Dropping Dropbox
Bitfinex to Dropbox
I've been a paying Dropbox customer for years. I've stored tens of thousands of photos there and even some personal data. I never really thought about it until I read about how the keys from the Bitcoin Bitfinex hack were recovered. I've had it in mind to eliminate these mainstream apps like Dropbox, Google Drive, etc., but this latest story was my call to action.
On January 31, 2022, law enforcement gained access to Wallet 1CGA4s by decrypting a file saved to LICHTENSTEIN’s cloud storage account, which had been obtained pursuant to a search warrant (src)
That's right, they were stored on a 'cloud storage account'. And if a search warrant was obtained, that means the unspecified cloud storage company stored the data in the clear. Had the encrypted file been stored on encrypted cloud storage, (i.e. double encrypted), law enforcement would have had a much tougher time gaining access to the data. Anyways, I'm not sure if they were actually using Dropbox, but I know that Apple iCloud are NOT encrypted. As a matter of fact, Apple plans to scan your files under the guise of 'protecting children'. Those plans were recently delayed. (src) Because of these developments, I decided to re-evaluate my cloud storage choices.
Evaluating Dropbox
Here are the main points(src).
- Encryption: Dropbox encrypts your files at rest. This means this protects your files should someone make off with a physical hard drive. When connected to a Dropbox system, your files are accessible to them in the clear. Dropbox does not offer end-to-end encryption.
- Privacy: Since Dropbox stores your files in the clear, they can readily comply with any requests by the government. This could include a sweeping dragnet sort of FISA warrant covering their entire platform. They also proactively scan your files. "Dropbox may review your conduct and content for compliance with these Terms and our Acceptable Use Policy."
- Deduplication: Dropbox analyzes your files and will store identical data only a single time to save space.
- Data retention: They typically delete your data after 30 days, but may retain it indefinitely.
- Termination: If they decide you have violated their terms, they can cancel your account and deny you access to your files. "We won’t provide notice or an opportunity to export Your Stuff before termination or suspension of access..." The way their synchronization works, they could also potentially remotely delete or deny you access to your local files.
- Acceptable Use Policy: Their AUP is very vague and subjective.
advocate bigotry or hatred against any person or group of people based on their race, religion, ethnicity, sex, gender identity, sexual orientation, disability, or impairment;
violate the law in any way, including storing, publishing or sharing material that’s fraudulent, defamatory, or misleading, or that violates the intellectual property rights of others;
violate the privacy or infringe the rights of others
Aside from privacy concerns, I've also had strange issues where my files would disappear and then show up in my deleted files folder-- not cool. Yet another reason to bail, and I don't need to spend any time contacting their tech support.
TLDR
Located in San Francisco, Dropbox is one of your typical woke Silicon valley companies. I get the feeling they would have no problem joining the deplatforming dogpile should you run afoul of their ideology. Their respect for your privacy doesn't extend beyond their corporate interests.
My Replacement
As a replacement, I have chosen Sync:
Referral link: https://www.sync.com/?_sync_refer=92ddcf9d0
Sync supports end-to-end encryption, which mitigates basically all of the concerns I had with Dropbox. They actually pride and market themselves as not being Dropbox. Below is a capture from their website.
The interface for Sync is not quite as refined as that of Dropbox, but that's a trade-off I'm willing to make. Their 2TB is also cheaper than Dropbox ($8/mo vs. $10/mo) which is great. While Sync could still deny me access based upon who I am, they could not do so based upon what I am storing on their platform.
Conclusion
While I may never need to store the keys to Billions of dollars worth of Bitcoin, or anything illegal. I value my privacy, and seek out companies that do as well. For example, about two years ago I switched from using Gmail to Protonmail. Addressing my cloud storage is a great next step. Eliminating Google Drive will be next. The problem there is that I'm using google Docs/Sheets, so I'll need to find another solution to import/edit my documents.
Note: Even if you use cloud storage, you should still keep a backup on an offline drive-- an encrypted one if it contains personal data.
Posted Using LeoFinance Beta
https://twitter.com/Edger_K/status/1494420627582763016
The rewards earned on this comment will go directly to the person sharing the post on Twitter as long as they are registered with @poshtoken. Sign up at https://hiveposh.com.
Good! I dropped them long ago, probably it's already about two years, actually few months after I dropped PayPal (they froze my money for six months without providing any explanation or answer to my queries, it was with regards to some of my crypto-activities actually). You're right, it's all about their profits and limited warranties ;)
I should have a long time ago, but I was lazy.
LOL :)
Tough subject. I loathe these "mega" companies and their complete lack of integrity. In my case, I store encrypted versions of vital personal info on a private domain. While I have no way of knowing (trust is so vital to any of these decisions ...), I have accepted the "story" of an encryption utility for use in protecting my private data, before I ever more it "into the clouds" ...
Given your background @joshman, what do you use for encrypting your data? Before you send it anywhere?
Sadly, one critical element of complete digital security is the need to store your vital digital data somewhere other than in your home. Do you have any experience with any of these cloud back-up services, like Carbonite? If so, do you have a preference?
Buying a couple hardware encrypted thumb drives to use as primary and backup (Ironkey D300 for example) is a good way to store critical data you don't want to upload to the cloud. You could geographically separate the drives. For the open cloud, definitely container encryption (BestCrypt). If I had to store a Billion worth of BTC keys in the cloud, I might use Sync with a BestCrypt Container. Within the container you could zip up the individual file with 7z. In that case if you did a cloud backup of the container, the file would still be 'double wrapped' with AES256. Double wrapping with AES 256 is the standard for encrypting a classified network over an unclassified network. Having a good password or passphrase is key. The Bitfinex hackers probably made it easy for authorities to dictionary attack or even brute force. It could also have been a medium strength password and they borrowed some time on an NSA supercomputer. The simplest explanation is whatever they used to encrypt it had a back door or had weak encryption.
Excellent. I would encourage you to consider writing a post about this. There are many people who would like to know (or at least they certainly should!) what "best practices" are to secure their digital assets, so they can be at peace. I am one of them ...
I had 300 waves token but I lost it all. It was on my app on my smartphone. Now I had some many apps Bitcoin and do on. I started deleting some of these apps, didn't realize I deleted my waves app too. Somehow I can't find my passphrase, as it's a long one. I think it reach quite a high price at one time. I suspect it's on my old phone which not working. I store it on the notepad, that's all I can think of. It's so difficult knowing where you can stored these securely. It's a lot of money !
Bummer! Sucks when stuff like that happens!
Or you gotta go old school and write it on a piece f paper and hope it doesn't get burnt! LOL
Sounds like a great solution! Data privacy is something most companies add to their list of USP's but really, it's all BS. Will check out sync as well! Thanks for sharing!
Yup, glad it was informative!
Have you considered hosting your own cloud server using Nextcloud?
I'll look into it. Thanks for the tip!
Which reminds me... I still have files in Dropbox...