Dropbox + coffee shop wifi = secure?
March 26, 2013 2:20 PM   Subscribe

How secure is Dropbox on an open coffee shop wifi?

I login through HTTPS and use two-factor authentication, but how secure is it to access/edit/create/sync files through the dropbox app on an open (non WPA encrypted) coffee shop wifi connection?

Assume newest version of OS X Mountain Lion, fully patched, file sharing off, OS firewall on. But do I need a VPN?
posted by bluecore to Technology (8 answers total) 6 users marked this as a favorite
I think you have more risks from outside influences than a hacker in the same coffee shop as you. If you're concerned, look into encrypting files in your Dropbox with TrueCrypt.
posted by dobi at 2:25 PM on March 26, 2013

Here's what Dropbox says:

How secure is Dropbox?
  • Dropbox uses modern encryption methods to both transfer and store your data.
  • Secure Sockets Layer (SSL) and AES-256 bit encryption.
posted by Nonsteroidal Anti-Inflammatory Drug at 2:57 PM on March 26, 2013 [2 favorites]

Boxcryptor is another application you can use to give yourself a second layer of encryption - it may work better if there is more than one person who needs to get access to the encrypted files.

Your coffee shop may be the haunt of people who would like help themselves to your bag or to your laptop - but, as dobi says, it is less likely to handle people who are specifically targeting locally connected computers in order to steal information. Those people are out there, of course, but they have no need to hanging out drinking coffee near you.
posted by rongorongo at 3:14 PM on March 26, 2013

You may want to look into SpiderOak.
posted by AwkwardPause at 3:21 PM on March 26, 2013

Dropbox is secure enough for a coffee shop. The real worry for me would be if I used my gmail address for Dropbox login, and use any Google services (even search) while logged into Google. With that, someone would be able to sniff your Google cookie. I'm not sure if the security has improved recently, but it used to be that just having a Google cookie gave access to gmail, which would give access to Dropbox or anything else that used gmail for login details.
posted by nevan at 5:15 PM on March 26, 2013

If you connect to an SSL (https://...) site and your browser does not pop up a message along the lines of "This connection is untrusted," then your connection is equally secure whether you are at home, work, a cafe, wherever. How secure that actually is depends on how much you trust your own computer, Dropbox's servers, the certificate authority that Dropbox gets their secure certificate from, various governments, etc.
posted by domnit at 7:25 PM on March 26, 2013

Your risk here is DNS poisoning combined with sslstrip. If you are using the desktop client, you should be fine. If you are using the web browser, check the SSL certificate is issed by someone you have heard of, and that it is issued to Dropbox.
posted by devnull at 1:44 AM on March 27, 2013

sslstrip does not actually work against legitimate SSL connections, but it can be used to modify links or redirects from HTTP sites to HTTPS sites. For example, if you visit http://www.dropbox.com/, it normally redirects you to https://www.dropbox.com/. sslstrip takes advantage of that initial unsecure connection to redirect you to a phony site. If you access Dropbox through a bookmark to the HTTPS site, your connection will be secure.
posted by domnit at 6:52 PM on March 29, 2013

« Older How Does a New Couple Start Having Regular Money...   |   How do I contact English, Literature, and Drama... Newer »
This thread is closed to new comments.