ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Do it yourself dropbox

<< < (4/9) > >>

I guess there might be a privacy element involved with such caching if the extra information involved remains even after the last instance of the data was removed from Dropbox servers. But seriously, practically, what is the privacy leak in this case? The most devious usecase I can think of is some corporation querying dropbox for all possible files they own to see if it was ever uploaded... and even then it does not reveal who has the file. Hell, technically said corporation would probably be liable for stuff like reverse engineering the Dropbox protocols and whatnot, so it would legally be unusable information.

I use the almost exact same technique for JottiQ. Jotti's malware scan has an internal database of files it has already scanned, which allows me to avoid uploading a file a second time.

So, in a nutshell: I am willing to share some file with the service (Jotti / Dropbox), so I would be sharing the private information I worry about with the service to begin with. Thus the service obtains no private information it wouldn't have without such an optimization.

That make sense?

SpiderOak has a blog entry somewhere that lines out some security flaws (some which aren't all tinfoil hat) with a scheme that shares blocks between users - too lazy to search for it now, sorry, but it shouldn't be too hard to track down if you're interested. No reverse-engineering is needed, if global hashes are stored all the Evil CorpTM needs is a subpoena.

From the SO blog posts, it sounds like their method and reasoning for it is pretty well considered. Zero-Knowledge ftw.

Actually, a friend of mine found out that DropBox does even more than that. It only transfers new blocks among all of its members' blocks. That is, if you try to upload a known large file (say a Ubuntu DVD or some known media), it'll upload instantly (regardless of the speed of your connection).-jgpaiva (March 09, 2011, 06:30 PM)
--- End quote ---
Good for speed, and storage space reduction at DropBox's servers, bad for privacy.
-f0dder (March 10, 2011, 07:07 AM)
--- End quote ---
Yes, no question there. It also means that they must store all data unencrypted on their side, or they wouldn't be able to serve you a file someone else uploaded.

I have nothing to hide! But I prefer SSH and Unison to sync and store my files, because those are my files(at least I own some of them) that sit on my paid hardware and I like to have control over my own system. I know people are going nuts over cloud stuff, I think it is pretty neat and wonderful as well. There can be amazing uses for the future of man kind,  but I prefer to rely on my own ideas and workflows. This way of working also makes me learn and implement new stuff. So I do not become a one way techno consuming machine as well.

You know the cloud can get cloudy, rainy and stormy, then what do you do?

Just ran across this today:
ownCloud is still in development but it looks promising. You need to run your own LAMP stack to host the sync server which then of course has a web UI and there are desktop clients in the works for Win/Mac/*nix. Hopefully mobile apps eventually too. It's a bit too early in dev for me to want to play with it but I'd be interested to hear anyone else's experience.

- Oshyan


[0] Message Index

[#] Next page

[*] Previous page

Go to full version