Re: Zero Knowledge Encryption

PierreLeBear · ‎02-29-2020

I find that many Cloud services offer encryption during transfer to the service and encryption at the destination. Dropbox does this too. Unfortunately, the keys used at the destination are available to Dropbox. What would make Dropbox unique is if it would offer Zero Knowledge encryption at the client. That way all files are encrypted at the client with the customer retaining the keys. Why is this important? There can be bugs during transfer even if encryption is used (remember the famous OOPS with caches on internet servers offering up unencrypted data?). Also, the government can force Dropbox to deliver user data (or it may be compromised by hackers).

Dropbox with Zero Knowledge Encryption would be a market leading solution that would drive a great preference over OneDrive, Google Drive and others. It would be the only way I would be comfortable putting my files on the cloud.

Mochnant · ‎11-25-2020

I would love to see the option for Zero Knowledge Encryption, as well. From a finanical stanpoint, I am paying Sync.com for this service, and not Dropbox. I'd rather be using Dropbox.

There is no reason it needs to be all or nothing for all users. Some cloud providers allow it as an option for those who want it, while others who prefer the convienence and integrations can disable it.

Tyler B.12 · ‎06-01-2021

Seems like this is a no brainer for at least the Vault

dropmyselfabox · ‎06-05-2021

Fully agree, more and more providers are offering this service. I would opt for DropBox to see if they can do the same. Privacy and security are increasingly becoming more important (should always be important, but anyway). I don't want anyone snooping around in my files.

stopmotion · ‎06-12-2021

I did upvote this idea. But I also want to share some thoughts with you who may not be very familiar with online security.

Security - how much is plenty for you personally? There's poor, good, very-good, and extremely high security measures you can take.

Obviously, what you don't want is to be the easy target - storing weak passwords and files on some mediocre service. With a little education and more than one layer of security however, you can move up to a very-good security tier for little to no cost.

Granted: the growing ability of hackers using today's incredibly powerful GPUs to process millions of hash comparisons and other tests per second (24 hours a day) to find potential matches or other clues for breaking into secured accounts is unbelievable. I'm no expert, but I've done some research.

You can search too, however, I don't recommend getting lost in time-consuming reading, overthinking and worrying (as I did at first.) In most cases there are just a few steps the average user can take to become highly secure.

These hackers mostly go for the cream of the crop. Identity theft, access to credit card info, entering your various accounts - it's a cakewalk for them when it comes to so many people out there who are not using much if any security.

For years I trusted whatever browser to store my weak and duplicated passwords, and this was no doubt the reason I dealt with fraud on quite a few financial accounts, and had email and social media accounts hacked on several other occasions.

Of course, Zero Knowledge Encryption as discussed here is obviously the highest-tier of security, but mostly required by those who have the highest-tier of *necessity* - concern for a potential subpoena, or possess legally-sensitive or highly-confidential data. These ones obviously need the best out security out there.

However, if you're coming from general file storage services and weak passwords - consider this: If you layer good encryption such as Dropbox' security and 2FA, you've already taken yourself way out of the limelight for hackers. You can also consider free or reasonably priced services such as Keeper - which has a good free version plus additional plans for individuals and families (currently 40% off at time of posting). Go that route and you've got very little to fret about.

Do some research on data privacy if you haven't already. You may find that today's top-tier services may not be a big concern for you. Of course, it's up to you, but often some simple educated steps will take you far out of harm's way.

BAPPADITYA · ‎08-13-2021

Just signed up with sync.com because of Zero Knowledge Feature.

But Is sync.com reliable.

pomme4moi · ‎08-16-2021

I’m in the process of moving from Dropbox to Tresorit. Dropbox has features I like, but zero knowledge encryption now is table stakes. If Dropbox doesn’t want to implement it, that’s fine. There are new alternatives every day. And IMHO, asking people to vote for data privacy is absurd.

jr_g33k · ‎08-21-2021

Happy to upvote this all day long, and then some. You have my vote (I have voted). If I could upvote indefinitely I'd still be here days later upvoting this. I 100% agree with this 'idea'.

roganhamby · ‎08-26-2021

This needs to happen.

mattc--9 · ‎09-07-2021

This would be nice but it needs to be done correctly. I don't think dropbox would do it because normal users would get angry if they forget the password and can't get to their files. The security stuff seems nice to them, but if they loose their files they don't really care.

For now use Cryptomator, it is a pretty decent Open Source app for desktop and android that is compatible with google drive and doesn't cost a monthly fee (free on desktop, one time 10$ payment on mobile)

roganhamby · ‎09-08-2021

There is no reason to believe that this has to be an opt-out scenario. It can be opt-in and even done per folder. This isn't trivial but it would be really nice to have and give me more confidence in storing confidential information on Dropbox.