Dropping Dropbox

When Dropbox first came to my attention, I was in love. What a great way to keep various config files synchronized across computers. Then it came out that Dropbox’s encryption wasn’t quite as awesome as they let on. It turns out there’s no technical restriction on (at least certain) employees accessing your files. The data is encrypted, but server-side. Now, I’m not all that concerned that someone will target me to find out what my .ssh/config file contains (heck, I’d put it on dotfiles if someone asked nicely), but it does make me reconsider what is appropriate for Dropbox.

Recently, Dropbox announced some changes to the Terms of Service. While the license part is what caused the most uproar on the Internet, the de-duplication part is what stood out the most to me. I know it’s not in Dropbox’s best interests to pay to store a thousand copies of Rebecca_Black-Friday.mp3, but that’s not my concern. The wording suggests that the de-duplication is block-level as opposed to file-level, which is less worrisome, but given their previous lack of transparency about the encryption, I wonder how they’re actually implementing it. If it’s file-level and if it spans multiple accounts, then that seems like a really terrible idea.

I’ve recently switched everything I had in Dropbox over to SpiderOak. The synchronization seems a bit slower and the configuration is less simple (but it’s much easier to back up multiple directories, instead of having to barf symlinks everywhere), but the encryption is client-side so that it’s impossible for SpiderOak to divulge user data (unless they’re lying, too). If you’re interested in trying SpiderOak for yourself, sign up through this link and we’ll both get an extra 1 GB of storage for free.