Thinking Twice About Dropbox Security & Alternatives

If you are a reader of this blog for any length of time, you’d know that I am huge proponent of Dropbox.

However, Dropbox recently came into a lot of fire when they changed their terms of service indicating that they have access to all the data stored by their users.

As with any cloud computing services, convenience of accessing our data from anywhere comes at a price. The problem is an average use doesn’t understand what that means. I just came across an excellent article by G.F. on Economist that puts a perfect analogy to this situation.

CONSIDER the purchase of a home in two adjacent gated communities. Both have houses with truly impregnable locks. In one community, whenever you need to enter your house, you visit the management office and show your driving licence. A guard walks you to your home, and lets you in using the master key that opens every door lock in the community. You can stay inside indefinitely. If an employee misuses the key to wander into homes or, heaven forfend, a thief gets his hands on it, all bets are off—the households’ sanctity has been compromised.

In another community, the management requires that you privately choose your own lock and corresponding key, which you hang on to and use to enter your abode at will. But if you lose the key, or any copies you have made, you can never re-enter. It will remain a sealed edifice until the universe’s heat death. Which would you choose? The latter offers extreme privacy but with an unthinkable penalty for carelessness. The former is convenient there is the risk of the key falling into the wrong hands.

Dropbox security falls into the former category. And that’s the reason for all the recent privacy concerns around using the service.

Dropbox possesses the encryption key to every user’s cloud locker, as in the first sort of gated community. This is necessary, in its view, to provide simple web-based access to files and give multiple users shared access to the same directories. The company revised its website to reflect reality, and apologised, but it faces a complaint filed with the Federal Trade Commission (FTC) by researcher Chris Soghoian over this (and certain technical matters).

Dropbox oversimplified a few points related to security, favouring a brief explanation that was not entirely accurate. The most egregious of these statements claimed employees had no access to user data, only metadata. Its detractors say plainly that it lied, although this is hard to prove. Ever since the company was set up in 2007 Dropbox founders and employees told anyone who asked that it could, in fact, decrypt anything it liked.

I started out storing only non-confidential stuff in my Dropbox folders when the service was in beta. But, the convenience of having my docs available whereever I neeeded them has enticed me into storing even some of my personal documents in Dropbox. This happened gradually over the years as I started to embrace the cloud culture of doing things online.

I am looking hard into Dropbox alternatives with ‘zero knowledge’ security to store my confidential stuff in the cloud. SpiderOak seems like a great alternative that falls into the second category in the analogy.


With SpiderOak, I get to choose my encrytion key and only I can access the encrypted data I store in their servers. I will do a more detailed review on it as soon as I get a chance to try it.

While I will continue to use Dropbox for all my non-essential, not so confidential data for easy access in the cloud and across all my devices, I am going to complement it with a service like SpiderOak for my confidential stuff.

If you want to stick with Dropbox, consider using an encryption solution like TrueCrypt to secure your Dropbox data.

I highly encourage you to read this article on The Economist which I have to credit for making me think hard on how I use the cloud.

5 Responses to “Thinking Twice About Dropbox Security & Alternatives”

  1. Mark Sierra May 25, 2011 at 4:59 am #

    Hi K, remember me? :)nnI only use Dropbox as a tertiary solution and only then for a handful of files. My main online backup provider is one that I pay for and that’s MiMedia. It appears that the top package that SpiderOak offers is equivalent to the middle packet MiMedia has. I haven’t done a side-by-side comparison between the two, but already I can say that SpiderOak seems to be a very interesting choice. I’ll have to try their free account to see how it goes.nnHope you’re doing well!

  2. Karthik May 26, 2011 at 2:10 pm #

    Hi Mark, great to hear from you and know that you still read my blog.nnThanks for the heads up on MiMedia. 7GB free to start with – that got my attention instantly. However, I need to look at the ease of use and security features it has. But, with a recommendation as strong as yours I am definitely going to give it a try.u00a0nnI am doing well and hope you are too! We just had a baby boy (7 weeks old) and life has taken a very interesting and fun turn. 🙂

  3. Mark Sierra May 27, 2011 at 3:01 am #

    Congratulations on becoming a father! Yeah, they do have a way of turning your life upside down — I have 3 so I’ve had a little experience in that department. 😉 nnKeep up the good work here!

  4. David Wright January 12, 2012 at 11:25 am #

    I tried Dropbox recently to access a huge file from a customer in Ireland. The limits imposed by Google and other companies make this service very useful. The owner of the file gives you permission to access their files so that it can be transferred easily. Great for someone like myself who fixes data.


  1. MiMedia Offers 7GB of Free Online Storage | ShanKrila - June 2, 2011

    […] have been a great proponent of the online cloud storage service Dropbox. Recently, Dropbox had some negative publicity when they updated their terms of […]