Sweet Sounds for the Soul


G's Favorite Photos

Gwen Sutton - View my favorites on Flickriver

Thursday, April 21, 2011

Post from gwensutton at CHUMLY

f recent security and privacy concerns about Dropbox make you think twice about using the popular file storage and syncing tool, there's an easy way to further protect your sensitive files stored on Dropbox: yes, we're talking about encryption.

TrueCrypt is our go-to data encryption tool and no doubt you know we have a thing for Dropbox, but although we've briefly mentioned using TrueCrypt as one of the clever ways to use Dropbox, we've never fully married the two. It's about time.
What's All the Fuss?

As Business Insider reports, a recent update to Dropbox's security terms of service reveals the company can decrypt your files and provide them to the government if required to do so—in other words, if you thought Dropbox couldn't decrypt your data, you were wrong. Perhaps this is just par for the course with cloud-based services, but at least a few people feel uneasy about Dropbox's lack of clear privacy and security procedures or say its authentication implementation is insecure by design.
Should You Drop Dropbox?

Dropbox is still a killer collaborative work tool and it does more than just file syncing. If you don't store confidential or sensitive information on the service, there's no need to worry anyway.

If you do store sensitive data on Dropbox but are loathe to give up its convenience, you can encrypt that data first with TrueCrypt and then store then encrypted file on Dropbox for an added layer of protection. It won't be as easy to share or work with individual documents encrypted with TrueCrypt as non-TrueCrypt-encrypted files, but even Dropbox itself recommends using TrueCrypt for your most sensitive documents.

So, here's how to do it:
Create a TrueCrypt Container On Dropbox

Full size
In this scenario, you'll basically just store your sensitive data in your TrueCrypt container, which is saved to your Dropbox folder. Our steps for encrypting your data with TrueCrypt in this case remain the same. Just select the Dropbox folder as the TrueCrypt container location.

If you've never used TrueCrypt before, here are the steps, taken from our previous guide but adjusted specifically for Dropbox usage:
1. Download, install, and launch TrueCrypt
2. After hitting the "Create Volume" button, choose the default to "create an encrypted file container" and a "Standard TrueCrypt Volume".
3. Here's where the steps differ: When prompted to select a location for your TrueCrypt Volume, navigate to your Dropbox folder.
4. Then you'll run through the rest of the TrueCrypt encryption steps, including selecting the default AES encryption scheme and volume size (choose a capacity less, obviously, than your total Dropbox account storage space).

Once you've entered your volume password and formatted the TrueCrypt volume, it'll be saved and ready for action in your Dropbox folder.

To mount the volume as a virtual—but encrypted—drive that you can copy and paste to, from the TrueCrypt program, select a drive letter, then select your TrueCrypt file in the Dropbox folder, and click "Mount."

You'll be able to copy and paste sensitive documents to that encrypted container just like you would a regular drive, as long as the volume is mounted.
Moving Your Dropbox Folder to an Encrypted TrueCrypt Volume

Full size
The above works well when you have a mix of plain old documents and more sensitive files that you want to store together on Dropbox—you can use a TrueCrypt container for your most sensitive files and the regular service for everything else (for easy collaboration and remote editing). Encrypting your files before storing them on Dropbox is also your main recourse when it comes to privacy and security concerns about the service having access to your data.

If you want encrypt everything in your Dropbox folder locally, you can just move the Dropbox folder into a TrueCrypt container. As readers pointed out, this won't address the privacy concerns of Dropbox being able to decrypt your information, but it would secure the contents of your Dropbox in case, say, you lost your laptop or your computer was compromised. Here are the instructions from Dropbox of this process:

* As above, download, install, and launch TrueCrypt
* Create a new standard TrueCrypt volume (Create volume > Create an encrypted file container > Standard TrueCrypt volume, using NFTS filesystem) anywhere on your hard drive, and set a volume size and password for accessing the volume later.

Once it's formatted, make sure the TrueCrypt volume will be mounted on logon:

* In TrueCrypt, click on the Select File button, select the container you just created, click on an unused drive letter and then click the Mount button.
* From the Favorites menu, select Add Mounted Volume to Favorites and make sure Mount select volume upon login is checked.

Next, we'll move Dropbox to the encrypted TrueCrypt drive:

* Right-click on the Dropbox icon in the system tray and go to Preferences.
* In the Advanced tab, click the Move button to change the location for Dropbox to the virtual drive letter you just created.

Finally, Dropbox recommends creating a login script to modify Dropbox so it will wait until the drive is ready before starting:

In your Dropbox preferences, click the General tab, then turn off the checkmark beside Start Dropbox on system startup.
1. Create a new text file called bootup.bat somewhere on your C: drive.
2. If file extensions are hidden by Explorer, you may need to turn them on to ensure the file gets the .bat extension rather than .bat.txt. (The option in Explorer is under Tools | Folder Options | View, then under Advanced Settings select Show hidden files, folders and drives).
3. Paste the following commands into the bat file:
@echo off
rem Every second, check to see if volume is mounted
echo Waiting for volume...
ping -n 1 -w 1000 > nul
if not exist F: goto keepwaiting
start "Dropbox" "C:Documents and SettingsYourUserNameApplication DataDropboxbinDropbox.exe"

4. Tailor the script as follows, then save it:
Change F: to the drive letter of your mounted volume (which you picked in step 2.2)
Change the path on the last line to include the location of the Dropbox application files. e.g. On Windows 7 it would be:

5. Create a shortcut to bootup.bat in your Startup folder. Your startup folder is usually located at:
Windows XP: C:Documents and SettingsYourUserNameStart MenuProgramsStartup
Windows 7: C:UsersYourUserNameAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

Reboot your computer and test.

FYI, before you dismount the encrypted volume, you'll need to close Dropbox.

Dropbox's tips and tricks wiki notes that there are also sensitive *.db (Dropbox configuration) files located in alternative locations, and offers suggestions for ways to relocate those files or the entire Dropbox application.


No comments:

Smooth Jazz