back to article DropBox puts locks on doors, hopes biz bods will buy the house

DropBox is tightening up its service for businesses rather than risk getting kicked out by security-conscious CIOs. The collaboration service, hyped by Silicon Valley, will start offering secure and remotely managed connections between people's personal and business DropBox accounts on PC and mobile from next month. Its …

COMMENTS

This topic is closed for new posts.
  1. elDog

    And still no client-side encryption?

    That, to me, is the biggest problem - DropBox keeps unencrypted copies of your files on its servers.

    Sure, you can do your own encryption before uploading or use TrueCrypt containers, but this is not very seemless and can be ridiculous if only one bit changed in a container/file. SpiderOak and others have the encryption done client-side so our NSA will need to come knocking on *your* door instead of DropBox's.

    Have they started allowing any folder to be DropBox-able? Or is it still the one-folder-per-machine? (Junction/mount points don't work in many cases.)

    1. The Vociferous Time Waster

      Re: And still no client-side encryption?

      I manage fine with Dropbox following symlinks, that is all my Dropbox folder contains: symlinks to a whole heap of useful folders and files including some config files I like to mirror across machines.

    2. Richard Boyce
      FAIL

      Re: And still no client-side encryption?

      Ask yourself why they designed the system this way, when others did not. An example is Wuala whose servers are in Switzerland (very strong privacy laws) and other privacy-conscious countries in Europe, notably not the UK.

      Don't complain about Dropbox. Just avoid them and tell other people to avoid them unless they're likely to forget their password and need a cloud storage provider who can recover or reset it. No business should ever find itself in this position, so should never use a service like Dropbox that offers this and which is therefore completely compromised by its design.

      “Will you walk into my parlour?” said the Spider to the Fly.

      1. Yet Another Anonymous coward Silver badge

        Re: And still no client-side encryption?

        >Ask yourself why they designed the system this way

        Deduplication = less diskspace/bandwidth

        Dropbox heavily dedupe files. So a million copies of that same cat picture only takes up a few K

        If they are all encrypted they can't tell the files (or parts of the file) are the same and so need to store and transmit everything

    3. herman

      Re: And still no client-side encryption?

      Dropbox works fine with Truecrypt, as explained here: http://www.aeronetworks.ca/2013/11/computer-counter-counter-measures.html

      1. smallfry

        Re: And still no client-side encryption?

        "Dropbox works fine with Truecrypt, as explained here: http://www.aeronetworks.ca/2013/11/computer-counter-counter-measures.html"

        If I understand Truecrypt correctly, if you change even a bit of data, the whole 1Gb (in that example) gets uploaded. This would be a problem for my connection.

  2. Arachnoid

    FSecure launching encrypted online storage

    http://www.forbes.com/sites/tamlinmagee/2013/11/14/f-secure-launches-a-dropbox-for-the-dark-web-and-a-vpn-that-could-erase-content-borders-everywhere/

    1. Anonymous Coward
      Anonymous Coward

      Re: FSecure launching encrypted online storage

      Looks interesting. Getting private cloudy data away from US companies and their spooky overlords is very attractive.

  3. Anonymous Coward
    Anonymous Coward

    Surely if you want to retain sole secure access to your data...

    ... then you don't back it up onto a remote cloud?

  4. Hyper72

    Encryption

    I find Truecrypt a bit impractical for cloud storage. However, Dropbox also works fine with EncFS.

    Most of my Dropbox data is not sensitive but I encrypt it all on principle. EncFS and Boxcryptor gives me access on Linux, Windows and iOS.

  5. Adam 1

    Is there anything dropbox does that isn't done better by btsync? /Serious question

    1. Yet Another Anonymous coward Silver badge

      You can send public links to somebody - so that file you need to send to a client that is too large for email or blocked by some firewall policy, just dropbox it and email them a link.

      Want free reliable back-up for a few Gb of stuff without needing to run a btsync server?

      Have a non-techie that wants to just keep their pictures/docs safe without understanding what backup means?

      1. Adam 1

        Fair enough point on the email big attachment use case.

        Not sure about the having to setup a btsync server argument. As the client is the server, it is no harder than installing the dropbox client on two devices, except there is no sign up process so that would seem easier to my mind.

        Someone else giving free storage is indeed compelling although I want to suggest the quota is too small for most people's photo backups so you would need their paid service.

  6. TheGreenMachine

    I dumped Dropbox when I logged in one day and found that an old Android APK file that I'd forgotten I had , had been marked flagged as removed due to DMCA.

    As it wasn't in a shared folder of any type, I concluded that they must scan all of your files.

  7. Anonymous Coward
    Anonymous Coward

    We should go out of our way to boycott data hosted in the US...

    The US doesn't care for anything except the almightily dollar. A big hit to the bottom line is the only thing that will clause DropBox or similar US corps to tackle privacy, spying and hacking head-on....

  8. Anonymous Coward
    Anonymous Coward

    The Weakest Link...

    Success in dropping services like DropBox often comes down to the weakest link in a circle of friends, co-workers, sports-club pals or family.... i.e. the least tech savvy or the least privacy sensitive. I know people who repeatedly post sensitive info on FB or Google and then effectively 'tag you'... i.e. Guilty by association.... I shout at them to stop, but many just don't get it!... So while yes you can drop-out of a club, and un-friend or boycott silly posts / emails, you still can't stop people doing stupid things like posting photos, docs or updates containing groups of phones numbers, addresses, or details of offline private conversations... Its the equivalent of the crowd who used to CC everybody.... With a third of all internet email now hosted on Gmail with its opaque scanning system, things can get better, eh!!!...

This topic is closed for new posts.

Other stories you might like