Page 1 of 3 123 LastLast
Results 1 to 15 of 42
  1. #1
    5 Star Lounger
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    1,070
    Thanks
    42
    Thanked 132 Times in 86 Posts

    Re-examining Dropbox and its alternatives




    TOP STORY

    Re-examining Dropbox and its alternatives


    By Woody Leonhard

    Recent revelations about privacy concerns with Dropbox have led many people including me to think about changing my practices regarding online file-storage and -synchronization providers.

    If you use Dropbox or some other cloud storage and sync program, let me explain what you do and don't need to be concerned about. And what you can do to sleep better at night.

    The full text of this column is posted at WindowsSecrets.com/top-story/Re-examining-Dropbox-and-its-alternatives/ (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    New Lounger
    Join Date
    Jun 2011
    Posts
    4
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Too bad! I knew it was too good to be true. As noted in original article, Dropbox is incredibly useful. Sad to say I DO use it for confidential info but will now have to encrypt it although I find the mobile uses of Dropbox significantly useful which this article implies won't work with encryption.

  3. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    Israel
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I've been using Dropbox happily since the beta. However, I am also delighted with SugarSync, which offers 5 GB storage for a free account, and is much more flexible than Dropbox (for example, you can sync any folders you want, and can sync different folders on different devices). Drawbacks include allowing only two devices on a free account, and uploads seem to be a good deal slower than Dropbox. Can you examine and report on SugarSync's security policies?

  4. #4
    New Lounger
    Join Date
    Jul 2010
    Location
    New Hampshire
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Can FTP be used as an alternative? I have plenty of space on my website and could easily provide my clients an ftp account and private directory for storing their (encrypted backups). I suppose most companies and individual could do likewise with nominal cost using their own web host's facilities. I am not sure though that there is a reputable ftp deamon that they could use to automatically load files. Do you know of one?

    -Dan

  5. #5
    New Lounger
    Join Date
    Dec 2009
    Location
    USA
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for the really useful article. I have a question, though. You say that "the only way Dropbox could deduplicate files or store the deltas is if the Dropbox system can get at the contents of your files" and that SpiderOak cannot get at the contents of my files, yet SpiderOak makes the same space-efficiency claims as Dropbox. From their "Nuts and Bolts" page (https://spideroak.com/engineering_ma...true_privacy): "Even though your historical versions are encrypted and only stored on the server, SpiderOak detects the similarity between those historical versions and your new versions - only saving the parts that actually changed." What is the true story here?

    Thanks,

    Steve

  6. #6
    New Lounger
    Join Date
    Jul 2010
    Location
    New Hampshire
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I just found an example of how to automate send files to an ftp site with Windows' built-in ftp client.
    http://www.howtogeek.com/howto/windo...-command-line/
    I just tried it and it works on Windows 7 64-bit. With this, I can set up an encrypted program to create a temporary batch file to send a file or a bunch of files to the ftp site automatically. My program can then delete the temp batch file afterwards so the ftp account password is not stored unprotected. I already wrote a program to perform the backup, so I will just add a little bit to the end to create/execute the batch ftpput file.
    -Dan

    Quote Originally Posted by djinks View Post
    Can FTP be used as an alternative? I have plenty of space on my website and could easily provide my clients an ftp account and private directory for storing their (encrypted backups). I suppose most companies and individual could do likewise with nominal cost using their own web host's facilities. I am not sure though that there is a reputable ftp deamon that they could use to automatically load files. Do you know of one?

    -Dan

  7. #7
    New Lounger
    Join Date
    Nov 2010
    Location
    Lower Mainland, BC Canada
    Posts
    14
    Thanks
    0
    Thanked 1 Time in 1 Post
    Any anybody look at Evernote? Is it a better alternative to Dropbox? I know it doesn't have as much file capacity as Dropbox but I think they absolutely have security in mind when they design their system. Here is a page from their blog in 2008

    http://blog.evernote.com/2008/04/15/...-and-security/

  8. #8
    Lounger
    Join Date
    Feb 2010
    Posts
    42
    Thanks
    4
    Thanked 2 Times in 2 Posts
    The moral of the story is that the DropBox folks lied to everybody, hoping to suck in a big user population (Facebook anybody?) Of course, DropBox (and its lookalike friends) will be the next target of the recording and movie industry associations, with almost absolute proof in hand that you are a violator (look, it's YOUR userid and password and you performed these actions with our copyrighted files, now PAY UP and/or go to jail!) No need for lawsuits, just call homeland security (the association police) and they will take care of everything. And ebooks will be right there with audio and video files as well as electronic news and other content. And don't even think about posting any web links (URLs) in the shared DropBox area as many web based entities now consider that to be a copyright violation and unlicensed/unauthorized usage. You thought these tools were for your ease of use and convenience?

    By the way, it is clear that the shared storage area is on some server farm controlled by DropBox. How long before they invoke the "all your data are belong to us" rule...oh, wait, that is already the case since they are reading and changing your files, with nothing to stop them from using your files and content (their terms of service is to control you, not them; remember Google desktop). Further, it is not beyond the realm of imagination that they already do have access, or will make use of access, to your computer for purposes above and beyond just sharing the files you have "given" to them. Others have also attempted "all your computer are belong to us" as well. Is DropBox just a more socially acceptable form of spyware?

  9. The Following User Says Thank You to kashken For This Useful Post:

    MallardBay (2011-06-02)

  10. #9
    New Lounger
    Join Date
    Jun 2011
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Although SpiderOak is cool - I tried it out a few monthes ago - I'd like to recommend another alternative: wuala.
    wuala also encrypts the files BEFORE they're uploaded to the server and stores the files in chunks distributed all over the net.

    It also has a very cool integration into the os, so you can have a local drive automatically used as a cloud-drive, and it has cool tools like backup and sync and sharing.

    see: http://www.wuala.com/

  11. #10
    New Lounger
    Join Date
    Jun 2011
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    You say that if my brother and I have separate accounts, each with their own username and password, Dropbox will not allow us to upload copies of the same picture. There must be more to this than you have told us. Certainly Dropbox does not enforce this no duplicate policy across all their millions of accounts. These two "independent" accounts must be linked together in some way you have not identified in the column.

  12. #11
    New Lounger
    Join Date
    May 2003
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    SpiderOak mobile

    SpiderOak offers mobile access (Android, iOS)

  13. #12
    New Lounger
    Join Date
    Dec 2009
    Location
    Granite Falls, NC
    Posts
    17
    Thanks
    0
    Thanked 2 Times in 2 Posts

    Illusion of Safety

    The illusion a person is not at risk because they have "nothing to hide" is naive. Such a premise ignores a profound ruling by the Supreme Court. "Miranda Rights" protect the innocent from themselves. Police and governments can and will manipulate people into making statements which are incriminating. Such a reality is why any intelligent attorney advises their client to say NOTHING. Period.

    Here's where it gets slippery for life in general as well as in the cloud. A person being accused/arrested has zero knowledge of the actual reason(s) they're being taken into custody nor do they have any clue what allegations may have been made against them. Most concerning, justice has nothing to do with reality. Accordingly, say nothing which might be used against you.

    No one can know with certainty how a future algorithm might be coded to data mine nor what fragments of your information may be misconstrued. Ipso facto, the digital equivalent of Miranda is encryption. 'Encrypt everything' is equal to 'say nothing which might incriminate you'.

    That Dropbox may or may not have knowingly misled to gain customers is interesting. That the consumer remains deluded about actual security in the cloud is criminal. Any vendor who assures you a cloud repository for anything is safe is either stupid or a liar.

  14. The Following User Says Thank You to bobhedin For This Useful Post:

    MallardBay (2011-06-02)

  15. #13
    New Lounger
    Join Date
    Apr 2010
    Location
    Washington DC
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    First, that any of these sync programs have to access their folder on your computer only makes sense. But they should be accessing anything else.

    I use a sync program Idrivesync, which after inquiring was told there was no way you could even set it to access anything else. The other thing was how they addressed the security issue, and they are very up front. You set a Username and Password for the site. IF that is all you do then they can recover them for you which means specifically they could also access your data. However they also give you the option of setting up an encrypt key. I use a strong one from random characters. When you do this they warn you, that using a key on your account means if you loose it you are out of luck. They can't help you. Also there is no option to change the key, other then deleting the account. Logging into the website, just allows you to see the file names, but no acccess at all without the key.

    I am very comfortable with that appoach. The website (www.idrivesync.com) lists the service as a beta, but it has been running trouble free for me on all four of my machines.

    Pete

  16. #14
    New Lounger
    Join Date
    Dec 2009
    Location
    Maryland, USA
    Posts
    15
    Thanks
    0
    Thanked 2 Times in 2 Posts

    Anyone who believes the cloud is secure is sadly mistaken

    With all due respect, anyone who believes anything they put in the "cloud" is secure is just not paying attention to the news. Besides Sony et. al. that Woody references in his column, just read the Washington Post this morning and yesterday- yesterday's article touted that the Federal Government was going to save "billions" by moving their email from Exchange to GMail; then read this morning's Post to see that GMail accounts have been hacked and compromised, including "high ranking Government officials" accounts. DUH!!!

    Yes I use Dropbox and yes I encrypt specific business-related files if they are sensitive but for the most part I put nothing there that is private, corporate confidential, or anything I wouldn't want to get into someone elses hands. That is why I carry (around my neck on a lanyard (my kids call it my "bling") an encrypted USB drive. The whole drive is encrypted with TrueCrypt and it is copied at the end of each day to my external drive on my work computer.

    Safe computing is in the hands of those using it and to assume anything in the ether is secure is just not thinking.

    steve

  17. The Following User Says Thank You to stevemrose For This Useful Post:

    jnealand (2011-06-05)

  18. #15
    New Lounger
    Join Date
    Jun 2011
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by vroberts View Post
    You say that if my brother and I have separate accounts, each with their own username and password, Dropbox will not allow us to upload copies of the same picture. There must be more to this than you have told us. Certainly Dropbox does not enforce this no duplicate policy across all their millions of accounts. These two "independent" accounts must be linked together in some way you have not identified in the column.
    What they're doing is called deduplication: http://en.wikipedia.org/wiki/Data_deduplication. It's not a matter of enforcing a policy, it's just the way that they're doing data storage. Basically when you upload a picture of that funny cat you found online it looks at the metadeta and checks to see if anybody else has uploaded the same picture. If somebody has then it doesn't re-upload the picture. Instead, it just notes in their systems that your account now has access to that file.

    When you delete the file it doesn't actually delete it if other people have "uploaded" the same file. Instead, it just removes the link between your account and that file.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •