PDA

View Full Version : Is Dropbox safe?



wersdaluv
November 28th, 2008, 03:45 AM
Dropbox (http://www.getdropbox.com/) is the nice app that lets the users backup, sync, and share data by storing your data in their servers. I really like it and I've been using it to save my config files for apps like Firefox, Pidgin, and Evolution.

I was trying to convince my dad to use it but he's not willing to risk his confidential office files. You think Dropbox is safe? Of course, it advertises to be such but is it reliable for real?

:guitar:

Saint Angeles
November 28th, 2008, 04:29 AM
well it sounds like they store your data on their computers... so no, thats not safe.

many people are seriously hating this whole cloud computing fad thats happening.

psusi
November 28th, 2008, 05:12 AM
If you are worried about them looking at your data, then encrypt it.

Saint Angeles
November 28th, 2008, 06:05 AM
or keep it in a thumb drive, hidden, where only you can find it.

OffHand
November 28th, 2008, 11:38 AM
The data traffic is encrypted but the servers itself are not, so in this perspective I would say not. But like someone said... you can encrypt the files and you should be fine. The Dropbox team seems like a good bunch of people though.

Oliver.BS
November 28th, 2008, 11:39 AM
Why not buy a HDD make a network and allow you dad to have access to it ?

Joeb454
November 28th, 2008, 11:45 AM
I use dropbox for backups and photo's of things. I find it comes in really useful. That said I'm not "one of those people that's really hating cloud computing" :)

mihai.ile
November 28th, 2008, 11:54 AM
I'm also starting to use it as a test but i'm concerned about private data.
Yes they offer encription in sending the dada but now they sould offer asimple way to have all data in the folder encrypted using a certificate created by the user. They don't do this...

OffHand
November 28th, 2008, 02:35 PM
I'm also starting to use it as a test but i'm concerned about private data.
Yes they offer encription in sending the dada but now they sould offer asimple way to have all data in the folder encrypted using a certificate created by the user. They don't do this...

From the website:

# How secure is Dropbox?

We take utmost care to ensure Dropbox is secure. All transport of file data and file metadata occurs over SSL. Files are encrypted with AES-256 before being stored on our backend.

# Can I specify my own private key?

We plan to eventually allow users to provide their own private key but for usability reasons (e.g. being able to view files from the web) we haven't done this yet. Some users have mounted truecrypt volumes in their dropboxes to handle this concern.

mihai.ile
November 28th, 2008, 03:05 PM
From the website:

...

We plan to eventually allow users to provide their own private key but for usability reasons (e.g. being able to view files from the web) we haven't done this yet ...

I mean if they set a private key what is it for? lol...
This somehow get's translated into this in my mind:
we'll secure your files on the servers with our private key so we can read the files contents to put it on the web front end.

Where's the security then? there isn't... they still have access to all the files.

I know I can encrypt before adding to dropbox but is not very handy...

OffHand
November 28th, 2008, 03:31 PM
I mean if they set a private key what is it for? lol...
This somehow get's translated into this in my mind:
we'll secure your files on the servers with our private key so we can read the files contents to put it on the web front end.

Where's the security then? there isn't... they still have access to all the files.

I know I can encrypt before adding to dropbox but is not very handy...

You don't have to use it ya know ;)

if you don't trust them, don't use their free service...

Tomosaur
November 28th, 2008, 07:19 PM
Don't store anything which could compromise your security, and you should be ok. I use Dropbox for keeping files that I might need on other computers (I'm in a band, so mp3 demos, lyrics etc are useful, info documents for research for work, text files with links to stuff etc - I hate those sites which keep bookmarks for you, prefer having stuff like that in a text file :P ).

borobudur
December 26th, 2008, 03:10 PM
Well, look what's happening with gmail.com: google scans all the email traffic and posts discretely some advertisement on the side when you read it.

So, Dropbox might do this too with your data one day... :(

OffHand
December 27th, 2008, 01:45 AM
Well, look what's happening with gmail.com: google scans all the email traffic and posts discretely some advertisement on the side when you read it.

So, Dropbox might do this too with your data one day... :(

One day the sun will burn planet earth...

Kernel Sanders
December 27th, 2008, 01:51 AM
many people are seriously hating this whole cloud computing fad thats happening.

+1

Although for some bizzare reason I totally trust Gmail with my e-mails. I have no problem with that. My files etc.. however will never go near the cloud, and I certainly wouldn't use a cloud OS!

magmon
December 27th, 2008, 02:11 AM
Hmm, thats an interesting project.. How does it work? Does it take the stuff off my system?

wersdaluv
December 27th, 2008, 09:47 AM
Well, look what's happening with gmail.com: google scans all the email traffic and posts discretely some advertisement on the side when you read it.

So, Dropbox might do this too with your data one day... :(
Dropbox might be doing it now

dannytatom
December 27th, 2008, 10:47 AM
Hmm, thats an interesting project.. How does it work? Does it take the stuff off my system?

It makes a folder in your home dir that you drag and drop files into, when you put a file in the folder it uploads/syncs to their severs. You can set 'em to private or public and download 'em from wherever you might be.

It's nifty, and I use it for stuff that I'm not worried about people seeing.

yuki86
February 21st, 2010, 09:40 PM
And what about storing my password database (keepass) encrypted (truectypt)

Is it safe???

I just want one place to update my password db from different computers/systems

insane_alien
February 21st, 2010, 09:51 PM
i use a truecrypt volume with dropbox. works fine, data's secure.

civillian
February 21st, 2010, 10:59 PM
i use a truecrypt volume with dropbox. works fine, data's secure.

+1

I use it as a way to transfer small files from my laptop to my desktop (mp3s, edited photographs that I can't edit on my desktop, word documents, etc)

Not too fussed by the whole cloud thing, tbh, I don't get any emails that ought to be confidential that get sent to 'the cloud', I have a .ac.uk address for that stuff. (I don't trust email anyway, I like snail mail better tbh, you can be 80% sure its safe that way)

felixq78
August 12th, 2011, 04:25 AM
This Cloud business is a perfect means by which those who mean us harm can look into our files uninvited. I've been around long enough to know that we cannot trust ANYONE especially those who have the power to do as they please. The only way to protect your files is to keep them OFF the internet.
Stay away from Cloud and anything resembling it. Your father is correct, listen to him.

8_Bit
August 12th, 2011, 04:55 AM
Just keep in mind that nothing in this world is free.

The price you pay for the "free" cloud services like these is obviously your privacy. It's an unstated fact. You have to decide whether the service is worth compromising the security of your personal data.

You can always just use it for non-important things. I am a user of Dropbox myself, but I only store certain types of files on there, like schoolwork. I would never, ever upload sensitive data to it.

Thewhistlingwind
August 12th, 2011, 06:14 AM
Your father is correct, listen to him.

+1

If I have to encrypt sensitive files I store with you, I don't completely trust you, if I don't completely trust you, you shouldn't have copies of my files, I don't completely trust anyone.

Ergo: No one should be getting ANY copies of my files, AES 256 encryption or not.

The only exception to this is if I have a PAID, LEGAL contract with the service provider, in which case I'll still encrypt my files and file suit if I feel the terms of the contract have been breeched.

LowSky
August 12th, 2011, 11:22 AM
I use dropbox and Ubuntu one. I keep nothing on their I deem important. What I do save to them is documents and spreadsheets I may need access to at a later time away form my desktop, or small programs I find on the net I don't want to lose. I find dropbox better for cross-platform at the moment. I really wish Ubuntu One was available for other Linux distros. Sure both have browser access but I like having a folder that can be synced and used offline. It's nice to work on one PC and then be at another and have all those files available without having to create network shares or private FTP's that your ISP may not like you to have.

I used to keep a USB Flash drive on my keychain for years. Until it broke off for the third time. By that point UbuntuOne was coming out and I gave it a try. I will admit I keep maybe a few MB's out of the GB the give us for free. But its very useful.

I find I funny so many people are weary of these free services. 99.999% of you don't have anything even worthwhile to even glance at much less steal. And even if you did, why on Earth would you place your top secrete data in someone else's hands? These services are for junk files. A place to store photos, your backed-up homework, files you wish to share, and so on. I just check my dropbox folder and it has mostly android APK's and my saved bookmarks, which now I don't need thanks to Google Chromes cool ability to sync that too. For me the Cloud is great!

t0p
August 12th, 2011, 01:42 PM
I remember reading once that you should never send an email with stuff on it that you wouldn't send on a postcard via snail mail.

If you really really need to use Dropbox to store sensitive material, then take the advice offered by so many posts in this thread - encrypt the stuff before you put it in your Dropbox folder. Encryption is child's play to use nowadays, and you can get very very secure encryption apps for free. All you gotta do then is remember a few passphrases. Easy.

FreeTheBee
August 12th, 2011, 03:33 PM
I run dropbox with encfs, which works like a charm. Only problem could be windows pc's but since I have none, that isn't an issue for me.

forrestcupp
August 12th, 2011, 03:45 PM
Dropbox is a lifesaver to me. It makes it easier to do my work between a few different computers. I don't store anything ultrasensitive on it, though.

Dry Lips
August 12th, 2011, 04:26 PM
I remember reading once that you should never send an email with stuff on it that you wouldn't send on a postcard via snail mail.


That's why encryption is a good thing. If you use Thunderbird, there is an addon called
enigmail. Highly recommended! The down side is, of course, that the ones you send
your encrypted emails to, need to have encryption on their ends as well...

ctrlmd
August 12th, 2011, 04:32 PM
i use it to store random files not impotent files anything important stored offline

psusi
August 12th, 2011, 04:40 PM
+1

If I have to encrypt sensitive files I store with you, I don't completely trust you, if I don't completely trust you, you shouldn't have copies of my files, I don't completely trust anyone.

Ergo: No one should be getting ANY copies of my files, AES 256 encryption or not.


That is a circular argument. You use encryption so that you don't HAVE to trust them not to look at it; they can't even if they wanted to.

markp1989
August 12th, 2011, 04:45 PM
I use dropbox as a replacement to usb flash drives for syncing my coursework between pcs

I have lost usb drives with work on before, so for my use dropbox is no less secure

I would like to use an encrypted usb, but my uni has restrictions on installing software on their machines.

I do have a small turecrypt volume (256mb) in by dropbox folder that I use for storing more sensitive things.

Thewhistlingwind
August 12th, 2011, 05:14 PM
That is a circular argument. You use encryption so that you don't HAVE to trust them not to look at it; they can't even if they wanted to.

Actually it's "Paranoid to the point of being illogical." I don't even trust encryption algorithms to protect the data.

(Which is silly, because they work, as long as you have enough entropy.)

Theres a LOT of ways to mess up encryption, I'm not sure I trust MYSELF to get it right.

At the same time, I only work from one location right now, so maybe my attitude will change later.

BigCityCat
August 12th, 2011, 06:36 PM
I have my keepass password file in dropbox. It has all my important passwords in it including my banking password. I use it with windows too. It works great.

Thewhistlingwind
August 12th, 2011, 06:53 PM
I have my keepass password file in dropbox. It has all my important passwords in it including my banking password. I use it with windows too. It works great.

Especially on library computers. ;)