The file storage and sharing service Dropbox has been in the news much of late because of incidents in which user account security was compromised.
The latest happened just this past Sunday: a programming error left every single Dropbox user account exposed, password-free, for at least four hours. Kinda major.
Other than these increasingly frequent security failures, they've had a pretty great service going. I've been a fan for some time. I'm on the fence about whether to drop Dropbox, or hang on with limited use and see if they turn things around.
Rich Mogull at Securosis has a post up today suggesting one option for people like me who may still want to use Dropbox (well, for non-sensitive files), but want to take extra steps to increase odds that your private stuff stays private.
Short version: encrypt your shit!
Here are a couple easy ways to encrypt your data until Dropbox themselves wake up, or someone else comes out with an alternative service that is as reliable from a data storage and sync standpoint.
Read the rest (securosis.com).
And Rich's advice is wise for people who use other hosted storage services, too (notably, BTW, an increasing number of them are now just front-ends for Dropbox). Just because we're only hearing about these screwups with Dropbox doesn't mean they're the only service where such breaches can occur, or already have.
- Dropbox accounts left open for 4 hours due to programming bug …
- Dropbox CTO on their security policy
- Dropbox's new security policy implies that they lied about privacy …
- Dropbox lied to users about security, encryption, charges security …
- Dropbox asks file sharing add-on to drop dead
- Client-side encryption/integration with Dropbox