"I realize that not everybody works on such elaborate file-shuttling projects. But try Dropbox for its ability to keep your important files everywhere at once. Or try it as an automatic, silent, encrypted backup of your essentials. Or try it so that you can get at your computer’s files from your phone."
When will Dropbox implement client-side encryption? Dropbox is a pleasure to use. Recommending Dropbox as a backup of certain documents is fine. Recommending Dropbox as a backup for important/essential documents where privacy is a concern is not ok.
Dropbox is just a regular directory on disk. There is no magic. There just happens to be a process watching that directory for changes. (or not. you can always kill the dropbox process, and your files are still accessible)
Of course most users don't encrypt their local file systems in the first place, so whether dropbox has something for local security is irrelevant.
For people interested in securing files on disk the same solutions you would use without dropbox are the same ones you can use with dropbox. In a nutshell, either encrypt your whole volume or mount a file-based volume.
Personally I use a Truecrypt volume, and I placed my drop box folder inside it. I do this so I can still access all the files from the web and mobile and have the versioning. Alternatively you could place the volume's data file itself in the dropbox folder to be synced. You would of course lose the per file granularity, but you do get a "snapshot" feature since you can restore your whole volume with the versioning.
Keep in mind that if you place a trucecrypt volume inside drop box, then it will only get synced when it is unmounted.
Truecrypt is not an option for the majority of users. You've gone from a slick user experience to one of..."Why not just keep things on my USB stick again?"
These are solved problems as evidenced by other providers like Spideroak and Wuala where encryption happens by default on the client's device.
At the very least, Dropbox can offer this as an option. With the recent funding, if they are planning to offer business plans...surely encryption will be default there at least?
A little more sophistication in their Selective Syncing would be nice as well. And maybe some response to questions on the forums, at least for paying customers.
I'm a paying customer, but I'm not a happy paying customer.
TrueCrypt works. The client program needs polish (and I wish it could resize on the fly), but it once it mounts an encrypted volume, that's that. Even Dropbox's incremental sync works with TrueCrypt.
Yes it does. The problem is explaining the purpose of Truecrypt and it's use to the audience of those who read mainstream press articles such as written by Pogue. If the incorporation of encryption is not as slick as the rest of the product experience then it won't be used.
I don't mind my recipes for oatmeal cookies falling into the wrong hands. But the new junior food scientist at Coca-Cola who decided to store a copy of the secret recipe on their Dropbox folder so they can do some testing at home might be forewarned of this problem. Or for a real world example, the poster a few comments below who stores student grades on a Dropbox folder. I cringe.
Dropbox is in PR heaven (and rightfully so). At this point all they have to do is execute. Congrats to Drew, Arash, Ivan and the rest of the Dropbox team. Not only is the product awesome and useful, the dudes are very smart and nice as heck!
Since this offhand comment seems to hit a nerve: My thinking was that there has been a slate of pro-Dropbox stories (I am a happily paying user of their service) which looked like it was carefully choreographed by a PR firm, no doubt sparked by their fundraising.
That being said, saying that they paid him was a bit over the top and I hereby retract that theory.
Don't be so nieve as to think all this good press just happens, well all still live by C.R.E.A.M. And it's not a bad thing, I love DB, but you can bet they did, indeed, pay good money for this. Did they pay the reporter? no. Did they pay for all this press? yes.
Have a look at the 'controversy' section here: http://en.wikipedia.org/wiki/David_Pogue It's a good idea to question David's objectivity when he 'loves' a product.
In 2005, Pogue was the subject of a conflict-of-interest controversy. In a New York Times review of a hard drive recovery service, Pogue noted that the service, which can cost from $500 to $2,700, was provided at no charge for the purposes of the review;[9] but when describing the service for National Public Radio's Morning Edition program on September 12, 2005,[10] he failed to mention this. NPR's Vice President of News Bill Marimow later stated that NPR should have either not aired the review or paid for the services itself.[10] Ultimately, the Times paid for the service.[9]
Also called into question was Pogue's impartiality on reviews of products for which he had authored a Missing Manual book. This controversy necessitated a response from Clark Hoyt, the Times' Public Editor on Pogue's role as a freelance journalist with external obligations.[11] In an op-ed piece, Hoyt wrote "His multiple interests and loyalties raise interesting ethical issues in this new age when individual journalists can become brands of their own, stars who seem to transcend the old rules that sharply limited outside activity and demanded an overriding obligation to The Times and its readers."[11] Of three ethicists consulted, each agreed Pogue's position created a "clear conflict of interest" and placed the paper on "tricky ethical terrain." In response, Pogue pledged to be more open with his conflicts of interest, and while he initially claimed that because he is not a journalist he is not bound by journalistic ethics,[12] he soon recanted and agreed to offer a full "fanboy disclosure" on his website.
In June 2011 Pogue gave a presentation at the Media Relations Summit[13] in which he credits P.R. personnel (of companies whose product he is reviewing) of providing most of his material for columns. The Times' reader representative started an inquiry, which led to Pogue being banned from any such appearances in the future.[14]
Sure you're not slipping down a slope there? In the first case he failed to mention he was given something to review for free by the company. The second makes the case that he wrote positively about things he had written manuals for.
I am still failing to grasp your logic. How does this serve as evidence?
The logic, such as it is, goes something like: Pogue once did a bad thing, therefore he is a bad person, therefore he is presumed guilty of all future bad things.
I think reviewers should disclose when they get a free product, much like I think people should separate their recycling. But if I catch my neighbor throwing cans out in the regular trash, I don't also accuse him of dumping toxic waste into nearby bodies of fresh water.
Reading through the wikipedia article, it's apparent that one of the controversies was he neglected to mention that he received a free-trial of a service during an interview. This wouldn't apply to dropbox, unless you have some reason to believe he exceeded his free allotment of 5 gigabytes on his project, and was receiving a free upgrade courtesy of the dropbox team. Do you have any evidence to suggest this?
Also, just one note to David Pogue - be careful about giving the impression that Dropbox solves "version hell." It's not a version control system - the user still has to have their own version control system, like his editor did by adding her initials to the file name.
Your average user (even business user) will have no idea what a "version control system" is. Only developers will and they'll recognize that Dropbox only has rudimentary versioning capabilities [1]. There's zero risk of them confusing the two.
The "version hell" issue that David Pogue describes is something that most geeks solved long ago, but is far more common. There are millions of computer users who either don't have access to a file server, or their job requires them to collaborate on file sharing tasks with users that don't have access to the same file server they do. The work flow goes something like this:
* Allison creates a Word document with an agreement in it
* Bob and Mike need to review the document, so Allison emails it to the both of them
* Bob submits his revisions first, so Allison incorporates the changes, then emails the updated copy to both Bob and Mike
* Mike had previously saved the document from his email and had started his edits
* Mike submits the "old version" of the document with revisions, but many conflict with the changes that Bob submitted
* Allison is left with the task of sorting out the differences
For use cases like this, Dropbox is like "OMG it's magic!" to regular users. There's still the issue of editing conflicts (Dropbox doesn't support simultaneous editing), but this is much easier to work around than the game of "telephone" involved with emailing documents.
The moral of the story is that as geeks it's really easy to take our toolset for granted. "Solved problems" for us are a daily headache for your average person.
No, David was kinda right. Dropbox has built-in version tracking. Only 30days of history is saved by default. Of course there are no commit messages, but it happens any time the file is changed, and the web ui presents it in a pretty clear way for non-techy users, by timestamp and author.
I think the specific version-hell he perceives is the where any member of the team does not have the latest version. So in his case it is the auto sync that scratches that itch, and not the explicit version tracking.
As for the "editor's initials" part. I think you might have misunderstood what he meant. The editor did not make another copy with a new name, she just renamed the file, as a signal to the team that her work was complete. Alternatively she could have just communicated by some other means, and left the filename in tact, but this is what they chose.
they sell a "packrat" feature with paid subscriptions for unlimited version history
Hmm interesting. Yea I knew what he meant with the initials thing, I didn't know about the timestamp/author thing in the web app. Can users download old versions?
> You can also consider Dropbox a simple, automatic backup system. After all, anything that sits on multiple computers simultaneously is, by definition, backed up.
Well, it's a backup system, but the author's reasoning is wrong here, right? If you make a mistaken change to a file (like deleting it) and don't notice it before Dropbox is able to sync with your other computers, then all the copies are changed. The real backup lies on Dropbox's servers, where they store previous versions, not your computer.
What amaze me is how this same problem was solved years ago by programmers.. Hell, even dropbox used svn behind the scene. I remember when Dropbox was just starting, some friends and me were talking about useless it was. "Duh, if I want to host a svn server, I'll just host mine." ;)
It's also important to look at all the competitors dropbox had and currently have.. and still, they're extremely successful. So, basically, they found a nice problem to solve and solve it. The goal there wasn't to be able to sync all possible folders.. just one little folder where anyone would put their stuff inside and that'd just work.
And, more importantly, it makes me thing about what tools we use every day that the no-techy don't know about.
In my opinion, there's really something to do with the terminal. It's such a crazy productivity boost and, if implemented correctly, might be way more intuitive. For instance, everyone knows people that are scared by all the buttons/windows/popup dialog/etc. For us, geeks, it's so easy.. we see the screen and automatically abstract everything and focus on right part; but for them, it's impossible to abstract so many new things at once.
A terminal, IA based, could make it so easy for no-geek to use a computer. Obviously, I'm not talking about BASH but something that could pretty much understand beginners commands. I.e send a email to bob.. which could guide the user through various questions.
Yeah, it's probably stupid. But hell, I'm sure they're hundreds of product as useful as Dropbox.. we just have to think about it.
I am widely regarded by friends & colleagues as an obsessive command-line junkie (often to a fault). I still love and use Dropbox regularly. I think you are incorrect that the problem was solved years ago!
Dropbox takes 5 minutes to install and start using. To start using subversion, you have to learn how to use subversion! God forbid you need a server.
Dropbox's ease of use is so spectacular that it benefits me doubly: I use it when I don't want to think about working copies and committing and svn upping (which is often), and I use it to collaborate with non-programmer friends. "Just install this and accept my shared folder invite" is kosher to any computer- and web-literate person.
Having started my computer career in the 1980s, I strongly disagree. If the command line were all that, GUIs wouldn't have have taken off like a rocket in the first place.
WHen you say you strongly disagree; I'd assume you mean about the command line example. My point was more about how simple tools used every day by geeks might be useful to no-techny if made simpler and more accessible.
And when I say terminal, I don't mean it in "bash" or unix prompt.. A total new way to design it with a strong focus on simplicity and AI.
It's been attempted, many many times. We ended up with some really good text adventure parsers, but none that developed into productivity tools. If you do want to pursue this line of thought, do some searching on Magnetic Scrolls' approach to command parsing, I think a lot of that eventually got open-sourced.
Why is dropbox suddenly getting a slew of coverage? Did this article get written because got a big feature in Fortune? Did they just hire someone to interact with the press?
Somehow I doubt a public relations agent on Dropbox's payroll wrote up a piece specifically from David Pogue's point of view, in the unique writing style of David Pogue, so that David Pogue could simply submit it to the New York Times, claim it as his own, and collect two paycheques.
I'm all for healthy skepticism, but not purely speculative conspiracy theories.
Client-side encryption or a self-hosted version could be useful. I'm pretty sure I'm violating a privacy law somewhere when I keep student grades in a Dropbox folder.
Agreed. Working on multiple machines and files not friendly to g docs, makes dropbox indispensable. When I upgraded to Lion and iOS5, I didn't even think about using iCloud. iTunes integration w/ iCloud may change that but I doubt it.
I use TrueCrypt on my Dropbox volume, but it really would be nice to have an integrated solution. Many non-technical users may not realize they care about this, but they do.
All these systems are doing it wrong. I don't want online backups, I want an infinite, encrypted, online filesystem. I should be able to mount it and treat it like any other hard disk. The local disk should just be used as a huge cache. I can't find a service that does this. Why the hell not?
But it's unclear if this is what "everyone else" wants as well. The most interesting group, I think, is not the mostly tech-illiterate who want to store their garden pictures and videos in the cloud, nor the tech-elite who are willing to trust online storage with large swaths of their lives and businesses.
It's the group in between that is the most interesting to these companies right now. Those who are relatively well informed about major technologies and their uses. Do they really want to have their information mostly stored off-site, or do they simply want larger and larger local storage mirrored by online back-up for peace of mind and easy sharing?
I would guess that this is the largest (apparent)consumer market and one of the reasons why this is where most of these companies have their focus right now.
For his usecase (multiple people editing with automatic version control) pity he didn't try Google docs which I think is better for this. No appending initials to the file to indicate review completed, full tracking of changes and indication of who did what. Office.live and few other similar services also would have been better.
But it doesn't give complex formatting, you MUST have inet, you don't get a native directory - with asymmetrical directory structures on multiple clients, VISIO VISIO VISIO, all must have gmail... etc.etc.etc
Dropbox, for me, is the best tool I have for team collaboration.
We are an active and very early Same Page user (UX sucks ass) I've used Atlassian, Groove and other collaboration tools.
Dropbox is hands down the most efficient - because it requires ZERO THINKING on the part of ANY user.
They just edit files on their machine, shared directories between users are auto-updated.
There is NOTHING to do on any end.
If you cant figure out how to manage directory structures across your team, then you shouldn't be on a team.
Especially if you plug in a service like 300milligrams: 300.mg
It basically gives you a stream of updates so you can track what is happening across a whole host of platforms. One of the guys creating this was at YCNYC.
This just makes me so sad. The author's work flow cries out for sharing, not syncing, perhaps augmented by some sort of notification system. This is a problem my filesystem colleagues should have solved years (decades?) ago. Arguably they did so at a technical level, but the user and administrator experiences were so horrific that people abandoned those solutions. Instead they turned to things such as Dropbox and its (too) many imitators, which put the right interface on top of the wrong solution instead of the other way around. Now there's so much storage and bandwidth wasted storing copies insecurely on services such as Dropbox, when it should be going directly between users' systems with no middle man to pay for compromising security. It's a business model that shouldn't even exist. What a waste.
Meh...As other commenters have noted, Dropbox is not for anyone who values their privacy. Your files are not secure from Dropbox staff snooping, and they'll fink you off to the flimsiest government request to paw through your stuff. I use Spideroak because they have true zero-knowledge encryption. Only the account holder has the encryption key, and they cannot get into your files. Of course this is sad for people who cannot track their passwords and always need the vendor to look out for them. And Pogue's entire workflow is goofy.
"I realize that not everybody works on such elaborate file-shuttling projects. But try Dropbox for its ability to keep your important files everywhere at once. Or try it as an automatic, silent, encrypted backup of your essentials. Or try it so that you can get at your computer’s files from your phone."
When will Dropbox implement client-side encryption? Dropbox is a pleasure to use. Recommending Dropbox as a backup of certain documents is fine. Recommending Dropbox as a backup for important/essential documents where privacy is a concern is not ok.