A secure (and cheap) alternative to Dropbox

By Barry Harmsen

A more secure alternative to DropboxA short article that isn’t directly related to QlikView, but if you’re looking for a secure way to synchronize and share your files across computers then this might be interesting for you nonetheless.

Like many people, I am a big user of Dropbox. Between my referrals, the free space that came with my Samsung phone and my paid subscription I now have 186 GB of online storage. While this is awesome for personal files, I’ve always been reluctant to use Dropbox for work-related documents, as time and again it is demonstrated that Dropbox is not secure. Besides that, Dropbox is also quite expensive, especially since I mainly use it to synchronize files and am not really interested in the cloud storage. With this in mind I set out to see if I could set up a more secure (and cheaper) alternative to Dropbox.

Requirements

The requirements that I have are:

My setup

After considering alternatives such as GoodSync, Cubby, AeroFS and Seafile, I settled on a setup consisting of the following solutions:

  • TrueCrypt, technically not part of the sync solution. I use TrueCrypt to encrypt my entire hard disk, just in case my laptop ever goes ‘missing’.
  • Boxcryptor Classic, basically a repackaged version of EncFS. Boxcryptor adds a drive to your system where you can place your files, these files are then automatically encrypted and stored in a separate folder. The free version allows you to encrypt a single folder, the paid version lets you encrypt an unlimited amount of folders.
  • BitTorrent Sync, a free file syncing solution based on BitTorrent. While still in beta, I find it to work very well and offer reliable, secure and fast synchronization without any hassles.

The diagram below shows how these components work together, achieving hassle-free synchronization while still offering end-to-end encryption.

Secure sync using Boxcryptor and Bittorrent Sync

Basically, my files are stored on a drive which is automatically encrypted by Boxcryptor and stored in a separate folder. This encrypted folder is subsequently synchronized to all other computers using BitTorrent Sync. While BitTorrent Sync should be secure in itself, it cannot absolutely guarantee that files will not end up on unauthorized systems (due to hash collisions, though the chance of that happening is very, very small), hence the encryption before sending out the data. Every system that holds the files is encrypted using TrueCrypt, so that they’re also protected in the case of physical access.

Pro’s and cons

I am finding that this solution works very well for my needs, it offers secure, automatic synchronization of my files across systems. Besides that, the only limit on space is the amount of hard disk space I have available, and I have plenty of that.

Of course, there are downsides as well. BitTorrent Sync only synchronizes your data and doesn’t store it ‘in the cloud’. This means that data is only transferred when two (or more) systems are online. I’ve solved this by having a file server (actually a low power Synology NAS) that is always available. You don’t need a big, expensive machine to achieve this, you can even use a Raspberry Pi.

Another drawback is that, in this setup, you can forget about mobile access to your files. That being said, I am never far away from my laptop and thus have a very limited need to access my files from mobile devices. For cases where I would need this, Boxcryptor offers a mobile app that can be used with Dropbox and similar services (SkyDrive, Google Drive, etc.).  I will probably set up a small Boxcryptor encrypted folder on the free version of Dropbox, just in case. I’m not yet ready to drop Dropbox entirely 😉

Your thoughts?

What solutions are you using to synchronize your files across devices? Does my solution have any shortcomings that I missed? I’d like to hear your comments.

And yes, the next post will be about QlikView again, I promise 😉