[TriLUG] Dropbox and folders (directories)
C TC via TriLUG
trilug at trilug.org
Sat Feb 13 12:56:22 EST 2016
I hear you. I always encrypt on my end first.
The purest option will always be hosting your
own box with no other physical access, etc.
It's funny that eplying to answer the OP's,
question generated some fist-waving.
It's pretty simple .. use the cloud, or don't. :)
On Sat, Feb 13, 2016 at 12:39 PM, Thomas Delrue <delrue.thomas at gmail.com>
wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Since we're going from 'how to get my files up in DropBox' to
> 'encryption and online storage':
>
> According to the available information, and I have no reason to believe
> otherwise, your data in DropBox is encrypted in transit and at rest (and
> they'll throw around 'AES-256' to make even techies feel comfortable),
> but the important question is hardly ever asked and answered even less
> frequently:
>
> Who has access to the key used for this encryption?
> The answer is: /you/ don't, but others (not limited to DropBox) do.
>
> That being said, DropBox is not the worst out there (for more info,
> check out the latest "Who Has Your Back" from the EFF:
> https://www.eff.org/who-has-your-back-government-data-requests-2015 ).
> It's not the worst, but it's not great either...
>
> Regarding a question down in the thread:
> > On Fri, Feb 12, 2016 at 3:21 PM, Roger W. Broseus
> > <rogerb at bronord.com> wrote:
> >> Can Dropbox scan contents of folders/ files, e.g., for the purpose
> >> of data mining?
> Yes, most certainly and loudly, yes! Do they? See previous answer!
> If you believe otherwise, I've got a nice bridge for sale...very cheap
> and located at a prime location!
> Have a look at
> https://en.wikipedia.org/wiki/Dropbox_%28service%29#Privacy_concerns for
> a succession of mini-heart attacks if privacy is something you care
> about.
>
> Sure, sure, you've got nothing to hide and you're not dealing with state
> secrets so all this talk about encryption and security is not needed,
> it's all over the top, not for you because who would be interested in
> /your/ data, right?
> You wouldn't be the first (nor the umpteenth, nor last) who would be
> 'seriously inconvenienced' by your data being compromised, be that
> willingly or less willingly by DropBox.
> But more importantly: no-one has any business looking at your data, for
> whatever reason! So why give them that opportunity? After all, you
> don't do "sudo chmod -R 777 /*" either, do you?
>
> For all intents and purposes, encryption is relatively cheap these days,
> even with maxed out keys. I don't see any reason why data should not be
> encrypted when stored or moved. This includes your own machines (LUKS) &
> communications (GPG) and most certainly when stored 'in the cloud' (aka
> "someone else's servers").
>
> If you really must use someone else's servers: OpenSSL (man openssl)
> provides a very easy mechanism to encrypt (and decrypt) files which you
> can invoke from the script that uploads to your favorite
> "someone-else's-servers"-provider.
> And then there's also:
> $> gpg --recipient a at ddr.ess --encrypt < encrypt_this > encrypted_file
>
> That being said: if you're looking for proper Op- & ComSec: don't use
> the cloud. It's lonely here, but I'm not complaining...
>
> > Nothing beats using real "off line" backups for retention.
> > Especially for important and confidential data.
>
> Hear, hear!
>
> On 02/12/2016 03:29 PM, C TC via TriLUG wrote:
> > Whoops, missed the thread on my first reply.
> >
> > -- I keep private materials (printed bill payments, etc.) zipped and
> > password protected.
> >
> > I'm no pirate, but here's one reason why: bit.ly/1gKajlr
>
> I don't think I've ever encountered an article that tries so hard to
> *not* be read (bit-ly link goes to extremetech.com [which is part of
> ziff davis] which makes requests to _at least_ 37 other domains and
> requires JS to run from at least 21 different sites - and I still
> haven't got it working, so I'm giving up on this)
> (Sorry, pet peeve of mine)
>
> > On Fri, Feb 12, 2016 at 3:21 PM, Roger W. Broseus
> > <rogerb at bronord.com> wrote:
> >
> >> I was under the impression that Dropbox storage of files was not
> >> encrypted so this is news.
> >>
> >> Is the encryption end-to-end? Can Dropbox scan contents of folders
> >> / files, e.g., for the purpose of data mining?
> >>
> >> I might change my mind about using Dropbox!
> >>
> >> -- Roger W. Broseus - Linux User Email: RogerB at bronord.com Web
> >> Site: www.bronord.com
> >>
> >> On 02/11/2016 09:34 AM, C TC via TriLUG wrote:
> >>
> >> Nothing beats using real "off line" backups for retention.
> >> Especially for important and confidential data. Though Dropbox data
> >> is encrypted with 256-AES, I don't rely on it as a standalone
> >> backup.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iQIbBAEBCgAGBQJWv2ppAAoJEKosl9oIs/pO2EoP+PBUVUuDOnvCWTXac8alBAFq
> Ns+kFCgTgXt5SMbX5PM+esq6q86QzRF03eYgVRQtu13zXCRKMQnHxNGWeZE1Vv4j
> S9iTwBq87l9Ns3BeOqpYlR7N3nsWvD3qD6hD/8OtS3hpUyl6j/zAbC7Wq8maRVuj
> FUXsDG7WuvBJde1P16dRaH7hVq2btuFykg3q4xH5lt57a7K0KnGENwzTjDSYcKcj
> d59La8okky2832mnpCAbGIuptgYi0OW54ARdFIiest3QlFQURjmQSKT0Nkl7INLW
> PXxBpijjhJJ02YJFTpCi0vrM6c1YiyHtPnvUy7Y7UxenYYEDOmTpykx01TxPs+8k
> RTpDC3Izq4RhUU6c7pUERut3bpSNXz9PxRkWVGZDi9MkwD6Ri1S7LenFGvlg+fgO
> uExLz3cTl5qedD4nFpGUR6upoVMhVR07ZRjIUdZPJc9zDQJ/F0pPtpV1ieHyu6ZX
> +ZP61In+ICU8rToyVfywblucdMC2KuJxqzzcnhcJpbkrH2mS8YuDn5Ca4dRv42Mh
> 2rK2LDcs56fF2663BFQaj+GMYJ7A+bJh65pmZ65FXMla/x0K0g6t0QA+2eTL3kHf
> QEIO0M3fb980+t87Rmlj7mx8n9cmIUcMETPlqrANDhphG5n0L2nq+afbXfOIzAeq
> +8AFfyZ9L8le8lJlcXY=
> =Qmn+
> -----END PGP SIGNATURE-----
>
More information about the TriLUG
mailing list