(no title)
jest3r1 | 8 years ago
I clearly outlined many competitors similar to Dbox that offer end-to-end encryption: (SpiderOak, Tresorit, Sync.com, pCloud). NextCloud (open source self-hosted Dropbox alternative) also just launched end-to-end encryption.
>Therefore I would trust Gmail more than I would trust Proton Mail.
Google: don't expect privacy when sending to Gmail: https://www.theguardian.com/technology/2013/aug/14/google-gm...
Google terms of service: Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored. https://www.google.com/policies/terms/
varenc|8 years ago
The technology just doesn't exist to give users an equivalent experience with equivalent features when using E2E. I wish this wasn't so but it is.
HTTPS is transport layer encryption that goes seamlessly over HTTP and doesn't change anything at all about what you can do online. With E2E giving users collaborative folders, shared links, online browsing, password reset, etc while still providing zero knowledge encryption is a huge technical challenge. If you're doing decryption locally in the browser you still have to trust the company not to just add some JS to siphon off you decryption key at any moment.
I really do want to live in a world where E2E is in more places, but with cloud file solutions there's just not a way to do it right now that gives people the features they want and the market share of these companies is showing that.
bad_user|8 years ago
pCloud doesn't do 2-factor authentication yet, which is freaking important for your non-encrypted files at least. I asked them about it because I could not believe it and they said it's "on their roadmap". But ALAS my trust in them dropped to zero. The chances of implementing reliable encryption while not getting basic security straight are next to none.
Plus you cannot trust encryption that is not peer reviewed ;-)
I haven't tried NextCloud, but ownCloud is shit. It's really slow, could not handle the several hundreds of GBs I have stored and there have been situations of users losing their data. Plus I'm not inclined to host my own stuff, because that would get very expensive.
Actually you haven't mentioned the only real alternatives ...
(1) Resilio Sync (https://resilio.com) which I use, in combination with a cheap VPS with 2 TB of storage on it (time4vps.eu in case you're wondering, not affiliated)
(2) Syncthing (https://syncthing.net), the open source alternative, which is OK, but hard to configure and Resilio does stuff out of the box, like encrypted folders
And I'm using Resilio Sync in addition to Dropbox. Well, I've actually migrated to Google Drive (on GSuite) this month, due to Dropbox Support pissing me off, but that's another story.
But the interesting part, which should be clear after a single day of usage, is that all Dropbox alternatives, except for Resilio and Syncthing, fail at the most basic task that users want, which is to reliably synchronize your files. Even the big guys, like GDrive or OneDrive, have an incredibly broken sync by comparison.
Just the other day I noticed for example how Google Drive can start deleting files from your local hard drive, only God knows why, in order to re-download them. And before that I dropped OneDrive because their client was freezing on my Mac, not to mention a couple of months back they weren't doing the one month file versioning thing, which is retarded in the age of ransomware.
jest3r1|8 years ago
The fact that both of us are actively using at least one alternative, in addition to Dropbox, proves my point. That E2E encryption (alternatives that offer better privacy) could be a threat to Dropbox, if and when the alternatives become a viable total replacement.