Three Dropbox Competitors for Secure Storage

obrBy Joseph Gildred — Last Updated: 04 Jan'17 2016-12-19T05:47:37+00:00

Does straightforward cloud storage really get any better than Dropbox?

It’s a service that’s intuitive, fast, and equipped with an excellent set of features built around usability, syncing, and sharing. Dropbox competitors seem to lag behind this giant in quite a few ways.

We really like Dropbox, but if you want the best security around, it’s time to look elsewhere. We have made a list of 10 secure Dropbox alternatives before, but the focus of this article is about the “why,” as much as the “who.”

We’ve picked the three very best Dropbox competitors for 2017 when it comes to secure storage.

Table of Contents:

The Verdict


The Dropbox Phenomenon

Launched in 2007, Dropbox quickly achieved great popularity and grew to become the first significant cloud-storage service. As of now, Dropbox has approximately 500 million users around the world, who collectively upload about 1.2 billion files each day.

Dropbox is a popular service, and for good reason. It’s easy-to-use and can do almost everything you need it to.

But, is it secure? One word, military-grade security.

If you’ve been shopping for cloud storage with an eye towards data protection, it’s a phrase you’ve probably read once, twice or even a few dozen times. It’s a great marketing pitch, after all, we trust the military to protect us from threats.

If a cloud-storage provider is “military-grade,” they’re probably pretty good, right? The problem is that currently, the military is severely worried about data breaches, putting the lie to the term “military-grade security.”

Not that private organizations are doing any better:

YearCompanyRecords compromised
2009Heartland130 million
2012LinkedIn117 million
2013Adobe, Inc.152 million
2014eBay145 million
2014Yahoo500 million
2015U.S. voter database191 million
2016MySpace427 million

What’s most striking about this list isn’t the number of records stolen, rather, it’s that most of the thefts have taken place in recent years.

While data security is becoming more advanced, so are cyber criminals — military-grade safety or not. If you want an example of how good criminals are getting, look no further than the 2012 breach, which cost 68 million Dropbox users their privacy.

What Dropbox Gets Right

Before I discuss how Dropbox comes up short in the security department, let’s take a look at what they do right. It’s not like your data is left sitting in the open for all to take, so let’s start with two terms: in-transit encryption and at-rest encryption.

1. In-Transit Encryption

In-transit refers to data getting transmitted over the Internet.

Keybase
Keybase Encryption Illustration

Encrypting data while it’s flying around the web is pretty important; it prevents people from eavesdropping on your activity.

Such intrusions are known as Man-in-the-Middle (MiTM) attacks.

The most common way to encrypt in-transit data is the TLS (Transport Layer Security) protocol. Sometimes, TLS is referred to as SSL (Security Socket Layer), its predecessor, or TLS/SSL.

Dropbox uses TLS to protect data getting transmitted via:

Desktop

Mobile device

Web interface

To its data centers, and vice versa.

Dropbox also incorporates Perfect Forward Secrecy (PFS) into its transfer protocol, which is a way of generating new encryption keys for each communication session. That way, should the keys for one session be compromised, it won’t open the doors to future MiTM attacks.

2. At-Rest Encryption

Once a user’s content arrives at a data center, it usually gets decrypted.

Many online services do not re-encrypt data before storage.

This fact applies to OneDrive users not on its business plans. Before August 2013, it was also true of Google Drive. Why is that a problem? It means that anybody with access to that data can read it.

That includes:

Government agencies

Internet thieves

Dishonest employees

Encrypting stored data is called “at-rest” encryption and Dropbox provides it. Data received from consumers is decrypted and split into blocks.

Each block is then encoded separately using the Advanced Encryption Standard (AES).

AES is the most common cipher used today and typically uses a 256-bit encryption key. To give you an idea of how secure that is, it would take today’s most advanced supercomputer 3.31 x 10^56 years to crack a file encrypted in this way.

What Dropbox Gets Wrong

3.31 x 10^56 years is a pretty long time.

It’s probably enough to convince most consumers that their data is perfectly secure in the hands of Dropbox. However, there are a couple of problems with this line of thinking.

The first has to do with how meta-data is stored:

Basic information about user data (including file names and types), called meta-data, is kept in its own discrete storage service separate from file blocks. This meta-data acts as an index for data in users’ accounts, and is sharded and replicated as needed to meet performance and high availability requirements.

 

The above quote was pulled from Dropbox’s own description of their security architecture, which also includes a handy graph.

 The issue with this setup is that their processing service, where at-rest encryption takes place, doesn’t touch the meta-data.

That means file names, types, sizes, upload/download dates and who knows what else, are left for anyone to see. This scenario may not seem too bad, but there is little you can’t tell about someone using just meta-data.

Case in point, the NSA surveillance program, PRISM, was built around tracking meta-data.

However, the biggest issue with how Dropbox handles its data security is that they can read it in the first place, because they have a copy of the keys used to scramble your data.

According to Dropbox:

 Dropbox’s key management infrastructure is designed with operational, technical, and procedural security controls with very limited direct access to keys. Encryption key generation, exchange, and storage is distributed for decentralized processing.

 

The “limited access” clause should raise a few eyebrows, as they don’t need to keep a copy of those keys at all.

Zero-Knowledge Architecture

Privacy advocates talk a lot about zero-knowledge architecture.

SpiderOak Zero Knowledge Privacy

In a nutshell, zero-knowledge architecture is a security setup in which one person, and that person alone, has access to their encryption key (in this case it’s you).

Services that offer zero-knowledge services encrypt all data locally before sending it. Once it’s arrived at the data center, your content and meta-data remain encrypted, because the service doesn’t have the encryption key.

Since they don’t have the key; it means those who breach the service won’t be able to get it, either.

So if they were to acquire your encrypted files, the only way to break in would be a billion-year-long brute force attack executed by a supercomputer.

Dropbox Competitors for Security

Now that you’re hopefully convinced Dropbox is no longer the way to go for the security-conscious, let’s take a look at providers that offer a “Dropbox experience,” but make use of zero-knowledge architecture.

What makes Dropbox great? Here are a few features:

Attractive and intuitive interface

Strong cross-platform support

Ability to sync content across devices

Ability to share content with others

You want a provider that offers these features, but has better security, so let’s meet three Dropbox competitors that do exactly that.

Best Secure Dropbox Competitor #1: Sync.com

Sync.com Review 2016 | SECURE CLOUD STORAGE

Founded in 2011 by the creators of Netfirms, a web-hosting service, Sync.com’s primary mission is to offer a cloud storage service that keeps user data out of the hands of third-parties.

Read all about this service in our Sync.com review.

Sync.com is about more than just privacy. Despite being a skeptic initially, I was quickly won over by the user experience.

Here’s why:

Zero-knowledge architecture

Transmitted data protected by TLS/SSL

5GB of free cloud storage (three more than Dropbox)

1GB of additional free storage for each referral

Shared content can be further secured with local encryption (Enhanced Privacy)

Stores unlimited file versions indefinitely

Keeps deleted file versions indefinitely

A side benefit to using Sync.com, when it comes to user privacy, is the fact that it’s based out of Ontario, Canada.

Why is this important? With an operational headquarters and all data centers outside of the United States, Sync.com users aren’t subject to U.S. privacy laws.

You can read all about the benefits of Canadian privacy laws here.

Granted, with zero-knowledge architecture, privacy law isn’t as big a concern.

Since the NSA can’t read your data anyway, but it is an excellent added security blanket and the primary reason why among the three Dropbox competitors mentioned in this article, Sync.com rates first.

Best Secure Dropbox Competitor #2: pCloud

pCloud Review - Dropbox Alternative With a Twist - Online Hard Drive | Cloud Storage Service

Headquartered in Switzerland, but with their primary data centers in Dallas, Texas, pCloud is a forward-thinking Dropbox competitor that’s definitely worth a try.

Central to their business, is the creation of a technically sophisticated solution that’s still user-friendly. They’ve already built a user base of five million users, despite having been founded in 2013.

Read all about this service in our pCloud review.

Also, starting users off with 10GB of free cloud storage probably doesn’t hurt when trying for such numbers.

Here’s what to like:

Offers zero-knowledge security

File content is encrypted at rest

Transmitted data is secured with TLS/SSL

10GB of free cloud storage (eight more than Dropbox)

Upgradeable to 20GB free with referrals and bonus program

File versions are kept for up to 30 days (180 days for subscribers)

Deleted files are kept for up to 30 days (180 for subscribers)

My complaints:

Having to pay extra for zero-knowledge security

Without pCloud crypto, meta-data can be read

No password protection for shared folders

Best Secure Dropbox Competitor #3: SpiderOak

SpiderOak Review 2016 | THE BEST CLOUD BACKUP WITH SYNCING?

SpiderOak is one of the few US-based cloud storage companies, that not only talks about supporting user privacy, and security, but implements it with zero-knowledge architecture.

Read all about this service in our SpiderOak review.

One of the things that makes SpiderOak stand out compared to Dropbox, Sync and pCloud, is that it works like a traditional online backup tool, in addition to being designed for file syncing and sharing purposes.

The service also offers a nice desktop tool to facilitate backups of your hard drive.

Unfortunately, SpiderOak doesn’t offer any free storage outside of a 21-day trial (comes with 250GB). However, not only is its original plan reasonably priced at $5 per month, users get a generous 100GB of storage with it.

They also have $9 (250GB) and $12 (1TB) plans.

Beyond that, SpiderOak gets a lot right:

Zero-knowledge architecture

In-transit data is TLS/SSL secured

Integrated zero-knowledge messaging service, called Semaphor

Functions as both a cloud storage and online backup solution

Keeps unlimited file versions indefinitely

Stores deleted files indefinitely

SpiderOaks’ shortcomings:

Lacks a free plan

Located in the United States  

Vulnerable to NSA spying


The Verdict

Compared to Dropbox’s huge following, the user base of these three competitors isn’t much of a threat to the giant cloud storage service, but I have a sneaking suspicion all of that is about to change in the future.

As security and privacy issues continue to capture headlines, zero-knowledge solutions are going to become more and more familiar.

Getting onboard now is a great way to see what these services are all about. With free plans available for both Sync.com and pCloud, as well as a trial for SpiderOak, there’s zero risk in doing so.

Thank you for reading; which service do you think will provide the best secure alternative to Dropbox?

Let us know in the comments below.

 

4 thoughts on “Three Dropbox Competitors for Secure Storage”

  1. I get the feeling this article would really resonate with someone who had valid reasons to stay under the NSA radar, which is probably 1/10 of a percent of the population. I don’t, so I will stay with Drop Box.

    1. Hi Keith,

      I can understand that you would think that, but here at Cloudwards.net we feel that privacy isn’t just a privilege, but a right. By denying agencies like the NSA access to your files you are simply defending that right. It’s not about whether you have something to hide, but about government intrusion into your private life.

      Thanks,
      Fergus (chief editor)

  2. WeTransfer (Netherlands, I think) has a wonderfully swift and simple interface. At least in that respect, and not looking to prolonged storage, I don’t miss Dropbox or Hightail one little bit.

Leave a Reply

Your email address will not be published. Required fields are marked *

More about

Most Visited News