Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Safe app like Dropbox?

Kelvin Quee (魏有豪) kelvin at quee.org
Sun Jan 6 18:11:57 PST 2013


Griffin, how is Dropbox making a diff of what has changed "breaking
encrypted files and truecrypt containers"? Dropbox most likely merely works
along the principles of rsync.

If you have ever used encryption properly, you will realise that Dropbox
uploads the entire encrypted container whether one file or many files
within has changed.

Being paranoid is probably a good thing on this list but spreading
falsehoods OR unverified claims is something that we all should not do.

Kelvin Quee (魏有豪)
+65 9177 3635

gpg: AB3DB8AC


On Mon, Jan 7, 2013 at 6:20 AM, Griffin Boyce <griffinboyce at gmail.com>wrote:

> On Sun, Jan 6, 2013 at 3:50 PM, John Adams <jna at retina.net> wrote:
> > Why don't you just get around the problem entirely and use Dropbox's
> storage for encrypted disk images?
> >
> > If you have data sufficiently encrypted, it doesn't matter how it's
> stored.
> >
> > -j
>
> On Sun, Jan 6, 2013 at 4:47 PM, Jacob Appelbaum <jacob at appelbaum.net>
> wrote:
> > The main concern that I have is that an attacker pwning a Dropbox
> > account could tamper with encrypted files.
>
>   Dropbox has a history of breaking encrypted files and truecrypt
> containers. Which makes a lot of sense when you consider that when
> syncing a file, Dropbox replaces only the part of the file that has
> changed. (Or tries to). [1]
>
>   There are a lot of great uses for Dropbox, Box.net, SpiderOak etc
> etc -- but storing sensitive files securely is not one of them.  I
> have Dropbox and Box accounts, and use them for client designs and
> stock art.  I think this is a pretty standard use of the service and
> would not recommend putting anything particularly sensitive there.
>
>   In terms of security from other people, an encrypted hard drive,
> thumb drive or memory card is going to be a much better choice.  If
> you absolutely need to pass an encrypted container back and forth,
> there's probably not a cloud service that fits your needs.
>
> Best,
> Griffin
>
> [1] http://dl.dropbox.com/u/27532820/original_screencast.html
>
> --
> "What do you think Indians are supposed to look like?
> What's the real difference between an eagle feather fan
> and a pink necktie? Not much."
> ~Sherman Alexie
>
> PGP Key etc: https://www.noisebridge.net/wiki/User:Fontaine
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130107/e5bf5041/attachment.html>


More information about the liberationtech mailing list