Dropbox continues to make headlines with their recent programming blunder which left the accounts of its 25 million customers wide open during a four-hour time span. During the duration, anyone in the world could access any Dropbox profile by typing in any password. And seeing as this wasn't the first security failure, everyone, including the most loyal users are considering dropping the Dropbox.
The security issues arise from the architecture of Dropbox's service, which makes it super easy to upload, share and sync files online because all of the encryption and decryption happens on Dropbox's servers, not on your actual computers. But for those serious about protecting their data, this is a serious no go. Why would you want Dropbox to hold the encryption key and not yourself? Sure, it makes things easy to recover in case you forget your password, but it also leaves your private data accessible to Dropbox staff and their own inexcusable security flaws.
In a past article, we showed you different methods for password protecting files and folders on a Mac directly from iWork and Microsoft Office, as well as creating secure PDF documents and using Disk Utility to make protected DMGs. Well, Rich Mogull at Securosis has another option to make sure your files remain safe from the hands of incompetence, and not just for Macs—it also supports Windows and Linux.
"TrueCrypt is a great encryption tool supported by all major platforms. First, download TrueCrypt. Run TrueCrypt and select Create Volume, then "create an encrypted file container". Follow the wizard with the defaults, placing your file in Dropbox and selecting the FAT file system if you want access to it from different operating systems. If you know what you're doing, you can use key files instead of passwords, but either is secure enough for our purposes."
But he also warns to be careful when using TrueCrypt for Dropboxing and to never open containers on two systems at the same time, because you might lose everything because of how Dropbox syncs, which "may only detect changes when you close the encrypted container, which flushes all changes to the file."
SecretSync is another option for encrypting your data while still using Dropbox. It creates a secondary directory outside of Dropbox, which is encrypted and then synced with Dropbox. Files can only be decrypted on the computers you physically own and control. It's currently in Beta mode for Linux and Windows, with Mac coming soon.
"SecretSync also installs a special folder, separate from Dropbox, for confidential or sensitive documents. After installing SecretSync, you will have two folders on your computer, the SecretSync folder and the Dropbox folder."
It's free for a 2GB directory and $39.99 per year for 20GB or $59.99 a year for unlimited storage.
Another way is to stop using Dropbox altogether for an alternative online storage service that does a better job at keeping your content safe and secure.
SpiderOak runs on Mac, Linux and Windows, and provides an easy way to secure and your online documents while keeping the ability to share and sync. It differs from Dropbox because the encryption happens on your machine, not on their servers, making it readable by you alone. You create a password on your computer, and then a "strong key derivation function is used to generate encryption keys using that password, and no trace of your original password is ever uploaded to SpiderOak with your stored data."
You get 2GB of storage for free with a basic account, but just like Dropbox you can get more by referral links, which earn you 1GB each (up to 50GB total for free). If you need more than that, it's $10 a month per 100 GB. For more information, check out their video tutorials.
Wuala is yet another option that allows you to backup, sync and share without any security issues. All files get encrypted on your desktop and are stored redundantly in many different locations, which could be on their servers in Switzerland, Germany or France. Your password never leaves your hands, so no one can access your files or password, not even Wuala (just like SpiderOak). It's available for Mac, Linux, Windows and Mobile devices. Check out some of their videos below to see how it works. Also, check out their YouTube channel for more.
With a free account you only get 1GB of storage, which isn't that great. And you get 3GB of additional free storage with each referral, but that extra space expires after one year.
Their pricing for more online room is comparable to SpiderOak with 100GB costing $129 per year (SpiderOak is $100 per year). But Dropbox by far is the worst culprit, costing almost $240. That's almost twice as much as Wuala and 2.4 times more than SpiderOak!
Another option is SugarSync, which works with Mac and PC, along with a slew of mobile platforms like iPhone, iPad, Android, Symbian and BlackBerry. But unfortunately, just like Dropbox, the files are not encrypted on your computer, but on the servers instead, raising the exact same security issues that users have with Dropbox. Enough said.
Photo by dojostream
UPDATE: This article originally compared prices incorrectly between Dropbox, SpiderOak and Wuala. The amounts have been changed.