Child Item

Please add zero knowledge encryption on Dropbox.

I find that many Cloud services offer encryption during transfer to the service and encryption at the destination. Dropbox does this too. Unfortunately, the keys used at the destination are available to Dropbox. What would make Dropbox unique is if it would offer Zero Knowledge encryption at the client. That way all files are encrypted at the client with the customer retaining the keys. Why is this important? There can be bugs during transfer even if encryption is used (remember the famous OOPS with caches on internet servers offering up unencrypted data?). Also, the government can force Dropbox to deliver user data (or it may be compromised by hackers).

Dropbox with Zero Knowledge Encryption would be a market leading solution that would drive a great preference over OneDrive, Google Drive and others. It would be the only way I would be comfortable putting my files on the cloud.

Find more posts tagged with

Desktop

Security

Account Settings

Insightful

Disagree

Under Consideration

Accepted answers

apfund

I wanted to share a quick update with you:

We have launched our end-to-end encryption in April. More details can be found here and here.
High level overview:
You can now add end-to-end encryption to team folders. The functionality is available for our Advanced, Business Plus and Enterprise customers at no additional costs.

If there are any questions, please let me know!

All comments

PierreLeBear

You can look at product features via vote, or like Steve Jobs as a strategic decision. He never worried about market research to drive innovation. Google would struggle to copy this because they count on sifting through your information to place ads. You are not encumbered by this with a subscription model.

unknown

Love the idea.

Some applications (joplinapp.org for instance) has support for dropbox but adds an encryption layer before sending the files to Dropbox - meaning that Dropbox does not have access to any keys, only the pre-encrypted data.

I'm not suggesting this as a solution, but zero-knowledge-encryption presents alot of technical challenges - foremost just handling keys in any form for 'normal' users tends to be quite hard; "forgot passphrase - how do I retrieve my data" will tend to skyrocket as a question.

But I would love too see that functionality.

nhflasun16

I strongly support the idea of zero-knowledge-encryption for documents saved in Drobox. Without this type of protection, I am reluctant to save any important docs in Dropbox. I am using Dropbox less and less because this critial feature is not available.

ITConsultingAfrica

Hi nhflasun16

I did extensive reading about this earlier this week. While I am no expert in zero knowledge encryption, this is what I found out: There are many few cloud providers that do zero knowledge encryption. Reason for that is not so that they can spy on you. It is to provide you with a faster user experience.

Also, Dropbox (and others) integrate with other providers (e.g. Adobe, Zoom, Slack, etc) and if the encryption key is with you, and not with the cloud provider (read Dropbox) then the service offering to you will be slower.

If you do not like that Dropbox has access to your encryption keys, move on, and look at a provider like sync.com or others.

That is my understanding, and I may be wrong. But this is OK with me, as I doubt a Dropbox engineer will want to look at my holiday photos of 2 years ago or whatever.

Regards

Casper

FesT

I completley agree! This would be the a hugh selling point for dropbox!

ConF2_0

This is the exact idea that I wanted to share! Thank you, @PierreLeBear.

And to @ITConsultingAfrica, I find your ending comments to be rude and unhelpful.

"If you do not like that Dropbox has access to your encryption

keys, move on, and look at a provider like sync.com or others.

That is my understanding, and I may be wrong. But this is OK

with me, as I doubt a Dropbox engineer will want to look at my

holiday photos of 2 years ago or whatever."

No one looks for encryption to protect family photos!

Those of us who have to work with HIPPA laws are always looking for options to ensure privacy. Obviously, I have looked elsewhere for this feature, but it would be awesome for me (and obviously others) if Dropbox offered it.

Matthias B.4

I'm a paying dropbox customer for many years. However, I'm now looking for an alternative because it's exactly zero-knowledge encryption that I expect from a cloud storage service.

Matthias B.4

@ITConsultingAfrica Thank you I didn't know about sync.com I just signed up!

scotia673

I just wanted to add here that I too was a Dropbox subscriber (for 6 or 7 years) but I recently switched to Sync.com for the same reason. I have always loved Dropbox's service, but I am no longer comfortable entrusting my private documents without support for this kind of encryption. To be clear, I would happily accept slower sync times and other feature limitations in exchange for this support.

Mochnant

I would love to see the option for Zero Knowledge Encryption, as well. From a finanical stanpoint, I am paying Sync.com for this service, and not Dropbox. I'd rather be using Dropbox.

There is no reason it needs to be all or nothing for all users. Some cloud providers allow it as an option for those who want it, while others who prefer the convienence and integrations can disable it.

Tyler B.12

Seems like this is a no brainer for at least the Vault

dropmyselfabox

Fully agree, more and more providers are offering this service. I would opt for DropBox to see if they can do the same. Privacy and security are increasingly becoming more important (should always be important, but anyway). I don't want anyone snooping around in my files.

stopmotion

I did upvote this idea. But I also want to share some thoughts with you who may not be very familiar with online security.

Security - how much is plenty for you personally? There's poor, good, very-good, and extremely high security measures you can take.

Obviously, what you don't want is to be the easy target - storing weak passwords and files on some mediocre service. With a little education and more than one layer of security however, you can move up to a very-good security tier for little to no cost.

Granted: the growing ability of hackers using today's incredibly powerful GPUs to process millions of hash comparisons and other tests per second (24 hours a day) to find potential matches or other clues for breaking into secured accounts is unbelievable. I'm no expert, but I've done some research.

You can search too, however, I don't recommend getting lost in time-consuming reading, overthinking and worrying (as I did at first.) In most cases there are just a few steps the average user can take to become highly secure.

These hackers mostly go for the cream of the crop. Identity theft, access to credit card info, entering your various accounts - it's a cakewalk for them when it comes to so many people out there who are not using much if any security.

For years I trusted whatever browser to store my weak and duplicated passwords, and this was no doubt the reason I dealt with fraud on quite a few financial accounts, and had email and social media accounts hacked on several other occasions.

Of course, Zero Knowledge Encryption as discussed here is obviously the highest-tier of security, but mostly required by those who have the highest-tier of *necessity* - concern for a potential subpoena, or possess legally-sensitive or highly-confidential data. These ones obviously need the best out security out there.

However, if you're coming from general file storage services and weak passwords - consider this: If you layer good encryption such as Dropbox' security and 2FA, you've already taken yourself way out of the limelight for hackers. You can also consider free or reasonably priced services such as Keeper - which has a good free version plus additional plans for individuals and families (currently 40% off at time of posting). Go that route and you've got very little to fret about.

Do some research on data privacy if you haven't already. You may find that today's top-tier services may not be a big concern for you. Of course, it's up to you, but often some simple educated steps will take you far out of harm's way.

BAPPADITYA

Just signed up with sync.com because of Zero Knowledge Feature.

But Is sync.com reliable.

pomme4moi

I’m in the process of moving from Dropbox to Tresorit. Dropbox has features I like, but zero knowledge encryption now is table stakes. If Dropbox doesn’t want to implement it, that’s fine. There are new alternatives every day. And IMHO, asking people to vote for data privacy is absurd.

jr_g33k

Happy to upvote this all day long, and then some. You have my vote (I have voted). If I could upvote indefinitely I'd still be here days later upvoting this. I 100% agree with this 'idea'.

roganhamby

This needs to happen.

mattc--9

This would be nice but it needs to be done correctly. I don't think dropbox would do it because normal users would get angry if they forget the password and can't get to their files. The security stuff seems nice to them, but if they loose their files they don't really care.

For now use Cryptomator, it is a pretty decent Open Source app for desktop and android that is compatible with google drive and doesn't cost a monthly fee (free on desktop, one time 10$ payment on mobile)

roganhamby

There is no reason to believe that this has to be an opt-out scenario. It can be opt-in and even done per folder. This isn't trivial but it would be really nice to have and give me more confidence in storing confidential information on Dropbox.

alvolalex

This is a must have option for every storing OTHER PEOPLE DATA storage.

Else it's law of life privacy violation.

I wait for someone from USA to start a court against such violation done by Microsoft, Dropbox, Google and other "storages".

OurClemonsFamily

I'm currently using Dropbox for non-private items. I'm using iDrive at additional cost to have a private encrypted backup that only I have the encryption key for. It's on me to know where the key is and have multiple backups in various places. I have an encrypted copy of the key on Dropbox.

You should offer self-control of the encryption key as a user option (all their decision and responsibility) with a list of any services that could be a problem that you use.

Dropitinthebox

boxcryptor.com works with Dropbox and can do this for you I believe, which might be a good solution for some?

Still, I'm also totally in favor of adding this to Dropbox natively instead of having to rely on a 3rd party solution. And totally agree with the comment made by some of the others that it's an essential option that you'd expect to see in a mature product like Dropbox.

foxclout

https://help.dropbox.com/accounts-billing/security/how-security-works

Dropbox doesn't provide for client-side encryption. Dropbox also doesn't support the creation of your own private keys. However, Dropbox users are free to add their own encryption.

I'm using Cryptomator, so I lost a few features from Dropbox to gain my privacy. Dropbox Vault is just a folder with an extra password, not encrypted, just password / pin to access it.

I tried to create a secret.txt file, write something on it, "Copy Dropbox Link", and lock my vault, then, I tried to open this copied link to Private Browsing mode, and I can see what is inside secret.txt file without login to any account, such a privacy, right?

I still using Dropbox because it can run on multiple OS, I'm using Linux, MacOS, and sometimes Windows, but I consider to move to another provider which have e2e encryption.

Dropitinthebox

"Status: Needs more votes" ???

I thought 166 votes is a LOT comparing to the number of people who are active in this section of the forum?

How many votes are required?

Whatever2018

The number of votes is irrelevant. Companies like Dropbox do not implement features based on user suggestions. They do so via bean counting.

Dropbox has over 15 million users that pay a subscription fee and nearly $2 BILLION in revenue. That subscription payment is a "vote" for the policy of "whatever you do is fine by me."

They would need to lose around 1 million subscriptions explicitly due to lack of zero-knowledge encryption before they even considered implementing the idea.

Synopsis: If you are paying a fee now, you have already voted that everything is absolutely great and in no need of change.

dreamingenthusiast

It looks like Dropbox is bringing end-to-end encryption soon to business users but not to non-business users (article link below). Do you or anyone else know of good alternate solutions for end-to-end file system encryption?

https://www.techradar.com/news/dropbox-is-bringing-end-to-end-encryption-for-business-users

foxclout

Cryptomator and Veracrypt. I'm using Cryptomator, but it's not free on Android and Apple device.

Anyway, I'm free Dropbox user right now, I don't have any plan to back to be paid customer anymore.

MrSquish

You can add me to the "Down vote" for not having this option. They bought out boxcryptor, which many of us used to add the extra layer of encryption, while still being able to use the history and version features within dropbox. I've been a paid subscriber for years, but without this feature, it's time to move on.

apfund

I wanted to share a quick update with you:

GottZ

I just run through the rclone crypt layer before I mount my cloud providers.
I still think it's horrible, privacy is locked behind a paywall.