I tried both SpiderOak and DropBox recently, and while SpiderOak seems to have more<div>robust security (only de-duping files on a per-user basis), I find DropBox to be more</div><div>convenient. I don't see an easy way, with SpiderOak, to just have a plain old folder</div>
<div>shared among several machines that magically stays consistent, which is the</div><div>default with DropBox. It seems you have to explicitly move content between machines</div><div>using the SpiderOak client. Am I missing something? Eg if I just want to have</div>
<div>/home/jk/myMagicFolder on one machine and C:\magicFolder on another machine</div><div>always be in sync, can SpOak do that?</div><div><br></div><div>-- JK</div><div><br></div><div><br><div class="gmail_quote">On Fri, Sep 17, 2010 at 5:26 AM, Greg Freemyer <span dir="ltr"><<a href="mailto:greg.freemyer@gmail.com">greg.freemyer@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Pat,<br>
<br>
Did you look at SpiderOak as an alternative?<br>
<br>
Greg<br>
<div><div></div><div class="h5"><br>
On 9/17/10, Pat Regan <<a href="mailto:thehead@patshead.com">thehead@patshead.com</a>> wrote:<br>
> On Fri, 17 Sep 2010 00:05:20 -0400<br>
> Michael Trausch <<a href="mailto:mike@trausch.us">mike@trausch.us</a>> wrote:<br>
><br>
>> They could be encrypting to 2 keys: your password and a key that they<br>
>> do not share, but use to read from Amazon or whatever. It is possible<br>
>> that they also then generate the hashes prior to encryption. The<br>
>> level of protection is such that one couldn't steal the files from S3<br>
>> but a DB empl might be able to.<br>
><br>
> I've been thinking about this a lot today... I'd really like dropbox<br>
> like functionality (and an app on my phone!) but I'm not very<br>
> trusting...<br>
><br>
> If they store the hash prior to encryption that means anyone with<br>
> access to their database can know what files I have stored in my<br>
> account. That could be the RIAA or MPAA. If things work like everyone<br>
> says they work then this is one of the things they do have or else they<br>
> couldn't make it work.<br>
><br>
> If they can deliver a file that is in my account to one of your<br>
> machines then they have to have a way to decrypt it. If they can<br>
> decrypt my file I would consider it barely safe up there.<br>
><br>
> Their FAQ says:<br>
><br>
> "All files stored on Dropbox servers are encrypted (AES-256) and are<br>
> inaccessible without your account password"<br>
><br>
> "Dropbox employees aren't able to access user files, and when<br>
> troubleshooting an account they only have access to file metadata<br>
> (filenames, file sizes, etc., not the file contents)"<br>
><br>
> I read these two bullet points when this discussion first started. For<br>
> these points to really mean anything the data needs to be encrypted<br>
> before it leaves your computer. If that were true my trust level in<br>
> Dropbox would have gone up from where it was before this thread<br>
> started...<br>
><br>
> If everyone is correct and they are sharing files between users then<br>
> the first point is barely useful and almost a falsehood. They are<br>
> almost implying that only your account password can decrypt the files.<br>
> What they really mean to say is:<br>
><br>
> "All files stored on Dropbox servers are encrypted (AES-256) and are<br>
> inaccessible without your account password AND ONE OR MORE KEYS OWNED<br>
> BY DROPBOX"<br>
><br>
> That means that the second bullet point about employees not being able<br>
> to access the files is probably more a matter of policy than it is a<br>
> technical limitation.<br>
><br>
> I figure my data would be just one notch more private with Dropbox than<br>
> it is with Google...<br>
><br>
> Pat<br>
><br>
> I was thinking about how to implement some Dropbox functionality with<br>
> inotify and rsync. Is anyone interested in talking about that? :)<br>
> _______________________________________________<br>
> Ale mailing list<br>
> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
><br>
<br>
</div></div><font color="#888888">--<br>
Sent from my mobile device<br>
</font><div class="im"><br>
Greg Freemyer<br>
Head of EDD Tape Extraction and Processing team<br>
Litigation Triage Solutions Specialist<br>
<a href="http://www.linkedin.com/in/gregfreemyer" target="_blank">http://www.linkedin.com/in/gregfreemyer</a><br>
CNN/TruTV Aired Forensic Imaging Demo -<br>
<a href="http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/" target="_blank">http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/</a><br>
<br>
The Norcross Group<br>
The Intersection of Evidence & Technology<br>
<a href="http://www.norcrossgroup.com" target="_blank">http://www.norcrossgroup.com</a><br>
_______________________________________________<br>
</div><div><div></div><div class="h5">Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br>
</div></div></blockquote></div><br></div>