I use any online service with the assumption that the things I put up there could likely become public, no longer anonymous, or what have you. I don't think this is overly paranoid, given how difficult computer security is.
To me; it would make sense if Dropbox stored everything encrypted (as in, encrypted pre-transfer), and you needed the private key to decrypt stuff, unless you specifically state that it is to be public. It just makes sense from a liability statement. That said, you can do this anyway as recomended in this article.
(http://lifehacker.com/5813873/how-to-add-a-second-layer-of-e...)
It's unfortunate that simple public key encryption, which has been easily available for many years, is still seen as untenable and "super-paranoid." Any email client, or better yet Gmail, could easily implement it and make it virtually transparent to the user (when both ends of the email are using such a client, obviously).
I apologise if you have mistaken my meaning! I certainly hope we don't take wider scale encryption to be untenable, but it is very certainly untenable for a single person to use the web in a meaningful way with normal people while maintaining that every single email needs to be encrypted.
The security of my private mailserver is nearly the same as the security of my laptop. For security reasons I don't use a VPS for email, but a small server that sits in my basement: There are some security measures that will lead to an automatic shutdown in case someone tries to physically access the server and the whole harddisk is encrypted. (Yes - you can call me paranoid.)
Depends on the online-service. E.g., I trust tarsnap (client-side encryption, not under an open-source license but you can compile it yourself) with very sensitive data. I also trust Wuala (also client-side encryption) with semi-sensitive data, although it somewhat worries me that Wuala's source is not publicly available for reviews. I don't trust Dropbox due to the lack of encryption - that's why I don't really use it, even though I currently have a free account with 20 GB available.
And anyone who stored that sort of data in dropbox more or less had it coming. HIPAA & finance laws are very clear about the security they require -- dropbox has always been hand-wavey in their explanation of their security.
What's your point? The IT guys can't catch a break, can they? If they say "no you can't install stuff on your machine", message board geeks are up in arms. But when normal people, for whom these computer systems are designed in the first place, make (layperson-) reasonable decisions about what folders to put files in, there's the message board geek again, harassing them for not understanding how transparent cloud file sync works under the covers and interacts with regulated data.
If you're a 'normal person', you shouldn't be making decisions about the security of my health-care or financial data; If you're in the position to make that decision, you should have been aware that dropbox was not a "safe" third party;
On the part of the _users_ of dropbox, I have empathy; In part of those running their medical/finance business on assumptions of dropboxes security, I have nothing but emnity.
I hate to be the one to break this to you†, but normal people make up almost the entire chain of custody for regulated data. Normal people write your health records. Normal people check them out of databases and read them. Normal people load them into spreadsheets. Normal people generate reports. Businesses do not exist to support super-savvy BOFH's. It is rather the other way around.
I didn't say they do, but they should hire people competent to make educated decisions in the regulatory environment they're in. That's why they pay bofhs -- not because they like our views, but because we _read_ the specs.
EDIT: To phrase less hostilely -- HIPAA and various finance laws consist of thousands of pages of what to do and what not to do. Dropbox is a shiney webpage that isn't PCI certified or HIPAA certified. If you chose to operate in a business that requires HIPAA/PCI, and used dropbox for that data, _you_ are at fault, not dropbox, not the bofhs, and not the coder. In the case of HIPAA - you would be the criminal.
Friend of mine worked for a drug company, medical data on patients (they were handling the side-effect reports) was just emailed around, and I know they had work documents on their home computer.
I would never be foolish enough to say it _doesn't_ happen, simply that the rules say it _mustn't_ happen. Anyone who ends up complaining that they're forced to disclose because they didn't follow best practices, just learned why they're best practices.
I admit readliy it's mostly the problem of bad luck (being targeted) or careless (losing emailed reports w/ identifying data <g>) - but if and when that drug company gets sued for something like that, guess which side the law will be on?
HIPAA does not have thousands of pages on what and what not to do. It's actually quite vague, and mostly comes down to fines after the fact. There's also no such thing as a government sanctioned HIPAA certification. There's just random people willing to 'certify' you.
Quite right -- a better example is PCI compliance (hundreds of pages IIRC, and several volumes depending on exactly what you're doing; not a law, but similar ramifications if you don't comply);
Still, complying with HIPAA does make one point _very_ clear -- audit controls - Dropbox has none exposed to you, and thus it simply does not comply unless you have your own layer of controls (encryption) on top.
It also seems to fall down under 'Standard: Person or entity authentication' as well, but that's just me being snarky.
Health-care and finance are places with legal (or contractual) obligations -- and that was my main point: if you have a set of rules (or even best practices), and you fall afowl of them, don't go screaming that someone else is to blame.
Very yes (we don't allow Dropbox† on our machines, but we know of companies that rely on it).
Grandalf's point is extremely well taken. It's actually true. Not only that, but regulated companies (in health care and finance) that have a reasonable belief that any of their systems might have had Dropbox on them technically need to audit now.
I point this out not to bag on Dropbox, but as an illustration of how sane some unreasonable-sounding IT policies (like, "you don't get to install random software on your desktop") turn out to be.
How would that work? Dropbox doesn't require login most of the time; do you want them to log every time a computer viewed a file or just the web interface, which isn't the primary use interaction?
Anyone using SpiderOak? They're the only other versioning diff-based backup service I know of that supports Linux (with a free tier; there's also Tarsnap). They also claim 'zero-knowledge' encryption. Anyone have any opinions?
Hoping this convinced someone at dropbox to write a three-line release-blocking test to ensure that you can't login with a wrong password... Crosses fingers
If you're disquieted by the idea that a single broken boolean expression could allow arbitrary users to access a web site, one way to mitigate the concern is indeed to write fiddly little tests to catch every point at which a broken boolean expression could short-circuit authentication.
Another thing to do would be to change the design of the authentication process so that it is more inherently fail-closed. For instance, you could encrypt/decrypt the database ID of the user with a key derived securely and deterministically from the user's password, perhaps (just to keep the code simple) after verifying the password against a secure password hash.
It's media like this that great minds are trying to fight, you just want to make stories, create a buzz, even if it's by communicating misleading information that, when interpreted by people would not show the truth of what happens but just make them go nuts.
illustrated example:
billgates twitter account: " Do you want me to give you all my money or what lolz"
techcrunch : "OH MY GOD, BILLGATES PLANING TO GIVE A WAY ALL OF HIS MONEY"
and later : "OH MY GOD, HERE'S THE GUY BILLGATES WAS TALKING ABOUT"
I mean seriously, I just hate buzz seeking journalists.
hilarious, but you all know that journalists in the tech world are seen as the "I-dont-know-nothing-but-I'll-just-pretend__with-a-smile-like-if-i-understood."
Dropbox's security is twitter's downtime. While much more is at stake than not being able to tweet, I can't imagine that this isn't their number one growth challenge -- something that, if they conquer it, will give them a much higher market valuation.
If this happens, let's look forward to a trove of blogposts about "how to make dropbox secure" from armchair CTOs, just like we saw with Twitter and the string of posts around "How I'd scale twitter" Sharding! Webscale!
I don't think this is a reasonable comparison. Twitter was at least 80% as useful when its uptime was erratic as it is now, when it's uptime is reasonably good. But Dropbox security flaws potentially cough up your data to criminals; when Dropbox security fails, its utility is negative, not slightly diminished.
To me; it would make sense if Dropbox stored everything encrypted (as in, encrypted pre-transfer), and you needed the private key to decrypt stuff, unless you specifically state that it is to be public. It just makes sense from a liability statement. That said, you can do this anyway as recomended in this article. (http://lifehacker.com/5813873/how-to-add-a-second-layer-of-e...)