[TriLUG] Dropbox and folders (directories)

Sat Feb 13 13:35:17 EST 2016

FWIW, I use Boxcryptor on top of google drive. It also works with Dropbox.
Boxcryptor creates a virtual drive that uses local encryption with keys
that only I possess. I'm sure people will ask why I should trust
boxcryptor. Again, FWIW, I've read their docs and what experts I trust say
about them, so I do.  I also trust lastpass. With multifactor
authentication, of course. I don't trust google drive or Dropbox.

On Saturday, February 13, 2016, C TC via TriLUG <trilug at trilug.org> wrote:

> I hear you. I always encrypt on my end first.
> The purest option will always be hosting your
> own box with no other physical access, etc.
>
> It's funny that eplying to answer the OP's,
> question generated some fist-waving.
> It's pretty simple .. use the cloud, or don't.  :)
>
>
>
>
>
> On Sat, Feb 13, 2016 at 12:39 PM, Thomas Delrue <delrue.thomas at gmail.com
> <javascript:;>>
> wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA512
> >
> > Since we're going from 'how to get my files up in DropBox' to
> > 'encryption and online storage':
> >
> > According to the available information, and I have no reason to believe
> > otherwise, your data in DropBox is encrypted in transit and at rest (and
> > they'll throw around 'AES-256' to make even techies feel comfortable),
> > but the important question is hardly ever asked and answered even less
> > frequently:
> >
> > Who has access to the key used for this encryption?
> > The answer is: /you/ don't, but others (not limited to DropBox) do.
> >
> > That being said, DropBox is not the worst out there (for more info,
> > check out the latest "Who Has Your Back" from the EFF:
> > https://www.eff.org/who-has-your-back-government-data-requests-2015 ).
> > It's not the worst, but it's not great either...
> >
> > Regarding a question down in the thread:
> > > On Fri, Feb 12, 2016 at 3:21 PM, Roger W. Broseus
> > > <rogerb at bronord.com <javascript:;>> wrote:
> > >> Can Dropbox scan contents of folders/ files, e.g., for the purpose
> > >> of data mining?
> > Yes, most certainly and loudly, yes! Do they? See previous answer!
> > If you believe otherwise, I've got a nice bridge for sale...very cheap
> > and located at a prime location!
> > Have a look at
> > https://en.wikipedia.org/wiki/Dropbox_%28service%29#Privacy_concerns for
> > a succession of mini-heart attacks if privacy is something you care
> > about.
> >
> > Sure, sure, you've got nothing to hide and you're not dealing with state
> > secrets so all this talk about encryption and security is not needed,
> > it's all over the top, not for you because who would be interested in
> > /your/ data, right?
> > You wouldn't be the first (nor the umpteenth, nor last) who would be
> > 'seriously inconvenienced' by your data being compromised, be that
> > willingly or less willingly by DropBox.
> > But more importantly: no-one has any business looking at your data, for
> > whatever reason! So why give them that opportunity?  After all, you
> > don't do "sudo chmod -R 777 /*" either, do you?
> >
> > For all intents and purposes, encryption is relatively cheap these days,
> > even with maxed out keys. I don't see any reason why data should not be
> > encrypted when stored or moved. This includes your own machines (LUKS) &
> > communications (GPG) and most certainly when stored 'in the cloud' (aka
> > "someone else's servers").
> >
> > If you really must use someone else's servers: OpenSSL (man openssl)
> > provides a very easy mechanism to encrypt (and decrypt) files which you
> > can invoke from the script that uploads to your favorite
> > "someone-else's-servers"-provider.
> > And then there's also:
> > $> gpg --recipient a at ddr.ess --encrypt < encrypt_this > encrypted_file
> >
> > That being said: if you're looking for proper Op- & ComSec: don't use
> > the cloud. It's lonely here, but I'm not complaining...
> >
> > > Nothing beats using real "off line" backups for retention.
> > > Especially for important and confidential data.
> >
> > Hear, hear!
> >
> > On 02/12/2016 03:29 PM, C TC via TriLUG wrote:
> > > Whoops, missed the thread on my first reply.
> > >
> > > -- I keep private materials (printed bill payments, etc.) zipped and
> > > password protected.
> > >
> > > I'm no pirate, but here's one reason why: bit.ly/1gKajlr
> >
> > I don't think I've ever encountered an article that tries so hard to
> > *not* be read (bit-ly link goes to extremetech.com [which is part of
> > ziff davis] which makes requests to _at least_ 37 other domains and
> > requires JS to run from at least 21 different sites - and I still
> > haven't got it working, so I'm giving up on this)
> > (Sorry, pet peeve of mine)
> >
> > > On Fri, Feb 12, 2016 at 3:21 PM, Roger W. Broseus
> > > <rogerb at bronord.com <javascript:;>> wrote:
> > >
> > >> I was under the impression that Dropbox storage of files was not
> > >> encrypted so this is news.
> > >>
> > >> Is the encryption end-to-end? Can Dropbox scan contents of folders
> > >> / files, e.g., for the purpose of data mining?
> > >>
> > >> I might change my mind about using Dropbox!
> > >>
> > >> -- Roger W. Broseus - Linux User Email: RogerB at bronord.com
> <javascript:;> Web
> > >> Site: www.bronord.com
> > >>
> > >> On 02/11/2016 09:34 AM, C TC via TriLUG wrote:
> > >>
> > >> Nothing beats using real "off line" backups for retention.
> > >> Especially for important and confidential data. Though Dropbox data
> > >> is encrypted with 256-AES, I don't rely on it as a standalone
> > >> backup.
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v2.0.22 (GNU/Linux)
> >
> > iQIbBAEBCgAGBQJWv2ppAAoJEKosl9oIs/pO2EoP+PBUVUuDOnvCWTXac8alBAFq
> > Ns+kFCgTgXt5SMbX5PM+esq6q86QzRF03eYgVRQtu13zXCRKMQnHxNGWeZE1Vv4j
> > S9iTwBq87l9Ns3BeOqpYlR7N3nsWvD3qD6hD/8OtS3hpUyl6j/zAbC7Wq8maRVuj
> > FUXsDG7WuvBJde1P16dRaH7hVq2btuFykg3q4xH5lt57a7K0KnGENwzTjDSYcKcj
> > d59La8okky2832mnpCAbGIuptgYi0OW54ARdFIiest3QlFQURjmQSKT0Nkl7INLW
> > PXxBpijjhJJ02YJFTpCi0vrM6c1YiyHtPnvUy7Y7UxenYYEDOmTpykx01TxPs+8k
> > RTpDC3Izq4RhUU6c7pUERut3bpSNXz9PxRkWVGZDi9MkwD6Ri1S7LenFGvlg+fgO
> > uExLz3cTl5qedD4nFpGUR6upoVMhVR07ZRjIUdZPJc9zDQJ/F0pPtpV1ieHyu6ZX
> > +ZP61In+ICU8rToyVfywblucdMC2KuJxqzzcnhcJpbkrH2mS8YuDn5Ca4dRv42Mh
> > 2rK2LDcs56fF2663BFQaj+GMYJ7A+bJh65pmZ65FXMla/x0K0g6t0QA+2eTL3kHf
> > QEIO0M3fb980+t87Rmlj7mx8n9cmIUcMETPlqrANDhphG5n0L2nq+afbXfOIzAeq
> > +8AFfyZ9L8le8lJlcXY=
> > =Qmn+
> > -----END PGP SIGNATURE-----
> >
> --
> This message was sent to: Mark Sidell <mark at sidell.org <javascript:;>>
> To unsubscribe, send a blank message to trilug-leave at trilug.org
> <javascript:;> from that address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  :
> http://www.trilug.org/mailman/options/trilug/mark%40sidell.org
> Welcome to TriLUG: http://trilug.org/welcome