[liberationtech] Secure alternatives to Dropbox?
Bernard Tyers - ei8fdb
ei8fdb at ei8fdb.org
Wed Aug 14 14:50:33 PDT 2013
On 14 Aug 2013, at 22:01, Web Admin <webadmin at cpj.org> wrote:
> Are either of these servics a more secure alternative to 3rd party
> services like DropBox? My reasonng is that a hacker would first need to
> know you host your own cloud in a articular way to attack it. Is my
> thinking too simplistic?
This is something I have been thinking about for a while myself - do I keep my web hosting, mail, filesharing "in the cloud" or do I do it myself? I have the experience and knowledge to do mail, web and file share hosting, but do I want the extra hassle?
No, I don't think your thinking is too simplistic, I think you've got to figure out "who's out to get you?"
Each has it's pros and cons - hosting your file sharing on Dropbox is probably going to keep you reasonably safe from "nasty hax0r5" but it's certainly not going to keep you safe from government surveillance/interception. It's also essentially zero-systems admin.
> Are there oher services to consider? Activists
> and journalists are the typical groups who use dropbox, not considering
> the risks they are taking. It would be good to be able to advise folks on
> more secure alternatives, if they exist.
I found a nice link listing a number of alternatives to Dropbox/Google Drive etc. A lot were based on Bittorrent, which may or may not work if your ISP is acting the a$$. Others were based on Git. [1]
https://aerofs.com/
http://ajaxplorer.info/
Bittorrent:
http://labs.bittorrent.com/experiments/sync.html (os x, windows, linux, android)
http://cryptosphere.org/ (Maybe not exactly bit torrent but definitely p2p)
Git:
http://git-annex.branchable.com/ (os x, linux, android)
https://github.com/axkibe/lsyncd
I am not recommending any of these, as I am still trying to figure out which is the best *for my use*. Ultimately I want to end up doing my own file sharing, and e-mail for myself and 3-4 other people.
> I'm looking for options that are
> easy to use; many journalists/activists won't use something complicated
> (which is of course an issue).
There in lies the issue; define "easy to use" and "complicated". These tools still need a certain amount of knowledge, self-sysadmin, hosting knowledge, and a bunch of other work you are now trading for your "zero-admin" tools. Nothing a person couldn't learn, but - you'r trading one set of issues for another.
If there is *anything* good that came out of the Edward Snowden bombshell is that security, privacy and encryption is now on the discussion of a way more mainstream group of people. I was thrilled to see 2-3 days after the news broke technology people on this list saying (admitting?) encryption is hard, it's not usable. (This is not a jibe at technology people, but you have to admit we're are own worst enemies sometimes.)
These tools have a long way to go, but they've certainly gotten better. It's becoming the norm to have a GUI nowadays, fancy that!
For the moment, I think activists and journalists still need input from your friendly technology person. Thats not to say they can't be self hosted. The more people involved in making them the better.
For what its worth, I am playing with arkos.io and BitTorrent Sync. I still haven't found how Bittorrent Sync fully works, it seems your data needs to go through a BT node, which is not a good idea.
I hope that's helped in some way.
Bernard
[1] https://news.ycombinator.com/item?id=6071604
--------------------------------------
Bernard / bluboxthief / ei8fdb
IO91XM / www.ei8fdb.org
More information about the liberationtech
mailing list