I wrote a few months ago about what a difference the cloud has made for how I conduct business. I rarely buy software for my new company anymore; I often am paying for some type of cloud-delivered service.
One of those services that I use (and love) is Dropbox. It is an incredibly easy replacement for a file server when you need to share 10s to 100s of GB of files between mutliple users. However, I definitely have some security concerns about it, and not just since the big snafu a few months ago.
One of my issues with dropbox is that they can access my data. Data is encrypted in transit, but they can access my data because they have my password. The same appears to be true of Syncplicity & Sugarsync. Why do I think that? Because they have a "reset my password" link. How does encryption work if they can change my password without a problem? Compare this, for example, to wuala's answer and boxcryptor's answer to the question about a lost password.
Even with Wuala, who says they don't know my password, how do they share encrypted data with users I specify? If all data is encrypted/decrypted locally, how does the person with whom I'm sharing files decrypt them? I'm curious.
The last two listed are open source alternatives. They're too limited in functionality for me, but I thought I'd throw them on there anyway.
What do you think about all this? Anyone I left out that I shouldn't have?
Written by W. Curtis Preston (@wcpreston), four-time O'Reilly author, and host of The Backup Wrap-up podcast. I am now the Technology Evangelist at Sullivan Strickler, which helps companies manage their legacy data
Hi Curtis,
Yes, please don’t forget us at Buddybackup.com, we have had a free peer to peer backup solution out there for almost 7 years!
Buddybackup is a backup service, not a file sharing and sync service.
If you think about keys to open content and passwords to access these keys, then there is still a possibility, that they designed it right. ๐ As if you share something, it gets decrypted and then encrypted again with some other key. Just my thoughts.
I think you missed Dropbox’ strongest competitor: SpiderOak. They make a big deal of their ‘zero-knowledge data encryption’ 2G free, cross-platform, unlimited devices, version-control…big list. The setup is a little more involved than Dropbox, but much more ‘tweakable.’
I did forget them in the article, but I did look at them. My impression (when I looked at them) was they were not as easy to use as dropbox, but I DID like the security part of their answer.
I am a member of a Dropbox network. When I installed the Dropbox client on my computer, it required me to log in as the local computer administrator. Therefore, Dropbox has full access to my PC. (Why this is necessary, I don’t know.)
My biggest concern, however, is that if someone else on the network gets malware or gets hacked, will this put my PC at risk?
@Jimbo
I’d say the answer to your question is NO, unless it’s someone you’re sharing folders with. Even then, you’re only at risk (for the most part) if you’re not running virus/malware protection against that folder (which you most certainly should).
As to the admin rights issue, there are all kinds of programs that install like that, including many MS programs that don’t really “need” admin access. It’s just easier to do it that way. Note that I’m not saying it’s right. I’m just saying that they’re not alone in their wrongness. ๐