So after weeks of hounding, I finally get a friend to get sensitive info out of a plain text file hidden behind http auth via .htaccess and move them onto Dropbox and then this

- http://www.bnet.com/blog/technology-business/-8220at-dropbox-even-we-can-8217t-see-your-dat-8211-er-nevermind-8221-update/10077

and this

- http://dereknewton.com/2011/04/dropbox-authentication-static-host-ids/
(also discussed here - http://it.slashdot.org/story/11/04/08/1838220/Dropbox-Authentication-Insecure-By-Design)

if you are looking for alternatives, I've been looking at Tonido.  Similar in practice but it uses your drive rather than a cloud one.  Useful for the paranoid who also happen to have storage powered on around the clock. 

Quote from: Rooftop on April 26, 2011, 01:13:12 PM
if you are looking for alternatives, I've been looking at Tonido.  Similar in practice but it uses your drive rather than a cloud one.  Useful for the paranoid who also happen to have storage powered on around the clock. 

Unfortunately, it is precisely the cloud aspect I need. In effect, it's for sharing files between people who do not have access to always-on network storage.

Another alternative is Spider Oak, which is a "zero knowledge" backup - everything is encrypted client side before being sent over and they don't have access to your key. This is true AES 256 encryption, which means that unless you give out your key, nobody is going to break this in the next decade.

I actually don't have anything proprietary or esp. private on Dropbox, but my buddy has all kinds of stuff on there.

Jason, Definitely true, but I also think it's a matter of getting it "right" and currently a lot is wrong.

What do I mean by that? Would you trust your money to some large corporation that manifestly does not have your best interests in mind, or would you take bills and gold and bury them in your backyard in a chest?

As it turns out, recent history has shown that maybe the chest in the backyard was the better alternative, but in general, we trust people to keep our money because we believe that adequate safeguards and some basic prudence (distributing to more than one place) make this a safer bet than keeping our life savings in our homes.

I expect that at some point, data banking that has adequate protections will take off, but for now anything in the cloud should be non-proprietary, not overly private, not damaging if it gets out.

As it stands now, my cloud data is NOTHING compared to what my bank and credit card companies have, and that worries me way more.... I'm the kind of guy that chooses one supermarket over another because they don't have a "rewards card", and if I have to use the other, I have a card with false info on it. But I can't do that with my bank and credit card.

Compared to that stuff, my google docs and the customer receipts with no CC info on them that are in my Dropbox are nothing.

 
http://www.youhavebeenassimilated.com/

Check.... henceforth I'll read all your comments in that light. ;-)

I'm a bit late to the show here, but I've been testing out Wuala recently. It's Swiss based and appears to be doing encryption right. You can trade idle space on your drives to get more space if you don't simply want to pay for their cloud storage. I like the idea that you're storing encrypted fragments of your files on multiple servers. It looks quite secure compared to DropBox, but it isn't quite as simple to implement.

http://liliputing.com/2011/07/dropbox-cloud-storage-and-who-owns-your-files.html is worth a read.

QuoteIf you want to make absolutely certain that nobody will ever sell your content, turn it over to the feds when subpoenaed, or otherwise breach your privacy, the best thing to do is probably to horde all of your data on a local hard drive. But you lose the benefits of a cloud-based service such as the ability to easily share files, publish them for the world to see, or protect your important data which might be lost if your local hard drive happens to fail.