Dropbox has gotten some heat lately for allegedly lying to its users about the privacy of user data. The gist of the gripes is that Dropbox has made clear that it would turn over your data – in unencrypted form – to authorities if required to do so. That came as a shock to many people, who assumed that even the Dropbox folks didn’t have access to the encrypted data in their Dropbox folders. The lesson – if you want to keep your private data private, then you need to encrypt it before you put it into Dropbox and sync it to the cloud. One way to do that is through SecretSync, a beta app currently available for Windows only.
To use SecretSync, run the installer, which will create a special SecretSync folder on your computer, outside of your Dropbox folder. Any files placed in this folder will be encrypted, and then moved into a “tunnel” folder in your Dropbox folder. This folder is syned to your Dropbox account, and only decrypted when it reaches a machine with your proper credentials.
The difference between Dropbox encryption and the encryption performed by SecretSync is that only you will have the key to your files encrypted by SecretSync. Dropbox’s encryption is done server side, while SecretSync encryption is done locally. With SecretSync, your files stay encrypted during synchronization, and are unencrypted locally.
The only glitch that I ran into with SecretSync is that the installer tried to place the SecretSync folder on a network drive (probably due to a network document management app that I had running in the background). The FAQ on the SecretSync site helped me to relocate this folder to my Documents folder.
SecretSync is currently Windows only, although the website touts that Mac and Linux are coming soon. SecretSync is in beta, but anyone can download it.
Do you worry about the security of your Dropbox files?
Don Kim says:
Nice post. I did not think about encrypting the file before uploading! Obvious now, but was not a while ago. Thanks.
May 25, 2011 — 12:46 pm
Evan Kline says:
You’re welcome, Don. I hope it helps.
May 26, 2011 — 10:54 am
Sean says:
I hesitate to trust any cloud company with private data and that includes evernote, amazon cloud (as you pointed our in an earlier post), dropbox etc. These companies are going to buckle under pressure like wet noodles. Also there is hacking to be thought of as well.
Given above, I do not keep anything personal or sensitive on these services. If required, I’ll encrypt using axcrypt.
So why not use a True Crypt container for the above? Why this new beta app?
Sean
May 26, 2011 — 12:49 am
Evan Kline says:
I think the biggest difference between this and Truecrypt is how seamless this is. It creates a folder on your hard drive. You drop a file into it, and the file is then automatically encrypted, and moved into another folder in your Dropbox folder.
May 26, 2011 — 10:57 am
Roland says:
I’d really like SecretSync to support as many devices as possible. I have my folders synced across my iPad, Blackberry, Android, PC and Mac – I’m sure I’m not exception.
June 24, 2011 — 4:45 am
Evan Kline says:
I’m with you, Roland. I’m on Windows, Mac, Android, and iPad, so I’m finding that SecretSync has limited use for me right now. It is nice, though, if there’s something important to keep in sync between my Windows devices.
June 27, 2011 — 11:21 am
Kathryn says:
Can you update us on your usage of SecretSync? Are you still using it now that it has changed into Viivo?
June 19, 2014 — 2:38 pm
Evan Kline says:
I am, Kathryn. I sometimes scan a document at work that I want to get on my Mac, so I use Viivo/Dropbox for that perhaps. I have a Hazel rule on my Mac that retrieves certain documents from my Viivo sync folder, and moves those documents elsewhere on the Mac.
I also am using BitTorrent Sync, although I haven’t tested it on my work machine to see if there are any firewall issues.
June 19, 2014 — 2:47 pm