Storing secrets on other people's computers

Anthony Papillion papillion at gmail.com
Thu May 5 06:34:36 CEST 2011


The typical user most likely *does* believe files are locally
encrypted then sent to Dropbox. But isn't that still pretty
meaningless? If Dropbox is encrypting your file then you have to trust
that Dropbox either can't decrypt the file or that, if they can, they
would never under any circumstance compromise your security. One name:
HushMail.

If you don't encrypt it yourself using a tool that is *known* to be
secure then it really can't be trusted. Someone hacking a server is
really the least of your security worries.

Anthony


On 5/4/11, Jeffrey Walton <noloader at gmail.com> wrote:
> On Wed, May 4, 2011 at 10:24 PM, M.R. <makrober at gmail.com> wrote:
>> On 03/05/11 15:50, Daniel Kahn Gillmor wrote:
>>
>>> Dropbox exposes your secret
>>> keys to dropbox employees (and anyone who can convince them to snoop):
>>>
>>>
>>> http://paranoia.dubfire.net/2011/04/how-dropbox-sacrifices-user-privacy-for.html
>>
>> That article makes no sense at all.
>>
> I was somewhat surprised at the article.
>
> I think a typical user expects that a file is encrypted locally and
> then securely transmitted to DropBox for storage. (I don't use
> DropBox, but its what I expected). I don't believe anyone would expect
> that DropBox transmits a plain text file and then encrypts the file at
> its leisure and pleasure.
>
> OT: I was just getting ready to audit DropBox via their public API for
> another project. The article saved me a lot of time.
>
> Jeff
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>


-- 
Anthony Papillion
Lead Developer / Owner
Get real about your software/web development and IT Services
(918) 919-4624

Facebook: http://www.facebook.com/cajuntechie
My Blog:   http://www.cajuntechie.com



More information about the Gnupg-users mailing list