[ale] Dropbox opinions wanted

Greg Freemyer greg.freemyer at gmail.com
Fri Sep 17 16:12:27 EDT 2010


It's the complex words they use.

Who would have guessed a "sync" is a folder kept in sync between
multiple computers!

But you're right, the fundamental purpose of SpiderOak is to do remote
backups.  Then the sync's are a special feature.

They also do share's which is a way to make your "my pictures" folder
semi-public.  I haven't used the share feature yet.  I don't really
have much need for that.

Greg

On Fri, Sep 17, 2010 at 3:57 PM, Joe Knapka <jknapka at kneuro.net> wrote:
> OK, should've looked at the SpiderOak client a little more closely :-P  It
> can totally
> do what I want.
>
> -- JK
>
> On Fri, Sep 17, 2010 at 1:27 PM, Joe Knapka <jknapka at kneuro.net> wrote:
>>
>> I tried both SpiderOak and DropBox recently, and while SpiderOak seems to
>> have more
>> robust security (only de-duping files on a per-user basis), I find DropBox
>> to be more
>> convenient.  I don't see an easy way, with SpiderOak, to just have a plain
>> old folder
>> shared among several machines that magically stays consistent, which is
>> the
>> default with DropBox.  It seems you have to explicitly move content
>> between machines
>> using the SpiderOak client. Am I missing something?  Eg if I just want to
>> have
>> /home/jk/myMagicFolder on one machine and C:\magicFolder on another
>> machine
>> always be in sync, can SpOak do that?
>> -- JK
>>
>> On Fri, Sep 17, 2010 at 5:26 AM, Greg Freemyer <greg.freemyer at gmail.com>
>> wrote:
>>>
>>> Pat,
>>>
>>> Did you look at SpiderOak as an alternative?
>>>
>>> Greg
>>>
>>> On 9/17/10, Pat Regan <thehead at patshead.com> wrote:
>>> > On Fri, 17 Sep 2010 00:05:20 -0400
>>> > Michael Trausch <mike at trausch.us> wrote:
>>> >
>>> >> They could be encrypting to 2 keys: your password and a key that they
>>> >> do not share, but use to read from Amazon or whatever. It is possible
>>> >> that they also then generate the hashes prior to encryption. The
>>> >> level of protection is such that one couldn't steal the files from S3
>>> >> but a DB empl might be able to.
>>> >
>>> > I've been thinking about this a lot today...  I'd really like dropbox
>>> > like functionality (and an app on my phone!) but I'm not very
>>> > trusting...
>>> >
>>> > If they store the hash prior to encryption that means anyone with
>>> > access to their database can know what files I have stored in my
>>> > account.  That could be the RIAA or MPAA.  If things work like everyone
>>> > says they work then this is one of the things they do have or else they
>>> > couldn't make it work.
>>> >
>>> > If they can deliver a file that is in my account to one of your
>>> > machines then they have to have a way to decrypt it.  If they can
>>> > decrypt my file I would consider it barely safe up there.
>>> >
>>> > Their FAQ says:
>>> >
>>> > "All files stored on Dropbox servers are encrypted (AES-256) and are
>>> > inaccessible without your account password"
>>> >
>>> > "Dropbox employees aren't able to access user files, and when
>>> > troubleshooting an account they only have access to file metadata
>>> > (filenames, file sizes, etc., not the file contents)"
>>> >
>>> > I read these two bullet points when this discussion first started.  For
>>> > these points to really mean anything the data needs to be encrypted
>>> > before it leaves your computer.  If that were true my trust level in
>>> > Dropbox would have gone up from where it was before this thread
>>> > started...
>>> >
>>> > If everyone is correct and they are sharing files between users then
>>> > the first point is barely useful and almost a falsehood.  They are
>>> > almost implying that only your account password can decrypt the files.
>>> > What they really mean to say is:
>>> >
>>> > "All files stored on Dropbox servers are encrypted (AES-256) and are
>>> > inaccessible without your account password AND ONE OR MORE KEYS OWNED
>>> > BY DROPBOX"
>>> >
>>> > That means that the second bullet point about employees not being able
>>> > to access the files is probably more a matter of policy than it is a
>>> > technical limitation.
>>> >
>>> > I figure my data would be just one notch more private with Dropbox than
>>> > it is with Google...
>>> >
>>> > Pat
>>> >
>>> > I was thinking about how to implement some Dropbox functionality with
>>> > inotify and rsync.  Is anyone interested in talking about that? :)
>>> > _______________________________________________
>>> > Ale mailing list
>>> > Ale at ale.org
>>> > http://mail.ale.org/mailman/listinfo/ale
>>> > See JOBS, ANNOUNCE and SCHOOLS lists at
>>> > http://mail.ale.org/mailman/listinfo
>>> >
>>>
>>> --
>>> Sent from my mobile device
>>>
>>> Greg Freemyer
>>> Head of EDD Tape Extraction and Processing team
>>> Litigation Triage Solutions Specialist
>>> http://www.linkedin.com/in/gregfreemyer
>>> CNN/TruTV Aired Forensic Imaging Demo -
>>>
>>> http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/
>>>
>>> The Norcross Group
>>> The Intersection of Evidence & Technology
>>> http://www.norcrossgroup.com
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> http://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo
>>>
>>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>



-- 
Greg Freemyer
Head of EDD Tape Extraction and Processing team
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
CNN/TruTV Aired Forensic Imaging Demo -
   http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/

The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com



More information about the Ale mailing list