[ale] Dropbox opinions wanted
Joe Knapka
jknapka at kneuro.net
Fri Sep 17 15:27:54 EDT 2010
I tried both SpiderOak and DropBox recently, and while SpiderOak seems to
have more
robust security (only de-duping files on a per-user basis), I find DropBox
to be more
convenient. I don't see an easy way, with SpiderOak, to just have a plain
old folder
shared among several machines that magically stays consistent, which is the
default with DropBox. It seems you have to explicitly move content between
machines
using the SpiderOak client. Am I missing something? Eg if I just want to
have
/home/jk/myMagicFolder on one machine and C:\magicFolder on another machine
always be in sync, can SpOak do that?
-- JK
On Fri, Sep 17, 2010 at 5:26 AM, Greg Freemyer <greg.freemyer at gmail.com>wrote:
> Pat,
>
> Did you look at SpiderOak as an alternative?
>
> Greg
>
> On 9/17/10, Pat Regan <thehead at patshead.com> wrote:
> > On Fri, 17 Sep 2010 00:05:20 -0400
> > Michael Trausch <mike at trausch.us> wrote:
> >
> >> They could be encrypting to 2 keys: your password and a key that they
> >> do not share, but use to read from Amazon or whatever. It is possible
> >> that they also then generate the hashes prior to encryption. The
> >> level of protection is such that one couldn't steal the files from S3
> >> but a DB empl might be able to.
> >
> > I've been thinking about this a lot today... I'd really like dropbox
> > like functionality (and an app on my phone!) but I'm not very
> > trusting...
> >
> > If they store the hash prior to encryption that means anyone with
> > access to their database can know what files I have stored in my
> > account. That could be the RIAA or MPAA. If things work like everyone
> > says they work then this is one of the things they do have or else they
> > couldn't make it work.
> >
> > If they can deliver a file that is in my account to one of your
> > machines then they have to have a way to decrypt it. If they can
> > decrypt my file I would consider it barely safe up there.
> >
> > Their FAQ says:
> >
> > "All files stored on Dropbox servers are encrypted (AES-256) and are
> > inaccessible without your account password"
> >
> > "Dropbox employees aren't able to access user files, and when
> > troubleshooting an account they only have access to file metadata
> > (filenames, file sizes, etc., not the file contents)"
> >
> > I read these two bullet points when this discussion first started. For
> > these points to really mean anything the data needs to be encrypted
> > before it leaves your computer. If that were true my trust level in
> > Dropbox would have gone up from where it was before this thread
> > started...
> >
> > If everyone is correct and they are sharing files between users then
> > the first point is barely useful and almost a falsehood. They are
> > almost implying that only your account password can decrypt the files.
> > What they really mean to say is:
> >
> > "All files stored on Dropbox servers are encrypted (AES-256) and are
> > inaccessible without your account password AND ONE OR MORE KEYS OWNED
> > BY DROPBOX"
> >
> > That means that the second bullet point about employees not being able
> > to access the files is probably more a matter of policy than it is a
> > technical limitation.
> >
> > I figure my data would be just one notch more private with Dropbox than
> > it is with Google...
> >
> > Pat
> >
> > I was thinking about how to implement some Dropbox functionality with
> > inotify and rsync. Is anyone interested in talking about that? :)
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> >
>
> --
> Sent from my mobile device
>
> Greg Freemyer
> Head of EDD Tape Extraction and Processing team
> Litigation Triage Solutions Specialist
> http://www.linkedin.com/in/gregfreemyer
> CNN/TruTV Aired Forensic Imaging Demo -
>
> http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/
>
> The Norcross Group
> The Intersection of Evidence & Technology
> http://www.norcrossgroup.com
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20100917/2869da9d/attachment.html
More information about the Ale
mailing list