I no longer trust dropbox. What better replacements are there?
August 3, 2012 1:08 PM   Subscribe

I no longer trust dropbox. What better replacements are there?

I like having a folder on my (mac) desktop that automatically syncs with other computers. I looked to other online backup services like S3 via arc and a few more that were discussed on a recent episode of twit's security now podcast but none seem to have a similarly simple folder-on-desktop-is-always-synced ui.

is there another option for me that exactly duplicates this functionality without requiring me to manually copy files via ftp or drop them into a program, etc? (again, this is about having a single folder synced across computers, not about an online backup solution)
posted by krautland to Computers & Internet (29 answers total) 40 users marked this as a favorite
 
It would be helpful to know why you no longer trust dropbox.
posted by alms at 1:09 PM on August 3, 2012 [2 favorites]


Response by poster: because of the recent security breach. because of them storing clear email addresses in employee dropbox accounts, because of them installing automatic updates without asking and then refusing to tell me what the update does and why it needs admin rights, because they refuse to delete my credit card data in spite of me having filed six tickets and counting. oh, the list is long.
posted by krautland at 1:13 PM on August 3, 2012 [1 favorite]


I'm assuming Dropbox's most recent security breach, plus last year's authentication bug.
posted by zamboni at 1:13 PM on August 3, 2012


I looked to other online backup services like S3 via arc and a few more that were discussed on a recent episode of twit's security now podcast but none seem to have a similarly simple folder-on-desktop-is-always-synced ui.

How about a synced folder via Transmit to an SFTP host or Amazon S3 bucket of your choice?
posted by Blazecock Pileon at 1:13 PM on August 3, 2012


Response by poster: yeah, transmit is something I am considering. but I gotta say dropbox is more effortless. you boot up, you do your work, the folder is just synced. transmit, even while running in the background, requires me to think of it, if that makes sense. to me, it's doable but less elegant.
posted by krautland at 1:16 PM on August 3, 2012


If you're handy with the command line, you could use rsync and crond or launchd to synchronize a folder-of-interest on a periodic basis.
posted by Blazecock Pileon at 1:18 PM on August 3, 2012


Cubby

I haven't used it much but seems to work very much like Dropbox.
posted by wongcorgi at 1:19 PM on August 3, 2012


If you like the Dropbox functionality but feel feelings about data security, you could use a TrueCrypt virtual disk. This doesn't solve bad feelings about having the Dropbox executables on your machine, though.
posted by DrChurlish at 1:22 PM on August 3, 2012


Google Drive has a local client. SparkleShare is a possibility (and allows . Box.net has a client.

You could rsync and use some scripts...

Good move dropping Dropbox though. I left them too, due to their CTO's reaction to the authentication bug (he argued that a loss exposure was not a problem unless you actually got hacked), and Rajiv Eranki (one of their early employees) stating that "a lot of services (even banks!) have serious security problems and seem to be able to weather a small PR storm." while arguing that security wasn't important. I really didn't like that he indicated no concern about harm to customers, just harm to Dropbox.

I don't believe Dropbox cares about anything outside themselves, I don't believe they'd honestly report if there was a major breach that only they and the hacker knew about, and I don't believe they'd put in the effort to find such a hacker in the first place. As such, I think I'd have to be a complete fool to trust them to do the right thing, ever.
posted by grudgebgon at 1:24 PM on August 3, 2012


Sorry, I was saying that with sparkleshare you can set up your own infrastructure if you don't trust somebody else's.
posted by grudgebgon at 1:26 PM on August 3, 2012 [1 favorite]


Response by poster: cubby seems like a good solution that does what I want. I'll look into their privacy policy next.

truecrypt is great but that's not what I'm worried about. I'm not worried about dropbox snooping through my stuff, I'm worried about them not taking security seriously enough and playing inside baseball when they should come out with the truth about what went wrong.

"due to their CTO's reaction to the authentication bug"
exactly. it's their cavalier attitude. no problem, nothing to see here. that's creeping me out.
posted by krautland at 1:26 PM on August 3, 2012


There are options like Google Drive and Microsoft SkyDrive, but do you prefer to have Google or Microsoft pawing through your stuff instead?

Some other services like Wuala ("Secure cloud storage") and SpiderOak ("Zero-knowledge data backup, sync, access") appear to take privacy and encryption more seriously, but they are correspondingly more painful to use. Also, there are fewer eyes staring at them, so the risk of a non-public breach seems (subjectively) higher to me.

Then there are mobile-centric options like Box.com (didn't they use to be box.net?).

Are any of these *better* than Dropbox? ("It's a folder. It syncs.") Well, I have accounts on all of these services, and Dropbox is the only one I use, but I wouldn't use it for anything that is the slightest bit sensitive...
posted by RedOrGreen at 1:33 PM on August 3, 2012


Perhaps sugarsync?
posted by urbanwhaleshark at 1:36 PM on August 3, 2012 [2 favorites]


I love Strongspace. I also love Dropbox, but Strongspace is perhaps more security-minded.
posted by sportbucket at 1:40 PM on August 3, 2012


Aerofs syncs just like dropbox but doesn't save anything anywhere you don't want it saved. No centralized storage or logging.
posted by Freen at 1:40 PM on August 3, 2012 [2 favorites]


Mod note: No need to trash Dropbox, the question is very clear that the OP is looking for alternatives. Thanks.
posted by restless_nomad (staff) at 2:03 PM on August 3, 2012


Wuala encrypts data pre-upload and has zero knowledge of your password. You can get up to 5 GB free if you look around for coupon codes and stack them. Cross-platform (Java).

Duplicati (or plain old Duplicity if you're on *nix) is an open source program for encrypted, incremental backups to your own server (via WebDAV, FTP or SSH if you know how to set those up), cloud storage purchased separately (S3, Rackspace CloudFiles, SkyDrive, GDocs), and Tahoe-LAFS (if you've never heard of that, you probably don't want to use it).
posted by DareTo at 2:16 PM on August 3, 2012 [1 favorite]


There's also Filetrek.
posted by KokuRyu at 2:19 PM on August 3, 2012


SpiderOak.
posted by iamabot at 2:21 PM on August 3, 2012


Oh, RedOrGreen already mentioned Wuala. I just saw that, and wanted to mention that it's not painful to use at all. Folders set to backup or sync do so in the background just like Dropbox. Only real caveats are that the interface can be less than stellar and that due to how it works, forgetting your password means losing all you've stored.
posted by DareTo at 2:23 PM on August 3, 2012


The company I work at now has higher security standards & requirements than most (good) banks. Every tool we use must clear our CSO's scrutiny, which often include on-premise security audits.

Dropbox had inadequate security.

Box did meet our security requirements, and that is what we use in the company.
posted by trinity8-director at 2:31 PM on August 3, 2012 [2 favorites]


Amazon has a Cloud Drive app, but I haven't used the application.

JungleDisk is another S3 based alternative.

My company uses Box.

> but do you prefer to have Google or Microsoft pawing through your stuff instead?

There is a substantive difference between trusting Dropbox, and trusting Google or MSFT. Dropbox has a history of fraudulent advertising (they claimed they were encrypting when they weren't), viewing high-magnitude loss exposures as non-events, and being hostile to paying customers who ask for a simple, standard post-event write-up. Dropbox also has engineers who publicly state that security isn't a big deal because Dropbox would likely "weather the PR storm", without any apparent regard to users.

MS and Google on the other hand both have substantive internal audit procedures and compliance guidelines, to the point that a Google employee can't access user data without providing an explanation in an audit log.

I know restless_nomad deleted my previous post and mischaracterized it as "trashing" dropbox because I shared these same facts, but I continue to believe that it is inappropriate to leave RedOrGreen's comment unanswered, as RedOrGreen is (very incorrectly) implying that there's no difference who you trust, but in reality there is a substantive difference between trusting Dropbox and trusting Box, MSFT, or GOOG.
posted by grudgebgon at 2:47 PM on August 3, 2012 [5 favorites]


There is a program called JungleDisk that does similar things. Works on Mac, Windows, and Linux. The user interface is a tad clunky, but it does what you want. And even better: you can set as many different folders as you want to be synchronized, it's not just one fixed folder. You can sync between multiple machines, have separate backups for different machines, etc. It's not too expensive, either.
posted by number9dream at 3:04 PM on August 3, 2012


Google Drive + BoxCryptor? BoxCryptor is an interface for an EncFS encrypted file system, where the ciphertext lives (and is synced) by the cloud storage solution of your choice (e.g., Dropbox, GDrive, SkyDrive, whatever). On Windows, BoxCryptor presents a new drive letter for the mounted plaintext; presumably you'll have a mountpoint on unix-based OSes like OSX and Linux.
posted by chengjih at 3:12 PM on August 3, 2012 [3 favorites]


Another vote for Box: Dropbox seems to have been built around the need of individuals or small groups who are putting information online. The great emphasis was always on simplicity. Box, from the beginning, has always been more about serving organisations rather than just individuals: for example it has had, for a long time, a facility to prevent a folder that I share with somebody else from being re-shared by that somebody so that a third party can see it. As trinity8-director points out, I suspect that the people behind Box are more used to having their security audited by their organisational clients.
posted by rongorongo at 3:14 PM on August 3, 2012


I've been using Google Drive ever since it came out, just because of how much it smokes the competition in terms of dollar-per-gigabyte. I loved Dropbox, it's still got the best feature set of all the alternatives, but I'm perfectly happy with Google Drive. By default, it operates exactly as you want: there's a folder, in OSX and Windows it has a special icon, you put things in it, it syncs.

The payment is handled through Google Wallet, ie their attempt at an answer to Paypal. I trust Google to at least take the security for that pretty seriously. For the data inside your drive, it's harder to say, but at the same time, if you're storing sensitive information in there to begin with, you should take the security into your own hands and do your own encryption. I use TrueCrypt.
posted by The Master and Margarita Mix at 5:26 PM on August 3, 2012


>>There is a substantive difference between trusting Dropbox, and trusting Google or MSFT.<>

Hard to take that comment seriously after Google's Street View data theft came to light. Unless you think the 'don't be evil' choirboys really didn't intend to steal the private communications of hundreds of millions of people. I don't have an answer to the Q, but I would beware of answers that point you to services provided by other proven liars.

posted by LonnieK at 6:54 PM on August 3, 2012


SpiderOak, Mosy Stash, Google Drive, CX, Cubby, Box - i am running all 6 (and still DropBox), and they all work fine.
posted by roofus at 7:08 PM on August 3, 2012


Cubby offers client side encryption for the pro version.
posted by Dansaman at 1:30 PM on December 18, 2012


« Older today is   |   How do I get WordPress authors to show on posts... Newer »
This thread is closed to new comments.