A secure (and cheap) alternative to Dropbox

By Barry Harmsen

A more secure alternative to DropboxA short article that isn’t directly related to QlikView, but if you’re looking for a secure way to synchronize and share your files across computers then this might be interesting for you nonetheless.

Like many people, I am a big user of Dropbox. Between my referrals, the free space that came with my Samsung phone and my paid subscription I now have 186 GB of online storage. While this is awesome for personal files, I’ve always been reluctant to use Dropbox for work-related documents, as time and again it is demonstrated that Dropbox is not secure. Besides that, Dropbox is also quite expensive, especially since I mainly use it to synchronize files and am not really interested in the cloud storage. With this in mind I set out to see if I could set up a more secure (and cheaper) alternative to Dropbox.

Requirements

The requirements that I have are:

My setup

After considering alternatives such as GoodSync, Cubby, AeroFS and Seafile, I settled on a setup consisting of the following solutions:

  • TrueCrypt, technically not part of the sync solution. I use TrueCrypt to encrypt my entire hard disk, just in case my laptop ever goes ‘missing’.
  • Boxcryptor Classic, basically a repackaged version of EncFS. Boxcryptor adds a drive to your system where you can place your files, these files are then automatically encrypted and stored in a separate folder. The free version allows you to encrypt a single folder, the paid version lets you encrypt an unlimited amount of folders.
  • BitTorrent Sync, a free file syncing solution based on BitTorrent. While still in beta, I find it to work very well and offer reliable, secure and fast synchronization without any hassles.

The diagram below shows how these components work together, achieving hassle-free synchronization while still offering end-to-end encryption.

Secure sync using Boxcryptor and Bittorrent Sync

Basically, my files are stored on a drive which is automatically encrypted by Boxcryptor and stored in a separate folder. This encrypted folder is subsequently synchronized to all other computers using BitTorrent Sync. While BitTorrent Sync should be secure in itself, it cannot absolutely guarantee that files will not end up on unauthorized systems (due to hash collisions, though the chance of that happening is very, very small), hence the encryption before sending out the data. Every system that holds the files is encrypted using TrueCrypt, so that they’re also protected in the case of physical access.

Pro’s and cons

I am finding that this solution works very well for my needs, it offers secure, automatic synchronization of my files across systems. Besides that, the only limit on space is the amount of hard disk space I have available, and I have plenty of that.

Of course, there are downsides as well. BitTorrent Sync only synchronizes your data and doesn’t store it ‘in the cloud’. This means that data is only transferred when two (or more) systems are online. I’ve solved this by having a file server (actually a low power Synology NAS) that is always available. You don’t need a big, expensive machine to achieve this, you can even use a Raspberry Pi.

Another drawback is that, in this setup, you can forget about mobile access to your files. That being said, I am never far away from my laptop and thus have a very limited need to access my files from mobile devices. For cases where I would need this, Boxcryptor offers a mobile app that can be used with Dropbox and similar services (SkyDrive, Google Drive, etc.).  I will probably set up a small Boxcryptor encrypted folder on the free version of Dropbox, just in case. I’m not yet ready to drop Dropbox entirely 😉

Your thoughts?

What solutions are you using to synchronize your files across devices? Does my solution have any shortcomings that I missed? I’d like to hear your comments.

And yes, the next post will be about QlikView again, I promise 😉

 

About The Author

Barry Harmsen

Hi there, I'm Barry and I'm a Business Intelligence Consultant at Bitmetric and based in the Netherlands. Originally from a background of 'traditional' Data Warehousing, Business Intelligence and Performance Management, for the past 10 years I have been specializing in Qlik and a more user-centric form of BI. I have done numerous QlikView and Qlik Sense implementations in many different roles and industries. In 2012 I co-authored the book QlikView 11 for Developers. You can follow me on Twitter at @meneerharmsen.

3 Comments

  • 1
    Martijn Olivier
    March 8, 2014 - 10:08 | Permalink

    Hi Barry,

    Great setup. Might try the BitTorrent sync!

    I’m using this setup (Mac), used more for backup, not for sharing:

    Knox : Alternative for Truecrypt for Mac (big pro of Knox that it is resizable, so you don’t need to set a fixed size when you create a mount)

    Auto Sync : Sync files automatically from my Truecrypt folder to my NAS

    CrashPlan : Is running on my NAS and stores the files to CrashPlan server encrypted.

  • 2
    Coen
    June 17, 2014 - 14:36 | Permalink

    Hi Barry,

    as TrueCrypt is longer secure according to their website you might want to update this with an alternative!

    Regards,

    Coen

    • 3
      June 18, 2014 - 21:14 | Permalink

      Hi Coen,

      Yes, I am aware of the TrueCrypt collapse. Unfortunately, Bitlocker is not an option for me as I’m using Windows 7 Pro which doesn’t include it. I do not intend to purchase the Enterprise or Ultimate edition of Windows 7, or upgrade to Windows 8 anytime soon (love it on my tablet, hated it on my laptop, downgraded to Win 7). TrueCrypt 7.1 still seems secure at this moment (the partial audit earlier this year didn’t turn up anything serious) so I will keep using it until I find a proper alternative. If it’s good enough for Edward Snowden, it’s good enough for me, for now.

      Kind regards,
      Barry

  • Leave a Reply

    Your email address will not be published. Required fields are marked *

    Read previous post:
    Masters Summit for QlikView Europe: Amsterdam October 2014

    After successful events in Las Vegas, London and Barcelona, and the upcoming event in Chicago next April 1 - 3,...

    Close