectable). I'm intending to put this in place for a multi-way (3, in this case) sync system myself.
  • Surely not *everything* in your Dropbox folder is private and sensitive? Sure, your Excel spreadsheet with last years' taxes are, but your vacation photos?

    For those few files I have that I consider sensitive, I just zip them up with a long/strong password and use encryption. There are a few Android apps that can deal with these zip files, and I know all my desktop OSes can.

  • So the privacy/etc policy of the provider doesn't matter in the slightest.

    Treat it as a world readable file, doing anything else is being retarded.

  • Just place a Truecrypt file in Dropbox. Encrypt the heck out of it, and use that for storage and syncing. It doesn't take much longer, and leaves you with a warm and fuzzy secure feeling :) Since Truecrypt runs in portable mode, you can just put the Truecrypt files outside your encrypted storage and access it anywhere you can get web access. I put anything I want to secure in my Truecrypt file, things I don't care about (music, video, some pictures) I just use Dropbox normally.

  • Dropbox isn't just a "cloud" app; it spans both cloud and local platforms. Every PC you setup with Dropbox is a local backup copy. Even better, you can selectively partition your repository onto different machines. And, Dropbox keeps a rolling history of every file, going back a month.

    Dropbox makes your data thoroughly pervasive and robust, with a minimal amount effort. The risk of data loss is much, much greater than the risk of being hacked. How many times have you lost a hard drive? Or accidentally deleted an important file? Or had your computer stolen? These things happen all the time, and they are very debilitating.

    We ought to be practical and focus on the real risks we're likely to face. Much as we would like to think we're important enough to be a LulzSec target, the reality is we're all pretty boring, data-wise.

  • by kikito (971480) on Thursday June 16, 2011 @05:35PM (#36468390) Homepage

    Host an email account on your own server IMAP access, and store files by sending them to yourself. Depending on your client, you can arrange the emails in files/folders/tags.

    If you are comfortable with using gmail (probably no, but hey, information is free) you can use GMailfs and mount a http://sr71.net/projects/gmailfs/ [sr71.net] . I haven't used it myself, I don't know if it's any good.

    I couldn't find a working "general mailfs" system, which kindof surprises me.

Life. Don't talk to me about life. - Marvin the Paranoid Anroid

Working...