[ale] Dropbox opinions wanted

Joe Knapka jknapka at kneuro.net
Fri Sep 17 15:57:10 EDT 2010


OK, should've looked at the SpiderOak client a little more closely :-P  It
can totally
do what I want.

-- JK

On Fri, Sep 17, 2010 at 1:27 PM, Joe Knapka <jknapka at kneuro.net> wrote:

> I tried both SpiderOak and DropBox recently, and while SpiderOak seems to
> have more
> robust security (only de-duping files on a per-user basis), I find DropBox
> to be more
> convenient.  I don't see an easy way, with SpiderOak, to just have a plain
> old folder
> shared among several machines that magically stays consistent, which is the
> default with DropBox.  It seems you have to explicitly move content between
> machines
> using the SpiderOak client. Am I missing something?  Eg if I just want to
> have
> /home/jk/myMagicFolder on one machine and C:\magicFolder on another machine
> always be in sync, can SpOak do that?
>
> -- JK
>
>
> On Fri, Sep 17, 2010 at 5:26 AM, Greg Freemyer <greg.freemyer at gmail.com>wrote:
>
>> Pat,
>>
>> Did you look at SpiderOak as an alternative?
>>
>> Greg
>>
>> On 9/17/10, Pat Regan <thehead at patshead.com> wrote:
>> > On Fri, 17 Sep 2010 00:05:20 -0400
>> > Michael Trausch <mike at trausch.us> wrote:
>> >
>> >> They could be encrypting to 2 keys: your password and a key that they
>> >> do not share, but use to read from Amazon or whatever. It is possible
>> >> that they also then generate the hashes prior to encryption. The
>> >> level of protection is such that one couldn't steal the files from S3
>> >> but a DB empl might be able to.
>> >
>> > I've been thinking about this a lot today...  I'd really like dropbox
>> > like functionality (and an app on my phone!) but I'm not very
>> > trusting...
>> >
>> > If they store the hash prior to encryption that means anyone with
>> > access to their database can know what files I have stored in my
>> > account.  That could be the RIAA or MPAA.  If things work like everyone
>> > says they work then this is one of the things they do have or else they
>> > couldn't make it work.
>> >
>> > If they can deliver a file that is in my account to one of your
>> > machines then they have to have a way to decrypt it.  If they can
>> > decrypt my file I would consider it barely safe up there.
>> >
>> > Their FAQ says:
>> >
>> > "All files stored on Dropbox servers are encrypted (AES-256) and are
>> > inaccessible without your account password"
>> >
>> > "Dropbox employees aren't able to access user files, and when
>> > troubleshooting an account they only have access to file metadata
>> > (filenames, file sizes, etc., not the file contents)"
>> >
>> > I read these two bullet points when this discussion first started.  For
>> > these points to really mean anything the data needs to be encrypted
>> > before it leaves your computer.  If that were true my trust level in
>> > Dropbox would have gone up from where it was before this thread
>> > started...
>> >
>> > If everyone is correct and they are sharing files between users then
>> > the first point is barely useful and almost a falsehood.  They are
>> > almost implying that only your account password can decrypt the files.
>> > What they really mean to say is:
>> >
>> > "All files stored on Dropbox servers are encrypted (AES-256) and are
>> > inaccessible without your account password AND ONE OR MORE KEYS OWNED
>> > BY DROPBOX"
>> >
>> > That means that the second bullet point about employees not being able
>> > to access the files is probably more a matter of policy than it is a
>> > technical limitation.
>> >
>> > I figure my data would be just one notch more private with Dropbox than
>> > it is with Google...
>> >
>> > Pat
>> >
>> > I was thinking about how to implement some Dropbox functionality with
>> > inotify and rsync.  Is anyone interested in talking about that? :)
>> > _______________________________________________
>> > Ale mailing list
>> > Ale at ale.org
>> > http://mail.ale.org/mailman/listinfo/ale
>> > See JOBS, ANNOUNCE and SCHOOLS lists at
>> > http://mail.ale.org/mailman/listinfo
>> >
>>
>> --
>> Sent from my mobile device
>>
>> Greg Freemyer
>> Head of EDD Tape Extraction and Processing team
>> Litigation Triage Solutions Specialist
>> http://www.linkedin.com/in/gregfreemyer
>> CNN/TruTV Aired Forensic Imaging Demo -
>>
>> http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/
>>
>> The Norcross Group
>> The Intersection of Evidence & Technology
>> http://www.norcrossgroup.com
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20100917/3ed60f3a/attachment.html 


More information about the Ale mailing list