Sunday, July 3, 2011

The Dropbox TrueCrypt Paranoia Conundrum

I've been using Dropbox for months now to back up my important files to the Mystical Cloud that drifts through the Internet. Aside from one minor wrinkle of a file conflict (which I easily resolved), it's done sterling service. My files are backed up across multiple computers and their associated backup hard drives, not to mention the Dropbox servers themselves. Losing my work in a catastrophic incident should, theoretically, be impossible.*

But over the last couple of weeks Dropbox has gotten some bad press. Aside from the security breach (see "bad"), none of this is really a surprise; if you put your data on somebody else's computer, they are going to have to protect themselves legally in some fashion. And because copyright law is a hydra with infinite heads and a bad attitude, even an innocent company is going to look bad trying to comply with it.

That said...

The security breach did bother the heck out of me. I don't know of anyone who'd want to look at my files with malice in their heart, but I also didn't know anyone who'd want to run up a $300 bill on my Amazon account. Shit happens. And while all of my files are perfectly innocent**, I still feel less than clean knowing that someone could be looking at them right now with their filthy eyes...

Enter TrueCrypt. My files are now wrapped in one big, ambiguous blob of encrypted data, one that no one is liable to crack open in the next decade without the correct password. So I am, relatively speaking, secure.

But can I still be productive?

TrueCrypt bundles your data into what is effectively an encrypted hard drive. With the right password, you can mount it and edit everything on it just like any other filesystem. So what's in my Dropbox account now is one big file that is 1.99GB in size. There are some issues with this:

Syncing. The initial upload of this file took a good three hours. Fortunately Dropbox does bitwise syncing, so it only needs to resync the bits of the file that change during an edit. I opened up a Word document and added some text, and Dropbox updated it in about a minute.

Syncing again. The encryption works fine if I only edit the file on one computer at a time. Since that's what I do anyway, this is no big deal. But if I forget and let my systems get out of sync, I'm going to wind up with a 4GB conflict that could potentially corrupt my data. So be careful with those edits, m'kay?

Nerfed features. Dropbox allows you to access your files from the web, but not if they're in one big encrypted blob. Ditto for sharing files with other people, or versioning them. Happily I'm not using these features anyway and don't plan to start.

So this isn't a perfect solution. Still, I think it's a happy balance between ease-of-use and security, which is all I can ask for.

And if it turns out to be more annoying than I bargained for, I'll store my files in my data dog instead.

*This is tempting fate. I'm certain some alien intelligence with a global-scale EMP generator is reading this and giggling.

**Pay no mind to that donkey in the corner.

No comments: