Dropbox Acquires Boxcryptor Assets To Bring Zero-Knowledge Encryption To File Storage (techcrunch.com) 30
Dropbox has announced plans to bring end-to-end encryption to its business users, and it's doing so through acquiring "key assets" from Germany-based cloud security company Boxcryptor. Terms of the deal were not disclosed. From a report: Dropbox is well-known for its cloud-based file back-up and sharing services, and while it does offer encryption for files moving between its servers and the destination, Dropbox itself has access to the keys and can technically view any content passing through. What Boxcryptor brings to the table is an extra layer of security via so-called "zero knowledge" encryption on the client side, giving the user full control over who is allowed to decrypt their data.
For many people, such as consumers storing family photos or music files, this level of privacy might not be a major priority. But for SMEs and enterprises, end-to-end encryption is a big deal as it ensures that no intermediary can access their confidential documents stored in the cloud -- it's encrypted before it even arrives. Moving forward, Dropbox said that it plans to bake Boxcryptor's features natively into Dropbox for business users.
For many people, such as consumers storing family photos or music files, this level of privacy might not be a major priority. But for SMEs and enterprises, end-to-end encryption is a big deal as it ensures that no intermediary can access their confidential documents stored in the cloud -- it's encrypted before it even arrives. Moving forward, Dropbox said that it plans to bake Boxcryptor's features natively into Dropbox for business users.
Cryptomator (Score:3, Informative)
Another product to avoid. Fortunately Cryptomator [cryptomator.org] is an open source alternative.
Re: Cryptomator (Score:1)
Thanks for the info. No points to mod up.
Re: (Score:2)
+1 on Cryptomator I said buh bye to Boxcryptor a year ago.
Can some one explain how? (Score:3)
How does Zero Knowledge encryption provide new features or enhance user control over who can read their data. Ordinary encryption is secure enough so why is this better?
Re: (Score:1)
Because you'll have Zero Knowledge about who can read your data... duh.
Re:Can some one explain how? (Score:4, Interesting)
I don't know dropbox implementation well, but I presume this describes whether the service provider has an actionable copy of the decryption key at any given time.
If the service provider never has a key, or else maintains a copy protected by passphrase(s) or other mechanism, then the end user can be confident that their provider doesn't have the ability to know the actual data (they can do analysis to derive some info based on volume of data transmitted and such).
The general problems are:
-Such an approach renders data dedupe a non-starter between tenants, which cuts a bit into storage overhead for a lot of duplicated data
-Most solutions in practice either cause people to break their own access to the content or alternatively the cloud provider isn't *really* blocked from accessing the decryption key. Hard to be user friendly doing this when the users are very prone to shooting themselves in the foot. Resulting in angry customers demanding the provider recover their data after the customer screwed themselves is a deep frustration.
-Sharing data while preserving the endpoint encryption is complicated. For example, having each shareable file is protected by a different unique key and that key would then be encrypted by each authorized user, with sharing requiring taking the new user's public key and adding a slot to the set of encrypted forms of that file's decryption key.
-You need to have very open and auditable endpoint implementation to actually know whether the provider is honestly doing it or not.
Re: Can some one explain how? (Score:1)
De-dupe on large distributed system is already very complex. Itâ(TM)s unlikely to be implemented except on a tenant-specific basis, besides the fact that hash collisions eventually will occur, Dropbox started business at a time when MD5 was still an acceptable hash, last thing you want is people stealing data through manufactured hash files.
The rest is relatively easy to mitigate as well, by using other methods of key recovery such as identity based key generation. Although that makes the recovery syst
Re: (Score:2)
The general problems are:
-Such an approach renders data dedupe a non-starter between tenants
Yes, Dropbox and everyone is saying this. I don't understand the problem.
You give the cloud service a decryption key but it's passphrased. (So it's in escrow for the end user who loses their key.) No problem there - that's what iCloud does, for example.
Now you want to share the encrypted files. What's so hard about giving the subjects some kind of token, similarly secured. (I mean - it could just be the passphrase, which would not involve the host -- but it seems like there are other options that might be m
Re: (Score:2)
If you can dedup my content, you can identify it. If you can identify it, the encryption has to a significant extent failed.
The encryption is obviously still useful for hiding unique secrets, but for hiding the secret of what content I am backing up it has failed. Which can be an important secret, not just for criminals and people living under truly repressive regimes. False positives can make an assumed criminal out of anyone, but having a false positive match on essentially random data is a lot less likel
Meh (Score:2)
finally? (Score:3)
A 14 year old file management company now allows you to have privacy!
Rip off (Score:2)
Unfortunately true (Score:2)
"For many people, such as consumers storing family photos or music files, this level of privacy might not be a major priority."
Given there are over a billion people using Facebook, and given that the Chrome browser has the largest market share by far - yeah, this is self-evident.
But I'd want to see this in the consumer space as well before I'd even consider using Dropbox again.
Re:Unfortunately true (Score:5, Insightful)
In one case Google permanently suspended the accounts of a father who had recent medical pictures of his child in his Google drive. Criminal charges were filled. Even after the parents demonstrated to police that there was no crime committed, Google refused to re-enable their accounts. How many services depend on your Google email? Android phone? Documents? Calendars? Google voice number? Saved contacts? etc.
After some recent celebrities were excommunicated for having unpopular political views, and had recent interviews removed from social media, users with copies of those now forbidden videos started finding the same content removed from their cloud storage as well.
Translation (Score:2)
Translation: They have discovered some indetectable technical means to read the data anyways.
Don't fool yourselves into anything different.
Re: (Score:2)
Translation: They have discovered some indetectable technical means to read the data anyways.
If you're talking about the content scanning: one approach (Apple) is for the scanning to take place entirely on the user's device. Whenever you take a picture on your iPhone, Apple scans it right away before uploading it. If the algorithm thinks is sees a "bad person" image, a report is made to the authorities. The encryption status of the file on the iCloud server is moot.
Although justified as a kiddie-porn measure, Apple admits that the on-phone scanning database (ie hashes) are provided to them by the G
Marketing (Score:2)
Re:Marketing (Score:4, Funny)
If I want a file swapping service to have zero knowledge of the contents of my files, I'm not going to ask them to help me with the encryption.
Warez (Score:1)
Re: (Score:2)
They already do, this doesn't change anything in their minds because encryption to fascism is da debil!
Zero-Knowledge? (Score:1)
Re: (Score:2)
Brought to you by Sgt Shultz
So.... Spideroak? (Score:1)
We've had this with other services for years.