-----Original Message----- On Friday, August 17, 2018 14:55, Rich Wales wrote >From Erik Soderquist: >> Considering (in my experience) Dropbox has an unencrypted copy of your >> data, I would question using Dropbox for anything you would keep >> encrypted locally in the first place. > FWIW, Dropbox claims that files stored on their service are encrypted. > (https://www.dropbox.com/help/sign-in/how-security-works) > If there is credible evidence that this is not the case, I for one would > love to hear details. >From that page: " Dropbox doesn't provide for client-side encryption. Dropbox also doesn't support the creation of your own private keys." While Dropbox may encrypt them at rest on their servers, they also control the private keys, and so inherently have access to your files (as would anyone who compromises Dropbox's still running servers). While encrypted at rest is important, it is also important to know what it protects against. Assuming the private keys are securely stored _somewhere else_, encrypted at rest protects the files against someone stealing the disc and recovering the files from the stolen disc. They also do not provide any detail (that I found) on their private key security, so it could be the best in the world, it could be plain text key sitting right next to the encrypted file (making the encryption effectively worthless in the above stolen disc scenario), or anywhere in between. While this is an improvement from what it was the last time I looked into this, it is still not something I would consider for my own files. -- Erik
