Hello,

I'm a big fan of Dropbox… or I was, anyway, until this (http://it.slashdot.org/story/11/04/08/1838220/Dropbox-Authentication-Insecure-By-Design) [Slashdot]. :mad:

It was a good wake-up call for me. I should have been paying more attention to the security of my data, anyway.

At any rate, now I'm trying to find a way to encrypt/decrypt my Dropbox data on the fly across multiple platforms: OS X, various Linux 2.6 distros and Android. Does such a beast exist?

TIA.

The best option off the top of my head would be GPG. Unfortunately, that means rolling your own system and it probably means not having a good seamless experience.

As to the security concerns, it's really not so bad. In order to be compromised, an attacker has to get access to your files. The only real issue is that they can retain access to anything you change on DropBox after the initial attack. And changing your password doesn't revoke that access, you'd also have to revoke access to the compromised device.

On their forums, the staff has commented that they don't see it as the huge issue that is being made of it, though they do see enhancements that can be made. I presume these enhancements would include re-authentication of all devices when a password is changed.

It's still a good idea to consider the security of the files you're storing in any location.

You can also put votes towards adding support for client side encryption (https://www.dropbox.com/votebox/21/client-side-encryption).

The best option off the top of my head would be GPG. Unfortunately, that means rolling your own system and it probably means not having a good seamless experience.

As to the security concerns, it's really not so bad. In order to be compromised, an attacker has to get access to your files. The only real issue is that they can retain access to anything you change on DropBox after the initial attack. And changing your password doesn't revoke that access, you'd also have to revoke access to the compromised device.

On their forums, the staff has commented that they don't see it as the huge issue that is being made of it, though they do see enhancements that can be made. I presume these enhancements would include re-authentication of all devices when a password is changed.

It's still a good idea to consider the security of the files you're storing in any location.

You can also put votes towards adding support for client side encryption (https://www.dropbox.com/votebox/21/client-side-encryption).

I would expect their staff to minimize the issue. That's a no-brainer. I've added my vote to the request for client-side encryption. That said, I'm looking at this (http://fak3r.com/geek/howto-build-your-own-open-source-dropbox-clone/) to see if there's a way I can port this solution to other platforms. It won't be trivial, by any means, but it seems possible in theory (Cygwin, maybe, for Windows; there's already an openSSH port for OS X, as well as rsync, I don't know about lsyncd; Android... I don't know about yet).

I have used Truecrypt between Mac and PC but stuffed with Mobile support.