dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
49

skeechan
Ai Otsukaholic
Premium Member
join:2012-01-26
AA169|170

1 edit

skeechan to MxxCon

Premium Member

to MxxCon

Re: I didn't even know

So what, just because financial institutions use cloud storage doesn't make it safe.

Fact is you never know which idiots are running which services. Smart today, idiot tomorrow.

MxxCon
join:1999-11-19
Brooklyn, NY

MxxCon

Member

If you implement redundant TNO, any service is good.

skeechan
Ai Otsukaholic
Premium Member
join:2012-01-26
AA169|170

1 edit

skeechan

Premium Member

said by MxxCon:

If you implement redundant TNO, any service is good.

Not necessarily. Let's look at consumer grade cloud services. At Dropbox you had an update pushed that turned off proper authentication requirements. The service was still up for everyone, but unfortunately ANY PASSWORD got you into an account. Everyone's account was exposed. I would consider that a bit problematic.

Redundancy doesn't protect the contents of your data from anything other than loss. That is no solace when it comes to sensitive or semi-sensitive data. And it is not always convenient to encrypt everything prior to upload to a cloud service (eg an app tied to service doesn't support encryption before upload). Having to do so can defeat the convenience or even purpose of having the service.

MxxCon
join:1999-11-19
Brooklyn, NY
ARRIS TM822
Actiontec MI424WR Rev. I

1 recommendation

MxxCon

Member

You are confusing a few different concepts here.
TNO is short of "trust no one", a security concept where you, yourself make sure that the data is encrypted and you control all the encryption and decryption mechanisms. EncFS and BoxCryptor are such examples. TrueCrypt is another one.
Yes, I agree with you that Dropbox has horrible security track record. I personally don't use, will not use it and will strongly encourage everybody not to use it.
You are also mixing up storage with synchronization services. But even if you use dropbox, you can use the above listed products to make sure that your files are secure.

AnonFTW
@rr.com

AnonFTW to skeechan

Anon

to skeechan
Funnily enough, Dropbox is hosted with AWS.

skeechan
Ai Otsukaholic
Premium Member
join:2012-01-26
AA169|170

2 edits

skeechan to MxxCon

Premium Member

to MxxCon
As I have already stated, it is not always convenient to encrypt everything prior to upload. In my case files need to be accessible cross platform (including Android and iOS). That is proving to be quite a hurdle.

The 2nd and bigger one for me is the container itself. In a cloud sync application (like Dropbox) changing anything within the container means resyncing the entire container. If your container is even moderately large, say 100-200MB and upload speed slow, you are screwed. And for me, I would need a very large container and would be adding records quite frequently making something like Truecrypt+Dropbox a non-starter.

MxxCon
join:1999-11-19
Brooklyn, NY

MxxCon

Member

Once again, if you are talking specifically about Dropbox, no matter how big your "container" is, Dropbox syncs only the changes.
And boxcryptor works on android and ios. Did you even bother to look at its webiste?

skeechan
Ai Otsukaholic
Premium Member
join:2012-01-26
AA169|170

4 edits

skeechan

Premium Member

I use Truecrypt with Dropbox and DB syncs the entire container when anything inside the container is changed because the container as created is treated by DB as a single file. I am now trying Boxcryptor and while it works with 2 Macs, the 3rd continuously gets "not a valid boxcrypt folder" errors. I'll keep tinkering with it, especially since the license was $100...ouch. BC also beachballs like a big dog.

EDIT - Also with the commercial license I can't seem to open 2 encrypted folders at the same time. When opening one folder, BC force ejects a folder that is already open (so you can't copy between encrypted folders).

MxxCon
join:1999-11-19
Brooklyn, NY
ARRIS TM822
Actiontec MI424WR Rev. I

MxxCon

Member

said by skeechan:

I use Truecrypt with Dropbox and DB syncs the entire container when anything inside the container is changed because the container as created is treated by DB as a single file.

Either you configured something in truecrypt that totally rewrites the whole "container" on each change, or dropbox lied(not surprising) about their claim that they transmit only changed blocks for existing files...

skeechan
Ai Otsukaholic
Premium Member
join:2012-01-26
AA169|170

skeechan

Premium Member

It's the latter. Any change to a single file resyncs the file in its entirety. So if you have a container like TC or a VM and there is any change, DB would sync the entire container.

Boxcrypt is doing what I need it to do. The KP and beach balls were caused the the version of OSXFUSE BC includes with their install. OSXFUSE 2.5 fixes it (so far).
skeechan

skeechan

Premium Member

Boxcryptor is working great with Dropbox, totally seamless. Thanks for the tip.