What are you using it for? Are you part of a company that shares everything on Dropbox, and how often do you use it?
I'm also a "happy" Dropbox customer -- but I'm part of a 3-person startup and we only share relatively small files and folders. This post (and numerous others) make me think it's time to move on when we grow the team.
I always wondered, why do small companies use Dropbox at all?
A 1 TB NAS in RAID-1 by Synology or QNAP will cost you about 400 EUR (including VAT). That's about 9% of what the author of the article paid for some 700 GB in Dropbox. It will do everything that Dropbox does, except you can use standard protocols (SMB, AFS, WebDAV, whatever) and the data will not leave your company.
That is a two-edged sword. The data is also inaccessible outside of your company. There are ways to make it accessible outside the company (VPN, WebDAV over https), but they tend to be complex, fragile, and sometimes unworkable (see next).
> standard protocols (SMB, AFS, WebDAV, whatever)
Support for the standard file sharing protocols (SMB, NFS, I presume AFS, and WebDAV) sucks or doesn't exist on mobile devices.
Well, every single NAS box offers VPN solution that can be enabled by few clicks (usually OpenVPN).
Also, most NAS vendors provide mobile applications, so you can access the data. They realize, that the standard protocols on mobile devices are lacking.
Anyway, to pay someone to get you such a NAS and configure everything for you is still a fraction of cost, that you would pay for cloud providers.
> to pay someone to get you such a NAS and configure everything for you is still a fraction of cost, that you would pay for cloud providers.
Dropbox for Business costs what, $75/month for 5 users? That's less than you'd pay for an hour of a competent person's time.
I'm not a huge fan of Dropbox for several of the reasons that have already been mentioned above (I use SpiderOak myself), but on these specific points they definitely beat the roll-your-own approach.
If you are a services/consulting company and do client work on-site, you often have to sign an agreement from the IT department that prevents you from using a VPN on the client's network. In those cases, your remote workers need web access to files.
We have access either to completely separated guest network, where we have to use VPN to both our network and customer network, or access via Citrix or Remote Desktop, where to exchange the files we have to use the built-in file share facility.
I haven't found anything, that Dropbox does that the NAS doesn't. Maybe there is some marginal function, I don't know. But is that hypothetical marginal function worth the 900% price premium (per year) plus reduced privacy?
How do you do offline syncing and sharing of folders with people outside of your network? Having to manage a bunch of VPN accounts for outside users seems like a major pain and getting them all set up with OpenVPN seems like an even bigger pain.
Having to manage VPN accounts for everybody I want to share a folder with sounds like a huge pain. Especially if I have to go ask the VPN admin each time. And I'm still curious how you do offline access and syncing to local disk.
So you're not actually doing everything (or even most things) that Dropbox does. I mean we also have a file server with a several TB of disk and gigabit links and VPN and all that jazz at the office, but that is in no way a replacement for what Dropbox offers.
For us it is important to work on the same files. To make them available to our co-workers, to have the same versions, etc.
Syncing is a mechanism. If it would help us to achieve our goals, we could use it. If some other mechanism achieves our goals more efficiently, we would use it instead. Syncing in itself does not have value to us.
Dropbox and a NAS or file server fulfill different needs with not that much overlap. Sure you can probably hack your NAS to be a bit like Dropbox and perhaps you can hack Dropbox to work a bit like a NAS, but a the end of the day they're complements not competitors. If you don't need what Dropbox offers that's cool, but that's not the same as saying that Dropbox doesn't have anything to offer over a NAS. Personally I use both and would never want to trade one for the other.
A NAS box is going to get hacked (X), have backups neglected/misconfigured/misdelegated and then have data accidentally deleted or experience disk crashes, etc. You can improve your chances by investing time and energy on taking good care of it, but even then you can still get bitten.
(X) devices from both vendors you mentioned are pretty frequent victims
For just one technique, read up on DNS rebinding attacks vs home "routers". Same works against NAS devices.
These devices are so common that it is cost effective to do against a bunch of device+vuln combos in a mass drive-by fashion (served by compromised or shady ad networks or any of the other 100 methods that get you to follow a bad link).
Or there's going to be another taiwanese device or PC compromised on your LAN and it'll automatically portscan & metasploit all your network in 5 minutes.
Also don't think getting "targeted" means you have to be James Bond-special. It can mean someone found a prominent blog they'd like to inject their rogue ads on. Or you pissed someone off online and they got some script kiddies to spend 10 minutes to ruin your day and get their laughs (or $20 in bitcoin).
Dropbox's security guys will detect these after they get used a few times (before they get to you), unlike your taiwanese NAS vendor who will only do something half-assed 2 weeks after it hits the news. Or nothing when it doesn't hit the news, as often happens.
All in all the mindset that you have "LAN" or "intranet" that's a significant security perimeter is outdated even if you're nobody. Don't make a network that's "hard and crunchy on the outside, soft and chewy on the inside".
Well, it the rebind attacks depends on multiple weak points. Our DNS cache does not allow for external DNS servers to return IP addresses from our internal range. But I guess not everyone's router does that.
