Dropbox Security

Vlamgat

New Member
Joined
May 25, 2012
Messages
5
Hi there everyone,

I would like to find out if anyone can help me...

I would like to get a broader understanding of dropbox's security and can dropbox be used for confidential documentation or is it not worth the risk.

Let me know your help would be appreciated.

Kind Regards,
Vlamgat
 

TJ99

Honorary Master
Joined
Apr 30, 2010
Messages
10,737
It's probably never a good idea to put confidential information on servers controlled by a third party, if you're going to be a target (like say a big company/government storing some dirty secrets.) For things like your personal passwords etc, it's fine, as long as you use an encrypted database like Keepass or Truecrypt, within the Dropbox.
 
Last edited:

bekdik

Honorary Master
Joined
Dec 5, 2004
Messages
12,860
What TJ99 said.

Exception would be where the files will only reside in the cloud for a short length of time and then be deleted, so as to minimize the risk.
 

quovadis

Honorary Master
Joined
Sep 10, 2004
Messages
11,036
What TJ99 said.

Exception would be where the files will only reside in the cloud for a short length of time and then be deleted, so as to minimize the risk.

And you're assuming the the files deleted are actually deleted at disk level/cdns etc - Think facebook and profile photos etc. CDN's introduce a whole new dynamic.
 

Gambit

Expert Member
Joined
Apr 26, 2005
Messages
1,622
You can always encrypt your files before putting them in dropbox to ensure that they are secure.
 

Vlamgat

New Member
Joined
May 25, 2012
Messages
5
Thanks guys appreciate the help will start encrypting asap got some company info in dropbox that i need everywhere i go but cannot be leeaked :)
 

zamrg

Senior Member
Joined
Oct 19, 2005
Messages
804
You could store an encrypted TrueCrypt container file on your DropBox. Only down-side is that every time you update the volume, it will re-upload the entire container.

If it's just small documents and you mainly use this volume for read-only, it would be your best bet though.
 

HavocXphere

Honorary Master
Joined
Oct 19, 2007
Messages
33,155
Dropbox essentially resells Amazon's cloud, so one can be reasonably certain the the data isn't stored on a sketchy server in Uzbekistan.

However, Amazon doesn't guarantee that the data won't be lost.

Generally the problem comes from a different angle: Chances are the data will physically be stored inside US jurisdiction, meaning patriot act & all that crap applies.

You'd also have to read the terms & check whether commercial use is even permitted.

Only down-side is that every time you update the volume, it will re-upload the entire container.
There are encryption programs that are specifically aimed at this & reduce the upload.

Personally I think anybody who stores confidential company data on Dropbox is an idiot. Thats coming from a corporate perspective - I can see how in certain cases it might make sense for small companies.
 

bdt

Executive Member
Joined
Jun 7, 2004
Messages
7,001
Sure they claim they are safe and secure, most do, but show me an independent certification?

I do not want your word for it :) I wanna see an Audit.
Just when I was starting to think a friendship was coming along nicely here... :rolleyes: *cough* But you do know they have a specific contact address to find out?
 

Elimentals

Honorary Master
Joined
Dec 11, 2010
Messages
10,819
Just when I was starting to think a friendship was coming along nicely here... :rolleyes: *cough* But you do know they have a specific contact address to find out?

LOL@ friendship, Dont get me wrong I love the product and the Open Source aspect of it, its just that it lacks proper audit info.

I can tell you without the need to contact them, they are not certified or rated. Part of the SSAE requirements is that you have to show your rating on your site.
 

Swift-wp

Expert Member
Joined
Apr 12, 2007
Messages
1,370
Boxcryptor - https://www.boxcryptor.com/

BoxCryptor encrypts your files using the AES-256 standard. This makes your data secure - no matter which cloud storage provider you use. Access your encrypted files on all devices. We have BoxCryptor for Windows, Mac OS X, Android and iOS - and even support Linux. Encrypt your files the quick and easy way. Each file is encrypted individually in real-time and stored in a folder of your choice, e.g. your Dropbox folder
 

bdt

Executive Member
Joined
Jun 7, 2004
Messages
7,001
I can tell you without the need to contact them, they are not certified or rated. Part of the SSAE requirements is that you have to show your rating on your site.

Boxcryptor - https://www.boxcryptor.com/

BoxCryptor encrypts your files using the AES-256 standard ... Each file is encrypted individually in real-time and stored in a folder of your choice, e.g. your Dropbox folder
Man I dig this place - the info that comes outta the woodwork. :p Back on-topic tho: does Box Cryptor allow for differential updates which, if I'm remembering this correctly, is a large part of how these services work?
 

Swift-wp

Expert Member
Joined
Apr 12, 2007
Messages
1,370
Well it depends whether the cloud storage provider does incremental backups to files or not.

BoxCryptor just encrypts the files within the folder.
 

Arthur

Honorary Master
Joined
Aug 7, 2003
Messages
26,879
See this report.

Security Deficits at Dropbox, Mozy & Co.

The security of cloud storage services is often inadequate. This is the result of a study by the Fraunhofer Institute for Secure Information Technology in Germany, which tested various providers.

Conclusion: none of the tested providers were able to fulfill all of the security requirements, and some of them were even lacking proper encryption. In addition to technical shortcomings, the testers also found weaknesses in relation to user guidance. And the latter could result in confidential data being found with the help of search engines.
 
Top