this post was submitted on 19 Dec 2023
616 points (97.5% liked)
Technology
59596 readers
4977 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Why does dropbox have the ability to see your files at all? That seems like a pretty bad security flaw in the first place.
Because you gave them the files?
If you don't want dropbox to see them, encrypt them.
deleted
If you believe in any implementation of e2ee made by apple i wish you good luck in life, cuz u will need it with your naivety.
Apple makes a shitload of money from the devices and ecosystem that have access to their cloud storage, they don't have the same incentive to use the data itself for profit. In fact, keeping the data as private as they can is a selling point for the devices and ecosystem they make bank from. Dropbox doesn't have that.
lol
https://www.wired.com/story/apple-is-an-ad-company-now/
Yes, and? It even says right there in the article that they have to balance the ad part to not demolish their reputation for privacy. It'd be extremely foolish of them to start accessing people's private files like that if they want to still be seen as caring about privacy, and I can promise you they are fully aware. That doesn't mean that they will always put an emphasis on privacy, but for now they do.
Oh, well then I'm sure Apple will be the first big tech advertising company that doesn't violate their users privacy in search of more profits.
Sounds like you have nothing to worry about.
I do have nothing to worry about because I'm not an Apple user.
Key words right there: "more profits"
Many iPhone users use that particular phone because of privacy, since the only other option is Google who has a well known track record of not caring about it. If Apple destroys their reputation for privacy they remove the biggest reason for why many users choose their phones, which often in turn leads to a buy-in to the whole ecosystem (=lots of money). They might as well choose Google then. That would be a loss of profits. For it to be worth it the data mining of people's private files would have to on its own provide an increase in profits greater than the loss from consumers fleeing. And it might, but again, they'd lose a very unique and often times important reputation. That's a big and risky decision for them to make - to radically change their whole public persona. My guess is they want to keep that reputation for as long as they can and use other means to make their ads effective that aren't as blatantly privacy invading. Down the line though it will of course only get worse, because that has been the only trend in this world of enshittification.
The downside is I used to use Dropbox a lot for collabs with others. We're now using something else (Google Drive 🤮) but for a while, Dropbox was king.
Then encrypt and share the password and/or key with your collaborators?
You can use something like cryptomator
Man wait til you hear about Gmail
Email is like the one critical part a lot of people miss when talking about taking control of your data. Imagine how much could be gleaned out of email history? Where you go, what you do, who you talk with, what you buy, what you rent, what media you consume, everything. If you dont have a lot of friends someone with your email account could pretty much just doppelganger you and go on as if nothings happened.
There are drawbacks to end-to-end encryption (E2EE). I'm not aware of any E2EE cloud storage systems that have the features Dropbox provides. I would LOVE to know of any that...
Support at least the big 5 platforms (Android/iOS/Mac/Windows/Linux).
Have a functional web interface.
Support sharing and collaboration.
Have a search feature
Sync to the local filesystem on a folder-by-folder or even file-by-file basis
Integrate with other tools (e.g. android file picker)
It's not easy to do all that with E2EE, like a functional web interface, search, and integration.
ProtonMail's search, for example, is limited to subject and metadata, and that's specifically because they DON'T use E2EE for that.
I'm willing to compromise some of this for the sake of E2EE, but I'm not at all surprised that feature-first services are more popular than privacy-first services.
You will probably have tradeoffs. And somehow need to script accept that at some point, you need to trust someone. At the very least with firmware. And you probably need to change workflow.
I find cryptpadb works almost as well as Google docs did a few years ago.
I think proton drive covers all but the collaboration
I just checked to see if I missed a big update.
There's still no Linux client, and it cannot sync files on Android (it only supports photo backups).
I can't work around that limitation on Android with FolderSync, either, the way I can with Google Drive, Dropbox, Box, or any WebDAV- or S3-compatible server. Since it uses E2EE, any uploads need to go directly through the app, so integrations are difficult.
It doesn't seem to have a search feature, either, at least not on Android. I can't imagine there's any content-aware search on the web UI, since that can't be done server-side.
There's been some interesting research in homomorphic encryption over the past couple years, which might someday lead to encrypted server-side search. But I think there are still major hurdles to actually implementing it securely and efficiently.
1: easy to port E2EE, it's just math
2: browsers and E2EE is hard, you need an extension to implement it securely so the password can't be made accessible directly to the server (you need it to remain secret even from the hosting company) or else you're dealing with MITM risk
3: easy by sharing encryption keys using E2EE messaging protocols on top
4: encrypted search is a thing, but such indexes does tend to have some limitations
5: still easy
6: still easy, Android specifically have APIs to let apps register themselves to the file picker so they can transparently encrypt and decrypt files. But yes on other systems where 3rd party apps can't offer such integration then it's hard
I've seen one called Skiff that's trying to do most of these things
https://skiff.com/pages https://skiff.com/drive
Mega uses e2ee and is available in all platforms I use. I don't use apple. Web interface is very functional. I think it does support sharing files via link. Should have a search feature also, never used (because I know exactly where I keep my files). It does sync with locals. I don't know about android file picker.
Mega is not a good choice for Lemmy users or Foss activists, probably because of its history - which is not as clean as say next cloud, but is not like google either. As long as it works :/