A reader of my blog has recently informed me about a website that invites Dropbox users to get rid of the service and start looking for better options, and asked me what are my thoughts on the matter. The website in question is called Dump Dropbox. Can you trust Dropbox to secure your stuff? — they ask. Then they offer a list of seven main questions & answers people should read to understand that perhaps Dropbox may not be the best option to secure their data.
And perhaps it isn’t. Honestly, of all the seven questions Dump Dropbox poses, I’m mostly concerned about N°6 and N°7, but in both cases it’s not a situation set in stone: who says Dropbox can’t introduce private encryption keys and expand its storage options outside the USA at a later date?
But maybe a more interesting perspective to look at the whole issue is: are people naïve enough as to trust online cloud services with their most sensitive data? This, I think, is the question that should be asked in the first place. I’m not a typical user, I admit, and I come from what’s probably considered an old-school backup culture. My practices for keeping sensitive documents and data secure may seem quaint, but they never failed me in more than twenty years. The recipe is rather simple:
- Identify and collect all the documents you consider sensitive (personal information, financial information, secret projects, etc.). In my case, this kind of stuff takes much less than 4 GB, and can easily be stored on DVD-Rs, USB pendrives, etc. and can also be easily moved around.
- Keep this core of sensitive information offline. I use multiple redundant backups on a variety of supports — from recordable DVDs to USB pendrives, from Magneto-Optical discs to PCMCIA cards, from external hard drives to floppy diskettes — and I keep at least one copy off-site.
- Make sure whatever data you move around with any chosen cloud service isn’t sensitive. Make sure anything you consider important is copied, not moved: 85% of the contents in my Dropbox Folder, for instance, is made of files I have copied there from my MacBook Pro to make them available to three other PowerBooks, an iBook and a PowerMac G4 Cube. (The remaining 15% is unimportant stuff I just leave there for convenience and I wouldn’t lose any sleep over it if it got lost).
- Most importantly, though, the data I leave in my Dropbox is not essential. In my view, this fact alone is itself a security measure.
I use Dropbox for several reasons: it works remarkably well for me, it integrates seamlessly with my systems and devices, the service has always been reliable (for me — I know other people had problems related to past outages), but the main reason is probably Dropbox’s extended compatibility. When I went to download and install the latest 2.0 version, I was afraid it wouldn’t work on my (many) non-Intel Macs, but to my utter amazement it does. I successfully upgraded my 12″ and 17″ PowerBook G4 running Mac OS X 10.5.8, plus my Titanium PowerBook G4, iBook G3 and PowerMac G4 Cube running Mac OS X 10.4.11. Since I still use all these machines on an almost-daily basis, it’s very important I can keep syncing files and information among them. Similar services simply don’t offer this kind of backwards compatibility: Box.com Desktop sync supports only Intel Macs (Mac OS X 10.6 Snow Leopard and higher), and same goes for SugarSync; SpiderOak does indeed support PowerPC Macs, but requires at least Mac OS X 10.5 Leopard to work. I’m sure I’m leaving out other examples of similar services. I’m not so sure there’s a service like Dropbox that still supports PowerPC Macs running Mac OS X Tiger.
I’m not saying that the security concerns raised by Dump Dropbox aren’t legitimate. Some of them are. Although the way the site presents them strikes me as a bit FUD-mongering, so to speak, not to mention another important point Erik Schmidt expressed on App.net: I find it utterly appalling that the very people at Dump Dropbox who ask “Can you trust Dropbox to secure your stuff?” reveal nothing about who they are or what motivated them to create the site.
Sure, if you store sensitive data in the cloud and are particularly paranoid about security, Dropbox may not be your best solution. But then again, if you’re particularly paranoid about security, you’d probably want to avoid putting sensitive data online or trust third-party online services with it in the first place. And once you need and use a cloud service to just sync non-essential information among your machines and devices, then convenience, reliability, and extended compatibility become more important than security per se. At that point it’s a matter of preference, and that’s why I’m very satisfied with Dropbox and I don’t plan to ‘dump’ it anytime soon.
- 1. You may laugh all you want, but in my experience, properly stored 3.5″ diskettes can hold data for surprisingly long periods. ↩
- 2. As Christopher Krycho explained to me on App.net, Python is awesome like that. (That’s what the whole Dropbox back end is written in: Python, with the UI widgets done in a combination of wxPython and native widgets.) ↩