[ale] Dropbox opinions wanted

James Sumners james.sumners at gmail.com
Thu Sep 16 11:36:16 EDT 2010 

I have been trying to figure out how they can do what they say they do
in [1], while also recognizing files are the same, but I am not coming
up with anything other than your conclusion. If a file is encrypted
with my password then the binary signature will be different than when
it is encrypted with your password. So how can the two files be
recognized as the same after encryption?  Likely, they can't. So you
check before encrypting the file, but then how do you (securely) store
a file that can be served up as binary blocks to other users? I'm not
sure.

I don't fault them for taking the approach that they have. They are
dealing with an insane amount of data, and that storage can't be
cheap. Especially when you have a lot of freebie users like me. So I
get their dilemma and accept their solution. But that doesn't mean I
trust them whole heartedly. I don't store _anything_ in my Dropbox
that I feel sensitive about without first adding my OWN encryption.

For example, I use 1Password[2] for all of my passwords, serial
numbers, etcetera. I store my 1Password data in my Dropbox so that I
can access it on any internet connected computer and have it
automatically sync to my iPhone and iPad. I don't have any problem
with my 1Password data being on Dropbox because the program encrypts
the data file itself. So my 1Password data is actually twice
encrypted: once by 1Password and a second time by Dropbox.

If I wanted to store anything else sensitive on Dropbox I would store
them in a TrueCrypt volume[3]. That would be woefully inefficient, but
it would keep my private data as secure as I can make it and still
store it on a remote server.

And there's the catch. No service provider is so secure that you can
trust them with everything.

[1] -- https://www.dropbox.com/help/27
[2] -- http://www.1password.com/
[3] -- http://www.truecrypt.org/

On Thu, Sep 16, 2010 at 10:50 AM, Greg Freemyer <greg.freemyer at gmail.com> wrote:
> The answer to http://serverfault.com/questions/52861/how-does-dropbox-version-upload-large-files
>
> implies they have access to other users unencrypted files from which
> to make you an encrypted copy.
>
> Dropbox just dropped off of my acceptable provider list.
>
> Greg


-- 
James Sumners
http://james.roomfullofmirrors.com/

"All governments suffer a recurring problem: Power attracts
pathological personalities. It is not that power corrupts but that it
is magnetic to the corruptible. Such people have a tendency to become
drunk on violence, a condition to which they are quickly addicted."

Missionaria Protectiva, Text QIV (decto)
CH:D 59

More information about the Ale mailing list