The quest for a more secure Dropbox alternative

Credit to Author: Serge Malenkovich| Date: Mon, 26 Jun 2017 15:11:26 +0000

If you use Dropbox, Google Drive, or Yandex.Disk, then you have no doubt appreciated the convenience of always having all of your important files handy on any device. A file can be shared with friends or coworkers in a second. However some find the data security on these popular services lacking, worrying that unauthorized people might gain access to their files.

Accidentally making your private photographs or pay stubs available to employees of your hosting provider would be a horrifying mistake, for example. To minimize that sort of risk, the data on a server needs to be stored in encrypted form, with only you able to grant access to it. How can you make that happen?

The quest for a more secure Dropbox alternative

The answer lies in other services. Here we examine the alternatives.

First, let us see the kind of problems we are trying to avoid.

  1. You send a link to a file to another person, but that person can share the files with anyone they like.
  2. You lose your computer or phone, and strangers can access the data on it.
  3. Strangers, coworkers, governments, or hackers might be able to view the data your backup service stores on its servers.

To be clear, you want to avoid all of that, yet retain the convenient data storage Dropbox provides. (The safest scenario is to have no files at all, but we are not talking extreme life philosophies here.) Therefore, a suitable alternative must include access to all of the files on a computer, offline access to selected files from a phone, and the ability to share links for downloading a file from any device. Of course, we want these features in a package at a low price and with plenty of storage.

Standard services such as Dropbox, Google Drive, OneDrive, and others of their ilk do not say they protect users against the risks mentioned above; therefore, people with information security concerns may wish to use those services for storing nonsensitive information only. A range of lesser-known websites and services claim to address those concerns, so we took a look under their hoods.

Encryption tools for Dropbox and for other standard cloud services

Services such as Boxcrypt and CloudFogger promise to encrypt your files on Dropbox — or any other similar service — so that accessing them would be useless without the encryption key. There are two disadvantages to this approach. First, to use them you have to maintain two services instead of one (and perhaps pay for both). Second, you have to remember to save in encrypted storage instead of common storage. So, we will not discuss this group in detail and will instead move on to dedicated encrypted clouds.

SpiderOak ONE

From $59 per year for 100GB

One of the oldest security-focused services for storing and securing files, SpiderOak ONE shows its age. Its major flaws are a somewhat bleak and slow application for desktops and a quite unintuitive interface that combines features of backing up and storing files. Some advantages of the service include the “endless” change log and flexible settings for sharing.

SpiderOak’s encryption algorithm is innovative and slightly dubious: The mobile app cannot upload new files to the cloud; it provides just read-only access. In fact, we should stop at that: SpiderOak One’s lack of user-friendliness and versatility make it an unattractive choice.

pCloud

$48 per year for 500GB; encryption for $4 per month ($96 per year total). First 20GB free; one-week free trial for encryption available.

A cloud data-storage service that is developing dynamically, pCloud offers encryption as an additional paid option. The service creates its own virtual drive on a computer, and the files you save on it go to the cloud. A user can create a separate “Crypto” folder on that drive, and the entire contents of that folder will be encrypted. However, not all pCloud features are available to the user while working with that folder.

Not all files in pCloud have to be physically stored on the computer; the app automatically downloads them when a user needs to work with them. This approach saves disk space, which is vital for laptops with low-volume SSDs, but it can also leave users in the lurch during a flight or in any other situation with no network coverage. “Favorites” (files marked for offline storage) are provided for in pCloud, but they cannot be stored in the Crypto folder.

pCloud has an interesting advantage: Data on the virtual disk cannot be accessed until you enter the password. That means if you lose your laptop, a person who finds it will not be able to access the files stored in the cloud. The pCloud mobile app lacks the grace of Dropbox, but it is quite functional and allows you to automatically download pictures, share links to files, and store files offline among the aforementioned Favorites. However, the “share a file” feature is not available in the encrypted folder.

Sync.com

5GB free. $96 per year for 2TB of cloud storage.

Canadian Sync.com combines the ideology of Dropbox with reliable encryption. A folder selected on a disk is synchronized with cloud storage, and any file can be shared with other people without forcing them to install any additional applications. For that, Sync.com uses an elegant scheme: The encryption key for a file is transmitted in a special parameter within a URL (after the “#”). Thus, the key remains unknown to the server, and the recipient is able to download and view the file.

The Sync.com desktop user interface is slightly old-fashioned but user-friendly and intuitive. Alas, we cannot say the same about the mobile app. It looks nonnative on both iOS and Android and has, in essence, only three functions: downloading a file to the device on demand, uploading a photo to the server, and deleting a file from the server. You cannot choose a file for offline use or share an encrypted link without downloading the file.

Tresorit

€100 per year for 100GB. Two-week trial available.

Tresorit’s powerful combination of user-friendliness and security makes the service about as close to perfect as you can get. An encrypted folder on the server is called “Tresor,” and Tresorit recommends creating several Tresor folders for various purposes and user groups. Each one can be synchronized with any folder on a computer as well as designated for shared access with other users.

Tresor folders, common folders, and individual files are easy to share with friends or coworkers even if they do not have Tresorit. Each link may have an expiration date, the maximum amount of downloads, and other restrictions. An experimental mode called Tresorit Drive reminds us of pCloud: With the mode enabled, Tresor folders become available on a separate virtual drive and take up much less space on a physical disk.

The Tresorit mobile app is good-looking and user-friendly. It can be used for indicating which Tresor folders or individual files should be stored offline, generating links to files, uploading photographs to the cloud automatically, protecting the app with a PIN, and more.

Conclusions

See the table below for a snapshot of useful information about secure Dropbox alternatives. Of course, a table of features doesn’t tell the whole story. For example, pCloud has a unique advantage that really sets it apart: It protects data on the computer, not just on its servers. However, when you take into account all other factors, Tresorit stands above the rest. And although it lacks local encryption, other tools, from BitLocker to VeraCrypt, can compensate.

Ultimately, perfection cannot be achieved; thus, we all have to choose what is most important while sacrificing something else.

DropboxSpiderOak ONEpCloudSync.comTresorit
Free storage2GBNo20GB (without encryption)5GBNo
Minimum paid plan$100/1TB$59/100GB$96/500GB$96/2TB per year$125/100 GB
File-sharing protectionNoYesNo (not for encrypted folder)YesYes
Protection from lossNoNoYesNoNo
Server-side encryptionNoYesYesYesYes
Two-factor authentication for accountsYesYesNoYesYes
Our score for the usability of the desktop app (out of 5)53445
Our score for the usability of the mobile app (out of 5)52324

https://blog.kaspersky.com/feed/