Dropbox is relatively new online service, which allows you to sync files between multiple computers (Mac, Linux and something called Windows). It basically syncs one designated folder on your hard disk to a server (i.e. the cloud). Every computer that runs the dropbox application will have a copy of this folder on its harddisk. The service integrates into Mac OS X (and other systems) very nicely. Once installed, you have a new folder “Dropbox” in your home directory, which is automatically synced to the cloud in the background.
Everyone who wants to sync data between several computers or who is looking for some online storage to share files, photos or videos and who is not concerned with security issues, may stop reading now and give Dropbox a try.
Everyone who wants to use Dropbox as a method to securely store files online (e.g. backup) and who is not afraid of some technical talking, should stay and read on!
Since you get 2.0 GB for free, you can store quite some amount of data in your Dropbox account. Now, there remains one question: Is it safe? Fortunately, the Dropbox team gives a short answer in their FAQ:
We take utmost care to ensure Dropbox is secure and take security very seriously. All transport of file data and file metadata occurs over SSL. All files are encrypted with AES-256 before being stored on our backend.
This sounds nice, but since Dropbox is not an OpenSource project, we have no means to verify the validity of their statement. The Dropbox Wiki however has some nice tipps on how to “increase privacy and safety”:
A good way to prevent a thief from reading your data is creating an encrypted volume in your Dropbox folder with TrueCrypt, and storing there the data you want to keep secret. See their website for instructions on creating and mounting an encrypted volume.
On Mac OS X you can also create an encrypted Disk Image (.dmg) using Disk Utility (normally found in /Applications/Utilities). Alternatively, you may encrypt your entire home directory using FileVault (System Preferences -> Security -> FileVault).
This approach definitely increases security. Even if your Dropbox account is compromised an attacker wont be able to decrypt your private files. Nevertheless, storing encrypted disk images in your Dropbox has a significant disadvantage: Every time you change a file inside your disk image, the whole image has to be uploaded to the cloud again. If your image has grown to a certain size, this can be a very time consuming and annoying process. It would be much more convenient, if only the file that has been changed is uploaded again.
The solution to this problem is also briefly described on the Wiki:
Another general (more elegant) solution to an encrypted block device is to use file-by-file encryption. One such solution exists and is called EncFS.
EncFS is indeed a great possibility to store files securely in your Dropbox (or for that matter: anywhere). In order to use EncFS, however, some additional software is required. I will guide you through the process.
We are going to create a folder in your Dropbox that contains only encrypted data files. You acces these files using a software called “MacFUSE”. It creates a “run-time filesystem” of the type EncFS that seamlessly encrypts and decrypts files as you use them.
* This is Mac OS X 10.5 Leopard only.
* To install the additional software you need administrator privileges on your Mac. If you don’t know what that is, stop reading and get yourself a nice donut.
1. Install MacFUSE
MacFUSE is an adaption of FUSE for Mac OS X (don’t tell!). It is OpenSource and maintained by our good friend Google. FUSE allows programmers to write “virtual filesystems”. This allows the enduser to work with some software, as if it were a virtual volume on their computer. For example, there is a filesystem, GmailFS, that allows you to use your Gmail account as an online harddisk (that’s nice, too).
- Download the most recent version of MacFUSE: Google Code Project Page (Look for “Featured Downloads”!)
- 2. Run the Installer.
2. Install EncFS
EncFS is a virtual filesystem which allows FUSE to store files encrypted on any form of media. A version for Mac OS X is available at the “encfsvault” project at Google code. This project is very interesting, too, by the way.
In the downloads section , get “EncFS for Leopard” and follow the installation instructions.
3. Get Dropbox
If you did not already get Dropbox, visit getdropbox.com now and do so!
During the installation you will create a Dropbox folder. Choose the default location at “~/Dropbox” (thats inside your home directory)!
4. Install Macfusion
Macfusion is a Mac application that provides a nice graphical user interface to mount and unmount FUSE filesystems.
Grab it from: macufsionapp.org
Macfusion has built-in support for SSHFS and FTPFS. There was once an EncFS plug-in available, but it is no longer compatible with the new Macfusion 2.x. Fortunately, I’ve been able to write a little plug-in for Macfusion that supports EncFS myself.
You can download it here.
5. Setting things up
We will now create a hidden folder inside your dropbox called “.secure” (the dot in the beginning of the name, will hide the folder from the Finder). Inside this folder all the encrypted data will reside. We hide this folder, because, we won’t be able to interact with these files directly and these crypto files really don’t look very nice. Because the Finder can’t see hidden files, you need to use the Terminal to do so. Open Terminal.app (/Application/Utilities/Terminal.app) and enter the following command:
Next, we create another folder “SecureDropbox” as the “mount point” for the encrypted file system. This is simply a folder, where the decrypted files will be displayed.
Now, start Macfusion, click the “+” button and choose “EncFS”. Then, click “Create New File System”.
In the following dialog, enter the path of the hidden “.secure” folder, for example:
Substitute “tobias” with your own username. If you don’t know what your username is, type “whoami” in the terminal.
Choose a secure password for your encrypted filesystem and click create!
Now, click on the “Macfusion” tab and enter
in the “Mount point” field. Again substitute my name accordingly. This is where you can acces your files. Note, this path is of course outside your Dropbox, since you don’t want the decrypted files to be synced to the cloud.
Done. Click “OK” and then “Mount”. Then open the folder “SecureDropbox” in Finder and copy some files into it. Next, click the Dropbox menu item and open the webinterface. There you will see the folder “.secure”. Open it and be happy with what you see: a bunch of “wordsalat” files. Voila!