Friday, June 15, 2012

Add Security to Dropbox with TrueCrypt

UPDATE: This is probably the dumbest post I've ever written. As many people in comment sections of articles on this subject point out, this isn't %100 secure. And there are all sorts of complications with having synced volumes mounted on two computers simultaneously. So if you want privacy, just use Wuala or SpiderOak. (And I should stop linking to Lifehacker posts, not only for this, but because the other day they had a post that was supposed to give tips on how to survive with a laptop without a DVD drive, and when you open the article it just says basically to buy an external DVD drive. Gee, thanks.)

A couple weeks back I wrote about file syncing on PowerPC Macs and noted that Dropbox had one disadvantage compared to services like Wuala and SpiderOak, and that was security. By remotely storing your password on their servers, it implies that a Dropbox employee could hypothetically give your password to third parties like governments or copyright litigants. And security holes aren't just hypothetical. Awhile back, in a hilarious snafu of laughtastic proportions, all Dropbox accounts were open to anyone without password access one day for several hours. In fact, if you walk by a bar to this day and hear random laughter, that's probably Dropbox users still sharing a hearty laugh about it.

Well, if you've tried the other services and are still attached to Dropbox's simplicity/performance/Je ne sais quoi, you can still have your security and eat it, too. After stumbling on this Lifehacker post, I found out you can encrypt selected files within your Dropbox folder (or even your whole Dropbox folder) with TrueCrypt, a free and open source encryption program. And lookie here, both Dropbox and TrueCrypt still support Tiger PowerPC!

So how secure is TrueCrypt? It's been well established for years and gives you several different encryption schemes to choose from, and even the FBI was stymied in its efforts to crack it. So as a non-expert, that sounds pretty secure. The only caveat, if you're like those reviewers on Macupdate and flame every GUI that isn't sufficiently Mac-like, you'll probably have the same reaction with TrueCrypt because it's decidedly un-Mac-like. But it does the job and does it well.

No comments:

Post a Comment