# Is Dropbox Secure?



## csonni (Feb 8, 2001)

I've been using Dropbox for a few files and am curious as to how secure Dropbox is. Presently I have a few files including my Agile Keychain (for 1Password). I was thinking of putting my Quicken file which includes all of our financial data. Is there a way of encrypting a file like this before putting it in Dropbox? Or, is it safe? I'm sure someone will ring in here with all the flags up.


----------



## chas_m (Dec 2, 2007)

For files of the nature you mentioned, one would have to be INSANE to put unencrypted data on the web. I'm sure Dropbox thinks their servers are secure but again, NO WAY would I put sensitive data unencrypted on a publicly-available site.


----------



## IllusionX (Mar 10, 2009)

sensitive data never goes further than a burned disc. that's me.


----------



## csonni (Feb 8, 2001)

chas_m, if you read a bit closer, in regards to my Quicken file, I am asking if there is a way to encrypt it. I did take my keychain out of the Dropbox folder since that is quite data sensitive. I've been feeling a bit uncomfortable with that.


----------



## G-Mo (Sep 26, 2007)

Dropbox isn't secure, but, you should be able to zip and encrypt the file with a password.

I've used software in Windows before (DynaZip Max Secure comes to mind) that supports AES Strong Encryption. I believe StuffIt has a similar option (with AES Max Secure encryption) for OS X. There are probably others...


----------



## csonni (Feb 8, 2001)

The only thing is that this kind of defeats the purpose of Dropbox (leave it and let it do its thing). Is there a way of somehow encrypting a file and have it stay that way even when opening and saving?


----------



## Macified (Sep 18, 2003)

Use disc utility to create a small disc image with enough room to keep your sensitive data. Set it as encrypted and don't forget the password. Copy that image to dropbox. When you need to access the files, double-clicking the image in the dropbox folder will give access to the files inside (once you enter your password). Having an encrypted image is a great way to protect documents on your local drive as well. The only caveat is that the image won't be usable on Windows systems if that is a requirement.


----------



## G-Mo (Sep 26, 2007)

Macified said:


> Use disc utility to create a small disc image with enough room to keep your sensitive data. Set it as encrypted and don't forget the password. Copy that image to dropbox. When you need to access the files, double-clicking the image in the dropbox folder will give access to the files inside (once you enter your password). Having an encrypted image is a great way to protect documents on your local drive as well. The only caveat is that the image won't be usable on Windows systems if that is a requirement.


Make sure when creating the disk image you select 256-bit AES encryption under "Encryption" for the highest level of protection!!


----------



## csonni (Feb 8, 2001)

That's strange. I did exactly as you recommended, but, when going to my Dropbox folder and double-clicking the image, it opens/mounts without requiring a password.


----------



## eMacMan (Nov 27, 2006)

csonni said:


> That's strange. I did exactly as you recommended, but, when going to my Dropbox folder and double-clicking the image, it opens/mounts without requiring a password.


Did you uncheck the box to keep the password in your keychain when you created the disk image?


----------



## Hodge (Feb 2, 2007)

There's an article here about using Dropbox with TrueCrypt which should work cross-platform.

How to Hack Your Dropbox: Five Amazing Mashups | Maximum PC


----------



## csonni (Feb 8, 2001)

Bingo. I'd better try that again. Or, isn't that okay on my local drive?


----------



## EggWhite (Feb 1, 2009)

I personally use Dropbox, but one option I heard of supposedly offers "zero-knowledge" backup is SpiderOak.

Here is a comparison written by SpiderOak: SpiderOak Versus Dropbox


----------



## csonni (Feb 8, 2001)

Downloading now. I like the fact that SpiderOak allows you to keep your files where they are.


----------



## Guest (Sep 25, 2009)

Might I suggest another route? Why not store these files on a thumbdrive and keep it on your keychain? You can do the encrypted disk image on that thumb drive to keep the files safe in case you lose it. Probably a much safer solution than posting your critical files on the internet ... also on a thumb drive you will have them with you all the time, no need for internet access.


----------



## csonni (Feb 8, 2001)

Thanks for the suggestion. That's quite possible. It does add another "piece" into the equation. I'm trying to find something automated with nothing extra required on my part. I'm trying out SpiderOak which has great encryption but I right now the app stays "disconnected" with no help in getting it connected again. Hmm.


----------



## EggWhite (Feb 1, 2009)

mguertin said:


> Might I suggest another route? Why not store these files on a thumbdrive and keep it on your keychain? You can do the encrypted disk image on that thumb drive to keep the files safe in case you lose it. Probably a much safer solution than posting your critical files on the internet ... also on a thumb drive you will have them with you all the time, no need for internet access.


That's what I used to do but Dropbox and other alternatives have features that a usb key can't easily provide. Dropbox gives you free offsite storage which is important. Also you get versioning, the ability to undelete, access from any where, and syncronization.


----------



## csonni (Feb 8, 2001)

From what I understand, Dropbox doesn't allow for versioning, as Spideroak does according to this article (?).

SpiderOak Versus Dropbox


----------



## EggWhite (Feb 1, 2009)

Dropbox does versioning also. What the link says is that Spideroak not only does that but it can backup and sync from any folder (dropbox has one folder) and it can just backup, and not sync to your other computers.


----------



## EggWhite (Feb 1, 2009)

Just a heads up that the Dropbox iPhone App is now out.

I also searched the helps docs for Dropbox and this is what they say about the security of your data.


```
For Our Advanced Users

Dropbox uses modern encryption methods to both transfer and store your data.

    * Shared folders are viewable only by people you invite
    * All transmission of file data and metadata occurs over an encrypted channel (SSL).
    * All files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password
    * Dropbox website and client software have been hardened against attacks from hackers
    * Online access to your files require your username and password
    * Public files are only viewable by people who have a link to the file(s). Public folders are not browsable or searchable
    * Dropbox employees are never permitted to access user files, and when troubleshooting an account they only have access to file metadata (filenames, file sizes, etc., not the file contents)

Dropbox uses Amazon's Simple Storage Service (S3) for storage, which has a robust security policy of its own. You can find more information on Amazon's data security from the S3 site or, read more about how Dropbox and Amazon securely stores data.
```


----------

