topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 7:43 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Deduplication, encryption, security and... Dropbox  (Read 45194 times)

nudone

  • Cody's Creator
  • Columnist
  • Joined in 2005
  • ***
  • Posts: 4,119
    • View Profile
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #25 on: April 16, 2011, 02:36 AM »
Let the great Dropbox Diaspora begin!


CleverCat

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,164
    • View Profile
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #26 on: April 16, 2011, 04:16 AM »
phitsc - check your messages for invite...  :Thmbsup:

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #27 on: April 16, 2011, 08:48 AM »
... and encryption really shouldn't slow anything down unless you've got an insane-speed internet connection :)

Wouldn't the act of encryption slow things down?  i.e. step 1 encrypt, step 2 upload instead of just step 1 upload?
A fast consumer internet connection has 100kb/s upload rate. A 3 year old dualcore laptop can do ~140mb/s AES encryption :)


I've asked Dropbox support if their FAQ statement that says that "Dropbox employees aren't able to access user files" were really true. Their response:

Yes. Dropbox employees can't access the file's contents. They can see the file names, move, delete or even restore files, but can't view them. The only exceptions are the executive staff who have a vested interest the company.

I have to admit that I am shocked about their slack interpretation of the word "employee". To be honest, I feel cheated by that FAQ statement. Already the fact that any employee could actually delete my files is unbelievable.
W...T...F?  :o :o :o :o :o :o :o :o :o :o :o
- carpe noctem

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #28 on: April 16, 2011, 10:25 AM »
Yes. Dropbox employees can't access the file's contents. They can see the file names, move, delete or even restore files, but can't view them. The only exceptions are the executive staff who have a vested interest the company.

Thanks for sharing that, phitsc.
It seems very wrong. Even if their definition of employee wasn't slack...

AndyM

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 616
    • View Profile
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #29 on: April 16, 2011, 01:45 PM »
This:
Yes. Dropbox employees can't access the file's contents. ....  The only exceptions are the executive staff who have a vested interest the company.
makes this:
"Dropbox employees aren't able to access user files"

a lie.

Try telling the IRS that any executive staff, whether or not they are officers of the corporation, whether or not they own stock or have any other vested interest, are not employees of the corporation. 

Eóin

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,401
    • View Profile
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #30 on: April 16, 2011, 02:46 PM »
Executive staff aren't employees, they're gods!
« Last Edit: April 16, 2011, 02:48 PM by Eóin »

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #31 on: April 16, 2011, 03:34 PM »
And gods easily turn into dogs.

phitsc

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 1,198
    • View Profile
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #32 on: April 16, 2011, 04:57 PM »
And gods easily turn into dogs.

Damn, it took me about 10 seconds to see that. And it's only 4 letters ;)

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #33 on: April 16, 2011, 09:52 PM »
...there's more in the blog article the quote is from.

Thanks for the link [Edit : Dropbox's lawyers should study it too]. And I'm also going to study that spideroak thing a bit more though before I Drop or prod the box.... which is definitely something I'll do. Just a matter of time.
« Last Edit: April 16, 2011, 09:54 PM by Armando, Reason: I Thin »

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #34 on: April 16, 2011, 11:46 PM »
This is a pretty good and balanced general article : http://web.appstorm....ak-file-sync-battle/

It mentions security, but isn't focused on it.

And the website is also not bad at all... first time I see it.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #35 on: April 17, 2011, 07:59 AM »
More on Dropbox security.
In addition to those security concerns, also keep this in mind:

shot-17-04-2011@14_57_47.png...in other words, if somebody gets access to your hostid, changing you password isn't going to matter the tiniest bit in the world.

And then we've got this:
Business Transfers. Dropbox may sell, transfer
    or otherwise share some or all of its assets,
    including your Personal Information, in connection
    with a merger,  acquisition, reorganization or
    sale of assets or in the event of bankruptcy.
...all your data are belong to us. Might be standard business practice, but is it particularly confidence-inspiring?

Really, start the DropBox exodus already.
- carpe noctem
« Last Edit: April 17, 2011, 08:01 AM by f0dder »

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #36 on: April 17, 2011, 11:17 AM »
Thanks for the links -- am having problems with the first one though. Installed spideroak last night and will experiment with it today.

Even if I don't have much sensitive stuff in my dropbox account, it's a question of principle: companies offering "cloud" storage should take privacy more seriously. With all that, Dropbook is starting to look like Facebox.

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #37 on: April 17, 2011, 01:12 PM »
Would it be unethical to ask SpiderOak for a special donationcoder discount ? I read quite a bit about it and I think they really have a good product. IMO, it's the perfect alternative to DropBox. Especially if the later doesn't put its act together.

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #38 on: April 17, 2011, 03:34 PM »
Who are the 'executive staff' andc how do they bypass their own security system?

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #39 on: April 17, 2011, 03:46 PM »
Well, they said :

Yes. Dropbox employees can't access the file's contents. They can see the file names, move, delete or even restore files, but can't view them. The only exceptions are the executive staff who have a vested interest the company.

... but, to know how they do it... they'd have to tell us exactly.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #40 on: April 17, 2011, 04:15 PM »
Given what we've heard about DropBox, the "how do the executives bypass security" is probably as simple as "grantAccess = (user.isExecutive == true);"
- carpe noctem

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #41 on: April 17, 2011, 05:10 PM »
But if the data is supposed to be encrypted by a private key ...

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #42 on: April 17, 2011, 06:23 PM »
[slightly off-topic] hmmmm... I'm having problems with spideroak's deduplication... Maybe because my some of my data is already encrypted? see https://www.donation....msg245855#msg245855 [/slightly off-topic]

phitsc

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 1,198
    • View Profile
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #43 on: April 18, 2011, 02:07 AM »
Who are the 'executive staff' andc how do they bypass their own security system?
-Carol Haynes (April 17, 2011, 03:34 PM)

I would assume that it means executive staff have access to the private keys they use for encryption.

Even if I would trust these executive staff (whoever and however many that are), the problem is that if they have access to my data, then a not properly fixed or yet to be discovered security problem on their servers could possibly make my data available to hackers as well.

phitsc

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 1,198
    • View Profile
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #44 on: April 18, 2011, 02:11 AM »
I like it how SpiderOak tries to be very clear about where possible security problems in using their service could be, e.g. here about accessing one's data over the web interface:

https://spideroak.co...tters#instant_access

phitsc

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 1,198
    • View Profile
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #45 on: May 06, 2011, 10:38 AM »
And here comes the "workaround":

http://lifehacker.co...eve-got-beta-invites

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #46 on: May 06, 2011, 12:08 PM »
Thanks or the heads up !  Will have a look at it later.

phitsc

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 1,198
    • View Profile
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #47 on: May 16, 2011, 02:12 AM »

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #48 on: May 16, 2011, 07:02 AM »
Zoiks! ...So apparently, at this point, it's safer to have your head in the sand, than in the cloud(s).

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
Re: Deduplication, encryption, security and... Dropbox
« Reply #49 on: May 16, 2011, 10:41 AM »
Wonder what DropBox is going to do now. There might be lawsuits coming.