So there’s been a lot of talk lately about how Dropbox, which promised that it was encrypting our files, actually is only doing so server side and employees and possibly hackers if sophisticated enough could get access to your files. In the comments to a Business Insider article, reps from two companies posted their solutions. I’m sure there are more, but just so I don’t forget these guys, they are
- Secret Sync – this is an add-on that encrypts files on your computer, using a key that nobody at Dropbox has, so even if someone gets into your Dropbox account, they can’t read your files. It’s free, but they plan to roll out a “pro” model with additional features.
- Spider Oak offers client-side encryption built in, so it’s essentially the same as Dropbox + Secret Sync and is, like Dropbox, free for 2GB.
Secret Sync (or actually, I think it’s SecretSync as one word), being a different company entirely from Dropbox, means that your DB and SS passwords are not shared between companies, so that should be as secure as your passwords.
Spider Oak is one company, but they claim a higher level of privacy than Dropbox:
At SpiderOak we have created a true ‘zero-knowledge environment’ meaning that no one including the SpiderOak employees will ever know what you are storing on your SpiderOak Network. We can maintain this environment because at no time will anybody know your password (or the answer to your password hint) except you.
I still haven’t decided whether to switch. I’m pretty pissed off at Dropbox for the misleading statements they make on their site (saying all files are AES 256 encrypted – essentially unbreakable – but neglecting to say that they have the keys and with certain forms of attack the hackers could have them too!). Still, one of the things about Dropbox is it is very bandwidth efficient and I am bandwidth limited because I’m often connected over satellite. Dropbox tries to upload just the pieces of a file that have changed (based on filesystem sectors?) and to not even upload common files that a lot of people share (very popular songs). Once you switch to full encryption, I would think that changing a single period in a document would result in a completely different encrypted file, like if you were doing a hash, and require a full upload.
Spider Oak says no:
SpiderOak will scan the file and find only the changes, and store new data blocks for those areas of the file. This means that SpiderOak is able to store all historical versions of a document using little additional space.
For example, if you’re working on a research paper, and add new sections, charts, and other information to it as you go along, SpiderOak just stores these additional items. So, SpiderOak will be able to store all of the historical versions of your research paper using about the same amount of space as would be needed to only store the most recent version.
So it would probably be worth it to switch, but we turtles don’t do anything fast!