Introducing: The Dropbox

sandbox250px_smallDropbox is relatively new online service, which allows you to sync files between multiple computers (Mac, Linux and something called Windows). It basically syncs one designated folder on your hard disk to a server (i.e. the cloud). Every computer that runs the dropbox application will have a copy of this folder on its harddisk. The service integrates into Mac OS X (and other systems) very nicely. Once installed, you have a new folder “Dropbox” in your home directory, which is automatically synced to the cloud in the background.

Everyone who wants to sync data between several computers or who is looking for some online storage to share files, photos or videos and who is not concerned with security issues, may stop reading now and give Dropbox a try.

Everyone who wants to use Dropbox as a method to securely store files online (e.g. backup) and who is not afraid of some technical talking, should stay and read on!


Since you get 2.0 GB for free, you can store quite some amount of data in your Dropbox account. Now, there remains one question: Is it safe? Fortunately, the Dropbox team gives a short answer in their FAQ:

We take utmost care to ensure Dropbox is secure and take security very seriously. All transport of file data and file metadata occurs over SSL. All files are encrypted with AES-256 before being stored on our backend.

This sounds nice, but since Dropbox is not an OpenSource project, we have no means to verify the validity of their statement. The Dropbox Wiki however has some nice tipps on how to “increase privacy and safety”:

A good way to prevent a thief from reading your data is creating an encrypted volume in your Dropbox folder with TrueCrypt, and storing there the data you want to keep secret. See their website for instructions on creating and mounting an encrypted volume.

[…]

On Mac OS X you can also create an encrypted Disk Image (.dmg) using Disk Utility (normally found in /Applications/Utilities). Alternatively, you may encrypt your entire home directory using FileVault (System Preferences -> Security -> FileVault).

This approach definitely increases security. Even if your Dropbox account is compromised an attacker wont be able to decrypt your private files. Nevertheless, storing encrypted disk images in your Dropbox has a significant disadvantage: Every time you change a file inside your disk image, the whole image has to be uploaded to the cloud again. If your image has grown to a certain size, this can be a very time consuming and annoying process. It would be much more convenient, if only the file that has been changed is uploaded again.

The solution to this problem is also briefly described on the Wiki:

Another general (more elegant) solution to an encrypted block device is to use file-by-file encryption. One such solution exists and is called EncFS.

EncFS is indeed a great possibility to store files securely in your Dropbox (or for that matter: anywhere). In order to use EncFS, however, some additional software is required. I will guide you through the process.

We are going to create a folder in your Dropbox that contains only encrypted data files. You acces these files using a software called “MacFUSE”. It creates a “run-time filesystem” of the type EncFS that seamlessly encrypts and decrypts files as you use them.

Requirements

* This is Mac OS X 10.5 Leopard only.
* To install the additional software you need administrator privileges on your Mac. If you don’t know what that is, stop reading and get yourself a nice donut.

1. Install MacFUSE

MacFUSE is an adaption of FUSE for Mac OS X (don’t tell!). It is OpenSource and maintained by our good friend Google. FUSE allows programmers to write “virtual filesystems”. This allows the enduser to work with some software, as if it were a virtual volume on their computer. For example, there is a filesystem, GmailFS, that allows you to use your Gmail account as an online harddisk (that’s nice, too).

  1. Download the most recent version of MacFUSE: Google Code Project Page (Look for “Featured Downloads”!)
  2. 2. Run the Installer.

2. Install EncFS

EncFS is a virtual filesystem which allows FUSE to store files encrypted on any form of media. A version for Mac OS X is available at the “encfsvault” project at Google code. This project is very interesting, too, by the way.

In the downloads section , get “EncFS for Leopard” and follow the installation instructions.

3. Get Dropbox

If you did not already get Dropbox, visit getdropbox.com now and do so!
During the installation you will create a Dropbox folder. Choose the default location at “~/Dropbox” (thats inside your home directory)!

4. Install Macfusion

Macfusion is a Mac application that provides a nice graphical user interface to mount and unmount FUSE filesystems.

Grab it from: macufsionapp.org

Macfusion has built-in support for SSHFS and FTPFS. There was once an EncFS plug-in available, but it is no longer compatible with the new Macfusion 2.x. Fortunately, I’ve been able to write a little plug-in for Macfusion that supports EncFS myself.

You can download it here.

5. Setting things up

We will now create a hidden folder inside your dropbox called “.secure” (the dot in the beginning of the name, will hide the folder from the Finder). Inside this folder all the encrypted data will reside. We hide this folder, because, we won’t be able to interact with these files directly and these crypto files really don’t look very nice. Because the Finder can’t see hidden files, you need to use the Terminal to do so. Open Terminal.app (/Application/Utilities/Terminal.app) and enter the following command:
mkdir ~/Dropbox/.secure
Next, we create another folder “SecureDropbox” as the “mount point” for the encrypted file system. This is simply a folder, where the decrypted files will be displayed.
mkdir ~/SecureDropbox/
Now, start Macfusion, click the “+” button and choose “EncFS”. Then, click “Create New File System”.

In the following dialog, enter the path of the hidden “.secure” folder, for example:
/Users/tobias/Dropbox/.secure
Substitute “tobias” with your own username. If you don’t know what your username is, type “whoami” in the terminal.

Choose a secure password for your encrypted filesystem and click create!

Now, click on the “Macfusion” tab and enter
/Users/tobias/SecureDropbox
in the “Mount point” field. Again substitute my name accordingly. This is where you can acces your files. Note, this path is of course outside your Dropbox, since you don’t want the decrypted files to be synced to the cloud.

secure-files-on-dropboxDone. Click “OK” and then “Mount”. Then open the folder “SecureDropbox” in Finder and copy some files into it. Next, click the Dropbox menu item and open the webinterface. There you will see the folder “.secure”. Open it and be happy with what you see: a bunch of “wordsalat” files. Voila!

Advertisements

11 responses to “Introducing: The Dropbox

  1. I love Dropbox. Managed to get 150 GB of space directly from their CTO. Syncing my entire iTunes Library (70+GB) and it still works seamlessly. Never want do live without it!

  2. One question…So, if I install MacFUSE, EncFS and Macfusion (with the EncFS plug-in) on two different computers (home and work, for example), would this allow me to access my unencrypted files from Dropbox on both computers?

  3. This doesn’t cover how you would decrypt the files in the event you need them – is that easy enough?

  4. Any news on Snow Leopard? I just installed all this and it seemed to work fine… I am a little worried if it is stable though.

  5. @Ben: haven’t tested it but from what I know about encfs it should work. However, I have no idea whether it’s a good idea to mount the file system from two machines _at the same time_.

    @Nick: decrypting the files works transparently. Just mount the file system and you can access the files (that’s /Users/tobias/SecureDropbox in the example). Couldn’t be easier enough, could it? :)

    @Peter: Any findings about Snow Leopard? I upgraded this week and so far it seems to work. No heavy testing as yet, though.

  6. silly question, maybe, but what are the chances of encfs being ported to iphone, so that the encrypted dropbox files can be ‘transparently’ decrypted on the iphone?

  7. Wonder if this is caused by 10.6.2 or the macfuse 2.1.5 Beta but at the moment I try to mount the folder, I get an errror windows which is empty. Here is what my Log-File says:

    (MacfusionMenuling, MFClient, Dropbox, 17.03.10 21:00) Note parameters changed for fs (Unnamed)
    (Macfusion, MFClient, Dropbox, 17.03.10 21:00) Note parameters changed for fs (Dropbox)
    (macfusionAgent, ENCFSServerFS, Dropbox, 17.03.10 21:00) Mounting
    (MacfusionMenuling, MFClient, Dropbox, 17.03.10 21:00) Note status changed for fs (Dropbox) to Waiting to Mount
    (Macfusion, MFClient, Dropbox, 17.03.10 21:00) Note status changed for fs (Dropbox) to Waiting to Mount
    (macfusionAgent, ENCFSServerFS, Dropbox, 17.03.10 21:00) Task launched OK
    (macfusionAgent, ENCFSServerFS, Dropbox, 17.03.10 21:00) Mount time out detected. Killing task pid 515
    (MacfusionMenuling, MFClient, Dropbox, 17.03.10 21:00) Note status changed for fs (Dropbox) to Failed to Mount
    (Macfusion, MFClient, Dropbox, 17.03.10 21:00) Note status changed for fs (Dropbox) to Failed to Mount

    Any clue?

    Would appreciate your help.

    Regards, Tristan

  8. After I took a SL-build of Macfusion from here https://github.com/nall/MacFusion2/downloads it works.

  9. I’ve installed encfs using macports but the EncFS plugin installer cannot find the encfs binary and suggests to read the readme file. I can’t find that file. What do I do?

    I’ve got encfs in /opt/local/bin/encfs .

  10. seron, Make a symbolic link. Thinks i did

    ln -s /opt/local/bin/encfs /usr/local/bin/encfs

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s