Need to see if your shared folder is taking up space on your dropbox 👨💻? Find out how to check here.
Forum Discussion
Solved
Zero Knowledge Encryption
I find that many Cloud services offer encryption during transfer to the service and encryption at the destination. Dropbox does this too. Unfortunately, the keys used at the destination are available to Dropbox. What would make Dropbox unique is if it would offer Zero Knowledge encryption at the client. That way all files are encrypted at the client with the customer retaining the keys. Why is this important? There can be bugs during transfer even if encryption is used (remember the famous OOPS with caches on internet servers offering up unencrypted data?). Also, the government can force Dropbox to deliver user data (or it may be compromised by hackers).
Dropbox with Zero Knowledge Encryption would be a market leading solution that would drive a great preference over OneDrive, Google Drive and others. It would be the only way I would be comfortable putting my files on the cloud.
I wanted to share a quick update with you:
We have launched our end-to-end encryption in April. More details can be found here and here.
High level overview:
You can now add end-to-end encryption to team folders. The functionality is available for our Advanced, Business Plus and Enterprise customers at no additional costs.
If there are any questions, please let me know!
33 Replies
Replies have been turned off for this discussion
I did upvote this idea. But I also want to share some thoughts with you who may not be very familiar with online security.
Security - how much is plenty for you personally? There's poor, good, very-good, and extremely high security measures you can take.
Obviously, what you don't want is to be the easy target - storing weak passwords and files on some mediocre service. With a little education and more than one layer of security however, you can move up to a very-good security tier for little to no cost.
Granted: the growing ability of hackers using today's incredibly powerful GPUs to process millions of hash comparisons and other tests per second (24 hours a day) to find potential matches or other clues for breaking into secured accounts is unbelievable. I'm no expert, but I've done some research.
You can search too, however, I don't recommend getting lost in time-consuming reading, overthinking and worrying (as I did at first.) In most cases there are just a few steps the average user can take to become highly secure.
These hackers mostly go for the cream of the crop. Identity theft, access to credit card info, entering your various accounts - it's a cakewalk for them when it comes to so many people out there who are not using much if any security.
For years I trusted whatever browser to store my weak and duplicated passwords, and this was no doubt the reason I dealt with fraud on quite a few financial accounts, and had email and social media accounts hacked on several other occasions.
Of course, Zero Knowledge Encryption as discussed here is obviously the highest-tier of security, but mostly required by those who have the highest-tier of *necessity* - concern for a potential subpoena, or possess legally-sensitive or highly-confidential data. These ones obviously need the best out security out there.
However, if you're coming from general file storage services and weak passwords - consider this: If you layer good encryption such as Dropbox' security and 2FA, you've already taken yourself way out of the limelight for hackers. You can also consider free or reasonably priced services such as Keeper - which has a good free version plus additional plans for individuals and families (currently 40% off at time of posting). Go that route and you've got very little to fret about.
Do some research on data privacy if you haven't already. You may find that today's top-tier services may not be a big concern for you. Of course, it's up to you, but often some simple educated steps will take you far out of harm's way.
Fully agree, more and more providers are offering this service. I would opt for DropBox to see if they can do the same. Privacy and security are increasingly becoming more important (should always be important, but anyway). I don't want anyone snooping around in my files.
Seems like this is a no brainer for at least the Vault
I would love to see the option for Zero Knowledge Encryption, as well. From a finanical stanpoint, I am paying Sync.com for this service, and not Dropbox. I'd rather be using Dropbox.
There is no reason it needs to be all or nothing for all users. Some cloud providers allow it as an option for those who want it, while others who prefer the convienence and integrations can disable it.
I just wanted to add here that I too was a Dropbox subscriber (for 6 or 7 years) but I recently switched to Sync.com for the same reason. I have always loved Dropbox's service, but I am no longer comfortable entrusting my private documents without support for this kind of encryption. To be clear, I would happily accept slower sync times and other feature limitations in exchange for this support.
ITConsultingAfrica Thank you I didn't know about sync.com :) I just signed up!
I'm a paying dropbox customer for many years. However, I'm now looking for an alternative because it's exactly zero-knowledge encryption that I expect from a cloud storage service.
This is the exact idea that I wanted to share! Thank you, @PierreLeBear.
And to @ITConsultingAfrica, I find your ending comments to be rude and unhelpful.
"If you do not like that Dropbox has access to your encryption
keys, move on, and look at a provider like sync.com or others.
That is my understanding, and I may be wrong. But this is OK
with me, as I doubt a Dropbox engineer will want to look at my
holiday photos of 2 years ago or whatever."
No one looks for encryption to protect family photos!
Those of us who have to work with HIPPA laws are always looking for options to ensure privacy. Obviously, I have looked elsewhere for this feature, but it would be awesome for me (and obviously others) if Dropbox offered it.
I completley agree! This would be the a hugh selling point for dropbox!
Hi nhflasun16
I did extensive reading about this earlier this week. While I am no expert in zero knowledge encryption, this is what I found out: There are many few cloud providers that do zero knowledge encryption. Reason for that is not so that they can spy on you. It is to provide you with a faster user experience.
Also, Dropbox (and others) integrate with other providers (e.g. Adobe, Zoom, Slack, etc) and if the encryption key is with you, and not with the cloud provider (read Dropbox) then the service offering to you will be slower.
If you do not like that Dropbox has access to your encryption keys, move on, and look at a provider like sync.com or others.
That is my understanding, and I may be wrong. But this is OK with me, as I doubt a Dropbox engineer will want to look at my holiday photos of 2 years ago or whatever.
Regards
Casper
