Dropbox continues to make headlines with their recent programming blunder which left the accounts of its 25 million customers wide open during a four-hour time span. During the duration, anyone in the world could access any Dropbox profile by typing in any password. And seeing as this wasn't the first security failure, everyone, including the most loyal users are considering dropping the Dropbox.
The security issues arise from the architecture of Dropbox's service, which makes it super easy to upload, share and sync files online because all of the encryption and decryption happens on Dropbox's servers, not on your actual computers. But for those serious about protecting their data, this is a serious no go. Why would you want Dropbox to hold the encryption key and not yourself? Sure, it makes things easy to recover in case you forget your password, but it also leaves your private data accessible to Dropbox staff and their own inexcusable security flaws.
In a past article, we showed you different methods for password protecting files and folders on a Mac directly from iWork and Microsoft Office, as well as creating secure PDF documents and using Disk Utility to make protected DMGs. Well, Rich Mogull at Securosis has another option to make sure your files remain safe from the hands of incompetence, and not just for Macs—it also supports Windows and Linux.
"TrueCrypt is a great encryption tool supported by all major platforms. First, download TrueCrypt. Run TrueCrypt and select Create Volume, then "create an encrypted file container". Follow the wizard with the defaults, placing your file in Dropbox and selecting the FAT file system if you want access to it from different operating systems. If you know what you're doing, you can use key files instead of passwords, but either is secure enough for our purposes."
But he also warns to be careful when using TrueCrypt for Dropboxing and to never open containers on two systems at the same time, because you might lose everything because of how Dropbox syncs, which "may only detect changes when you close the encrypted container, which flushes all changes to the file."
SecretSync is another option for encrypting your data while still using Dropbox. It creates a secondary directory outside of Dropbox, which is encrypted and then synced with Dropbox. Files can only be decrypted on the computers you physically own and control. It's currently in Beta mode for Linux and Windows, with Mac coming soon.
"SecretSync also installs a special folder, separate from Dropbox, for confidential or sensitive documents. After installing SecretSync, you will have two folders on your computer, the SecretSync folder and the Dropbox folder."
It's free for a 2GB directory and $39.99 per year for 20GB or $59.99 a year for unlimited storage.
Another way is to stop using Dropbox altogether for an alternative online storage service that does a better job at keeping your content safe and secure.
SpiderOak runs on Mac, Linux and Windows, and provides an easy way to secure and your online documents while keeping the ability to share and sync. It differs from Dropbox because the encryption happens on your machine, not on their servers, making it readable by you alone. You create a password on your computer, and then a "strong key derivation function is used to generate encryption keys using that password, and no trace of your original password is ever uploaded to SpiderOak with your stored data."
You get 2GB of storage for free with a basic account, but just like Dropbox you can get more by referral links, which earn you 1GB each (up to 50GB total for free). If you need more than that, it's $10 a month per 100 GB. For more information, check out their video tutorials.
Wuala is yet another option that allows you to backup, sync and share without any security issues. All files get encrypted on your desktop and are stored redundantly in many different locations, which could be on their servers in Switzerland, Germany or France. Your password never leaves your hands, so no one can access your files or password, not even Wuala (just like SpiderOak). It's available for Mac, Linux, Windows and Mobile devices. Check out some of their videos below to see how it works. Also, check out their YouTube channel for more.
With a free account you only get 1GB of storage, which isn't that great. And you get 3GB of additional free storage with each referral, but that extra space expires after one year.
Their pricing for more online room is comparable to SpiderOak with 100GB costing $129 per year (SpiderOak is $100 per year). But Dropbox by far is the worst culprit, costing almost $240. That's almost twice as much as Wuala and 2.4 times more than SpiderOak!
Another option is SugarSync, which works with Mac and PC, along with a slew of mobile platforms like iPhone, iPad, Android, Symbian and BlackBerry. But unfortunately, just like Dropbox, the files are not encrypted on your computer, but on the servers instead, raising the exact same security issues that users have with Dropbox. Enough said.
Other possible options include Password Keeper, Jungle Disk and BoxCryptor, OxygenCloud, CloudSafe and CrashPlan.
Photo by dojostream
UPDATE: This article originally compared prices incorrectly between Dropbox, SpiderOak and Wuala. The amounts have been changed.
Keep Your Connection Secure Without a Monthly Bill. Get a lifetime subscription to VPN Unlimited for all your devices with a one-time purchase from the new Gadget Hacks Shop, and watch Hulu or Netflix without regional restrictions, increase security when browsing on public networks, and more.
Other worthwhile deals to check out:
Nice article! Thanks for showing me Spideroak ;-) Love the client, the completely free folder adding and the sync functionality!
Allthough one thing... you got the price comparison quite wrong. Wuala is 129$ a YEAR (!), Dropbox is 19,99 a MONTH (!) (239,88 for a year?) and spideroak is also 10$ a MONTH (100$ a year). So by that logic spideroak would be the cheapest (only taking the ones I find acceptable to use long term)
If you could update the article, i could recommend this article to my friends without any doubts ;)
Other than that keep up the good work!
PS: Your default rss feed name is "News". Not the best if you like to keep your rss reader organized ;-)
PPS: The registration on your site just made me write the whole comment again :( Would be nice to get informed you have to login to post a comment somewhere, allthough i could have thought of it by myself :)
Thanks Philipp! That was totally flubbed! Thanks for catching. I'm surprised somebody didn't see it sooner. It has been updated. Whew!
And thanks for the "News" tips for our RSS. We should definitely change that. And we will look into the comment issue as well.
Justin. I am curious which method you use or advocate, having done the research?
I'm still actually testing out all of them (free versions). I haven't really decided on my favorite yet. For using Dropbox, I kind of like SecretSync better, and for the Dropbox alternative... so far it's SecretOak. Maybe I just like the word "secret".
Share Your Thoughts