Dropping Dropbox

When Dropbox first came to my attention, I was in love. What a great way to keep various config files synchronized across computers. Then it came out that Dropbox’s encryption wasn’t quite as awesome as they let on. It turns out there’s no technical restriction on (at least certain) employees accessing your files. The data is encrypted, but server-side. Now, I’m not all that concerned that someone will target me to find out what my .ssh/config file contains (heck, I’d put it on dotfiles if someone asked nicely), but it does make me reconsider what is appropriate for Dropbox.

Recently, Dropbox announced some changes to the Terms of Service. While the license part is what caused the most uproar on the Internet, the de-duplication part is what stood out the most to me. I know it’s not in Dropbox’s best interests to pay to store a thousand copies of Rebecca_Black-Friday.mp3, but that’s not my concern. The wording suggests that the de-duplication is block-level as opposed to file-level, which is less worrisome, but given their previous lack of transparency about the encryption, I wonder how they’re actually implementing it. If it’s file-level and if it spans multiple accounts, then that seems like a really terrible idea.

I’ve recently switched everything I had in Dropbox over to SpiderOak. The synchronization seems a bit slower and the configuration is less simple (but it’s much easier to back up multiple directories, instead of having to barf symlinks everywhere), but the encryption is client-side so that it’s impossible for SpiderOak to divulge user data (unless they’re lying, too). If you’re interested in trying SpiderOak for yourself, sign up through this link and we’ll both get an extra 1 GB of storage for free.

2 thoughts on “Dropping Dropbox

  1. Ben,

    If the need for sync is not high (or absent), and the focus is online backups, an alternative is crashplan.com
    They have similar zero-knowledge policies.

    A caution to the reader- there is no way to “recover” a lost or forgotten password on either service. You forget it, you’re just SOL.

    Another thing that occurs to me is that certain ISPs (One that starts with “C” and rhymes with “omcast”) count upload as well as download towards one’s 250Gb cap. They’re usually good about figuring out whether the packets are services or p2p, but I have heard of people hitting that limit and getting unceremoniously shut down.

    -sundeep

  2. I think that this servise http://bit.ly/A7INcH is much better then the DropBox, they provide more free space, 5Gb while dropbox gives only 2Gb, and bonuses are bigger. However I have these two services at the same time, and total have 7 Gb space for free 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *