As I’ve written many many many times before, if you’re using Dropbox to store sensitive data you absolutely must encrypt it before committing it to Dropbox. I use Dropbox solely to sync my 1Password keychain between devices so the file I’m storing is already encrypted. Many others use Dropbox to keep several sensitive files synchronized between machines so the necessity to encrypt them can be burdensome. I wrote about one way of solving this problem here but Remy Van Elst has a more comprehensive solution.
His idea is to build your own Dropbox clone so that you have complete control over the environment and what happens. Like the solution I linked above, he uses EncFS to encrypt files on the source machine and then syncs them to a server using Git and dvcs-autosync. Van Elst provides comprehensive recipes for doing this with Linux and OS X. Getting it to work on Windows would probably involve some work although I do know that EncFS has been ported to Windows.
It’s a very nice solution and may be perfect for those with special requirements or a distrust of Dropbox/SpiderOak. The main drawbacks that I see are
- A central server is needed to mediate the syncing. You can probably get one for about the same price as a paid Dropbox account and storage limits won’t be an issue for anyone with sane requirements.
- It can’t sync iOS devices. I’m not sure about Android. If you require files on your mobile devices, this solution may not work for you.
Even if you don’t need your own Dropbox, it’s worth taking a look at the post to see how Van Elst puts everything together (or at least it is if you’re sufficiently geeky).