Dropbox Can't See Your Dat– Er, Never Mind 333
bizwriter writes "Dropbox, the online backup and file sharing service claims to have hit 25 million users in a single year. But a change in terms, noting that Dropbox will give up data to law enforcement under a legal request, showed that the company's security claims couldn't be possible. It turns out that Dropbox claims in one place that encrypted data makes it impossible for employees to see into user files, but in another says that they're only 'prohibited' from doing so."
the love of cloud (Score:5, Insightful)
Re: (Score:2, Insightful)
Re: (Score:2)
But if I put my data in the cloud I can encrypt it to the point where it is next to impossible for anybody else to read it. If dropbox encrypt the data on write and decrypt on read then it is of course trivial for them to decrypt it on demand.
Re: (Score:2)
Re: (Score:2)
It all depends though, does dropbox keep a copy of every file?
Dropbox is a cloud storage service, that syncs a folder between your computer(s) and a cloud location. So yes, they do have a copy of every file.
You could have answered your own question in about a minute.
Re: (Score:2)
Re: (Score:3)
They do. They even have undelete.
They'll probably use a symmetric key cryptography because I don't remember having setup an asymmetric key pair when I subscribed their service.
I'm not using Dropbox to sync my computers, I'm using it for backups and I encrypt all the data before I move it into the Dropbox folder. I don't even live into their country. So long for their access to my stuff.
Re:the love of cloud (Score:4, Insightful)
Re: (Score:3)
I So much this. I don't understand why people don't just do this by default.
It's really easy. You can get software that makes the entire process (essentially) transparent to you as an end user. Drag files into your folder and, bam, auto-encrypted. Long before I heard of any problems with DropBox, I would have bet money that at some time in the future....
1.) A DropBox employee would access someone's files
2.) A hacker would find a vulnerability that gives him access to someone's files
3.) Some malware i
Re: (Score:2)
That depends on where the encryption and decryption is performed. If its strictly done on the client (rather than their servers), unless they specifically designed a backdoor into the client, its not reasonable to believe they can decrypt it on demand.
Re: (Score:3)
This answers the question right here, combined with the fact that password recovery is doable by E-mail.
I'm guessing that it might be encrypted server side... but hell, all my data on my personal domain is encrypted server side (my Linux boxes use LUKS, my Mac uses PGP Whole Disk Encryption, my Windows boxes use TrueCrypt or BitLocker, and external disks use Truecrypt.) So, having data stored encrypted may provide a defense against someone yanking out disks out of a drive array, but against remote attacks,
Re: (Score:3)
If you're going to put the resources in place to do encryption at your end, why not just put the backup there too?
Simply keeping everything in house at one location does not protect from acts of god or bad luck.
Fires, floods, and theft happen.
A really good backup system includes off site backup somewhere in the loop.
This doesn't mean you have to use the cloud to do it.
You could have a simple system with someone taking backup tapes to a different office or something, or even taking encrypted hard drives to a safety deposit box.
Re: (Score:3)
I agree. The only people really pushing the cloud are the companies who want to supply the servers.
On the contrary, I push it all the time because it's a great tool... when it's the right tool for the job. If that job involves manipulating and/or storing sensitive data, it's somewhat less so in many cases.
Re:the love of cloud (Score:4, Interesting)
Everyday I get a corporate client asking me why they can't just do all their work on the cloud. Here's the perfect reason why.
Well it's not a perfect reason. Many companies traditionally send their backup tapes or their shred bins or boxes of old files to an operator like Iron Mountain to store / destroy them. I expect Iron Mountain would comply with a court order just as readily as a cloud operator. I suppose with cloud operators the jurisdictions are more likely to differ which could be considered an advantage or not depending on why the court order is being served.
It's certainly an important consideration though. I think in either case if you're paranoid about your data you encrypt it first.
Re:the love of cloud (Score:5, Insightful)
Well it's not a perfect reason. Many companies traditionally send their backup tapes or their shred bins or boxes of old files to an operator like Iron Mountain to store / destroy them. I expect Iron Mountain would comply with a court order just as readily as a cloud operator. I suppose with cloud operators the jurisdictions are more likely to differ which could be considered an advantage or not depending on why the court order is being served.
I noticed that although you write "court order" here -- and probably a lot of us are making the same assumption -- that phrase is not used in the Dropbox terms quoted in TFA. Instead, it reads "...Dropbox cooperates with United States law enforcement when it receives valid legal process..." It certainly makes you consider that Dropbox -- like other service providers with access to you data -- would give up your files just for a request from the cops, the FBI, etc. without even the limited due process of an actual court order.
Re: (Score:3)
Re: (Score:3)
It does let you choose though: privacy or convenience.
Come to think of it, that's a pretty common-place choice in life.
Re: (Score:2)
Re: (Score:3)
How did you determine this? Oh it was made up. Okay cool.
I "determined" it by stating an obvious fact. Many companies do use Iron Mountain & similar services. I didn't say the majority, or 85%, or just those with sub $10 million. I said many. Go look up Iron Mountain's website. I'm sure they have stats that give you a ball park estimate if you are bothered to get a more specific figure.
Spoken like a true cloud operator. How does a crappy piece of misinformation like this get up-modded? Oh wait, you have 8 accounts.
Yes of course. I have 8 accounts, all rolled today. Moron.
Actually, if you are paranoid you don't back it up. or you have a really well-thought out plan long before you start encrypting. And it doesn't involve saving to the cloud, clod.
Ah genius. So you don't backup and if you do you have a "well thought out plan". Genius. And you are complaining a
Re:the love of cloud (Score:4, Informative)
News Flash Dropbox will comply not break the law to protect your data.
The news flash was actually: Despite implying that its staff CAN'T decrypt your data, actually they are just TOLD not to.
Re: (Score:3)
You could just rent a Amazon EC2 instance, attach a cloud drive, and do your own encryption. Amazon couldn't decrypt it if they wanted to.
Of course they could potentially delete it, so there's still that risk.
Re:the love of cloud (Score:5, Insightful)
So that law enforcement can't access his data? What is his "business" area to be exact?
I love the irony of this comment being posted by an AC. Tell you what, post using your real name, address and phone number, and I'll tell you a dozen reasons why privacy, even from law enforcement, can be a legitimate business need.
Re: (Score:3)
Why would you need all of that? According to the whole Blizzard RealID scandal, his first and last name should be more than enough in and of itself to destroy his life.
Re: (Score:2)
Re: (Score:2)
Oh and not to mention, one of the clients is a big Cloud vendor. Guess where their real data is? Not on the cloud that's for sure. Fun little projects and laughable gifs, yes. But anythin
Re: (Score:2)
...and any business operating under the constraints/protection of HIPAA [hhs.gov].
Re: (Score:2)
Law enforcement can't access the data. Law enforcement can ask the hosting provider to access the data on their behalf (and, in most jurisdictions, compel them to do so). The hosting provider is not an amorphous entity, it is a collection of people. Some of them have access to the data. For a large company, this can be hundreds or thousands of people.
Do you trust all of them not to access your data because they're bored? What about if one of your competitors offers them $1,000? $10,000? $100,000?
Re: (Score:2)
In some parts of Europe we are beginning to see data protection agencies(yes normally an oxymoron) banning the use of clouds, where parts of the infrastructure is outside of their jurisdiction
I don't think this is anything new, it's been forbidden to move personal data outside the EU for a long time.
http://en.wikipedia.org/wiki/Data_Protection_Directive#Transfer_of_personal_data_to_third_countries [wikipedia.org]
Re: (Score:2)
Waitagoshdarnminute! Computers aren't 'magic'? Then why do they quit working if you let out the 'magic smoke' from the power supply? Huh???
;D
Re: (Score:2)
A Truecrypt encrypted system partition however...
Re:the love of cloud (Score:4, Informative)
If you use dropbox on truecrypt encrypted containers, then you'll mostly lose dropbox's archival features.
Wuala has an incredibly simply but very clever algorithm for handling data deduplication on the server, along with rudimentary file versioning, while simultaneously handling on encryption on the client.
How you ask? Easy, you encrypt every file using it's own SHA as the AES key, but then you use the new encrypted file's SHA as the DHT index for retrieval. You need both SHA values to access a file of course, but who cares.
There are only three major flaws in Wuala :
- Any final object yields a unique second SHA for the DHT, enabling data deduplication and instantaneous uploads, but also enabling draconian copyright enforcement under the DMCA. Imagine torrentting a movie only for the MPAA to delete it from your private cloud drive!
- It's closed source! wtf?!? Is anyone really stupid enough to trust closed source encryption software these days? How does anyone know they don't secretly copy the original SHA / AES key?
- It's written in Java. Ack, a slow filesystem driver! (Alright, this third comment is pure trolling. I'll admit server side Java isn't that slow anymore, assuming you avoid all that double copy display idiocy.)
I've been considering writing a custom backend for libgit2 that implements this "original SHA as AES key" approach for storing git repositories in some basic DHT. It ain't a direct translation of course. You'd either need to completely forego git compatibility on the local repository by making all object ids into 2*256=512 or 2*512=1024 bit ids. Or, better yet, create some object packing layer places multiple git objects into a single encrypted object, but must provide some git object index for lookups into encrypted packed objects.
Re: (Score:2)
every time I see a cloud article here, I see 3 or 4 people saying "uh, this isn't a good idea. your idea of 'cloud' is basically 'remote file storage', and remote file storage in this context is certainly orders of magnitude slower, very possibly insecure due to rogue employees of the 'cloud' company (and who exactly are they subcontracting to anyway?), it is unclear how secure the cloud storage is to hackers compared to our own tested local network, and it is definitely taking several security measures out
It is not impossible (Score:2)
Re:It is not impossible (Score:4, Insightful)
Re: (Score:3, Informative)
I think the problem is that if you use a Truecrypt container and back that up to Dropbox, the Dropbox client is not always able to tell if any data has changed as changing the contents of the container does not always change the containers binary size on the disk. This means you can't do an incremental backup and instead have to force a full backup every time you alter what is inside the container, which isn't funny if your container is larger than a few hundred MBs.
Re: (Score:2)
You do not know how Dropbox works, right?
Dropbox doesn't just look for the size of a file or the access time.
Re: (Score:3, Informative)
Re:It is not impossible (Score:5, Informative)
With encryption, the file usually *completely* changes, thus giving Dropbox no choice but to upload/download the whole thing.
I've never used truecrypt, but from what I know, I suspect the chances of the entire encrypted volume changing when you make any change is close to zero. It would kill performance to have to rewrite the entire volume every time. It has to only update portions. So then the possible solution to this would be to treat it like bittorrent does, where it breaks it into chunks and checksums each chunk. When only a small portion of the file changes, it then know which chunks to reupload. Whether or not dropbox can or does operate this way, I have no idea, but in general, it is feasible to implement into a service.
Re: (Score:2, Informative)
Not for Truecrypt. In CBC mode it bases the initialization vector off of the hash of the file block address so only a single 4k block needs to get uploaded.
Re: (Score:3)
Depends on the encryption method you use
<shameless_plug>rsyncrypto [lingnu.com]</shameless_plug>
Shachar
Re: (Score:3)
You may learn more if you do your own research but:
http://www.truecrypt.org/faq [truecrypt.org]
[quote]The ciphertext block size used by TrueCrypt is 16 bytes (i.e., 128 bits)[/quote]
https://www.dropbox.com/help/8 [dropbox.com]
[quote]Before transferring a file, we compare the new file to the previous version and only send the piece of the file that changed. This is called a "binary diff" and works on any file type. Dropbox compresses files before transferring them as well. This way, you also never have to worry about Dropbox re-uploading
Re: (Score:2)
Looks like things have moved on since I last tried Dropbox with Truecrypt:
http://forums.dropbox.com/topic.php?id=14332 [dropbox.com]
It does appear to be possible providing you tell Truecrypt not to preserve file modification timestamps
Re: (Score:2)
Having said that, it apparently can still be a bit painful: http://news.ycombinator.com/item?id=1392765 [ycombinator.com]
Re:It is not impossible (Score:5, Informative)
Re: (Score:2)
Looks interesting. Similar to my setup which is rsync.net + duplicity
Re: (Score:2)
Why would they use the size of the file to determine if its changed, there are these things called hashes or checksums which would be a reliable way to verify the blob has been modified. If they wanted to be really lazy they could just look at the mtime on the container file too. If they are using file size to detect when data has changed, then I would not consider letting any of my data near them for reasons having nothing to do with privacy.
encryption methodolgy for backups (Score:3)
For all the above reasons I use encfs because it is only mounted when I choose, for just my eyes, and is easily backed up on a file by f
Depends on who is asking them (Score:3)
http://www.washingtonpost.com/wp-dyn/content/article/2007/03/22/AR2007032201882.html [washingtonpost.com]
Does that story give you the creeps or not?
So the government can make you rat on your clients and you can't even tell your own people your doing the work of the government
Re: (Score:3)
Re: (Score:3)
Exactly! When I read the blog post, my first thought was, "Just another troll blogwhoring for attention on Slashdot." So I was a little surprised when I saw the author's name [wikipedia.org] at the bottom. I use Dropbox for presentations that I give, so I don't have to mess with hooking up my laptop. I just use the public terminal, log in to Dropbox and download the file. I've never had to transfer a key or anything. Thus, it's pretty obvious that anybody with access to my account can access my files in plaintext.
Cry
Re:It is not impossible (Score:4, Insightful)
They're not lying, they're just being careful with their words and people can't read.
It should be obvious to any technically-minded person that they hold any encryption keys, since when you install Dropbox on a second computer, you don't need to provide a key in order for it to be successful.
So their claims are that they encrypt data in transit, encrypt data at rest, and that employees can't access the content of files. There's no claim that it's impossible for any employee to access the content of files because they're encrypted with a key Dropbox doesn't hold, which is what people seem to be imagining. It's simply saying that employees won't snoop on your files because in the normal course of business, they are not provided access with the contents of those files.
As far as providing the files to law enforcement upon a legally-valid request, they don't really have a choice in the matter, as they're a US company. For any company that exists primarily in country X, it is almost certain that there is a relatively easy procedure for law enforcement agents of country X to obtain any data about you that the company holds. If the country happens to be, say, Lithuania, and you don't travel to or do business in Lithuania, you probably don't care, but it's still true. The only way to prevent this is to make it so that the company is not holding any useful data of yours that they are able to access. In the case of Dropbox, you need to encrypt your files before they get to Dropbox.
Incidentally, if you have data that you don't want law enforcement to be able to obtain, you should be encrypting it even when it's stored locally. A search warrant for your computer is not really all that much harder to obtain.
Who "owns" the data? (Score:2)
This is a common question, which I'm sure has come up in legal battles. When you upload data to someone else's server, does the data belong to you or does it belong to the person/company that actually owns the hardware? I'm sure for law enforcement folks, they want it both ways.
Consider if the data service in question is raided because an employee had child pornography. They raid the company because he employee used hardware to hid his stash. Now everyone's data is available for search.
IANAL but it seem
Re:Who "owns" the data? (Score:4, Interesting)
When you put you belongings in a safety deposit box, do they belong to you or to the person/company that actually owns the safety deposit box?
Re: (Score:3)
It could be argued that while the concept you submitted to the person/company is yours, it's using that entity's toner, paper, etc. and that if he's asked for that specific sheet of paper, it's up to him what he does with it.
Re: (Score:2)
it's using that entity's toner, paper, etc
As opposed to using their box/vault/building/security systems/staff/etc?
Ultimately, of course, it depends on the terms you agreed to when you arranged to use the service (subject to irrevocable rights and so forth).
Re: (Score:2)
Re: (Score:2)
essentially - most of us wouldn't steal a nice beamer that's out on the street. However, if you had a machine that could make an exact copy of said beamer, while leaving the original PERFECTLY intact, would you do that? of course!.
as for who owns the copy, i have no idea - but that dude that made the beamer duplication machine better get some sort of kickback, that guy kicks ass!
Re: (Score:2)
essentially - most of us wouldn't steal a nice beamer that's out on the street. However, if you had a machine that could make an exact copy of said beamer, while leaving the original PERFECTLY intact, would you do that? of course!.
What about a limited edition Beamer, where most of the value to the owner is that it is one of only twenty made?
Re: (Score:2)
I'm under the impression that this is a security-related discussion, so "ownership" isn't the issue.
The issue is that in a safe box, there's been some monkey business involving an employee and your grandma's 5k diamond ring, you know it when you open the box.
With files that Eve@Dropbox can just access and copy onto her phone's SD card, not so much.
Hmmm... (Score:2, Insightful)
How does Dropbox define "valid legal process"? Do they mean something like, I don't know, receiving an actual
Re: (Score:2)
Well, my guess is that it'd be a bit of both. Dropbox is a business, albeit one that gives away the first tier of their service. My expectation is that if a cop showed up and said 'pretty please' regarding a user on their free plan, they'd most likely oblige. There's nothing in it for them if they argue the cop on the customer's behalf, but I'm certain the officer, if determined, could make Dropbox's life miserable, spin it to the press, tip off the BSA to cause a software audit, etc. etc.
By contrast, if th
Re: (Score:2)
How does Dropbox define "valid legal process"?
Well, you'd have to ask Dropbox about their definitions. And I am not a lawyer. But in terms of various things to answer your questions, you might want to read up on National Security Letters [wikipedia.org], which allow demands for metadata pretty much on nothing more than the FBI thinking they want to see it. (Yeah, I know that's not what the law says, but read up on how NSLs have actually been used.) Of course, metadata in this context doesn't require decrypting the documents - it likely is going to refer to file names,
Re: (Score:2)
Don't be surprised if, soon, they change their terms of service to prohibit you from uploading pre-encrypted files!
I won't encrypt my files. I will just compress them using my own algorithm. Hilarity ensues.
Wuala (Score:2)
Wuala [wuala.com] uses end-to-end encryption, ie. the data is encrypted and decrypted on the client. The employees can't access your data since they don't have the encryption key. This means you lose your data if you lose the key. It also means you can't access all your data in a convenient web interface -- though you can mark individual folders as being shared on the web (which obviously means trusting the server operators with the encryption key for that folder). I think it's a much more trustworthy model than Dropbo
Re: (Score:2)
Yep.
Easy fix...Truecrypt. (Score:3)
....AFAIK, Dropbox has full support for Truecrypt volumes. Simple solution to this delimma? Take the encryption "problem" away from Dropbox and use your own.
Re: (Score:3)
This changes everything. (Score:2)
They Lied (Score:4, Insightful)
Dropbox lied. No two ways about it. But this why you never store anything sensitive in "the cloud" anyway.
Re: (Score:2)
To be fair, from the very start, to anyone who cared to ask, they said that:
1. The files were encrypted and stored on Amazon servers
and
2. They had the keys
Of course they said they wouldn't use the keys to decrypt your data without your permission, and of course if the government asks them to they will because they don't like federal-pound-me-in-the-ass jail.
Who is to blame (Score:3)
The cloud is never secure ... (Score:5, Insightful)
Maybe it comes from working in IT, but I always assume that if someone else is holding my data, they can access it. It doesn't interest me what they say - that's my basic starting assumption. So I always assumed that Dropbox could get to my data, and if I cared about the privacy of that data I just encrypted the files myself first.
It's my data, I'm in control of it. Giving it up to someone else and hoping they keep it safe is silly.
I'm surprised so many people are surprised (and I wonder if the people are are surprised haven't been in IT long?)
YOU encrypt it first (Score:2)
Seriously, you didn't see this coming? (Score:4, Insightful)
Seriously, is anyone really surprised by this? I use DropBox, and not once have I considered that my data in DropBox is completely private. Sure, I use it for transferring some documents that are potentially sensitive (a lot of documentation on a lawsuit I'm involved in for example) but where there's sensitive data I always encrypt the documents myself with TrueCrypt.
This is precisely why I think the "cloud" is a bad idea for corporations. Until there are guarantees and safeguards against data theft or loss there is no way that I would entrust my company's critical data to a third party provider. Yes, the costs of managing that data myself are higher but the risk of that data getting out of our control and management is greatly mitigated.
And what about a data breach? Loss of data due to crackers? Seriously... all it's going to take is for one of these cloud providers to become big enough that the majority of corporations using their services are completely without options when a breach occurs. The big provider can simply turn around and say "Well, crap happens but who else are you going to turn to?" and there's nothing the average corporation can do about it. There may be financial guarantees in place, but simply put the cat is already out of the bag at that point.
If you put (Score:2)
valuable/confidential data on servers you don't personally fully control, you're deserving whatever you get.
And by this I don't mean you shouldn't use things like DropBox. DropBox is great and cheap and easy to use for what it does. Just don't use it for things you don't want to get into the wrong hands or at least encrypt your data beforehand. What's so hard to understand here? And this of course is not limited to DropBox. If you have a rented server out there it may be "yours" but what do you think will t
Are we getting fewer mod points? (Score:2, Interesting)
Seems like in the past few days I've seen fewer and fewer posts modded up or down.
Re: (Score:2)
In the last three months or so I have been getting at least five points per week. But I do think that the new software shows moderations differently so maybe you aren't as aware of moderation going on.
Ummm... BFD? (Score:2)
Dropbox, like any and every other internet entity, is subject to the laws of their land, and therefore must provide data when requested by valid court order. As for Dropbox having access to my data, again, this is not a surprise considering my first point.
Personally, the utility of Dropbox is worth the risk. However, it is incumbent on me to be careful what data I put on Dropbox, and in what format. When I put sensitive data on Dropbox, it has been encrypted. Since I am sharing files on multiple compute
encryption... (Score:2)
just encrypt the file *prior* to uploading it... problem solved
Next time... (Score:3)
Read the EULA.
What the fuss?!? (Score:3)
I have a dropbox account and don't remember seeing that section where they claimed they couldn't read my files. I'm certain I read it, but I never would have believed it to mean they were truly unable to read my files -- if they encrypted them before storing them, they'd have to be able to decrypt them to send them back to me, or to track changes. Did someone actually think they had an irreversible encryption process which could somehow be reversed by the magic between them and me? A one time pad which somehow evaporated while sending files back to me? It might be reasonable to think they have some sort of access controls so ordinary people there can't browser customer data, but I never would have put any ironclad faith in such policies. That's wy it was common knowledge, near as I could tell, all round the web that you needed to encrypt backups and such yourself before sending them to dropbox.
I don't understand why anyone would expect otherwise. This is a tempest in a teapot.
Duh... (Score:2)
Anyone that has done any of their challenges knew this. IF they can drop files into your dropbox without giving them permission then that means it's not encrypted. or has a known key.
Do not trust the cloud (Score:2)
What exactly do they give? (Score:2)
Simple (Score:2)
There's a simple solution to this that I already use - I keep an encrypted Truecrypt volume in my Dropbox folder. It syncs over fine and is backed up but the only thing they see is the encrypted volume.
Pffft..easy fix: (Score:2)
Easy peasy...
(I was actually kidding but now I'm tempted...this can be the poor man's one-time-pad.)
Re: (Score:2)
This is why zero-knowledge services are better (Score:3)
Take a look at SpiderOak (http://www.spideroak.com). Their fundamental security policy is "zero knowledge", meaning that their services works in such a way that everything is encrypted from the client. This is powerful stuff.
Re:This is why zero-knowledge services are better (Score:4, Informative)
https://spideroak.com/engineering_matters#true_privacy [spideroak.com]
Re: (Score:2, Interesting)
Just Encrypt it
The parent comment is underrated. Dropbox is a very good service, and I don't see why this new revelation of theirs couldn't be properly handled by just encrypting everything you put on it - yourself.
So if you become a person of interest, and the powers that be make DB cough up your filez, they still won't see anything because YOU encrypted it too.
Anyone have any suggestions on a quick and painless encryption product or approach to apply to your dropbox folders? I use DB extensively, have a lot of extra
Re: (Score:2)
Dump Dropbox and use something like rsync.net + duplicity. You lose the ability to remotely browse backed up files via a web interface but that's the price you pay if you don't want your backup provider to be able to browse your files.
Re: (Score:2)
rsync.net has no free option, Dropbox does.
duplicity doesn't, apparently, work for Windows[0].
AND you're still doing the encryption on your side. Which is a "fix" to the same issue with Dropbox. So...uh... what, exactly, would be the use?
[0] Based on the duplicity web page: requires POSIX OS. Windows resembles a POSIX OS in much the way that an anole resembles the USS Nimitz
Re: (Score:2)
Incremental backups that work 100% of the time for a start. Also, duplicati is a windows port of duplicity (or you can use the free windows client from rsync.net).
Admittedly, there is no free option with rsync.net but you can't do much with 2GB...
Android etc? (Score:2)
How do you mount an encrypted disk image on Android? And what if it's updated through Dropbox?
Re: (Score:2)
I think if you are that concerned with security you shouldn't be relying on android and drop box for your security concerns.The more COTS products (free or otherwise) that you use the more you are held hostage to their business practices. If the data is that important to you then you shouldn't be placing it all over creating because you want easy access while relaying on someone else to keep it safe.
Security is your primary concern, for a free service like drop box you'r lucky if it's even a secondary conce
Re: (Score:3)
Re: (Score:2)
Free is handy, but the syncing among clients is what makes it so simple. You install the client, there's some minimal setup, and now whatever happens in any file watched by dropbox is uploaded to the server and automatically downloaded to the other clients. You could set up a dozen and get automatic mirroring. It is handy. Some people use it to collaborate, but it wouldn't handle multiple people editing the same file very well.
That's its main attraction, the automatic mirroring. Nothing impossible to d
Re: (Score:2)
The one thing it adds is a web-based interface where you can download your files with any web-connected computer, regardless of whether the client is installed.
Personally, I think it's a bad idea to trust your files to the cloud at all... It accomplishes nothing that can't be done without dyndns and a server running on a non-standard port. Even the nooblet user crowd can roll their own quite easily with dyndns... just use RDP with Network-Level-Authentication (RDP with SSL) and a strong password on your use
Re: (Score:2)
The only downside is that it is extremely limited, can't be easily accessed by mobile phones, or tablets.
what I want is an easy to host on my own version of dropbox, mobile sync, etc. why should google, apple, or microsoft host my contacts, calendars, files, etc.
Re: (Score:3)
That's why if you use Dropbox or any other online storage with a closed-source client process, it should be used inside a virtual machine, with the virtual machine receiving encrypted files from the host OS. That way it can't sniff your password or any other data you don't want it to see.