On 3 April 2013 15:38, mick mbm@rlogin.net wrote:
You mentioned that you had a 50Gig store with your 'phone. That's a lot more than is needed for "sync" alone and points to a use case different to yours.
Indeed. On the other hand, it was a factor when picking a provider, on the "just in case" basis. At home I have a decent cable connection (60Mbps) so backup would be a possibility, although in practice 50GB is too small for backups and I use a different service for that anyway. I very much doubt I'll ever use the full capability of the Dropbox account, except maybe on a temporary basis ("can you upload this 20GB file somewhere I can access it?")
Sure, but dropbox claimed that no-one could access locally encrypted data. So the assumption was that the key was somehow related to your dropbox password. It later transpired that the keys were likely really stored on the dropbox server and only policy prevented decryption. See Miguel de Icaza's commentary at http://tirania.org/blog/archive/2011/Apr-19.html
OK, I've read up a bit on this now. As some people pointed out (in the comments on the above blog post) some of this was obvious from the start: if you can share files between users then they must have a way to decrypt.
As I said, I always assumed this to be the case - even if they stated otherwise, unless I could audit it myself it's my responsibility to ensure my own data is encrypted if I care about it.
For a "better" way to do things, see SpiderOak: https://spideroak.com/blog/20100827150530-why-spideroak-doesnt-de-duplicate-...
It's interesting not least for the discussion of the reasons why deduplicating data between customers is dangerous.
Agreed. But I like to be in charge of my own destiny. I see a drift away from local autonomy towards contractual arrangements with (very) large corporates.
The problem is with the extent to which you can avoid this; I prefer to embrace it but mitigate the risks.
Hosting my own server is great, for example, but in practice I don't really host it myself, I just manage my own (virtual) server on someone else's network. I could do it at home, but apart from it being slow (even over a 60Mbps cable line) all the data still goes via Virgin, who I would trust less than Dropbox. So I would prefer to encrypt my own data, and use Dropbox (and for redundancy, also use Ubuntu One, Google Drive, etc). If any of them change their business model or go bust, I lose the cloud data but don't lose the master copies and can move things around as I see fit.
I don't like being tied to any one company. My email is with Google but I can move it all whenever I want to (and I have an archive off Google's servers). I host with a couple of hosting providers but could move whenever I want to - everything's designed such that an rsync between servers if pretty much all that's needed to migrate. Anyone who wants to lock me in (eg Apple) I steer well clear of. Any data I care about is encrypted and duplicated across multiple services (of which my own hardware is always one).
If you in turn are a large corporate, then you may have some leverage with the supplier and may be able to influence contractual terms. For the rest of us I worry.
Large corporates have leverage, but the rest of us can (if we choose to be) be far more mobile and fickle with our selections. I have probably a dozen domains with Google Mail but could move them all in an afternoon (likely with no loss of service) if I ever needed to. Corporates can't do that, and that's the power over my own destiny that I enjoy (and take care to maintain).
Mark