Helping people with computers... one answer at a time.
Dropbox files can be encrypted with TrueCrypt. It works well as long as you understand how it synchronizes.
Leo, would you consider doing a webinar on TrueCrypt and Dropbox? I always search Ask Leo! before I ask you a question, however, the hits that came up when I searched for TrueCrypt/Dropbox were so numerous and the external sites often so wordy that I thought... Ask Leo! So maybe you could do a webinar on that.
In this excerpt from Answercast #17, I talk about encrypting Dropbox files with TrueCrypt and the concepts that need to be understood before proceeding.
So I don't think it's really worthy of a full webinar; the concept is actually very simple and somewhat... well, I'll just say frustrating!
What most people would love is an integrated solution where the files you place into Dropbox are automatically encrypted before they are uploaded. Unfortunately, TrueCrypt won't really do that.
TrueCrypt creates encrypted containers that you mount and deal with as a separate drive letter.
I happen to use TrueCrypt and Dropbox together. Don't get me wrong. It's certainly possible, but I want to explain how that's set up, and how it works, and what it doesn't do.
So I have Dropbox.
In Dropbox, I have a TrueCrypt container; call it "container.tc." Whenever I fire up Dropbox, that container is automatically synchronized across all the machines that I happen to have Dropbox installed on:
Now, as a separate step: I then mount that container in TrueCrypt and it appears as a separate drive.
So, for example, I happen to mount mine as the drive P. Now what I see on my machine is that drive P contains all of these personal files of mine. They are available to me, decrypted, just like you would use TrueCrypt normally. But the container file in which they reside sits within Dropbox.
Now, here's where the problem is. Here's where things kinda sorta break down.
As long as the container is mounted; as long as the files are accessible to you, so that you can make changes to those files in the encrypted container, the file is locked:
It's only when you dismount the container that Dropbox can finally say, "Oh, I can get these things. Hey, it's changed. I'll go ahead and upload it and synchronize it with the other PCs."
The reason this tends to be somewhat frustrating is you have to adjust how you use Dropbox, the encrypted container, and the files in the encrypted container in order to use them in Dropbox.
Normally with Dropbox, you make a change to a file, you save it, and it automatically gets synchronized.
If that file is within a TrueCrypt container that is in Dropbox, that doesn't happen. You can change all of the files in the encrypted container, but it's not until the encrypted container gets dismounted that Dropbox can actually do its work.
I've heard of a couple of add-ons that may do some kind of transparent on-the-fly encryption at the file level. I've not tried any of them, but that's the kind of the thing it would take to work seamlessly in Dropbox.
The model that I just described works really well for me. I tend to only use my encrypted container on one machine for a lengthy period of time. I literally end up dismounting it and going to another machine to mount it again if I'm going to switch machines. I can also mount it "read only" if I need to on other machines to avoid any kind of simultaneous update problem.
If you make a change on machine A and a change on machine B to the encrypted container at the same time, Dropbox won't know which one it's supposed to keep. Now, of course, it has no way to merge. It turns out to be something that you have to resolve yourself. So, it's not transparent; it's not as pretty as we'd like it to be.
I use an encrypted container for some stuff; then I have the stuff that is seriously private stuff that I really want to be encrypted. But I've got hundreds, maybe thousands, of other files in Dropbox that are not encrypted, that operate as Dropbox normally does.
So TrueCrypt and Dropbox together – it's not really a marriage made in
heaven. It's sort of a forced relationship; it can work, but it's not
necessarily as clean as we might want it to be.
Next from Answercast #17 - Is there a way to run a DVD disc off my hard drive?