alternatives to Dropbox

[Koant]

I've been using Wuala for a year as an alternative to dropbox but their free offer ending next month, combined with my getting locked-out my files when I have no internet access makes me look for another service. (Not to diss Wuala btw, it works fine and does client-side encryption. But somehow it wouldn't authenticate when I was offline, which was super annoying.)

Ideally, I'd have something that (in order of importance):
* can simply sync folders. I don't need fancy options and shiny web-interfaces.
* works on linux
* works on windows
* does client-side encryption.
* has its server in Europe (bit of a moot point with client-side encryption but still)

So far only spideroak seems to tick most boxes. Have you used it? What are your alternatives to dropbox?

I'm a bit hesitant to roll my own; I'd rather have someone else dealing with backups and hardware failures.

[Obel]

Why not use Dropbox? Is it cost prohibitive? In my experience it's the best thing out there that does what it does.

I've used Box, which is basically the same thing, but it's god awful. All of my clients that used it I eventually moved them off of the service, it sometimes just refuses to sync with their servers and ends up being a massive headache. In the three years I've used Dropbox I've never experienced a single issue. Top notch software.

[The Region Legion]

OneDrive, Google Drive... honestly, cloud storage is so ubiquitous now I don't see what purpose Dropbox serves.

[Too Many Cochranes]

I use SpiderOak. Here's a referral link:

https://spideroak.com/download/referral/4347fa4b768c35141c3c71a42e752583

They operate a "zero knowledge" on their behalf, so your files are encrypted on their servers and they're decrypted when you access them.

When I joined (ages ago) you got 5 gigs free for using promo code "worldbackupday". I'm not sure if the promo still works.

You can sync across multiple computers (Windows and Linux) but the interface is a bit of a challenge. It works well but they should look at making the client more user friendly.

[Too Many Cochranes]

Oh, and I believe that you can access from the Android/iOS app too but I've not tried it.

[Koant]

Why not use Dropbox? Is it cost prohibitive? In my experience it's the best thing out there that does what it does.

It is very good and I don't mind paying for a good service. As the infamous stackoverflow answer* stated: "it just syncs". Reasons for not using it are:

• political concerns: http://www.drop-dropbox.com/
• privacy concerns: http://boingboing.net/2014/07/18/snowden-dropbox-is-an-nsa-sur.html

I'm not paranoid but in an ideal world, encryption should be the norm and I'd rather encourage companies that move towards that goal.
* _{can't find the link. Any one remembers this? It was amusing.}

[Koant]

I use SpiderOak. Here's a referral link:

https://spideroak.com/download/referral/4347fa4b768c35141c3c71a42e752583

They operate a "zero knowledge" on their behalf, so your files are encrypted on their servers and they're decrypted when you access them.

When I joined (ages ago) you got 5 gigs free for using promo code "worldbackupday". I'm not sure if the promo still works.

You can sync across multiple computers (Windows and Linux) but the interface is a bit of a challenge. It works well but they should look at making the client more user friendly.

thanks, that's interesting. What I don't understand is why there is an interface in the first place? I want to sync a folder across multiple platforms, that's it.

OneDrive, Google Drive... honestly, cloud storage is so ubiquitous now I don't see what purpose Dropbox serves.

But aren't these web-only? I want to use it for work and my files are in all sort of formats, not just images and MSOffice files. These services seem focused on word documents and image galleries. I need a local copy of my files.

[BPFHAY]

They operate a "zero knowledge" on their behalf, so your files are encrypted on their servers

On their servers? That's exactly how not to use encryption. That's about as good as them saying "we promise we won't look!". They have the decryption keys.

Going to their website, it looks like they actually encrypt before it is uploaded, but then there's this:

Please note that 'Zero-Knowledge' applies only when using the SpiderOak client. When logging into the website with your password, you are giving the primary encryption key to our servers.

You should never let a third party do your encryption. It's free to do it yourself.

[The Region Legion]

But aren't these web-only? I want to use it for work and my files are in all sort of formats, not just images and MSOffice files. These services seem focused on word documents and image galleries. I need a local copy of my files.

Not sure about Google Drive but most modern versions of Windows (7 and up) have a dedicated OneDrive folder, similar to Dropbox. It has a Public folder too though I've never used that, so presumably you can share certain folders from it too.

Basically I dropped Dropbox as soon as I got Windows 7. OneDrive has synced all my files across my home and work PC, iPad and phone. IT'S GREAT.

[Koant]

(Replying to BPFHAY) If I understand correctly, your key is safe if you never use the website?

[Koant]

Not sure about Google Drive but most modern versions of Windows (7 and up) have a dedicated OneDrive folder, similar to Dropbox. It has a Public folder too though I've never used that, so presumably you can share certain folders from it too.

Basically I dropped Dropbox as soon as I got Windows 7. OneDrive has synced all my files across my home and work PC, iPad and phone. IT'S GREAT.

ok but no linux client, no encryption and "Data stored on OneDrive is subject to monitoring by Microsoft, and any content that is in violation of Microsoft's Code of Conduct is subject to removal and may lead to temporary or permanent shutdown of the account." (wikipedia). So not for me.

[The Region Legion]

ok but no linux client, no encryption and "Data stored on OneDrive is subject to monitoring by Microsoft, and any content that is in violation of Microsoft's Code of Conduct is subject to removal and may lead to temporary or permanent shutdown of the account." (wikipedia). So not for me.

Fair do's.

[BPFHAY]

(Replying to BPFHAY) If I understand correctly, your key is safe if you never use the website?

Supposedly, but I just wouldn't trust it. With GPG you have a piece of software that is definitely not connecting to the Internet and makes your encryption keys transparent rather than doing what it feels like.

I've been using Amazon S3 and web services for backups. It hasn't cost me a penny yet, despite storing about 4GB.

[Koant]

yes, but then I have to deal with key management and software maintenance. I guess I could use truecrypt* + rsync +cron but I'd have a hard time on windows.

Security is hard.

* _{but even truecrypt is tainted now.}

[Blumf]

Bittorrent Sync?

http://www.getsync.com/

Pros: Decentralised (presumably they don't do anything other than point your clients to each other), only limit is your own disk space. Very easy to set-up and use. Win, Mac, Linux, Android, etc.
Cons: No remote web links/interface, only the installed clients will have the files.

[BPFHAY]

yes, but then I have to deal with key management and software maintenance. I guess I could use truecrypt* + rsync +cron but I'd have a hard time on windows.

Or just use any service at all + AESCrypt, which involves right-clicking a file and selecting "encrypt" from the shell extension.

You've then upgraded to software that does encryption separately from the storage, is open-source and so potentially less sinister (I know, I know) and doesn't connect to the Internet. It's perfect. Maybe there's NSA backdoors in it, like any encryption software not written by yourself, but I wouldn't care about that. If the NSA wanted my encryption keys I'd give them to them anyway.

[Koant]

That looks interesting! And the packets are encrypted.

Cons: No remote web links/interface, only the installed clients will have the files.

That looks like a list of pros to me!

The free version has ads apparently, how do they show up?

[Koant]

Or just use any service at all + AESCrypt, which involves right-clicking a file and selecting "encrypt" from the shell extension.

You've then upgraded to software that does encryption separately from the storage, is open-source and so potentially less sinister (I know, I know) and doesn't connect to the Internet. It's perfect. Maybe there's NSA backdoors in it, like any encryption software not written by yourself, but I wouldn't care about that. If the NSA wanted my encryption keys I'd give them to them anyway.

So the MO would be:
* create my original file outside the sync'd folder
* encrypt the file with AESCrypt
* move the encrypted file to the sync'd folder
?
Is this what you have in mind?

[BPFHAY]

Yeah.

I can see why that might be a pain for stuff you access like a normal folder. My flow is just keeping everything in a normal folder, and having a cronjob encrypt it all and sync it to Amazon S3 each day. Totally good enough for me.

[Blumf]

The free version has ads apparently, how do they show up?

Haven't used it since the beta, and just the linux server version, so not sure.

[nugget]

BitTorrent Sync is still in beta as far as I'm aware. I've been using it for a couple of months on Windows and Linux machines and find it to be ideal for my basic needs (synchronising large amounts of data for free, securely and unobtrusively). I haven't actually noticed any adverts so far.

[BPFHAY]

Thanks blumf, that's just replaced my crappy rsync scripts for making local backups of media files.

[Zetetic]

I can see why that might be a pain for stuff you access like a normal folder. My flow is just keeping everything in a normal folder, and having a cronjob encrypt it all and sync it to Amazon S3 each day. Totally good enough for me.

Does that mean you're (or were) retransferring all your data every day?

BitTorrent Sync is very tempting, but it's a bugger that it's proprietary.

[Zetetic]

When I joined (ages ago) you got 5 gigs free for using promo code "worldbackupday". I'm not sure if the promo still works.

Cheers. Not only does it still work, but it works on existing accounts.

(Or at least it just did for me.)

[BPFHAY]

Does that mean you're (or were) retransferring all your data every day?

Nope, I do incremental backups.

BitTorrent Sync is very tempting, but it's a bugger that it's proprietary.

Doesn't bother me for certain use cases (in my case, a bunch of media files that I don't care if anybody could potentially peek at - I just don't want them blatantly stored in a big pirate hole). What are your specific concerns? If traffic were to ever leave the local network I'm sure somebody would notice and you'd soon hear about it.

[BPFHAY]

Just a side-note: I don't recommend Git Annex for anything, ever (anymore). It's so overly-complex that there are data-destroying opportunities for error in every action.

[Zetetic]

Nope, I do incremental backups.

So do you encrypt each file separately in order to be able to do this? (It's possible that I'm being dense; I'm believing that if you were to archive the whole lot and then encrypt that archive, that the encrypted archive would change entirely between each backup.)

What are your specific concerns? If traffic were to ever leave the local network I'm sure somebody would notice and you'd soon hear about it.

Yes, I think you're entirely right about that. I'm probably more concerned about on-going support than security.

(Not that my current solution to backups - rsync'ing to a local server running s3ql - is really in any way better protected in that respect.)

[BPFHAY]

So do you encrypt each file separately in order to be able to do this? (It's possible that I'm being dense; I'm believing that if you were to archive the whole lot and then encrypt that archive, that the encrypted archive would change entirely between each backup.)

Oh, definitely not encrypting the entire thing. It uses a weird sort-of rolling changes algorithm that makes tarballs of changed data and encrypts those. The good thing is that I can retrieve the data with my standard encryption tools and unrar. Being able to restore "by hand" is always a requirement for me. It means that it's not an overly-complex system prone to failure, and the lack of future support or version changes doesn't render my data useless down the line.

Yes, I think you're entirely right about that. I'm probably more concerned about on-going support than security.

Does it matter? The result at both ends is the plain data. You could delete all traces of Bittorrent Sync from history and you'd still have all of your files.

[Zetetic]

No, it probably doesn't. You've convinced me to look at it properly (in particular for syncing stuff to my phone). Cheers for talking me out of my vague nonsense.

[BPFHAY]

Paranoia is definitely a good thing with this kind of stuff. I've already talked myself into it from an originally pessimistic stance :-)