Bitfinex to Dropbox
I've been a paying Dropbox customer for years. I've stored tens of thousands of photos there and even some personal data. I never really thought about it until I read about how the keys from the Bitcoin Bitfinex hack were recovered. I've had it in mind to eliminate these mainstream apps like Dropbox, Google Drive, etc., but this latest story was my call to action.
On January 31, 2022, law enforcement gained access to Wallet 1CGA4s by decrypting a file saved to LICHTENSTEIN’s cloud storage account, which had been obtained pursuant to a search warrant (src)
That's right, they were stored on a 'cloud storage account'. And if a search warrant was obtained, that means the unspecified cloud storage company stored the data in the clear. Had the encrypted file been stored on encrypted cloud storage, (i.e. double encrypted), law enforcement would have had a much tougher time gaining access to the data. Anyways, I'm not sure if they were actually using Dropbox, but I know that Apple iCloud are NOT encrypted. As a matter of fact, Apple plans to scan your files under the guise of 'protecting children'. Those plans were recently delayed. (src) Because of these developments, I decided to re-evaluate my cloud storage choices.
Evaluating Dropbox
Here are the main points(src).
- Encryption: Dropbox encrypts your files at rest. This means this protects your files should someone make off with a physical hard drive. When connected to a Dropbox system, your files are accessible to them in the clear. Dropbox does not offer end-to-end encryption.
- Privacy: Since Dropbox stores your files in the clear, they can readily comply with any requests by the government. This could include a sweeping dragnet sort of FISA warrant covering their entire platform. They also proactively scan your files. "Dropbox may review your conduct and content for compliance with these Terms and our Acceptable Use Policy."
- Deduplication: Dropbox analyzes your files and will store identical data only a single time to save space.
- Data retention: They typically delete your data after 30 days, but may retain it indefinitely.
- Termination: If they decide you have violated their terms, they can cancel your account and deny you access to your files. "We won’t provide notice or an opportunity to export Your Stuff before termination or suspension of access..." The way their synchronization works, they could also potentially remotely delete or deny you access to your local files.
- Acceptable Use Policy: Their AUP is very vague and subjective.
advocate bigotry or hatred against any person or group of people based on their race, religion, ethnicity, sex, gender identity, sexual orientation, disability, or impairment;
violate the law in any way, including storing, publishing or sharing material that’s fraudulent, defamatory, or misleading, or that violates the intellectual property rights of others;
violate the privacy or infringe the rights of others
Aside from privacy concerns, I've also had strange issues where my files would disappear and then show up in my deleted files folder-- not cool. Yet another reason to bail, and I don't need to spend any time contacting their tech support.
TLDR
Located in San Francisco, Dropbox is one of your typical woke Silicon valley companies. I get the feeling they would have no problem joining the deplatforming dogpile should you run afoul of their ideology. Their respect for your privacy doesn't extend beyond their corporate interests.
My Replacement
As a replacement, I have chosen Sync:
Referral link: https://www.sync.com/?_sync_refer=92ddcf9d0
Sync supports end-to-end encryption, which mitigates basically all of the concerns I had with Dropbox. They actually pride and market themselves as not being Dropbox. Below is a capture from their website.
The interface for Sync is not quite as refined as that of Dropbox, but that's a trade-off I'm willing to make. Their 2TB is also cheaper than Dropbox ($8/mo vs. $10/mo) which is great. While Sync could still deny me access based upon who I am, they could not do so based upon what I am storing on their platform.
Conclusion
While I may never need to store the keys to Billions of dollars worth of Bitcoin, or anything illegal. I value my privacy, and seek out companies that do as well. For example, about two years ago I switched from using Gmail to Protonmail. Addressing my cloud storage is a great next step. Eliminating Google Drive will be next. The problem there is that I'm using google Docs/Sheets, so I'll need to find another solution to import/edit my documents.
Note: Even if you use cloud storage, you should still keep a backup on an offline drive-- an encrypted one if it contains personal data.