Dropbox, Privacy, and TrueCrypt

I wrote about files in the cloud back in 2009, and in light of the recent attention Dropbox is getting about security, the time seemed ripe to revisit the topic. From a philosophical perspective, two articles, Innovative Consumption from the New Yorker and Why Privacy Matters Even If you have ‘Nothing to Hide’ in the Chronicle of Higher Education, provide a framework for cloud computing, technology, and privacy. It is clear that the convenience of the cloud, the ease of use and access are compelling, but at what cost?

I’m a technologist, and am probably more willing to push the boundaries more than others I know. I started using the then-start-up Mint to manage my finances long before it went mainstream and was purchased by Intuit. Likewise, I happily keep my files in the cloud so that I can easily access the material from any computer including all my mobile devices. It is efficient and effective.

First, let me say I love Dropbox and often recommend [use this link please] the service to all my friends and colleagues. Second, I do have an awareness of privacy and do attempt to take adequate steps to address this with the services I use. I also use a unique (and long) password for just about every site I use on the internet. Since I love Google too, I know that a ton of my data is out there for harvesting. For me, the most important thing to remember is that once content reaches the digital realm, especially how most people use it, we have to assume that it could be compromised at some point. If something is that important or private, don’t put it in the cloud without the appropriate security.

This is where my discourse switches from philosophy to reality. I have files on Dropbox that are of a highly personal nature. Financial and personnel records that should remain confidential. Yes, it is true that Dropbox encrypts my content, which is great, but they hold the keys. So what is the solution?

A product called TrueCrypt is an open source, on the fly, encryption solution. It’s reasonably easy to use and works with Dropbox. With TrueCrypt, I can create a virtual encrypted disk that can be stored on Dropbox and mounted on my computer when I need to use the content. The encrypted disk can be of any size I wish (within the confines of my Dropbox account size). The encrption is controlled by me and it uses the Advanced Encryption Standard (AES) cryptographic algorith that may be used by US federal departments and agencies to cryptographically protect sensitive information. TrueCrypt uses AES with 14 rounds and a 256-bit key (i.e., AES-256). Most likely it would take hundreds of years to crack this.

So, fear not. Use the cloud to store your files, have an automatic backup, and use TrueCrypt to protect the sensitive material.

What are your thoughts on privacy and use the cloud?

P.S. – I have recently attempted to use an older encrypted volume of mine and have forgotten my password. This is the downside of AES-256…I have to remember it or will never recover that content. I need to take that drug from Limitless because it’s in my brain somewhere!