If you are in Europe I recommend hubiC instead of Dropbox. They are much cheaper and have servers in Europe (France - they are child company of OVH). Dropbox only has servers in America [1], so its slower.
- 25GB free
- 100GB 1€/m
- 10TB 10€/m
Yes you read that right, its TEN TIMES the space of Dropbox Pro, for the same price.
Im not affiliated or anything, just a satisfied customer.
I considered hubiC, but all download syncs (from the website and application) for now are limited to 10mbit (even from the UK). There are several posts complaining about this on hubiC's forums.
If you don't care about this, it's a really great deal, but to me it is a deal breaker.
Dropbox uses Amazon S3, therefore servers are located in Europe as well.
EDIT: maybe my statement was a bit premature. I was confident Amazon was keeping mirrors, but it seems they only do this in the same region. Dropbox runs its own infrastructure network and uses AWS for storing files, both solely in the US.
Dropbox transfers everything to the USA even if you are in Europe (I checked that with Wiresharks and traceroute). Because of that my main issue with Dropbox was always speed: Uploads and downloads were almost never higher than 500-700 kB/s even though my connection can do much more.
Do you know if they offer 2 factor authentication? I've been so annoyed with Dropbox support for the past 2 months I'm actively looking for a replacement, but it needs to have 2 factor auth.
hubic syncs to my pc everything uploaded to it. assuming I have 10tb of files hosted on it, does it mean I need 10tb of hard disk space to keep them synced? kinda defeats the purpose of having so much storage online..
- You don't know that hubiC doesn't turn data over to their government or whether it's shared with allies.
- You don't know whether either of them have bugs which can be exploited by a MITM – or will in a coming update…
Government spying requires political changes to establish a culture of oversight and accountability. You're fooling yourself if you think that choosing one company over another is anything other than an exercise in distraction when the attacker has the power to compel access with a gag order.
They've certainly given me no reason to think they don't, and enough circumstantial evidence to believe they probably do. We know for a fact they are targeted by the NSA, because they were specifically mentioned in the PRISM documents as the probable next target for cooperation with that program. So they're on the NSA's radar, and everyone knows it, and they know everyone knows it. In spite of this, a few months later, they bring onto their board Condoleezza Rice, a woman who, while she was in the Bush administration, went to bat for their warrantless wiretapping program a dozen times. She hasn't recanted - she's still a huge fan.
This is pretty much the exact opposite of what you would do to address privacy concerns with your company.
And in the whole time, they've addressed none of this. They spam HN with their stupid blog posts, and when somebody brings up the privacy issues, the poster gets downvoted, and Dropbox goes silent until their next blog post about whatever wonderful technology they've developed to make it easier for the US government to snoop on your data. At the very least, they clearly aren't very concerned about their image with respect to customer privacy, and they don't care if you know it.
It's not like providing a service like Dropbox and providing provable security isn't a solved problem. And they don't do it. Yet they are the biggest player in this market. My, a clean site design and engineering blog really do go a long way.
Anyway, this isn't a court of law. I'm not a judge or a jury and I'm not in a position to put anyone in jail. Requiring that level of proof to decide not to do business with someone, or whether to associate with them professionally, is not reasonable. They have not been forthright about privacy issues over the past year, they have acted in a way that shows they don't regard the legitimate privacy concerns of their users at all, and they have put someone on their board who stands in direct opposition to all that, anyway. That's more than enough.
There was a lot of big talk last year around here about how people who work at the NSA ought to be ashamed, about how "the community" needs to ostracize these people. Soul searching about what kind of person you would have to be to create those kinds of systems, what delusions you would have to buy into, etc etc. Yet that's exactly what has happened at Dropbox - exactly those kinds of people are working there right now - and every week they post some bullshit from their blog and every week this board lines up to congratulate them. You're all a bunch of hypocrites.
> They've certainly given me no reason to think they don't, and enough circumstantial evidence to believe they probably do. We know for a fact they are targeted by the NSA
Quite true, also very different from the claim I was responding to. We have no reason to believe that they're willingly cooperating beyond what the US government has the power to compel.
> They spam HN with their stupid blog posts, and when somebody brings up the privacy issues, the poster gets downvoted, and Dropbox goes silent until their next blog post about whatever wonderful technology they've developed to make it easier for the US government to snoop on your data.
Alternative theory: people get downvoted for repeating uniformed conspiracy theories.
> It's not like providing a service like Dropbox and providing provable security isn't a solved problem.
Actually, it is. Anyone who understands security can explain to you both the usability tradeoffs which those security changes would by necessity entail and, more importantly, how none of this matters in practice given the threat in question. They could spend a ton of money making their product more secure and harder to use and in practice it would have no effect on a nation-state level threat which can either compromise your system with an automated MITM attack or compel a US company to ship a trojan update.
This problem requires a political solution, not magical thinking about technology.
>Quite true, also very different from the claim I was responding to.
Not really, you just quoted one part and are acting as though that's my entire claim. If you're just going to strawman my arguments here then, fuck it, I don't want to talk to you. Like I said, it's circumstantial evidence, since their cooperation would have come after the Snowden documents were released, but it's still evidence. We know they're being targeted, they have people on their board who love this shit, and their silence - in stark contrast to most other PRISM targets - is deafening. Again, this isn't a court of law, the burden of proof is lower, and if you're not open about what you're doing, then it isn't unreasonable to assume you're in bed with the bad guys.
This isn't birther or truther or whatever else, conspiracy theory territory. I'm not making any leaps of tortured logic here, so don't paint me with the same brush. It's pretty straightforward and at any rate, all I said initially is that they hand over data to the US government. You appear to agree with me on this after all, you're just giving them more benefit of the doubt with regard to their level of cooperation.
Just to be clear, let's draw a distinction between mere complying with NSLs to the extent required by the law, and cooperating with the NSA on these illegal spying programs. They are not the same thing, and Dropbox is likely doing the latter. Yes, they certainly receive NSLs like anyone else, and some level of cooperation is required by law, but they are also likely to be designing their systems with ease of access for the NSA in mind. It is not unreasonable to think the NSA has automatic access to their data. Other PRISM targets have been pretty open (at least in comparison to Dropbox) about what their cooperation entails, what they are required to do, and what steps they take to safeguard their data. Dropbox has been utterly silent, and that's the most damning thing. Perhaps this would not be a fair conclusion to draw, had they not made the utterly stupid and incomprehensible decision to allow Condoleezza Rice to join their board of directors, but they did, and it is.
No, you are foolish if you think Dropbox is not giving their customer data to the NSA. That's nothing but wishful thinking. Absolutely foolish and naive. Much more so than if, in 2012, you thought the NSA wasn't snooping on emails, et cetera. At least back then the scale of what they are up to would have been something of an extraordinary claim - that's not the case anymore.
Again, we have no evidence that there is willful cooperation. You're free to think that and it certainly isn't beyond the realms of possibility but so far all of the public data suggests that the only companies which are cooperating above the legal compulsion level are the phone companies who sold access to private fiber.
You keep talking about circumstantial evidence but there isn't just anything beyond Condoleeza Rice joining the board and, while I'm less than thrilled about that, rich politically well-connected former Standard provosts do end up on corporate boards for reasons other than mass surveillance.
- 25GB free
- 100GB 1€/m
- 10TB 10€/m
Yes you read that right, its TEN TIMES the space of Dropbox Pro, for the same price.
Im not affiliated or anything, just a satisfied customer.
[1] - https://www.dropbox.com/help/7