[liberationtech] Safe app like Dropbox?
Griffin Boyce
griffinboyce at gmail.com
Sun Jan 6 14:20:20 PST 2013
On Sun, Jan 6, 2013 at 3:50 PM, John Adams <jna at retina.net> wrote:
> Why don't you just get around the problem entirely and use Dropbox's storage for encrypted disk images?
>
> If you have data sufficiently encrypted, it doesn't matter how it's stored.
>
> -j
On Sun, Jan 6, 2013 at 4:47 PM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
> The main concern that I have is that an attacker pwning a Dropbox
> account could tamper with encrypted files.
Dropbox has a history of breaking encrypted files and truecrypt
containers. Which makes a lot of sense when you consider that when
syncing a file, Dropbox replaces only the part of the file that has
changed. (Or tries to). [1]
There are a lot of great uses for Dropbox, Box.net, SpiderOak etc
etc -- but storing sensitive files securely is not one of them. I
have Dropbox and Box accounts, and use them for client designs and
stock art. I think this is a pretty standard use of the service and
would not recommend putting anything particularly sensitive there.
In terms of security from other people, an encrypted hard drive,
thumb drive or memory card is going to be a much better choice. If
you absolutely need to pass an encrypted container back and forth,
there's probably not a cloud service that fits your needs.
Best,
Griffin
[1] http://dl.dropbox.com/u/27532820/original_screencast.html
--
"What do you think Indians are supposed to look like?
What's the real difference between an eagle feather fan
and a pink necktie? Not much."
~Sherman Alexie
PGP Key etc: https://www.noisebridge.net/wiki/User:Fontaine
More information about the liberationtech
mailing list