trustworthiness of dropbox
William Labbett

Anyone else here use dropbox ?

Being paranoid, I'm wondering how safe my data is on it.

I'm not even sure if there's a login name and password for it.

If someone's coming into my flat while I'm out (they've got my key), then they could pinch all my data.

Everyone in Britain is indignant and up there own arses about American snooping.

For this reason I decided to make sure I keep using google, windows and anything American. You know, against the grain thinking.

But I would like to know if dropbox is safe.

LennyLen

If you're paranoid, it doesn't matter how safe your data is, because you won't accept the truth anyway.

SiegeLord

I feel like this was discussed before.

If you want true security, you should do your own encryption (with OSS tools). I'd suggest EncFS for Linux if you insist upon using Dropbox. Alternatively drop Dropbox and switch to something like BitTorrent Sync.

Thomas Fjellstrom

Anything stored on american servers or at least by american companies is immediately accessible by the NSA and in general the US Government.

That doesn't mean they don't have access to files not stored via us companies.

Encrypting files just makes them suspect you more. Because you must have something to hide if you're hiding it. If they see encrypted content over the wire they explicitly single out your communications.

Arthur Kalliokoski

Encrypting files just makes them suspect you more. Because you must have something to hide if you're hiding it. If they see encrypted content over the wire they explicitly single out your communications.

That may be true, but if you have good encryption they still can't decrypt it. If you exhibit no other "terrorist" traits you're probably in the clear.

If you only need to conceal small amounts of data, you'd probably want to hide it via steganography. "Aw, it's just some stupid pictures of cats."

Thomas Fjellstrom

That may be true, but if you have good encryption they still can't decrypt it.

There is a reason they are building a multi billion dollar datacenter. ;)

Quote:

If you exhibit no other "terrorist" traits you're probably in the clear.

They still think it gives them a right to take your stuff (or keep you out of the country or put you in jail) if you don't decrypt it for them.

Arthur Kalliokoski

They still think it gives them a right to take your stuff (or keep you out of the country or put you in jail) if you don't decrypt it for them.

I'd guess that would lead to lots of people putting up harmless content (or even streams right from a random number generator) onto cloud backup just to troll them, like the people who tattoo some sort of DVD code onto their arms etc.

Thomas Fjellstrom

It depends if its worth your time. They can and will reject your entry to the US if you don't comply. If you needed to get in for one reason or another, you're now screwed.

I'll probably format my machine and go in with a fresh install, and then copy my stuff from home once I get there.

William Labbett

My options seem to be :

Use encrypted file on dropbox.

Use encrpyted file on my machine.

Use encrypted USB file.

Use the thing Siege suggested.

I went for the 42nd option ::)

Vanneto

Son, you're going through a lot of trouble to hide stuff. If you have nothing to hide, you have nothing to fear.

Exactly what are you hiding? That red avatar also seems suspect. Sir, have you ever heard of Mr. Stalin? Hammer and sickle? Please step with us sir...

I personally would use BitTorrent Sync. Actually, I'm going to install it right now. It seems legit.

William Labbett

I'm hiding my game code, my photos, artwork I've done, personal letters to the mental health services, code, code, code, more code and I thought while I'm at it
I could hide the manufacturing plans I stole from BAE for the trident nuclear warhead ;D

Arthur Kalliokoski

It was nice knowing you.

type568

Oh sell me the warhead plans. I'll resell to Putin.

William Labbett

It was nice knowing you.

And you Arthur. Thanks for all those early morning replies. I'll never forget the time you warned me against working out the first Google digits of PI (I didn't understand why you thought I was going to do that), because I'd get taken to court for copyright enfringement!

Why would Putin need the trident plans?

50 Megatons in 1950. He must have some serious stuff ATM.

Thomas Fjellstrom

50 Megatons in 1950. He must have some serious stuff ATM.

Most of it has probably been stolen. The old USSR missile silos are missing some sensitive "equipment".

Arthur Kalliokoski

Why would Putin need the trident plans?

You've ever seen all those books behind the lawyers desk? Or your math professor? Putin has tons of books on the shelves behind his desk with titles like "Destroying teh World for Dummies", "Destroy the World in 21 Days or your money back", "Kill Everybody Unleashed" etc. as does Obama.

Thomas Fjellstrom

Obama doesn't need those books. He has a big red phone.

William Labbett

Most of it has probably been stolen. The old USSR missile silos are missing some sensitive "equipment".

The great fear is that it's been smuggled through places south of Russia into the strange countries there into the hands of terrorists.

torhu

Isn't it a suitcase?

Vanneto

I like Putin better. He doesn't bullshit around. He censors media and makes people disappear without hesitation. And its not like hes going out of his way to deny or explain anything.

Why would he? He is not ashamed to be the ruler with the iron fist.

Thomas Fjellstrom

Yeah, putin doesn't give a shit. He doesn't like you, you go away.

William Labbett

I can feel my freedom of speech contracting. :-/

EDIT : Hey, I guess I'm not the only one.

All I can say is, if an American comes knocking on my door soon, I'll be sure of what someone I knew when I 20 said which was "The Americans have no sense of irony".

I'd only ever known about 5 or 6 Americans so I didn't know if what he was saying was true but then I discovered Bill Hicks and decided he (the person I knew) was using his backside to talk.

@Matthew - perhaps this thread should be deleted before the **** hits the fan ?

Johan Halmén

Everyone in Britain is indignant and up there own arses about American snooping.

Looking for mics there?

Karadoc ~~

I like the sound of Spider Oak's policy, which is that they can't possibility give your data to anyone, because they themselves don't have the power to decrypt it. That sounds good to me, and that's what I use.

However, I don't know of any easy way to actually confirm that their software works the way they claim it does - so in the end it still comes down to trust. For the time being, I'm satisfied that my data is sufficiently private on Spider Oak, but if I was doing some seriously secret stuff I'd probably add another layer of security by using TrueCrypt to encrypt my stuff before sending it to Spider Oak.

type568

Why would Putin need the trident plans?

Well, we talk about Trident II, aren't we?
I'm sure the guy would like to have'em for countermeasures development. And well.. Of course I ain't gonna meet him in person for the deal. But everything is only with his permission ;)

Arthur Kalliokoski

I believe I could mangle data far enough with my bignum library to XOR it with the result, and it wouldn't be decipherable by anything the NSA had, as long as I salted it or something so they couldn't just figure it out by sending a bunch of zeros. I keep reading that "you can't do it yourself", but if it took 10 minutes to decrypt with the proper passwordphraseparagraph on a 3Ghz cpu I think that would suffice.

William Labbett
type568 said:

Well, we talk about Trident II, aren't we?

568, I might seem like I do, but I don't know that much about all this.

I'll get them sent to you if I get my hands on them ;)

BTW - In case anyone's interested, I downloaded TrueCrypt pulled the network lead out of the wall, closed the curtains and made a 40GB volume with a 20 character password.

I'm actually making myself paranoid which is daft but then I always thought people who seemed paranoid to me were stupid. These days I'm not so sure.

weapon_S

made a 40GB volume with a 20 character password.

I guess you meant the other way around?

William Labbett

You think I've got a 20 character file with a 40GB password?

Arthur Kalliokoski

40GB password

Let me see, at 5 keystrokes per second, 24/7, it'd take 253 years to type in that password. It hardly seems worth it.

William Labbett

That's right, which was why I was surprised that Weapon_S asked what he asked.

I know he's not silly. As far as know, the file itself can't be used to work out the password but I'm trying to see an object through a cloud of dense grey gas by trying to work that out.

LennyLen

Perhaps he meant 20Gb file with a 40 character password.

weapon_S

It hardly seems worth it.

Who types their password manually these days? ::) You guys have no sense no sense of security, or something :P

William Labbett
weapon_S said:

Who types their password manually these days? ::)

I'd suggest a poll again :-

I do / I don't

I think that most people would say go for the first option.

How do you type it with a program ?

Come on, let us know and we'll use 40 GB passwords from now on :)

Arthur Kalliokoski

I'd bust my data cap.

William Labbett

That wouldn't be good.

I think I can see why people don't use programs to 'type in the password'.

It would mean either storing the password on the machine it applies to which wouldn't be clever, or running the program with -password4 or something like that.

Vanneto

I think what weapon_S means is using a Password Manager. You just copy paste and you can have unique random passwords on all the sites you go.

Arthur Kalliokoski

I have infrequently used passwords in a text file, with a misleading name, in an out of the way place. They're not exactly plaintext, either. Now get off my lawn!

William Labbett

They're not exactly plaintext, either.

Sounds like they're still in use to me ;)

Quote:

Now get off my lawn!

What does that mean and who's it aimed at ?

Arthur Kalliokoski

Now get off my lawn!

It's what a grouchy old suburbanite guy yells at teen-agers taking a shortcut through his yard.

Thomas Fjellstrom

Don't have to be old, but it is the stereotype ;D

weapon_S

I'm not sure whether you are bad at taking a joke, or better than I :-X

William Labbett

Bad I'm afraid. I'll work on it though.

/* EDIT */

But then, I didn't think it was a joke, you (all) see.

Actually I was getting worried about my recent activities on the forum having a negative impact on other member's general well-being (including sanity and anger management). I can quite understand - I think Arthur was feeling that his quality of life had gone down some since my onslaught.

I set a system restore point at about 1 week ago though. I'll restore and see how I get on at getting on with people.

Arthur Kalliokoski

his quality of life had gone down some since my onslaught.

I suffered an onslaught? Why doesn't anybody tell me these things?

Vanneto

If you would get out of your old house filled with old stuff more then maybe you would have noticed? It is, after all, old news.

Arthur Kalliokoski

<looks at the lawn, tells the kids to get the hell off> Nup! Still don't see it!

Dizzy Egg

<wrong thread>

William Labbett

I posted more than anyone for 2+ days right?

I had allegro.cc withdrawal symptoms to work off.

So I called it an onslaught (semi-jokingly) - I might have really been referencing the thread on the ten stone testicle since Arthur had to make a stand there.

My onslaught which was really just a creative communication intending no harm was aimed only at those people I replied to, that it to say I speak to one person at a
time /* EDIT : most of the time */ but insofar as 'we' exist as a community, I was seperate and demanding a lot of 'us' or 'us - me'.

I think feeling included is an important thing to anyone using allegro, especially the newbs who probably feel up against the 'we'.

Like bammers says 'William is a bit paranoid.'

I'm not sure I can change that, but I take medication to manage these things.

/* Go on - someone tell me I'm too self-important. */

weapon_S

AFAIK the most paranoid approach: put data on media carried with you; encrypt the data with reliable tools; scramble buffer[1]after use; optionally unplug internet whenever accessing confidential files. Maybe you can even have a "broken" filesystem so the media look empty/non-formatted to most users.
Seriously: how are you feeling? Worrying about other people might be sign about your own condition.

References

  1. I'm not sure, but I heard you can retrieve data from USB media from there. Might be memory, might be HD.
Arthur Kalliokoski

I saw a utility a week ago that'll add another file with the exact same name to a directory on a floppy, it was claimed all file managers list only the first file with a given name. IIRC, you can just delete the filename displayed (innocent data) to expose the other file (terr'st info). I don't know if this would also work with hard disks.

William Labbett
weapon_S said:

Seriously: how are you feeling? Worrying about other people might be sign about your own condition.

Thanks for your concern weapon_S. I'm not sure what to say. There's some things I'd like to ask on the subject of this thread but I think what I actually need to do is
give it a rest.

Thanks.

Thomas Fjellstrom

Eh, I'm quite paranoid, I want to build a self sufficient bunker for the END OF DAYS. makes its own clean air, water, food, and electricity!

Thread #612936. Printed from Allegro.cc