Dropbox and Security, Again

January 28, 2012 by Gabe | [mmd] |

Yes, the Dropbox security story is still lingering. Patrick Rhone posted an updated article about the FTC complaint recently filed against them for deceptive language in their privacy terms. Read it for yourself, but Patrick argues that all data is at risk so be cautious and accept it.

I don’t like the tone of the piece[1] but his advice is sound. Whenever I store sensitive data on Dropbox, I encrypt it myself before it is uploaded. I create encrypted sparse images that hold the files. They can be easily opened on a mac and used as any other volume. I tend to use Knox because it makes the whole process easy. Knox keeps a list of sparse images in a menu bar drop down and provides direct access to the disk compression utility. However, the images can be created, used and resized using the built-in Apple Disk Utility application.

These files are not accessible through iOS though which makes Dropbox less useful to me. Unfortunately Spideroak, which does provide real encryption, is not ready for primetime. It’s awkward and not well supported by third party developers. I’m watching it though, because I like their model better.


UPDATE: I guess Patrick decided to delete his post. Maybe because the referenced page is the original 2011 article from Wired. I'm not sure, but this post still tells the story I wanted it to. Encrypt your own data and do not rely on anyone else to do it for you; If you care about that sort of thing.

  1. I think the attitude that there is no expectation of privacy once someone agrees to use a service is a little patronizing. What Dropbox did was wrong and misleading. They admitted to it and now I don’t trust them. I still pay them money every month, but I also go out of my way to secure a lot more stuff on Dropbox and I use Dropbox less than I did before.  ↩