Dropbox Can't See Your Dat– Er, Never Mind

bizwriter writes "Dropbox, the online backup and file sharing service claims to have hit 25 million users in a single year. But a change in terms, noting that Dropbox will give up data to law enforcement under a legal request, showed that the company's security claims couldn't be possible. It turns out that Dropbox claims in one place that encrypted data makes it impossible for employees to see into user files, but in another says that they're only 'prohibited' from doing so."

the love of cloud

[alphatel]

Everyday I get a corporate client asking me why they can't just do all their work on the cloud. Here's the perfect reason why.

Re:the love of cloud

[danbuter]

I agree. The only people really pushing the cloud are the companies who want to supply the servers.

Re:the love of cloud

[gkuz]

So that law enforcement can't access his data? What is his "business" area to be exact?

I love the irony of this comment being posted by an AC. Tell you what, post using your real name, address and phone number, and I'll tell you a dozen reasons why privacy, even from law enforcement, can be a legitimate business need.

Re:the love of cloud

[MichaelSmith]

But if I put my data in the cloud I can encrypt it to the point where it is next to impossible for anybody else to read it. If dropbox encrypt the data on write and decrypt on read then it is of course trivial for them to decrypt it on demand.

Re:the love of cloud

[alphatel]

Let's see, multiple clients from Real Estate, Banking, Brokerage, Legal, Publishing and Internet. I can't imagine ANY of them, or ANY one else, would want such easy access to their data. Most especially since it is employees who are likely to save stupid things in the wrong places. One fubar and your business is buh-bye.

Oh and not to mention, one of the clients is a big Cloud vendor. Guess where their real data is? Not on the cloud that's for sure. Fun little projects and laughable gifs, yes. But anything of importance is inside a very secure internal network of hundreds of servers and it's not moving from there anytime this century.

Re:the love of cloud

[LordAndrewSama]

I'm curious though, how does the law view their access. I mean, they don't keep copies on their servers, so if I use dropbox to transfer dodgy_file.jpeg to another machine, then after the fact the scary law enforcement peoples make a legal request of dropbox, does dropbox have the file on their server, or do they have to access my machines with the file on it? One of those is Dropbox behaving legally and handing over potential evidence. The other is Dropbox going onto my machine and taking it to hand it over, which could be argued as stealing and invalidate the evidence. It all depends though, does dropbox keep a copy of every file?

Re:the love of cloud

[TheRaven64]

Law enforcement can't access the data. Law enforcement can ask the hosting provider to access the data on their behalf (and, in most jurisdictions, compel them to do so). The hosting provider is not an amorphous entity, it is a collection of people. Some of them have access to the data. For a large company, this can be hundreds or thousands of people.

Do you trust all of them not to access your data because they're bored? What about if one of your competitors offers them $1,000? $10,000? $100,000? What about if someone threatens their families (not necessarily specifically to get at you, just so that some organised crime syndicate gets a few TB of data in the hope that some of it can be turned into money)?

Re:the love of cloud

[DrXym]

Everyday I get a corporate client asking me why they can't just do all their work on the cloud. Here's the perfect reason why.

Well it's not a perfect reason. Many companies traditionally send their backup tapes or their shred bins or boxes of old files to an operator like Iron Mountain to store / destroy them. I expect Iron Mountain would comply with a court order just as readily as a cloud operator. I suppose with cloud operators the jurisdictions are more likely to differ which could be considered an advantage or not depending on why the court order is being served.

It's certainly an important consideration though. I think in either case if you're paranoid about your data you encrypt it first.

Re:the love of cloud

[Nikker]

So where is the name and contact info?

Re:the love of cloud

[afex]

erm...slashdot is heavily anti-cloud. maybe you are thinking of lifehacker?

that said, i use dropbox the same way i used to use my .edu webspace when i was in college - put shit in there, but assume that anyone who wants to will see it. I do have a truecrypt volume on my dropbox space with some stuff in it though - i wonder what sort of implications that has?

Re:the love of cloud

[egamma]

It all depends though, does dropbox keep a copy of every file?

Dropbox is a cloud storage service, that syncs a folder between your computer(s) and a cloud location. So yes, they do have a copy of every file.

You could have answered your own question in about a minute.

Re:the love of cloud

[digitig]

Dropbox has to keep a copy somewhere. The file remains available even when the originating machine is turned off.

Re:the love of cloud

[Jawnn]

I agree. The only people really pushing the cloud are the companies who want to supply the servers.

On the contrary, I push it all the time because it's a great tool... when it's the right tool for the job. If that job involves manipulating and/or storing sensitive data, it's somewhat less so in many cases.

Re:the love of cloud

[DUdsen]

In some parts of Europe we are beginning to see data protection agencies(yes normally an oxymoron) banning the use of clouds, where parts of the infrastructure is outside of their jurisdiction, for anyone licensed to store sensitive information. because they assume that the authorities of that place will always have access to back doors in the platform. Something that have caused the usual cloudvangalists to accuse them of being anti progress and all the lot.

This is causing some ruckus as school districts want to use google docs and hospitals want to move their IT into the cloud where the unicorns roam and IT is free and easy.

Re:the love of cloud

[pmontra]

They do. They even have undelete.

They'll probably use a symmetric key cryptography because I don't remember having setup an asymmetric key pair when I subscribed their service.

I'm not using Dropbox to sync my computers, I'm using it for backups and I encrypt all the data before I move it into the Dropbox folder. I don't even live into their country. So long for their access to my stuff.

Re:the love of cloud

[spectrum-]

What is also interesting is a file may alter as it is amended. So really they're keeping all states of all files for an indefinite period. Wow thats a lot of version storage. I presume it's incremental file states to save space but still, that's a lot of overhead for the service. And presumably all cloud storage providers like dropbox, amazon, sugarsync, microsoft etc are all doing much the same. Just dropbox's name is synonymous with personal cloud storage so it's more newsworthy.

Re:the love of cloud

[blowdart]

My employer uses Iron Mountain and their onsite shredding servers. What happens is a truck comes out with what looks like a huge vacuum cleaner pipe and hooks it up to the bins. The paper gets sucked up and is shredded at that point on premises (each bin takes about 10 minutes to process) before making it into the general container in the truck, and then is taken back and shredded some more. So, for paper, the authorities would need to get the materials before it's collected.

Re:the love of cloud

[quintus_horatius]

You're forgetting that any sysadmin worth his/her salt encrypts any backup going off-site (and hopefully any backup staying onsite too). Someone else may have possession of the physical media but accessing it won't simply be a matter of finding matching hardware to read the backup.

Re:the love of cloud

[xaxa]

In some parts of Europe we are beginning to see data protection agencies(yes normally an oxymoron) banning the use of clouds, where parts of the infrastructure is outside of their jurisdiction

I don't think this is anything new, it's been forbidden to move personal data outside the EU for a long time.

http://en.wikipedia.org/wiki/Data_Protection_Directive#Transfer_of_personal_data_to_third_countries

Re:the love of cloud

[Golddess]

As I understand it, a plain old Truecrypt encrypted container cannot be determined to be a Truecrypt encrypted container. So unless they have some other way to prove that is what it is, it should have no implications.

A Truecrypt encrypted system partition however...

Re:the love of cloud

[w_dragon]

And the reason you can't do the same with cloud storage is....

Re:the love of cloud

[capnkr]

...and any business operating under the constraints/protection of HIPAA.

Re:the love of cloud

[capnkr]

Waitagoshdarnminute! Computers aren't 'magic'? Then why do they quit working if you let out the 'magic smoke' from the power supply? Huh???

;D

Re:the love of cloud

[GooberToo]

That depends on where the encryption and decryption is performed. If its strictly done on the client (rather than their servers), unless they specifically designed a backdoor into the client, its not reasonable to believe they can decrypt it on demand.

Re:the love of cloud

[Skarecrow77]

every time I see a cloud article here, I see 3 or 4 people saying "uh, this isn't a good idea. your idea of 'cloud' is basically 'remote file storage', and remote file storage in this context is certainly orders of magnitude slower, very possibly insecure due to rogue employees of the 'cloud' company (and who exactly are they subcontracting to anyway?), it is unclear how secure the cloud storage is to hackers compared to our own tested local network, and it is definitely taking several security measures out of our hands and putting it in hands we can't even see".

That is immediately followed by 30 or 40 people replying more or less with variations on "go away grandpa, this is the 21st century, you need to get with the times or get out of this fast-moving industry".

Re:the love of cloud

[Ariankh]

There's a web interface to access your stuff. Draw your conclusions...

Re:the love of cloud

[alphatel]

Many companies traditionally send their backup tapes or their shred bins or boxes of old files to an operator like Iron Mountain to store / destroy them.

I don't know what tradition you are used to, but all the clients I deal with that have over 25m market cap keep their storage at distributed office locations, or bank vaults that only 2 or 3 people have access to or know the account code of.

No law enforcement is getting in until after the arrests, by then it's all shredded.

Re:the love of cloud

[JamesP]

Use PGP and AES-256

Problem solved (granted, for now)

We're storing encrypted backups on S3, no problem. WE do the encryption.

Re:the love of cloud

[GooberToo]

So the answer is, "server-side." Sounds like the same conclusion I had before.

Re:the love of cloud

[JamesP]

Oops, I meant GPG

Re:the love of cloud

[MoeDumb]

That's the ticket. YOU do your own encryption before sending it up to the cloud. Then it doesn't matter what DB does.

Re:the love of cloud

[RobDude]

I So much this. I don't understand why people don't just do this by default.

It's really easy. You can get software that makes the entire process (essentially) transparent to you as an end user. Drag files into your folder and, bam, auto-encrypted. Long before I heard of any problems with DropBox, I would have bet money that at some time in the future....

1.) A DropBox employee would access someone's files
2.) A hacker would find a vulnerability that gives him access to someone's files
3.) Some malware is written that reads or access files off of Dropbox

Your data isn't safe. Ever. History has proven this. It's fairly routine for me to get an e-mail from some company (bank, credit card, legit-type companies, big companies) saying that they or someone they farm data out to, has been hacked and that some of my information has been leaked. It's almost a guarantee these days.

Dropbox is awesome, I use it all the time. But I encrypt everything I put on it. It's not a 100% perfect solution but it's significantly better than not doing it.

Re:the love of cloud

[toriver]

Even within EU it can be an issue: For instance, during the early days of the recent Wikileaks debacle, French authorities wanted access to data stored on a server (in France) that was used by a Swedish service provider...

Re:the love of cloud

[Runaway1956]

"I encrypt all the data before I move it into the Dropbox folder."

Wiser words of wisdom have seldom been spoken. Only a moron fails to understand that anything hosted off-premises is no longer "private". There may be very few people who can get at your stuff when it's in the clout, or there may be many people. Maybe it's only law enforcement, maybe not. And, maybe all law enforcement people are honest and ethical, and maybe not. Bottom line - you put it in the cloud, it's no longer under your exclusive control. So - if you use the cloud to store stuff, you BETTER make it damned hard to read your stuff! Anyone who fails to understand that needs to take a hard look at all the crazy "digital rights management" shit that has failed.

When it hits the web, you've effectively given it away.

Re:the love of cloud

[Rob+the+Bold]

Well it's not a perfect reason. Many companies traditionally send their backup tapes or their shred bins or boxes of old files to an operator like Iron Mountain to store / destroy them. I expect Iron Mountain would comply with a court order just as readily as a cloud operator. I suppose with cloud operators the jurisdictions are more likely to differ which could be considered an advantage or not depending on why the court order is being served.

I noticed that although you write "court order" here -- and probably a lot of us are making the same assumption -- that phrase is not used in the Dropbox terms quoted in TFA. Instead, it reads "...Dropbox cooperates with United States law enforcement when it receives valid legal process..." It certainly makes you consider that Dropbox -- like other service providers with access to you data -- would give up your files just for a request from the cops, the FBI, etc. without even the limited due process of an actual court order.

Re:the love of cloud

[Runaway1956]

Errrr - wait. Who created the truecrypt container? Was the container created/implemented by the server, or by yourself, then transferred to the cloud? How is the container accessed? Are the keys to the container on your own machine, or are they on the cloud server? I'm really curious here. If you're accessing the container through the server, the server must have the keys necessary to decrypt the container, right?

Re:the love of cloud

[Schadrach]

Why would you need all of that? According to the whole Blizzard RealID scandal, his first and last name should be more than enough in and of itself to destroy his life.

Re:the love of cloud

[lpp]

You're missing the point. While yes, some are AC because they haven't cared enough to create an account, I don't think GP was really attempting to call out GGP to actually provide his info. Rather GP was just highlighting the fact that once information associated with you is made available, it can't really be made unavailable or at least not with any guarantees. And once unencrypted data is in the cloud, you're trusting that the maintainer will not, whether through accident or maliciousness, make your data available to someone to whom you didn't want it to be available.

Don't confuse a specific instance with the general point.

Re:the love of cloud

[afex]

me - you're thinking way too high level, its just a truecrypt file that's sitting in my dropbox space. I have to manually open truecrypt and enter the key (from memory) every time i want to access something in it. to them, it just looks like a giant binary file that is of no use to them.

Re:the love of cloud

[mlts]

This answers the question right here, combined with the fact that password recovery is doable by E-mail.

I'm guessing that it might be encrypted server side... but hell, all my data on my personal domain is encrypted server side (my Linux boxes use LUKS, my Mac uses PGP Whole Disk Encryption, my Windows boxes use TrueCrypt or BitLocker, and external disks use Truecrypt.) So, having data stored encrypted may provide a defense against someone yanking out disks out of a drive array, but against remote attacks, it provides no protection.

Re:the love of cloud

[Weezul]

If you use dropbox on truecrypt encrypted containers, then you'll mostly lose dropbox's archival features.

Wuala has an incredibly simply but very clever algorithm for handling data deduplication on the server, along with rudimentary file versioning, while simultaneously handling on encryption on the client.

How you ask? Easy, you encrypt every file using it's own SHA as the AES key, but then you use the new encrypted file's SHA as the DHT index for retrieval. You need both SHA values to access a file of course, but who cares.

There are only three major flaws in Wuala :

- Any final object yields a unique second SHA for the DHT, enabling data deduplication and instantaneous uploads, but also enabling draconian copyright enforcement under the DMCA. Imagine torrentting a movie only for the MPAA to delete it from your private cloud drive!

- It's closed source! wtf?!? Is anyone really stupid enough to trust closed source encryption software these days? How does anyone know they don't secretly copy the original SHA / AES key?

- It's written in Java. Ack, a slow filesystem driver! (Alright, this third comment is pure trolling. I'll admit server side Java isn't that slow anymore, assuming you avoid all that double copy display idiocy.)

I've been considering writing a custom backend for libgit2 that implements this "original SHA as AES key" approach for storing git repositories in some basic DHT. It ain't a direct translation of course. You'd either need to completely forego git compatibility on the local repository by making all object ids into 2*256=512 or 2*512=1024 bit ids. Or, better yet, create some object packing layer places multiple git objects into a single encrypted object, but must provide some git object index for lookups into encrypted packed objects.

Re:the love of cloud

[ObsessiveMathsFreak]

I expect Iron Mountain would comply with a court order just as readily as a cloud operator.

Ha! I fully expert Iron Mountain or any other "backup company" would mine the data for all it was worth and sell the results to marketers long before the police got involved.

Re:the love of cloud

[causality]

(yet another AC)

Not like the two are mutually exclusive. Just because the reason someone hasn't created an account is they are too lazy to create an account since they can post comments anyway, doesn't mean they are otherwise willing to share their name and address.

They'll be rescinding their stance that privacy doesn't matter, then?

Re:the love of cloud

[IICV]

There are only three major flaws in Wuala :

- Any final object yields a unique second SHA for the DHT, enabling data deduplication and instantaneous uploads, but also enabling draconian copyright enforcement under the DMCA. Imagine torrentting a movie only for the MPAA to delete it from your private cloud drive!

- It's closed source! wtf?!? Is anyone really stupid enough to trust closed source encryption software these days? How does anyone know they don't secretly copy the original SHA / AES key?

- It's written in Java. Ack, a slow filesystem driver! (Alright, this third comment is pure trolling. I'll admit server side Java isn't that slow anymore, assuming you avoid all that double copy display idiocy.)

There's another one I can think of - due to the pigeon hole principle, you'll just randomly have a SHA collision every once in a while on completely unrelated files. The probability of this goes up as the number of files you're archiving increases. Once in college I was running out of hard disk space, so I wrote some bash scripts to take the SHA hash of every file on my file system, and find any duplicates like that. Much to my surprise, it turned out that some Quake 3 Arena asset had the same SHA hash as a random Linux system file - despite having radically different contents.

I would imagine that the probability of collision has only gone up in the intervening years, as people are storing more and more data on their hard drives.

Re:the love of cloud

[DrXym]

And do you think these 25m market cap companies would be contemplating cloud services anyway? I think it's clear that most cloud services are explicitly pitched to companies that can't afford offsite facilities or the equipment & staff to run them.

Re:the love of cloud

[golden+age+villain]

When did we suddenly start trusting other people with our important shit?

Exactly, Dropbox is a great free service though. I use it to easily share a computing project with a student. But why in hell would you store important private information through it?

Re:the love of cloud

[DrXym]

How did you determine this? Oh it was made up. Okay cool.

I "determined" it by stating an obvious fact. Many companies do use Iron Mountain & similar services. I didn't say the majority, or 85%, or just those with sub $10 million. I said many. Go look up Iron Mountain's website. I'm sure they have stats that give you a ball park estimate if you are bothered to get a more specific figure.

Spoken like a true cloud operator. How does a crappy piece of misinformation like this get up-modded? Oh wait, you have 8 accounts.

Yes of course. I have 8 accounts, all rolled today. Moron.

Actually, if you are paranoid you don't back it up. or you have a really well-thought out plan long before you start encrypting. And it doesn't involve saving to the cloud, clod.

Ah genius. So you don't backup and if you do you have a "well thought out plan". Genius. And you are complaining about my comments.

Re:the love of cloud

[MightyMartian]

If you're going to put the resources in place to do encryption at your end, why not just put the backup there too? We looked into this a couple of years ago and about the only advantage was the offsite aspect, which can be accomplished other ways. Yes, creating and maintaining a backup system can be a bit of a pain, but at least I control it, I know where the data goes, and if someone wants to subpoena the data, I'll know about it first, rather than last.

Re:the love of cloud

[robthebloke]

next to impossible != impossible

Re:the love of cloud

[aztracker1]

Dropbox + truecrypt FTW!

Re:the love of cloud

[jimicus]

Not strictly true, there are ways and means around it. Usually by informing your clients that you may process data outside the EU, and if they don't like that the correct course of action is to take their business elsewhere.

How else do you think we have to deal with Indian call centres?

Re:the love of cloud

[Coren22]

When I have seen these trucks come by work (as I am out smoking) I have always marveled at the fact that my "security conscious" coworkers just simply trust that the truck isn't just making shredding noises and quietly storing everything unshredded. This is no different than trusting that Dropbox isn't peeking. The trucks in this area have a lifting device that connects to the shred bin, pulls it up into the truck, and hides everything being done inside. I am not trying to sound paranoid, as I am sure Iron Mountain would not ruin their reputation in this way, but it is an assumption that the truck is really shredding.

Re:the love of cloud

[j00r0m4nc3r]

Every day I get a corporate client asking me why they can't just keep their money in a bank.

Re:the love of cloud

[dave420]

If you use the filesize and a decent hash, it's very difficult to find collisions.

Re:the love of cloud

[Ja'Achan]

All data is sensitive

Re:the love of cloud

[ottothecow]

Dropbox is great and a lot of the stuff people are suggesting defeats the purpose (a dropbox account with a lone truecrypt volume kills the web access and auto-versioning/recovery, etc.).

I put some semi-important private stuff on there without worry...when I travel out of the country, I usually do a scan of my passport+everything in my wallet (front and back) and toss the PDF in dropbox. This might be a bit of an issue if someone hacked into my account (but I prefer it to sending myself an email that traverses the web to who knows where), but I don't really care if someone can subpoena dropbox for my drivers license and credit cards.

I probably wouldn't keep my plans for world domination on there, but it is great to always have a current copy of my resume available online and synced between computers...I certainly never had any expectation that dropbox couldn't somehow get to my files.

Re:the love of cloud

[JWSmythe]

... and FCRA ... and several other very strict laws, depending on the industry. Does it have personal data (name, address, phone number, DOB, SSN, CC#, medical history, etc)? It's probably suppose to be kept in a secure environment, without ever going to untrusted 3rd parties. Depending on the industry, it could just involve "do the right thing", or go as far as quarterly 3rd party security audits that can shut you down until you're in compliance.

   

Re:the love of cloud

[The+End+Of+Days]

No, that's not true at all... it's not even close to true. Just how tinfoil hat are you?

Re:the love of cloud

[Tarlus]

Even the simplest of data has feelings, you insensitive clod!

Re:the love of cloud

[Kamiza+Ikioi]

Everyday I get a corporate client asking me why they can't just do all their work on the cloud. Here's the perfect reason why.

As I say, clouds come from enough people smoking the same stuff. I wonder what dropbox was smoking?

Re:the love of cloud

[StikyPad]

All anyone needs to do is encrypt their own data before placing it in the DropBox folder. E.g., I have my KeePass password database stored in DropBox. Keep your keys in a secure, portable location (webmail, usb stick, phone) and you're set. Then all you need to worry about is the real world.

Re:the love of cloud

[CCarrot]

Even the simplest of data has feelings, you insensitive clod!

I guess that makes a bit pretty bi-polar, then...

{ducks barrage of rotten tomatoes}

Re:the love of cloud

[hardaker]

Hmm... Let me fix this for ya:

On the contrary, I push it all the time because it's a great tool... when it's the right tool for the job. If that job involves manipulating and/or storing sensitive data, it's somewhat less so in many cases.

On the contrary, I push it all the time because it's a great tool... when it's the right tool for the job. If that job involves manipulating and/or storing sensitive data, it's alwaysless so in all cases.

Re:the love of cloud

[1u3hr]

News Flash Dropbox will comply not break the law to protect your data.

The news flash was actually: Despite implying that its staff CAN'T decrypt your data, actually they are just TOLD not to.

Re:the love of cloud

[vertinox]

If you're going to put the resources in place to do encryption at your end, why not just put the backup there too?

Simply keeping everything in house at one location does not protect from acts of god or bad luck.

Fires, floods, and theft happen.

A really good backup system includes off site backup somewhere in the loop.

This doesn't mean you have to use the cloud to do it.

You could have a simple system with someone taking backup tapes to a different office or something, or even taking encrypted hard drives to a safety deposit box.

Re:the love of cloud

[Blakey+Rat]

You could just rent a Amazon EC2 instance, attach a cloud drive, and do your own encryption. Amazon couldn't decrypt it if they wanted to.

Of course they could potentially delete it, so there's still that risk.

Re:the love of cloud

[LWATCDR]

But again that also is a given. Even if they use a public private key system you do not keep the only copy of the keys. Dropbox has a recover lost password feature. If it does then there is no way that they encrypt the private key with your password then then store the key with a one way hash. If they did then you could never have the I lost my password function. Not only that but really? This is slashdot and even if they did all of that you still type your password into the website and the app. So the only thing that they keeps one of the developers from just grabbing your password is by company policy.

If it possible to click a link that says "lost password" on a file storage site and not have your old files unreadable then they can decrypt your files. That is programing 101. If someone can come up with a method that allows you to recover or rest a lost password and not have the files be unreadable and still make it impossible for any employee to read the files I would love to hear how that could work because I am pretty sure it is impossible.

Re:the love of cloud

[DerekLyons]

"...Dropbox cooperates with United States law enforcement when it receives valid legal process..."

A "valid legal process" could be a court order, a subpoena, a discovery motion, a search warrant, etc... etc... There's more than one valid and legal avenue for someone to request access to your data, hence their language covers all the bases rather than complies with your simple minded belief that there is only one.
 

It certainly makes you consider that Dropbox -- like other service providers with access to you data -- would give up your files just for a request from the cops, the FBI, etc. without even the limited due process of an actual court order.

Under certain instances, such a request *is* a "valid legal process" without the need for a specific court order. Take off the tinfoil hat and educate yourself on the legal system.

Re:the love of cloud

[MrAnnoyanceToYou]

Not necessarily true. We have one onsite desktop support tech in an office of twenty or thirty people. He gets everything done in approximately half time, because we use Google cloud apps for a huge percentage of our overall applications. He also does purchasing of all new machines, etc. in that half time....

So, yeah, cloud stuff is slightly more efficient in my view. The backups required for all that e-mail, all the setup stuff, etc...... Just harder to do without cloud apps.

And, of course, there are consulting companies selling cloud apps like mad at the moment, too. Salesforce consultants are some of the most highly paid in the industry, I'm fairly certain.

Re:the love of cloud

[guruevi]

Iron Mountain is just an excuse for the risk-averse to comply with certain regulations (HIPAA, SOX, ...). The wording in those regulations make it so that if you go through the motions of encryption and destroying your data, it's ok, you don't have to disclose your losses.
"Your data got leaked through paper documents" -> No, we have a certificate from Iron Mountain all documents are shredded.
"Your data got leaked through a hard drive" -> No, we have a certificate from Trustwave that we do full disk encryption.
"Your server was hacked" -> We are PCI-compliant so we can be sure nothing important was leaked, here's a certificate.

Re:the love of cloud

[AaronLS]

It is also perceivable they are also doing some sort of de-duplication so that they aren't storing duplicate data across users. If it were encrypted in the way they would like us to believe, I don't think this would be possible, but they definitely have an incentive to be able to decrypt the data, because then that would save them significant storage space by being able to perform compression/de-duplication.

Imagine if lots of people had the same 1 gb movie saved to dropbox, and DropBox could save hundreds of GB by only storing one instance of it.

Re:the love of cloud

[AaronLS]

Be careful though, because depending on how the folder encryption software works, it may also be transparent to DropBox. I.e. the DropBox application when reading from the folder, gets the unencrypted version of the file, just as if you tried to open the file up yourself(since DropBox is probably running under your account). This would be the case if you were using the folder encryption feature that comes with Windows. The easy way to test this is to download the file from DropBox onto another computer that doesn't have the particular folder encryption product you are using, and verify that you are unable to open the file, i.e. it is the encrypted version of the file.

Re:the love of cloud

[golden+age+villain]

I probably wouldn't keep my plans for world domination on there

Dammit! I did not think of THAT!

Re:the love of cloud

[MichaelSmith]

With my current setup a failed system will lose a day (max) of data and losing the house will lose a week of data. If I backed up on line both would be down to a day, or less if I ran rsync more frequently.

Re:the love of cloud

[Weezul]

Good point. I guess that's why they make you upload your files rather than skipping uploads who's hash already exists, i.e. they actually compare the files before deduplication, any instant uploads would only be copying your friend's shared files.

Imho, you should use SHA-256 and AES-256 of course, not the SHA-128 and AES-128 used by git and wuala, massively reducing your collision chances. You realize that 2^256 is roughly 10^77, just shy of the popular 4*10^79 to 10^81 rage people like for the number of atoms in the universe. And asymptotically the number pigeons grows quadratically while the number of pigeon holes grows exponentially.

Re:the love of cloud

[man_of_mr_e]

I'm unsure how dropbox would deal with container, which would be a single gigantic file (or possibly multiple gigantic files). If you change one file in the container, it has to upload the entire container again i would think, though it's possible it may be smart enough to figure out how to upload just the changed blocks.

That would be fine if your container were 50MB, but if it's 50GB, that's a different story.

Re:the love of cloud

[man_of_mr_e]

So that means, if you need to access the file from another location you have to download the entire container. Kind of defeats the purpose.

Re:the love of cloud

[socceroos]

Dump dropbox dude. Build your own 'cloud'. You have internet access at home?

Re:the love of cloud

[aztracker1]

Dropbox is without cost to me... BYO would cost me.

Re:the love of cloud

[socceroos]

In terms of data transfer, it will cost a small amount more. Offset by the fact that all your home network would be synced via LAN.

In terms of initial setup time it would cost you a lot more. In terms of maintenance it would cost you slightly more.

In terms of privacy, the savings are priceless.

See what I did there? =D

Re:the love of cloud

[aztracker1]

As to the cost... my time is fairly precious to me... I work a *LOT* and so what free time I have, I don't spend much goofing around. Dropbox will do LAN syncing as well, when two machines are in the same LAN. As to security/privacy... anything I care about is encrypted inside my dropbox directory. Even rsync + detection service/scripts would be more pain than it's worth... I actively use Linux, Windows and OSX so Dropbox is about the best fit for my use I've found. Also, having an offsite/online backup has value as well.

Re:the love of cloud

[socceroos]

I guess 'goofing around' is both subjective and relative to the importance placed on it by an individual.

Having an offsite/online backup is valuable, and depending on your solution, every client can itself be a node in your offsite/online backup.

Trade-offs - for sure - but its all about importance to the individual and their circumstances.

Re:the love of cloud

[1u3hr]

But again that also is a given. Even if they use a public private key system you do not keep the only copy of the keys. Dropbox has a recover lost password feature.

Whatever. I don't use it. Obviously if they do have lost password recovery, then the rest follows.

The fact is than they were implying they had a service (complete privacy) they didn't really have. Whether they were busted because of the TOS that prompted TFA, or the password argument doesn't really matter.

Re:the love of cloud

[therefore]

Mozy does delta-change backups. I have a 2 GB TrueCrypt container (which it backups for free) and it then backups only those blocks that have changed since the last. 53 MB today.

Re:the love of cloud

[therefore]

That's why you don't go for an all-in-one solution. For the most critical/confidential stuff (email, financial data), wrap it in a TrueCrypt container, use Mozy for its delta-block backups -- only backups blocks in the container that have changed. Yes, it means you have to download it in full to recover, but mine fits within a 2 GB file -- easy to download. I'm secure. For the non-confidential but important and ever-changing data (pdfs manuals of everything I've ever owned, save games), I use Mesh which provides 5 GB for free. This syncs similar to Dropbox but does not do delta-changes. I don't care if someone knows where I'm at in Fallout New Vegas but I'd be really bummed if I lost the save game. For the important static data (my collection of pics), I use Adrive -- 50 gb free. I then use Microsoft backup image of my system disk. I also use Acronis to create a backup image of my system disk (suspenders and a belt). I use RoboCopy to external drives of all of my music, movies, games. I'll lose them if my house burns down, but I can always recreate if necessary.

Re:the love of cloud

[RockDoctor]

I So much this.

Huh? Missing word?

I don't understand why people don't just do this by default.

Because most people are lazy and foolish.

Sorry to disillusion you.

Santa doesn't exist either, and the Tooth Fairy was one or both of your parents.

Re:the love of cloud

[AmiMoJo]

Dropbox is a very simple cloud storage system, but when most people talk about the benefits of the cloud they mean in terms of being able to manipulate the data. Webmail is probably the oldest example, but it includes things like Google Docs and the Zoho office suite where you can log in and create, edit and print from a web browser with no need to have say MS Office installed locally.

I actually use Google Docs and gMail a lot, but always keep in mind the fact that Google can read all my stuff. I suppose that is the price of using those free services, but I would gladly pay say £1/month for encryption (well, not Dropbox's encryption, but you know what I mean). Unfortunately I don't think it would be possible because the law mandates that email headers be logged for two years and available to the police, but that is more of a general problem with email. Can't see any reason why documents shouldn't be encrypted though.

Re:the love of cloud

[LWATCDR]

They do have lost password recovery and that is a fact. This was a clarification of the TOS because the old one was actually just not possible.
Employees can not look at your data. AKA it is not allowed by the rules. You can not go to the store naked. Not because it is physically impossible to go to the store naked but because you will face repercussions if you do. Some smart lawyer or engineer realized that there TOS was inaccurate and fixed it. English a fuzzy language. Simple truth is that anytime you do not control the encryption keys from start to finish there is a chance for someone to decrypt and read the data. Even then it really depends on how paranoid you want to be. Do you personally audit the code for GPG and or Truecrypt and compile you own copies? After auditing the code for GCC and the libraries and then verifying the binary is correctly generated? If not how do you know that they are not transmitting a copy of your keys to a remote server? Complete privacy that does not depend on laws and company policy being enforced is just not possible. Heck even with ssl connections it is completely possible for a man in the middle attack between your computer and any website if a certain company employees wants to bad enough. I promise you can not come up with any online storage system where you upload none encrypted data that meets your concept of complete privacy. It just can not be done.

Dropbox really is a good service. Sure it is a more like a lock box you get at Office Depot and not Fort Knox but who needs Fort Knox? I can take a picture with my phone and put it into dropbox and it shows up on my desktop at home. I can share a folder with my wife so she can grab the pictures on her laptop. It is free for two gigs. It really is just a really good service.
Dropbox should be commended for correcting their terms of service. No one could have lived up a TOS stating that it is impossible for any employee to read your data and keep the service users friendly. So people are now screaming because Dropbox has corrected the language of the TOS so that is now clear. Good freaking greif talk about people expecting a tech unicorns and fairy farts.
What is really good about it is that YOU can make it extremely secure if you want to. Use your Dropbox shared folder to house a truecrypt container.
Or just live with it as a pretty secure storage solution because frankly it is really cool and works really well.

Re:the love of cloud

[arisvega]

Exactly. OF COURSE they are going to hand it over to the authorities, if asked. They have to. What do you expect, have them make a stand and go to jail? After all, if so concerned, why not encrypt yourselves before uploading?

It is not impossible

[zero.kalvin]

it just depends on the encryption and all. And wether there is a backdoor or not. They are lying, the question is to whom ?

Re:It is not impossible

[gkuz]

Of course it can be impossible. Encrypt the data yourself, using a well-known, open-source, trusted and verified program, and keep the keys yourself. Dropbox can't decrypt anything then. Why anyone would trust them in the first place, especially a smart guy like Miguel, is beyond me.

Re:It is not impossible

[SniperJoe]

Probably to everyone, including themselves.

Re:It is not impossible

[gpuk]

I think the problem is that if you use a Truecrypt container and back that up to Dropbox, the Dropbox client is not always able to tell if any data has changed as changing the contents of the container does not always change the containers binary size on the disk. This means you can't do an incremental backup and instead have to force a full backup every time you alter what is inside the container, which isn't funny if your container is larger than a few hundred MBs.

Re:It is not impossible

[moronoxyd]

You do not know how Dropbox works, right?

Dropbox doesn't just look for the size of a file or the access time.

Re:It is not impossible

You could always send incremental backups in new truecrypt containers. Yes this creates a lot of work if you have to put all the piece back together, but it is an option.

Re:It is not impossible

[gpuk]

Looks like things have moved on since I last tried Dropbox with Truecrypt:

http://forums.dropbox.com/topic.php?id=14332

It does appear to be possible providing you tell Truecrypt not to preserve file modification timestamps

Re:It is not impossible

[TheRaven64]

This is the point of tarsnap. Open source client, you can verify it and the encryption that it uses. It encrypts everything before uploading and can't be decrypted on the server without access to a key that's only stored in the client.

Re:It is not impossible

[LoudNoiseElitist]

That's the point. It looks for changes in the file. With encryption, the file usually *completely* changes, thus giving Dropbox no choice but to upload/download the whole thing.

Re:It is not impossible

[gpuk]

Having said that, it apparently can still be a bit painful: http://news.ycombinator.com/item?id=1392765

Re:It is not impossible

[gpuk]

Looks interesting. Similar to my setup which is rsync.net + duplicity

Re:It is not impossible

With encryption, the file usually *completely* changes, thus giving Dropbox no choice but to upload/download the whole thing.

I've never used truecrypt, but from what I know, I suspect the chances of the entire encrypted volume changing when you make any change is close to zero. It would kill performance to have to rewrite the entire volume every time. It has to only update portions. So then the possible solution to this would be to treat it like bittorrent does, where it breaks it into chunks and checksums each chunk. When only a small portion of the file changes, it then know which chunks to reupload. Whether or not dropbox can or does operate this way, I have no idea, but in general, it is feasible to implement into a service.

Re:It is not impossible

[DarkOx]

Why would they use the size of the file to determine if its changed, there are these things called hashes or checksums which would be a reliable way to verify the blob has been modified. If they wanted to be really lazy they could just look at the mtime on the container file too. If they are using file size to detect when data has changed, then I would not consider letting any of my data near them for reasons having nothing to do with privacy.

Re:It is not impossible

[gfilion]

Well, files put in DropBox are available on their website; it's pretty obvious that they can decrypt them. The encryption part is about the SSL connection between my client and the dropbox server, me thinks.

Re:It is not impossible

Not for Truecrypt. In CBC mode it bases the initialization vector off of the hash of the file block address so only a single 4k block needs to get uploaded.

Re:It is not impossible

[gpuk]

No idea. When I looked at it (admittedly a long time ago) the only way to get Dropbox to sync a Truecrypt container after you changed the contents was to take the container out of the Dropbox folder and then move it back in. Even then, Dropbox would invariably upload the whole container rather than just the delta.

Apparently you can work around the syncing problem by getting Truecrypt to update the file modified time stamp when you change the container contents. However, it seems incremental backups are still flaky as any non-trivial changes to a container's content forces Dropbox to re-sync the whole file.

YMMV (I am not a current dropbox user)

Re:It is not impossible

[blueg3]

They're not lying, they're just being careful with their words and people can't read.

It should be obvious to any technically-minded person that they hold any encryption keys, since when you install Dropbox on a second computer, you don't need to provide a key in order for it to be successful.

So their claims are that they encrypt data in transit, encrypt data at rest, and that employees can't access the content of files. There's no claim that it's impossible for any employee to access the content of files because they're encrypted with a key Dropbox doesn't hold, which is what people seem to be imagining. It's simply saying that employees won't snoop on your files because in the normal course of business, they are not provided access with the contents of those files.

As far as providing the files to law enforcement upon a legally-valid request, they don't really have a choice in the matter, as they're a US company. For any company that exists primarily in country X, it is almost certain that there is a relatively easy procedure for law enforcement agents of country X to obtain any data about you that the company holds. If the country happens to be, say, Lithuania, and you don't travel to or do business in Lithuania, you probably don't care, but it's still true. The only way to prevent this is to make it so that the company is not holding any useful data of yours that they are able to access. In the case of Dropbox, you need to encrypt your files before they get to Dropbox.

Incidentally, if you have data that you don't want law enforcement to be able to obtain, you should be encrypting it even when it's stored locally. A search warrant for your computer is not really all that much harder to obtain.

Re:It is not impossible

[joebok]

Well said!

Re:It is not impossible

[phantomcircuit]

Your information is incredibly out of date.

Modern encryption schemes which involve writing to disk will use a CTR block cipher mode, which allows for random read/writes without propagation.

Re:It is not impossible

[LoudNoiseElitist]

Show me how this works with a TrueCrypt volume in Dropbox.

Re:It is not impossible

[imsabbel]

You realize how hilariously wrong you are right?

No?

Then just imagine you have a 100Gbyte Truecrypt volume mounted on your drive. You open a text file on it, change a word and than save it. Does it take about 10 minutes, or does it take a few millisecond? That should tell you that no, a change in a truecrypt volume will NOT change the whole file.

To be a bit more serious:
No whole disc encryption scheme can work without being block based. They are quite tiny, like in Hard Drive Sector Size small.

Re:It is not impossible

[rochberg]

Exactly! When I read the blog post, my first thought was, "Just another troll blogwhoring for attention on Slashdot." So I was a little surprised when I saw the author's name at the bottom. I use Dropbox for presentations that I give, so I don't have to mess with hooking up my laptop. I just use the public terminal, log in to Dropbox and download the file. I've never had to transfer a key or anything. Thus, it's pretty obvious that anybody with access to my account can access my files in plaintext.

Crypto is great and wonderful and all that, but it never exists in isolation. Access control policies, auditing, etc., are also required to have a secure, usable system that is flexible enough to provide the type of mobile access that Dropbox does. I see nothing contradictory about Dropbox's claims that employees cannot access user files directly. It seems to me that the author just never took the time to think about the implications of Dropbox's flexibility.

Much ado about nothing...

Re:It is not impossible

[Sun]

Depends on the encryption method you use

<shameless_plug>rsyncrypto</shameless_plug>

Shachar

Re:It is not impossible

[Tarlus]

I think it's very important to note that TrueCrypt, by default, will never update the time stamp of an encrypted volume. Not sure if the Dropbox client is checking file hashes or time stamps, but other file synchronization clients I've used would skip over modified TryeCrypt volumes every time.

Fortunately, it is very easy to change the setting and enable time stamp updating.

Re:It is not impossible

[kaoshin]

Yes, Truecrypt does block level encryption, so a big container wouldn't completely change when a small change is made. Only some blocks do, depending on the amount of data that is modified. Binary diff is a supported feature according to Dropbox. You would need to turn off the Preserve modification time of file containers option in Truecrypt (under settings and preferences), so that the time stamp changes when the container does. You will also need to unmount the container before sync. I was going to set this up after reading others success stories in getting Truecrypt and Dropbox to work, but ended up settling on a different solution.

Re:It is not impossible

[praxis]

You may learn more if you do your own research but:

http://www.truecrypt.org/faq
[quote]The ciphertext block size used by TrueCrypt is 16 bytes (i.e., 128 bits)[/quote]

https://www.dropbox.com/help/8
[quote]Before transferring a file, we compare the new file to the previous version and only send the piece of the file that changed. This is called a "binary diff" and works on any file type. Dropbox compresses files before transferring them as well. This way, you also never have to worry about Dropbox re-uploading a file or wasting bandwidth.[/quote]

Re:It is not impossible

[cperciva]

I love my customers...

Re:It is not impossible

[cperciva]

Tarsnap's snapshotting model is a bit more sophisticated than how duplicity works, and its separate keys for writing/reading/deleting archives makes it possible to do some things you can't do with rsync.net (e.g., you can have a server which does daily backups with Tarsnap while still making it impossible for someone who roots the server to tamper with said backups).

But yes, tarsnap and duplicity+rsync.net are certainly more similar than, say, tarsnap and dropbox.

Re:It is not impossible

[js_sebastian]

I think the problem is that if you use a Truecrypt container and back that up to Dropbox, the Dropbox client is not always able to tell if any data has changed as changing the contents of the container does not always change the containers binary size on the disk. This means you can't do an incremental backup and instead have to force a full backup every time you alter what is inside the container, which isn't funny if your container is larger than a few hundred MBs.

True, but then in depends on the granularity of your container. A single truecrypt volume is not a good idea. But there are also per-file encryption solutions available. Ecryptfs is what ubuntu uses for the Private folder which is available by default. It encrpyts each file individually, with file name unchanged. So unless the name of your files is sensitive, you can use it to at least have per-file updates to dropbox. Encfs does something simlar but it also protects the file name.

Re:It is not impossible

[steelfood]

There's an another problem.

Having two copies of the same truecrypt container, but one with subsequent changes, is a breach of security. The ability to do a binary diff presents an additional attack vector. This is especially true if the contents are mostly text.

You can't know if replacing your container over on the other side results in an overwrite, or in the creation of a completely separate version.

Enough copies given enough time, and your data, and possibly even your key may be picked out from it. Sure, it's probably still highly unlikely for the key to be outright compromised, and it's assuming NSA/CIA-level expertise working on your file, but it still means your data's not as secure as you may expect.

Software that automatically does strong encryption over a container (with random file order processing) would probably be more appropriate than a truecrypt container in this situation.

Re:It is not impossible

[man_of_mr_e]

It takes a significant amount of time to hash a 50gb file. By the time it was done, you'd have to start over again to make sure nothing else had changed, essentially meaning dropbox would have to be constantly hashing the file, 24 hours a day, 7 days a week. This would slow performance on any computer a great deal, and on a laptop would drain the battery extremely fast.

No problem

Just Encrypt it

Re:No problem

[Dupple]

Exactly. Anything critical or sensitive should be put in an encrypted Disk Image or similar, whatever cloud service you use.

Re:No problem

[flappinbooger]

Just Encrypt it

The parent comment is underrated. Dropbox is a very good service, and I don't see why this new revelation of theirs couldn't be properly handled by just encrypting everything you put on it - yourself.

So if you become a person of interest, and the powers that be make DB cough up your filez, they still won't see anything because YOU encrypted it too.

Anyone have any suggestions on a quick and painless encryption product or approach to apply to your dropbox folders? I use DB extensively, have a lot of extra free space, and I don't fancy a 5 GB truecrypt file. I imagine a bunch of small truecrypt files would be a pain as well.

Re:No problem

[gpuk]

Dump Dropbox and use something like rsync.net + duplicity. You lose the ability to remotely browse backed up files via a web interface but that's the price you pay if you don't want your backup provider to be able to browse your files.

Re:No problem

[geminidomino]

rsync.net has no free option, Dropbox does.
duplicity doesn't, apparently, work for Windows[0].

AND you're still doing the encryption on your side. Which is a "fix" to the same issue with Dropbox. So...uh... what, exactly, would be the use?

[0] Based on the duplicity web page: requires POSIX OS. Windows resembles a POSIX OS in much the way that an anole resembles the USS Nimitz

Re:No problem

[gpuk]

Incremental backups that work 100% of the time for a start. Also, duplicati is a windows port of duplicity (or you can use the free windows client from rsync.net).

Admittedly, there is no free option with rsync.net but you can't do much with 2GB...

Re:No problem

[bflong]

Try Spideroak. 2GB free. They encrypt client side and have no access to your data.

Re:No problem

[DarkOx]

I know you don't fancy a 5gb volume but keep in mind that lots of little files are often more vulnerable to attack than a single big one, unless you use different keys. Which would be pain for your to remember. So it probably is best to stick everything in a single blob.

Re:No problem

[flappinbooger]

I know you don't fancy a 5gb volume but keep in mind that lots of little files are often more vulnerable to attack than a single big one, unless you use different keys. Which would be pain for your to remember. So it probably is best to stick everything in a single blob.

trying to remember if DB uploads only the parts of files that change, so then a multi GB truecrypt wad would not have to upload in entirety when only changing some files within...

Re:No problem

[geminidomino]

Except that duplicity/duplicati are for backups. There are plenty of use-cases for DB beyond just backups (and speaking just for me, I'd have to be out of my mind to trust a buzzword-compliant 3rd-party with an essential function like that, encryption or not).

What I can't believe is that no one's made any FOSS that does what the DB client does (basically watch for changes and sync remotely) to host your own "cloud" storage.

Re:No problem

[geminidomino]

Then how do they go about creating "Shares?"

Re:No problem

[DrVxD]

That's fine and dandy, until you get a left-wing government that passes legislation which forces you to reveal encryption keys

Who "owns" the data?

[sohmc]

This is a common question, which I'm sure has come up in legal battles. When you upload data to someone else's server, does the data belong to you or does it belong to the person/company that actually owns the hardware? I'm sure for law enforcement folks, they want it both ways.

Consider if the data service in question is raided because an employee had child pornography. They raid the company because he employee used hardware to hid his stash. Now everyone's data is available for search.

IANAL but it seems like if you insist on using these services, you have to give up certain rights. Or you can just encrypt all of your data before uploading. But then, if the hardware is ceased, you no longer have a backup.

Re:Who "owns" the data?

[Spad]

When you put you belongings in a safety deposit box, do they belong to you or to the person/company that actually owns the safety deposit box?

Re:Who "owns" the data?

[gcnaddict]

When you send a physical note through a fax machine and tell the person on the other end of the line to hold onto it, does it belong to you or to the person/company that actually owns the safety deposit box?

It could be argued that while the concept you submitted to the person/company is yours, it's using that entity's toner, paper, etc. and that if he's asked for that specific sheet of paper, it's up to him what he does with it.

Re:Who "owns" the data?

[SniperJoe]

When you use a safety deposit box, you get a key and the bank gets a key. Both keys are required to open the box (barring a warrant and locksmith). Besides, you can't really easily make a duplicate (that's yours) of the physical items in a safety deposit box such as money or a diamond ring.

Re:Who "owns" the data?

[Spad]

it's using that entity's toner, paper, etc

As opposed to using their box/vault/building/security systems/staff/etc?

Ultimately, of course, it depends on the terms you agreed to when you arranged to use the service (subject to irrevocable rights and so forth).

Re:Who "owns" the data?

[ciderbrew]

I think items would always belong to you. If the bank goes tits up you'll need to apply to get you stuff back from the receivers. If the police want to open the box to have a look, they will. Under the Patriot Act in the US I don't think they give a toss any more. I'm not too sure about uk law. I'd expect the police to get the VAT man in. He'd seize what he wants, then break out the angle grinder and have at it. If you didn't pay the VAT on the child porn you're fucked. I'm sure the child porn charge will seem secondary to tax evasion charge. /rant (sorry)

Re:Who "owns" the data?

[afex]

the idea stems from the 'you wouldn't steal a car' argument against piracy.

essentially - most of us wouldn't steal a nice beamer that's out on the street. However, if you had a machine that could make an exact copy of said beamer, while leaving the original PERFECTLY intact, would you do that? of course!.

as for who owns the copy, i have no idea - but that dude that made the beamer duplication machine better get some sort of kickback, that guy kicks ass!

Re:Who "owns" the data?

[Culture20]

essentially - most of us wouldn't steal a nice beamer that's out on the street. However, if you had a machine that could make an exact copy of said beamer, while leaving the original PERFECTLY intact, would you do that? of course!.

What about a limited edition Beamer, where most of the value to the owner is that it is one of only twenty made?

Re:Who "owns" the data?

[geminidomino]

I'm under the impression that this is a security-related discussion, so "ownership" isn't the issue.

The issue is that in a safe box, there's been some monkey business involving an employee and your grandma's 5k diamond ring, you know it when you open the box.

With files that Eve@Dropbox can just access and copy onto her phone's SD card, not so much.

Re:Who "owns" the data?

[afex]

in a world with the 'physical object duplicator', things like 'limited edition' unfortunately will no longer exist.

and yes, i'm still surly that someone copied my limited download release of Hotel California in OGG >:(

Re:Who "owns" the data?

[mrrudge]

This is artificial value and scarcity created by limited manufacturing, you'd be reducing that value by copying it. If you're looking for edge cases then 'what if your heavily pregnant wife was ten minutes from giving birth and you were 9 minutes by car away from a hospital.' gives you the opposite moral outcome.

What about unique items, the Mona Lisa ?

Would it be reduced as 'best painting, like ever' if everyone were able to hang an exact copy at home? The original would be worth monetarily much less. The benefits to society of everyone who's interested being able to study the finest first hand would be enormous.

Re:Who "owns" the data?

[mr1911]

And to further the argument that is isn't about ownership...

It is about possession. If Dropbox was holding your grandma's 5k diamond ring, the FBI could request Dropbox to turn it over, just as they are allowing access to your files, the previous comment about the obviousness of the intrusion not withstanding.

While I'm on my soapbox, I will reiterate the opinions that it is not very smart to store something you feel is that sensitive in the cloud. If I had files I felt were that sensitive, they would be encrypted and backed up and stored in my personal safe. Yes, the FBI can get the drive if they want it, but the intrusion will be obvious and the encryption will have no back door and will be as strong as the passphrase I used. If you put it on Dropbox, consider it is everywhere -- on their servers, stored with their backups, released to any law enforcement agency that asks, browsed by bored employees, and maybe even posted on the internet by a disgruntled employee. Putting blind faith in what most use as a FREE backup service should be considered just as safe as hiring an unknown, unpaid person to housesit your home while you are on vacation.

Re:Who "owns" the data?

[DerekLyons]

When you put you belongings in a safety deposit box, do they belong to you or to the person/company that actually owns the safety deposit box?

They belong to you. But that doesn't mean the organization that physically owns the box won't give up the contents when so ordered by the courts. Ditto for the office or house that you rent.

Re:Who "owns" the data?

[CCarrot]

This is artificial value and scarcity created by limited manufacturing, you'd be reducing that value by copying it. If you're looking for edge cases then 'what if your heavily pregnant wife was ten minutes from giving birth and you were 9 minutes by car away from a hospital.' gives you the opposite moral outcome.

What about unique items, the Mona Lisa ?
Would it be reduced as 'best painting, like ever' if everyone were able to hang an exact copy at home? The original would be worth monetarily much less. The benefits to society of everyone who's interested being able to study the finest first hand would be enormous.

The value in the original is the history, not the exact materials. No matter how atom-perfect, a replication was never touched by the hand of the master, or survived so many trying adventures throughout the centuries. True, perfect replication would make the job of distinguishing the original from the knockoff much more difficult, but the copies do not diminish the historical (or nostalgic) worth of the original, or the owners would never have allowed prints, photographs or any other form of copy to be made (and how much sadder would that be for the world?)

Why do we authenticate signatures on baseball cards? To prove that the signature is real, and that the actual player himself touched that card at some point in its existence, at least long enough to deface it. Being able to make a perfect copy of the signed card doesn't diminish the actual value of the original, it just makes it harder to authenticate and may diminish the market value due to people being taken in by these fakes.

Re:Who "owns" the data?

[DarwinSurvivor]

If a bank goes bankrupt, the "receivers" would be bound to the same restrictions as the original bank.

Hmmm...

[boarder8925]

From Dropbox's new terms of service:

As set forth in our privacy policy, and in compliance with United States law, Dropbox cooperates with United States law enforcement when it receives valid legal process, which may require Dropbox to provide the contents of your private Dropbox. In these cases, Dropbox will remove Dropboxâ(TM)s encryption from the files before providing them to law enforcement.

How does Dropbox define "valid legal process"? Do they mean something like, I don't know, receiving an actual search warrant? Or do they mean rolling over when the police say, "Hey, um, we'd just like to look at all these users' files. We have no warrant or real reason to do so, but we think someone might potentially be doing something illegal and we promise we're only working to 'protect' people and all that jazz."

Re:Hmmm...

"Dropbox's encryption". Hmmm.
Don't be surprised if, soon, they change their terms of service to prohibit you from uploading pre-encrypted files!
I'm not paranoid. I'm just no longer naive.

Re:Hmmm...

[Voyager529]

Well, my guess is that it'd be a bit of both. Dropbox is a business, albeit one that gives away the first tier of their service. My expectation is that if a cop showed up and said 'pretty please' regarding a user on their free plan, they'd most likely oblige. There's nothing in it for them if they argue the cop on the customer's behalf, but I'm certain the officer, if determined, could make Dropbox's life miserable, spin it to the press, tip off the BSA to cause a software audit, etc. etc.

By contrast, if the officer was inquiring about a corporate customer that has several Pro100 accounts for their users, THEN dropbox is in a position where they could potentially lose a valuable account to a competitor. At that point, they'd be more likely to ask for a subpoena.

If you (and I mean the general, collective 'you', not necessarily the parent poster) are that worried about stuff being seized by law enforcement, either host your own storage server (while frowned upon, most residential ISPs won't block FTP, or only block it on port 21), only upload encrypted RARs, or use an offshore provider that the cops can't touch.

Re:Hmmm...

[abulafia]

How does Dropbox define "valid legal process"?

Well, you'd have to ask Dropbox about their definitions. And I am not a lawyer. But in terms of various things to answer your questions, you might want to read up on National Security Letters, which allow demands for metadata pretty much on nothing more than the FBI thinking they want to see it. (Yeah, I know that's not what the law says, but read up on how NSLs have actually been used.) Of course, metadata in this context doesn't require decrypting the documents - it likely is going to refer to file names, IP addresses and times of connection, etc.. Also of note is the Stored Communications Act. The rules are complex and are being contested in various ways, but among other things documents held in storage for over six months can be grabbed simply on a court order, no warrant or subpoena required. It isn't clear to me if "held in storage" would mean unmodified since uploaded - the rules were written primarily to cover email, which it typically not modified after reciept, other than changes to metadata.

Re:Hmmm...

[MichaelSmith]

Don't be surprised if, soon, they change their terms of service to prohibit you from uploading pre-encrypted files!

I won't encrypt my files. I will just compress them using my own algorithm. Hilarity ensues.

Re:Hmmm...

[blueg3]

They assuredly don't care. They're just helpfully notifying you of a fact that they have no choice about -- as a US company, they have to provide data to US law enforcement upon request. They can spend money making it difficult if they want, but they're still required.

Re:Hmmm...

[DrVxD]

.There's nothing in it for them if they argue the cop on the customer's behalf,

Except, maybe, goodwill - which is a pretty hard commodity to come by, but it's very easy to lose. Despite the old adage, there most certainly is such a thing as bad publicity (ask RSA).

if the officer was inquiring about a corporate customer that has several Pro100 accounts for their users, THEN dropbox is in a position where they could potentially lose a valuable account to a competitor

And that kind of customer is the kind that may start thinking hard about leaving if DropBox complied to any request without due process.

Android etc?

[Jeppe+Salvesen]

How do you mount an encrypted disk image on Android? And what if it's updated through Dropbox?

Re:Android etc?

[Dupple]

Dunno, don't have Android. If you require immediate access to those files then it's probably better to carry a memory stick. I carry both. For storage encryption is fine. Modify the image and upload again. Depends what you're using the service for and how you need to access the files. What I do works for me, though it is a bit of a compromise

Re:Android etc?

[shawn(at)fsu]

I think if you are that concerned with security you shouldn't be relying on android and drop box for your security concerns.The more COTS products (free or otherwise) that you use the more you are held hostage to their business practices. If the data is that important to you then you shouldn't be placing it all over creating because you want easy access while relaying on someone else to keep it safe.

Security is your primary concern, for a free service like drop box you'r lucky if it's even a secondary concern.

Just as easy, an encrypted sd card and a netbook.

Wuala

[moonbender]

Wuala uses end-to-end encryption, ie. the data is encrypted and decrypted on the client. The employees can't access your data since they don't have the encryption key. This means you lose your data if you lose the key. It also means you can't access all your data in a convenient web interface -- though you can mark individual folders as being shared on the web (which obviously means trusting the server operators with the encryption key for that folder). I think it's a much more trustworthy model than Dropbox, and the Linux integration works well for me. Too bad it's not open source; IMO they should at least open-source the client component, for security and trust reasons if nothing else.

Re:Wuala

[quintus_horatius]

You *hope* that the data is encrypted. How do you know that it isn't simply tunneled over SSH but stored unencrypted on the host servers? You don't, you're taking their word for it. You're putting an awful lot of faith in other people if you're not managing your encryption yourself.

Re:Wuala

[moonbender]

Yep.

Easy fix...Truecrypt.

[geekmux]

....AFAIK, Dropbox has full support for Truecrypt volumes. Simple solution to this delimma? Take the encryption "problem" away from Dropbox and use your own.

Re:Easy fix...Truecrypt.

[s7uar7]

Unless Dropbox does block-level tracking you would end up re-uploading the entire encrypted volume every time you modified a file inside it.

Re:Easy fix...Truecrypt.

[smurfsurf]

Not if they use a binary diff algorithm on the volume file.

Re:Easy fix...Truecrypt.

[Kappy]

I've tried this with a small 10MB TC volume (just to hold docs). Every time I modified the contents of the TC file DP would upload the entire volume again. So explain this full support for Truecrypt please.

Re:Easy fix...Truecrypt.

[TangoMargarine]

....AFAIK, Dropbox has full support for Truecrypt volumes.

How would they have partial support for TrueCrypt? Either they a) look for a TC header and disallow you uploading that file (unlikely), b) don't let you upload a .tc file (easily avoided), or c) don't care at all.

Re:Easy fix...Truecrypt.

[heypete]

Are you using Dropbox v1.0 or higher? That was when they implemented TrueCrypt support.

I just did a similar test with a 100MB TrueCrypt volume and Dropbox 1.0.10 (admittedly a bit out of date -- why doesn't Dropbox auto-update?) and it worked precisely as expected: only the changed parts (about 4MB, as I used to images as the test files) of the TC volume were uploaded, while the bulk of the TC file remained unchanged and didn't get uploaded.

Re:Easy fix...Truecrypt.

[swillden]

FYI, TrueCrypt files don't have any distinctive headers, by design. Given a file full of uniformly-distributed random bits, there's no way to tell if it's a TrueCrypt volume or the output of a random number generator.

Re:Easy fix...Truecrypt.

[TangoMargarine]

Well sure, officially, but I seem to remember hearing that there were a couple programs that could sniff out a TC volume with a pretty good amount of certainty. And who fills their unused hard drive space with random data? If you make that claim, it pretty much sets you up as someone who would likely use TrueCrypt anyway.

Re:Easy fix...Truecrypt.

[swillden]

I seem to remember hearing that there were a couple programs that could sniff out a TC volume with a pretty good amount of certainty

Cite?

And who fills their unused hard drive space with random data? If you make that claim, it pretty much sets you up as someone who would likely use TrueCrypt anyway.

I thought we were talking about whether or not Dropbox could identify TrueCrypt volumes in order to refuse to store them, not whether or not someone with files of uniformly-distributed bits is "suspicious".

Depends on who is asking them

[Shivetya]

http://www.washingtonpost.com/wp-dyn/content/article/2007/03/22/AR2007032201882.html

Does that story give you the creeps or not?

So the government can make you rat on your clients and you can't even tell your own people your doing the work of the government

Re:Depends on who is asking them

[Devoidoid]

That's what the PATRIOT Act is FOR. Ask this question of any librarian. A library is required to turn over any patron's borrowing history, with no reason given as to why the person is being investigated, and is barred from telling anyone the request was even made.

Re:Depends on who is asking them

[JonStewartMill]

A library is required to turn over any patron's borrowing history, with no reason given as to why the person is being investigated, and is barred from telling anyone the request was even made.

This is why my local library only retains borrowing history if the patron specifically requests it.

This changes everything.

[seinman]

Uh oh... I keep my 4chan folder on Dropbox. Better go delete some things...

They Lied

[jarich]

The old policy said our files were encrypted with mil-spec encryption, etc etc. Now they're telling us they'll turn our files over if asked.

Dropbox lied. No two ways about it. But this why you never store anything sensitive in "the cloud" anyway.

Re:They Lied

To be fair, from the very start, to anyone who cared to ask, they said that:
1. The files were encrypted and stored on Amazon servers
and
2. They had the keys

Of course they said they wouldn't use the keys to decrypt your data without your permission, and of course if the government asks them to they will because they don't like federal-pound-me-in-the-ass jail.

Re:They Lied

[TheSpoom]

To be fair, I would never believe a company that said that they "couldn't" access your data. Admins can always access everything. There should be a privacy policy in place that tells them not to disclose the files to which they have access, but they do have that access. If they didn't, they couldn't effectively do their job.

Re:They Lied

[udoschuermann]

I don't know whether they actually lied (I don't use DropBox), but here is what I suspect is actually the case: Yes, they encrypt the data but not with your key on the client but with their key at the server. Sure, they use a cryptographically secure transport between client and server (SSL/TLS) but they have access to the crypto keys. It would require explicit effort for their people to decrypt your data, so accidental exposure isn't an issue, but if a court orders them they can comply.

Here's a potentially useful tip: There is a little piece of software called EncFS, which does file-level rather than volume-level encryption. Those who use TrueCrypt on DropBox and find that the entire container gets sync'ed for the smallest changes, might want to have a look at EncFS. I've no idea how easy it is to make that work with DropBox, but it's probably worth a shot if DropBox's TrueCrypt support is not all it's cracked up to be.

Re:They Lied

[leonbloy]

The old policy said our files were encrypted with mil-spec encryption, etc etc. Now they're telling us they'll turn our files over if asked. Dropbox lied.

I don't follow the reasoning, I really don't get the lie. Files are encrypted, but Dropbox system knows the encryption keys. That "employees" cannot decrypt them, it's an issue of internal privileges and internal security - I always assumed that we are speaking of support/maitainance people here. Mr root-Dropbox can read my files (if I've not encrypted them myself), I always have taken that for granted, as a Dropbox user.

To point to another privacy issue: it's well know, for example, that Dropbox has a clever management of file contents, based on hashes, to allow efficient renames and content sharing. Say I upload a porn clip and I call it "leaning_java.avi". If another user has upload the same clip with a truthful name, then dropbox is aware of that (and ot doesn't duplicate the storage bytes, just links both files to the same storage), and my upload is practically instantaneous. So, Dropbox knows that my "learning_java.avi" is the same file as pornaddict's file "anal_fest.avi". Go figure.

Re:They Lied

[TangoMargarine]

"We encrypt your files" and "we will turn over" are not mutually-exclusive terms.

Re:They Lied

[swillden]

The old policy said our files were encrypted with mil-spec encryption, etc etc. Now they're telling us they'll turn our files over if asked.

There is no contradiction between those two statements.

Re:They Lied

[DrVxD]

"Lied" is a bit strong - I don't recall them ever saying they couldn't decrypt the files.

Who is to blame

[antifoidulus]

Is this really dropbox or Amazon that is behind this policy? While people rant and rave about dropbox, in the end it's really just a fancy front end onto Amazon's S3 service. Your data is actually stored on Amazon's servers and my guess is that it's ultimately Amazon that dictates policies such as this.

The cloud is never secure ...

[Blade]

Maybe it comes from working in IT, but I always assume that if someone else is holding my data, they can access it. It doesn't interest me what they say - that's my basic starting assumption. So I always assumed that Dropbox could get to my data, and if I cared about the privacy of that data I just encrypted the files myself first.

It's my data, I'm in control of it. Giving it up to someone else and hoping they keep it safe is silly.

I'm surprised so many people are surprised (and I wonder if the people are are surprised haven't been in IT long?)

Re:The cloud is never secure ...

[steelfood]

Or not in IT at all.

It's fairly common for non-IT folks to be in IT. They probably have no business being there, but since they're "good at computers" according to whomever hired them, they're there.

And this is why you constantly have IT fiascos like data leakage. Uninformed management not only creates faulty policies, but also hire inappropriate employees or contractors.

There are non-IT companies that are very strict about safeguarding certain data, but that's a result of the underlying corporate culture, not because management is particularly well informed (especially in other areas of IT), or was initially.

Never trust Cloud Storage

[binarymaster]

If you have sensitive [or embarrassing] data, just do not store it on the cloud. Period. Do not trust Encryption. Do not trust what the cloud storage companies may claim. The terms may change on ce it is too late to remove your files.

Safe deposit box?

[Primitive+Pete]

...but it's not a safe deposit box. It may actually be more like a storage unit or a bus station rental locker. In both cases, the owner of the container and the police can search at will, and you have no expectations of privacy from them. The only reasonable expectation is that the the owners of other lockers won't get your old sweat sox.

YOU encrypt it first

[drumcat]

This is simple. If you use a service like dropbox, simply house an encrypted "disk" on the site. You can put anything you want in it, but dropbox doesn't have the key. Sure, if you put a naked file up there, and they encrypt it for you, *they* have the key. If you're that worried about your files, it's probably not a good place for them.

Seriously, you didn't see this coming?

[Thumper_SVX]

Seriously, is anyone really surprised by this? I use DropBox, and not once have I considered that my data in DropBox is completely private. Sure, I use it for transferring some documents that are potentially sensitive (a lot of documentation on a lawsuit I'm involved in for example) but where there's sensitive data I always encrypt the documents myself with TrueCrypt.

This is precisely why I think the "cloud" is a bad idea for corporations. Until there are guarantees and safeguards against data theft or loss there is no way that I would entrust my company's critical data to a third party provider. Yes, the costs of managing that data myself are higher but the risk of that data getting out of our control and management is greatly mitigated.

And what about a data breach? Loss of data due to crackers? Seriously... all it's going to take is for one of these cloud providers to become big enough that the majority of corporations using their services are completely without options when a breach occurs. The big provider can simply turn around and say "Well, crap happens but who else are you going to turn to?" and there's nothing the average corporation can do about it. There may be financial guarantees in place, but simply put the cat is already out of the bag at that point.

Re:Seriously, you didn't see this coming?

There may be financial guarantees in place, but simply put the cat is already out of the bag at that point.

Which is why only data they can afford to lose will be stored in the cloud, e.g. customers' personal info and such, certainly not financial or business data.

Re:Seriously, you didn't see this coming?

[Nukedoom]

Done and done. Never heard about True Crypt before, but it only took about 8 minutes to secure all my financial information.

Re:Seriously, you didn't see this coming?

[steelfood]

Cloud is perfect for supplementing existing infrastructure, but never for replacing it.

If you put

[joh]

valuable/confidential data on servers you don't personally fully control, you're deserving whatever you get.

And by this I don't mean you shouldn't use things like DropBox. DropBox is great and cheap and easy to use for what it does. Just don't use it for things you don't want to get into the wrong hands or at least encrypt your data beforehand. What's so hard to understand here? And this of course is not limited to DropBox. If you have a rented server out there it may be "yours" but what do you think will the company you're renting it from do when push comes to shove?

Re:If you put

[slyborg]

This issue at hand is that Dropbox claimed your data was secure. Those with a technical background or a cynical bent would assume that was b.s. but an average person would perhaps take them at their word. So it's valid to call them on the misinformation. The accurate information would be that your data is secure in transit, but accessible to anybody that has direct access to the files, which would of course include Dropbox itself. I actually would hope the keys are not colocated with the data; if that is the case, then at least ONLY Dropbox employees can access your data, otherwise, anybody that can crack the S3 cloud could do it.

Are we getting fewer mod points?

[Nimey]

Seems like in the past few days I've seen fewer and fewer posts modded up or down.

Re:Are we getting fewer mod points?

[MichaelSmith]

In the last three months or so I have been getting at least five points per week. But I do think that the new software shows moderations differently so maybe you aren't as aware of moderation going on.

problem with encryption

[lechiffre5555]

Encrypting your files before drop-box gets hold of them is fine EXCEPT you are trusting the drop box client you installed on your machine to: 1) Not watch you encrypting those files, and sniff the password. 2) Not make other files on your computer available to law enforcement There used to be a 3) Encrypt your files in the cloud and not give anyone access. But your trust in number 3) has already shown to be wrong. Tell me why you still have faith in 1) and 2) again?

Re:problem with encryption

[rollingcalf]

That's why if you use Dropbox or any other online storage with a closed-source client process, it should be used inside a virtual machine, with the virtual machine receiving encrypted files from the host OS. That way it can't sniff your password or any other data you don't want it to see.

What's the purpose of Dropbox

[SuseLover]

I still don't get what the big deal is. What does dropbox do that can't be done with a simple sftp site (other than some free online storage)?

Re:What's the purpose of Dropbox

[dingen]

The big deal is Dropbox' super simple interface, which integrates into your file system so even computer-illiterate people will have no problem using it, combined with the appeal of a pyramid scheme to get more free storage for every person you lure into using it. This makes every Dropbox user an advocate of Dropbox.

Re:What's the purpose of Dropbox

[A+nonymous+Coward]

Free is handy, but the syncing among clients is what makes it so simple. You install the client, there's some minimal setup, and now whatever happens in any file watched by dropbox is uploaded to the server and automatically downloaded to the other clients. You could set up a dozen and get automatic mirroring. It is handy. Some people use it to collaborate, but it wouldn't handle multiple people editing the same file very well.

That's its main attraction, the automatic mirroring. Nothing impossible to do yourself, but handy. Wouldn't pay for just that.

Re:What's the purpose of Dropbox

[SuseLover]

Sorry I don't buy that. There seems nothing simpler than FileZilla, Gftp of just plain ftp to me. If your that technically illiterate, why are you sharing valuable information in the first place?

I guess I'm not of the Internet age/mentality. The loss of control of my own data and privacy is much to great for me to "trust" it in the hands of some unknown company or entity. This is why I will never trust anything to the cloud and can't imagine why anyone else does either. There is news of a data breach somewhere almost daily, and from some sites that you would "think" might have enough professionals running them to keep data secure.

If all you want to share are worthless family photos maybe it is fine for that, but nothing more important.

Re:What's the purpose of Dropbox

[realityimpaired]

The one thing it adds is a web-based interface where you can download your files with any web-connected computer, regardless of whether the client is installed.

Personally, I think it's a bad idea to trust your files to the cloud at all... It accomplishes nothing that can't be done without dyndns and a server running on a non-standard port. Even the nooblet user crowd can roll their own quite easily with dyndns... just use RDP with Network-Level-Authentication (RDP with SSL) and a strong password on your user account.... most ISP's won't block the RDP port, even if they block all of the other standard protocols.

Re:What's the purpose of Dropbox

[RalphTheWonderLlama]

Does your family know that you think their photos are worthless? :)

Re:What's the purpose of Dropbox

[spectrum-]

Well firstly it's location independent clustered storage, so you've less single points of failure (if any at all) as the data is spread across multiple sites and servers. Your single sftp server fails, bye bye data. Your data centre of several load balanced servers goes on fire, bye bye data. It's harder to kill the cloud basically. Plus all the power saving features of virtualisation etc etc

Re:What's the purpose of Dropbox

[kcitren]

Where is your server hosted? You mention dyndns, so I'm assuming you mean out of your house. I don't know about your house, but mine doesn't have backup power nor server and network redundancy. Plus, I like the off-site nature of the Cloud / Dropbox backup solution. I don't feel like running a high-availability cluster out of my house.

Re:What's the purpose of Dropbox

[toriver]

You are mistaking DropBox for a service which only involves one machine and the cloud. When I drop a file into my local DropBox folder at home, it aoutomatically gets synced to my iPhone, my iPad, and my computer at work. If I edit a note using PureText it automatically gets stored in DropBox and is also synced.

Beats having to do manual syncs with some service.

Re:What's the purpose of Dropbox

[Jaxoreth]

Does your family know that you think their photos are worthless? :)

No, they're unable to decrypt his email. :-P

Ummm... BFD?

[Sounder40]

Dropbox, like any and every other internet entity, is subject to the laws of their land, and therefore must provide data when requested by valid court order. As for Dropbox having access to my data, again, this is not a surprise considering my first point.

Personally, the utility of Dropbox is worth the risk. However, it is incumbent on me to be careful what data I put on Dropbox, and in what format. When I put sensitive data on Dropbox, it has been encrypted. Since I am sharing files on multiple computers I really don't want this data accessible anyway.

I recommend Dropbox, Mozy, Carbonite and all the others to family and friends because it is painless file backup. I also warn them that data backed up to the cloud is accessible by people we hope are moral and altruistic. I warn them that they may not be.

So pardon me for saying big effin' deal...

Re:Ummm... BFD?

[udoschuermann]

Agreed, BFD for those of us who understand the cloud, the risks, and how to install our own crypto layer. But most people will probably think "oh, they encrypt the data, that means it stays private" without realizing just what is encrypted, where, and by whom. Most people don't even know what they don't know about cryptography, and in the field of cryptography muddled knowledge is probably worse than none.

Truecrypt

[strayant]

Simple solution: Use a Truecrypt volume for your private files and loose Dropbox for anything non-private. If you want something better than that, roll your own solution on your own servers. If you don't know how something works, don't trust it outright.

Re:Truecrypt

[fishbowl]

If you have the dropbox agent installed, how do you know anything on your computer is private?

Re:Truecrypt

[udoschuermann]

That's one of the biggest issues I have with closed-source: Trust. There is plenty of software that does "more" than is advertised, but when it comes to security software there are few things that undermine trust quicker than the lack of access to the source code.

Re:The only cloudservice I trust.

[peragrin]

The only downside is that it is extremely limited, can't be easily accessed by mobile phones, or tablets.

what I want is an easy to host on my own version of dropbox, mobile sync, etc. why should google, apple, or microsoft host my contacts, calendars, files, etc.

AGGGG you're missing the point with encryption!!!!

[lechiffre5555]

Most posters in comments say âoeencrypt your data before putting it in the dropbox folderâ as a solution. They blithely ignore that the drop box closed source client with unknown capabilities sits on the computer running all the time. And itâ(TM)s safe to encrypt your data on a computer running a program that already been shown to have have deliberately violated your trust? It could sniff passwords during encryption, it could make available ANY files on your computer not just the ones you want, it could do anything. The point is we donâ(TM)t know what it can/canâ(TM)t/could do, and we trust the rest of the computer it sits on? Not having a go at drop box, Iâ(TM)m still going to keep using it, but astonished by the lunacy being displayed by users of a techie site. Encrypting your data on a computer running a program that has already shown to abuse/not respect trust is just crazy!!!!

Time to

Drop it like a Box of rocks

encryption...

[sxpert]

just encrypt the file *prior* to uploading it... problem solved

Re:encryption...

[lechiffre5555]

no no no not solved at all terrible solution you don't know what the drop box client running on your machine can or can't do, they have already violated your trust and now you want to encrypt your files whilst the drop box client is running?

Dropbox encryption

[vviljo]

Sure the users data can be encrypted with whatever algorithm but it is obvious they have the keys too and can unencrypt at will. To access files user only needs to provide a password which can be recovered via email. Duh.

Next time...

[SgtPepper]

Read the EULA.

What the fuss?!?

[A+nonymous+Coward]

I have a dropbox account and don't remember seeing that section where they claimed they couldn't read my files. I'm certain I read it, but I never would have believed it to mean they were truly unable to read my files -- if they encrypted them before storing them, they'd have to be able to decrypt them to send them back to me, or to track changes. Did someone actually think they had an irreversible encryption process which could somehow be reversed by the magic between them and me? A one time pad which somehow evaporated while sending files back to me? It might be reasonable to think they have some sort of access controls so ordinary people there can't browser customer data, but I never would have put any ironclad faith in such policies. That's wy it was common knowledge, near as I could tell, all round the web that you needed to encrypt backups and such yourself before sending them to dropbox.

I don't understand why anyone would expect otherwise. This is a tempest in a teapot.

Duh...

[Lumpy]

Anyone that has done any of their challenges knew this. IF they can drop files into your dropbox without giving them permission then that means it's not encrypted. or has a known key.

Do not trust the cloud

[Voline]

Hierarchical organizations are subject to the threats and favors of the state. Keep your data at home where the Fourth Amendment still (sort of) exists.

What exactly do they give?

[shish]

"All your data is encrypted" and "we'll give the cops some files" aren't mutually exclusive, if they give the cops encrypted files...

Simple

[MBGMorden]

There's a simple solution to this that I already use - I keep an encrypted Truecrypt volume in my Dropbox folder. It syncs over fine and is backed up but the only thing they see is the encrypted volume.

Pffft..easy fix:

[Zapotek]

XOR your data with entropy from /dev/urandom before uploading them.
Easy peasy...

(I was actually kidding but now I'm tempted...this can be the poor man's one-time-pad.)

Re:Pffft..easy fix:

[Ksevio]

But then you have to hold onto as much random data as your real data so there's no benefit to storing it remotely.

Re:Pffft..easy fix:

[fishbowl]

If you are satisfied with pseudorandom pads, all you need to keep is the seed.

Re:Pffft..easy fix:

[0123456]

If you are satisfied with pseudorandom pads, all you need to keep is the seed.

If you're using a 'pseudorandom pad', then you should be using a real encryption scheme instead.

SpiderOak

[Overzeetop]

Too bad SpiderOak's synchronization doesn't work most of the time. Otherwise, it would be a great alternative.

Re:SpiderOak

[katz]

Anecdotal. Perhaps your experience was not to your liking; for me it works great. Besides, you can talk to their support people and developers on IRC (how many other services let you do that, really?)

Linux solution is encfs

[PeterM+from+Berkeley]

Hello,

    I use encfs. You don't end up with a large monolithic file. Instead, a directory is created that stores all your files in encrypted format. An advantage is that your data on disk is stored encrypted--even the filenames. It is only decrypted in your core memory and in any "temporary backup" files your application may store elsewhere. There's a performance hit, though.

    I then use rsync to back up the encrypted data. Your data is secure to all but the likes of keyloggers, applications that leave garbage outside of your secure dir and memory, root compromise of your machine, or walking away from your machine with the data unlocked.

    I think it is even secure to some small degree from root compromise of your machine, though I'm not sure how. By this I don't mean that someone with root couldn't get your data one way or another, I just mean they'd have to work at it a bit. I admit I could be underestimating the strength of the security against root compromise.

    I can't speak to the strength of the encryption used or the strength of the implementation, however, they seem to be using AES or another few choices of encryption algorithm. AES, if done right, can be strong encryption.

    I really like how it works, though. I've had no problems with it other than the occasional problem remembering my key (fortunately temporary.)

Best,

--PeterM

steganography!

[spectrum-]

Steganography and plausible deniability remain open to your consideration The question also is how would they prohibit such encrypted/obscured uploads anyway? Unless they scan upload on the fly to see if they're a known openable/parsable filetype or distinguishable binary format.

This is why zero-knowledge services are better

[katz]

Take a look at SpiderOak (http://www.spideroak.com). Their fundamental security policy is "zero knowledge", meaning that their services works in such a way that everything is encrypted from the client. This is powerful stuff.

Re:This is why zero-knowledge services are better

[operator_error]

https://spideroak.com/engineering_matters#true_privacy

True Privacy

Your SpiderOak data is readable to you alone. Most online storage systems only encrypt your data during transmission, meaning anyone with physical access to the servers your data is stored on (such as the company's staff) could have access to it. Or, even if your data is encrypted during storage, your password (or set of encryption keys) is often stored along with your data, thus making its easily decoded by anyone with local access to those servers.

With SpiderOak, you create your password on your own computer -- not on a web form received by SpiderOak servers. Once created, a strong key derivation function is used to generate encryption keys using that password, and no trace of your original password is ever uploaded to SpiderOak with your stored data.

SpiderOak's encryption is comprehensive -- even with physical access to the storage servers, SpiderOak staff cannot know even the names of your files and folders. On the server side, all that SpiderOak staff can see, are sequentially numbered containers of encrypted data.

This means that you alone have responsibility for remembering your password or 'Password Hint' (which you can create to help you remember) allowing SpiderOak to create a true 'zero-knowledge environment' – keeping your data as safe and secure as it can possibly be.

Re:This is why zero-knowledge services are better

[Windrip]

... a strong key derivation function...

With apologies to whatever Star Trek episode featured this character:
"It is so strong, even Rok does not know how strong"
Sorry, feels like snake oil to me.

Re:This is why zero-knowledge services are better

[grep+-v+'.*'+*]

That's why I use CrashPlan, because even thought their *client* isn't open source where I can read it, their program lets me use servers under my control to see exactly what they're writing.(*) I'm happy with that. They also have different levels of passwords: lazy let-them-handle-it, or heres-my-half-of-the-key, but I keep the other half.


(*) Of course w/o source, they could be writing to their servers in a different or a decryptable format, I've not sampled the wire to see. But I trust that they're lazy and I can already see that they can encrypt locally -- I don't expect (but they could) that they'll create a totally different module just to send data to their own servers.

I could use their program for free with only my servers, or just run rsync myself. But if I'm that paranoid I shouldn't have my data connected to the internet anyway.

Re:This is why zero-knowledge services are better

[numbski]

Actually, that's BS. The source is right there on your computer. You just have to look. It's in ruby.

Re:This is why zero-knowledge services are better

[katz]

I would think that any reputable service would want to protect /themselves/ with a zero-knowledge policy (a true ZK policy where the customer and only the customer has the password). That way when they get a subpoena for customer data, they can hand it over without worrying about being connected to its supposed contents.

so use encrypted disk images

[v1]

Just put a single DMG in your dropbox, an encrypted disk image. Then they can look at your DMG file all they want unless they feel like dealing with AES256.

Re:so use encrypted disk images

[0123456]

Do you really think AES256 would stop the feds?

Um, yes. Unless your password was 'password', anyway.

If the feds have found some way to break AES256, then that would lead to a revolution in cryptography.

Re:so use encrypted disk images

[v1]

Anyone that knows encryption knows, nothing will "stop" a determined attacker with unlimited time and resources. And the available resources of an attacker are assumed to double along with the advances in technology every few years.

Encryption only serves to make a successful attack impractical at the time of implementation to a point in the future where protection is no longer necessary.

AES256 has no "rainbow table" available and has enough bits to make an attack substantially difficult for probably the next 3-5 years. If someone in power is willing to spend hundreds of thousands of dollars worth of computer resources on you today, or is willing to sit on your data for several years for it to become practical to attack, you're probably screwed anyway.

Re:The only cloudservice I trust.

[kenshin33]

while you can forget sshfs for now (at least for android), there are ssh clients and SFTP clients for android and ios (don;t know about other platforms). So you can ssh mount the encrypted volume and then SFTP ... voila (not as easy as the dropbox client may be, but not the end of the world either )

VPS+SSH+rsync

[npsimons]

Boy, that VPS setup with SSH and rsync doesn't sound so hard to setup now, does it?

PS - git instead of rsync also works pretty well.

Re:VPS+SSH+rsync

[geminidomino]

I've wanted to do something like that for awhile. The failing is that the rsync has to be either triggered by schedule or manually, which is the one big advantage to DB (not big enough for me to use it, though)

It doesn't matter

[Sloppy]

How does Dropbox define "valid legal process"?

It doesn't matter. If a system has holes, it has holes. The holes' supposedly-benign purpose or any policies about when to abuse the holes and when to abstain from doing that, isn't relevant.

you need to have the only key...

[pointbeing]

I have a problem with cloud sites that advertise encryption simply because you don't have control of the key - or of who has it. There's no doubt in my mind that all of these services can decrypt your files for you if you lose your key.

I personally just encrypt my own stuff and stick it in a folder in my gmail account.

So this isn't about the _rest_ of your hard drive

[radarsat1]

When I first read the title, I thought the article was talking about the Dropbox local utility reading data on the _rest_ of your hard drive. Well, seems everyone is talking about the data you actually put in your drop box, which is fine... simple solution, just encrypt it. (I've been using encfs.)

But considering you're deploying a local program that has access to your whole home folder, and whose only job is to upload data to a server, it wouldn't be such a big stretch for Dropbox to be asked by authorities or even by some rogue employee to access any old file on your hard drive. By installing a closed-source program that is always running in the background, you're basically giving them carte-blanche access to your data, whether it's in your drop box or not.

encryption methodolgy for backups

[hAckz0r]

Truecrypt definitely rocks, but its the wrong way to encrypt things if you need to be incrementally backed up in the encrypted state. Besides that, having a volume oriented encryption methodology may not keep secrets from hackers while that volume is mounted on the system, so a session oriented encryption methodology may be better to keep things sealed when not in use.
.

For all the above reasons I use encfs because it is only mounted when I choose, for just my eyes, and is easily backed up on a file by file basis so incremental backups work just fine. Just point your DropBox uploader to the encrypted file tree and back it up as soon as you unmount your crypto session volume. I have a script that mounts the crypto volume, opens a file manager to pause the script, and when the file manager is closed the session is immediately unmounted. All you need do is add a command to the end of the script to kick off a DropBox incremental upload.

Impossible vs Prohibited

[ukemike]

The difference between impossible and prohibited is like the difference between a welded shut steel safe and a sticky note that says "don't look at this."

Parent Nailed It

[Maarx]

Parent has nailed this on the head. And before we fork the argument from below, client-side encryption doesn't work because you lose Dropbox's incremental update features.

Re:Parent Nailed It

[praxis]

It does let you choose though: privacy or convenience.

Come to think of it, that's a pretty common-place choice in life.

Re:AGGGG you're missing the point with encryption!

[Minwee]

Maybe you should try reading the article you linked to. It doesn't say what you think it says.

If there's money to be made

[ThatsNotPudding]

there are customers to be betrayed.
Meaning: they want to stay in business, so they will happily dance to the tune called by any tin badge.

It's very simple

[david_thornley]

Look, I've got a DropBox account. I signed up for it on my laptop. Then I went to my desktop, and logged into my account. I did no sort of file transfer from laptop to desktop. Then I uploaded some unencrypted Mercurial repositories.

At no time did I do any key management. A key couldn't have been generated randomly in the client, or I'd have to transfer it from laptop to desktop. Therefore, there can be no client-side encryption, except for any files I want to encrypt myself.

Therefore, any encryption is done server-side, and DropBox maintains the keys (they have to be able to send the files back to me, after all). They advertise AES-256, which is a symmetric cipher, so encryption and decryption rely on the same key. Therefore, DropBox itself can access my data. It may be that many or most employees don't have access to both the accounts and the keys, so they can't look at my personal software projects and bad fiction. Somebody in the company certainly can, and they can turn the stuff over to law enforcement.

This doesn't depend on DropBox advertising at all. Just from how I interact with DropBox, I know that my files are not secure from them. That's why I won't trust them with anything sensitive I don't first encrypt myself (on a machine under my physical control, with no outsider logged in, because I've read about AES side-channel attacks).

Anybody who knows much of anything about file storage and encryption (and I'd hope this means most Slashdotters) should have known this from the start. It will come as a surprise only to the ignorant or thoughtless.

devils advocate

[verbatim]

It turns out that Dropbox claims in one place that encrypted data makes it impossible for employees to see into user files, but in another says that they're only 'prohibited' from doing so.

The two claims are not mutually exclusive -- support agents cannot get in because they don't have decryption keys, while deeper levels of the company can get access because they have access to the keys.

It makes sense to me, anyway. At any rate, the moral of the story is if you want something to be private, do not rely on third parties to encrypt things for you (and, if you do, it's not secure).

BlowfishAdvanced CS

I use use Blowfish Advanced CS and it works great. Very good freeware tool (open too).
For some uses I find it a lot handier than TrueCrypt. http://www.lassekolb.info/bfacs.htm

Keep data away from Dropbox employees

[romrom97]

One way of doing this is to use Truecrypt to create an encrypted volume and sync that with your Dropbox. But this is actually a headache as it has to upload the entire volume each time you make changes and you have to mount and unmount the volume for that to occur. I found this to be too much of a headache.

After Google searching around, I found the perfect solution. And no, I don't work for the company that puts this out. This lets you create a folder in your Dropbox that encrypts the data inside that folder with your own key and encrypts / decrypts in in real time. Great solution and works perfect! I wanted to share this gem that I found and hope you guys find it useful.

http://www.boxcryptor.com/

SpiderOak

[numbski]

http://www.spideroak.com/

Go give them some love, will ya? Great company, actually zero-knowledge...replete with performance issues caused by it. Give your business to someone that's doing it right.

The Contract is Scary! Super-Caveat Emptor, Baby!

[MarkvW]

Here's Dropbox's indemnity language:

You agree to defend, indemnify, and hold Dropbox, its officers, directors, employees and agents, harmless from and against any claims, liabilities, damages, losses and expenses, including, without limitation, reasonable attorneys' fees and costs, arising out of or in any way connected with: (i) your access to or use of the Site, Content, Files and Services; (ii) your violation of this Agreement; (iii) your violation of any third party right, including without limitation any intellectual property right, including but not limited to right of attribution, publicity, confidentiality, property or privacy right; or (iv) any claim that Your Files, or your use of Files, caused damage to a third party, including without limitation claims that Your Files, or use of Files, infringe the rights of another.

If somebody files an absolutely baseless lawsuit against Dropbox relating to the stuff you keep on Dropbox, you're promising to pay all of Dropbox's legal expenses defending that lawsuit.

You're also promising to pay Dropbox for all "EXPENSES" in any way connected with your use of the Dropbox site! What the hell does that mean? Super caveat emptor baby.

Here's the liability exclusion language:

IN NO EVENT WILL DROPBOX BE LIABLE TO YOU OR TO ANY THIRD PARTY FOR DAMAGES OF ANY KIND, INCLUDING, WITHOUT LIMITATION, DIRECT, SPECIAL, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL DAMAGES (INCLUDING LOSS OF USE, DATA, BUSINESS OR PROFITS) ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, OR FROM YOUR ACCESS TO OR USE OF, OR INABILITY TO ACCESS OR USE, THE SITE, CONTENT, FILES AND/OR SERVICES, OR FOR ANY ERROR OR DEFECT IN THE SITE, CONTENT, FILES OR SERVICES, WHETHER SUCH LIABILITY ARISES FROM ANY CLAIM BASED UPON CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, OR ANY OTHER LEGAL THEORY, WHETHER OR NOT DROPBOX HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE, EVEN IF A REMEDY SET FORTH HEREIN IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE. YOU SPECIFICALLY ACKNOWLEDGE THAT DROPBOX IS NOT LIABLE FOR THE DEFAMATORY, OFFENSIVE OR ILLEGAL CONDUCT OF OTHER USERS OR THIRD PARTIES AND THAT THE RISK OF INJURY FROM THE FOREGOING RESTS ENTIRELY WITH YOU. FURTHER, DROPBOX WILL HAVE NO LIABILITY TO YOU OR TO ANY THIRD PARTY FOR ANY THIRD PARTY CONTENT UPLOADED ONTO OR DOWNLOADED FROM THE SITE OR THROUGH THE SERVICES AND/OR THE FILES, OR IF YOUR DATA IS LOST, CORRUPTED OR EXPOSED TO UNINTENDED THIRD PARTIES.

FREE ACCOUNT HOLDERS: YOU AGREE THAT THE AGGREGATE LIABILITY OF DROPBOX TO YOU FOR ANY AND ALL CLAIMS ARISING FROM THE USE OF THE SITE, CONTENT, FILES AND/OR SERVICES IS LIMITED TO TWENTY ($20) U.S. DOLLARS. THE LIMITATIONS OF DAMAGES SET FORTH ABOVE ARE FUNDAMENTAL ELEMENTS OF THE BASIS OF THE BARGAIN BETWEEN DROPBOX AND YOU.

PREMIUM ACCOUNT HOLDERS: YOU AGREE THAT THE AGGREGATE LIABILITY OF DROPBOX TO YOU FOR ANY AND ALL CLAIMS ARISING FROM THE USE OF THE SITE, CONTENT, FILES AND/OR SERVICES IS LIMITED TO LOWER OF THE AMOUNTS YOU HAVE PAID TO DROPBOX DURING THE THREE MONTH PERIOD PRIOR TO SUCH CLAIM, FOR ACCESS TO AND USE OF THE SITE, CONTENT, FILES OR SERVICES, OR ONE-HUNDRED ($100) DOLLARS. THE LIMITATIONS OF DAMAGES SET FORTH ABOVE ARE FUNDAMENTAL ELEMENTS OF THE BASIS OF THE BARGAIN BETWEEN DROPBOX AND YOU.

Note that you can't sue them if your data is exposed to unintended third parties. Doesn't that make their privacy policy totally toothless?

Temporary/disposable *scoped* keys

[katz]

From here: https://spideroak.com/blog/200811201300

"Most storage providers -- if they offer encryption at all -- only use one encryption key per account. Instead, SpiderOak uses a nested system of many small scoped encryption keys. When you create a ShareRoom, the SpiderOak client makes the encryption keys of appropriate scope for the contents of that share room public.
This makes it possible for our webservers to present the contents to visitors, but nothing beyond the Share Room is known.

So, the upload transaction to create a new ShareRoom and suddenly be sharing a lot of data within your account is very small, and your ShareRoom is ready for company very soon."

Re:Temporary/disposable *scoped* keys

[geminidomino]

Nifty. Nice find! Thanks!

from forums.dropbox.com :

[djihz]

In our help article we state that Dropbox employees aren't able to access user files. This is not an intentionally misleading statement -- it is enforced by technical access controls on our backend storage infrastructure as well as strict policy prohibitions. The contents of a file will never be accessed by a Dropbox employee without the user's permission. We can see, however, why people may have misinterpreted "Dropbox employees aren't able to access user files" as a statement about how Dropbox uses encryption, so we will change this article to use the clearer "Dropbox employees are prohibited from accessing user files".

Thread here : http://forums.dropbox.com/topic.php?id=36835

Poor choice of words indeed.

Talk to the librarians

[jeko]

It's actually worse than that. The FBI has for the past several years been demanding librarians turn over records of who's reading what and trying to place the library staff under a gag regarding the whole thing. Some librarians have been able to make a fight of it. Some have not. The ones who lost this battle are precisely the ones we'll never hear from.

Tin foil hats aside, if you've been doing a term paper on Islam or the Haber process, the American Library Association reports the FBI wants to know about you.

I doubt that it is encrypted at rest even

[Ifni]

Unless they use the same key for every subscriber. Try this - grab a file off of Bit Torrent, most any file will do, but make sure it is at least a few hundred megs. Now, upload it to your Dropbox account. Notice how the sync process was near instant? Thats because DB has that file already - someone else already uploaded it and DB was able to match it by checksum, skipping the need to actually upload it. Now, take a file that is unique to you - maybe a zip containing your vacation photos. Make sure it is at least a few hundred megs in size. Now, upload that to Dropbox. Note that it takes quite a bit longer, more in line with what you would expect uploading a file from your computer to a remote server over the Internet. If your files on Dropbox were encrypted with a unique key, every file you uploaded would be unique, so from this it is obvious that Dropbox not only has the capability to decrypt your data, but it does so regularly, if it encrypts it at all. Their data de-duplication would not work optimally if they couldn't.