On Sun, Jul 3, 2011 at 9:32 AM, Victor van Reijswoud < [email protected]> wrote:
> I also noticed the changes for my Dropbox account: interesting and at > the same time a bit scary. Also a fascinating issue around ownership. > > Anyone familiar with the technology? > > I've used various cloud storage / synchronization services and I'm pretty paranoid about my document security / privacy. Initially I used SpiderOak to backup and synchronize my more sensitive files, just because SpiderOak uses rather innovative encryption techniques where the data is encrypted on your client before it's sent to them for storage- so even SpiderOak staff themselves can't see what you're storing. You can read more about it here: https://spideroak.com/engineering_matters Unfortunately I found SpiderOak's user interface to be absolutely horrible and their synchronization algorithms were very unpredictable. After tolerating them for a over a year I finally had enough. I like really like Dropbox (it just 'works') but I don't like the fact that they can access my documents- they have too, de-duplication is a huge part of their business model and it's almost impossible to de-dup encrypted data. Fortunately, I found a way to have my cake and eat it too. I now use encfs to encrypt a folder within my Dropbox folder. The folder is encrypted with the same password as my Ubuntu login password and pam automatically mounts it as soon as I log in. Encfs can be mounted by multiple systems simultaneously and synchronization works perfectly. The tutorial I followed is here: http://pragmattica.wordpress.com/2009/05/10/encrypting-your-dropbox-seamlessly-and-automatically/ You could also just have a truecrypt drive in your Dropbox folder which would also work, but it has some disadvantages: Because truecrypt stores everything in one file, you may make just one tiny change to a text file within the truecrypt container and dropbox will have to resync the entire truecrypt file. I know that dropbox uses rsync-like synchronization algorithms so it probably wouldn't have to transfer the whole file, but I'm guessing it would result in a lot more internet usage than necessary. Encfs stores each encrypted file separately- so if I have two files in my encfs filesystem I will have two encrypted files in dropbox. It will only need to synchronize the specific files modified. Because truecrypt is lower level, you have to use a normal filesystem (probably fat32 or ext4) on top of it. If you try to mount it as read-write from two different computers simultaneously, very, very bad things are going to happen. Encfs is higher level and behaves more like NFS when used on Dropbox- I can access it read-write from multiple computers simultaneously. Overall I am extremely satisfied with my decision to ditch SpiderOak in favor of Dropbox / encfs. DropBox can read, copy, reproduce, or do anything else their license allows them to do to my encrypted data and I couldn't care less. David
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
