You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
PierreLeBear
5 years agoHelpful | Level 5
Zero Knowledge Encryption
I find that many Cloud services offer encryption during transfer to the service and encryption at the destination. Dropbox does this too. Unfortunately, the keys used at the destination are available to Dropbox. What would make Dropbox unique is if it would offer Zero Knowledge encryption at the client. That way all files are encrypted at the client with the customer retaining the keys. Why is this important? There can be bugs during transfer even if encryption is used (remember the famous OOPS with caches on internet servers offering up unencrypted data?). Also, the government can force Dropbox to deliver user data (or it may be compromised by hackers).
Dropbox with Zero Knowledge Encryption would be a market leading solution that would drive a great preference over OneDrive, Google Drive and others. It would be the only way I would be comfortable putting my files on the cloud.
I wanted to share a quick update with you:
We have launched our end-to-end encryption in April. More details can be found here and here.
High level overview:
You can now add end-to-end encryption to team folders. The functionality is available for our Advanced, Business Plus and Enterprise customers at no additional costs.
If there are any questions, please let me know!
- PierreLeBearHelpful | Level 5
You can look at product features via vote, or like Steve Jobs as a strategic decision. He never worried about market research to drive innovation. Google would struggle to copy this because they count on sifting through your information to place ads. You are not encumbered by this with a subscription model.
- anonymous
Love the idea.
Some applications (joplinapp.org for instance) has support for dropbox but adds an encryption layer before sending the files to Dropbox - meaning that Dropbox does not have access to any keys, only the pre-encrypted data.
I'm not suggesting this as a solution, but zero-knowledge-encryption presents alot of technical challenges - foremost just handling keys in any form for 'normal' users tends to be quite hard; "forgot passphrase - how do I retrieve my data" will tend to skyrocket as a question.
But I would love too see that functionality. - ConF2_0Helpful | Level 6
This is the exact idea that I wanted to share! Thank you, @PierreLeBear.
And to @ITConsultingAfrica, I find your ending comments to be rude and unhelpful.
"If you do not like that Dropbox has access to your encryption
keys, move on, and look at a provider like sync.com or others.
That is my understanding, and I may be wrong. But this is OK
with me, as I doubt a Dropbox engineer will want to look at my
holiday photos of 2 years ago or whatever."
No one looks for encryption to protect family photos!
Those of us who have to work with HIPPA laws are always looking for options to ensure privacy. Obviously, I have looked elsewhere for this feature, but it would be awesome for me (and obviously others) if Dropbox offered it.
- Matthias B.4Explorer | Level 4
I'm a paying dropbox customer for many years. However, I'm now looking for an alternative because it's exactly zero-knowledge encryption that I expect from a cloud storage service.
- scotia673New member | Level 2
I just wanted to add here that I too was a Dropbox subscriber (for 6 or 7 years) but I recently switched to Sync.com for the same reason. I have always loved Dropbox's service, but I am no longer comfortable entrusting my private documents without support for this kind of encryption. To be clear, I would happily accept slower sync times and other feature limitations in exchange for this support.
- stopmotionNew member | Level 2
I did upvote this idea. But I also want to share some thoughts with you who may not be very familiar with online security.
Security - how much is plenty for you personally? There's poor, good, very-good, and extremely high security measures you can take.
Obviously, what you don't want is to be the easy target - storing weak passwords and files on some mediocre service. With a little education and more than one layer of security however, you can move up to a very-good security tier for little to no cost.
Granted: the growing ability of hackers using today's incredibly powerful GPUs to process millions of hash comparisons and other tests per second (24 hours a day) to find potential matches or other clues for breaking into secured accounts is unbelievable. I'm no expert, but I've done some research.
You can search too, however, I don't recommend getting lost in time-consuming reading, overthinking and worrying (as I did at first.) In most cases there are just a few steps the average user can take to become highly secure.
These hackers mostly go for the cream of the crop. Identity theft, access to credit card info, entering your various accounts - it's a cakewalk for them when it comes to so many people out there who are not using much if any security.
For years I trusted whatever browser to store my weak and duplicated passwords, and this was no doubt the reason I dealt with fraud on quite a few financial accounts, and had email and social media accounts hacked on several other occasions.
Of course, Zero Knowledge Encryption as discussed here is obviously the highest-tier of security, but mostly required by those who have the highest-tier of *necessity* - concern for a potential subpoena, or possess legally-sensitive or highly-confidential data. These ones obviously need the best out security out there.
However, if you're coming from general file storage services and weak passwords - consider this: If you layer good encryption such as Dropbox' security and 2FA, you've already taken yourself way out of the limelight for hackers. You can also consider free or reasonably priced services such as Keeper - which has a good free version plus additional plans for individuals and families (currently 40% off at time of posting). Go that route and you've got very little to fret about.
Do some research on data privacy if you haven't already. You may find that today's top-tier services may not be a big concern for you. Of course, it's up to you, but often some simple educated steps will take you far out of harm's way.
- pomme4moiNew member | Level 2
I’m in the process of moving from Dropbox to Tresorit. Dropbox has features I like, but zero knowledge encryption now is table stakes. If Dropbox doesn’t want to implement it, that’s fine. There are new alternatives every day. And IMHO, asking people to vote for data privacy is absurd.
- nhflasun16Explorer | Level 4
I strongly support the idea of zero-knowledge-encryption for documents saved in Drobox. Without this type of protection, I am reluctant to save any important docs in Dropbox. I am using Dropbox less and less because this critial feature is not available.
- ITConsultingAfricaCollaborator | Level 10
Hi nhflasun16
I did extensive reading about this earlier this week. While I am no expert in zero knowledge encryption, this is what I found out: There are many few cloud providers that do zero knowledge encryption. Reason for that is not so that they can spy on you. It is to provide you with a faster user experience.
Also, Dropbox (and others) integrate with other providers (e.g. Adobe, Zoom, Slack, etc) and if the encryption key is with you, and not with the cloud provider (read Dropbox) then the service offering to you will be slower.
If you do not like that Dropbox has access to your encryption keys, move on, and look at a provider like sync.com or others.
That is my understanding, and I may be wrong. But this is OK with me, as I doubt a Dropbox engineer will want to look at my holiday photos of 2 years ago or whatever.
Regards
Casper
- FesTHelpful | Level 7
I completley agree! This would be the a hugh selling point for dropbox!
About Security and Permissions
Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.
Need more support
If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!