[jest3r1]

The risk factors fail to mention their inability to offer any kind of end-to-end encryption. Or that E2E encryption is the differentiator that most of their competitors offer.

Dropbox (employees and trusted third parties) will always have access to your files.

Before you downvote.

This is not necessarily a bad thing. They can deliver more features and better performance as a result. Reliability is key, and it's certainly easier to understand what users need, and to develop, implement and debug new features, when you've got access to the files users are storing.

But eventually, end-to-end encryption will take hold. It took decades for HTTPS to become the defacto standard, but it did. Email is moving that direction (Proton Mail, Tutanota). Text messaging is moving that direction (Signal, WhatsApp?). And there's a number of Dropbox competitors that are growing fast because of better privacy and E2E encryption (SpiderOak, Tresorit, Sync.com, pCloud). NextCloud (open source self-hosted Dropbox alternative) also just launched end-to-end encryption.

These companies have been slowly solving the problems that Drew claimed were impossible when Edward Snowden dropped the bomb. Meanwhile Dropbox has been pouring dollars into marketing and a Microsoft Office / OneNote / Google Docs competitor (Paper).

Drew's response to end-to-end encryption: https://techcrunch.com/2014/11/04/dropboxs-drew-houston-resp...

Dropbox risk factors (many unsolvable): https://www.sec.gov/Archives/edgar/data/1467623/000119312518...

I use Dropbox and feel the product is still the leader in terms of features, but I see the competition catching up, with better privacy (end-to-end encryption) built in.

[bad_user]

> Email is moving that direction (Proton Mail, Tutanota)

No it doesn't.

I've never heard of Tutanota, but Proton Mail is hardly evidence of anything. In fact the attack vector for email is very different when compared with other channels, as for email I'm not afraid of my email provider as I'm afraid of hacking attempts. Yes, I value security over privacy for email. Therefore I would trust Gmail more than I would trust Proton Mail.

Proton Email is also non-standard and is obviously not E2E encrypted when it comes to communicating with non-Proton recipients. If I actually wanted encrypted email, I would use GPG. It sucks from a usability point of view, but it's standard and for email that matters.

> I use Dropbox and it's still the leader in terms of features, but I see the competition catching up, with better privacy (end-to-end encryption) built in.

Curious, which competition?

I tried everything that I could find, because Dropbox has a high price and their online search didn't work well even after I upgraded to Pro.

Btw, it might actually be better to do an encrypted drive with https://cryptomator.org on top of Dropbox or Google Drive. It's definitely more reliable ;-)

Or in other words, if the service provider does not get access to your files due to encryption, then there isn't much value they can add. You can't have a secure web interface for encrypted files, you can't have online search. So might as well do application-level encryption and all you need is cheap and reliable storage.

[jest3r1]

> Curious, which competition?

I clearly outlined many competitors similar to Dbox that offer end-to-end encryption: (SpiderOak, Tresorit, Sync.com, pCloud). NextCloud (open source self-hosted Dropbox alternative) also just launched end-to-end encryption.

>Therefore I would trust Gmail more than I would trust Proton Mail.

Google: don't expect privacy when sending to Gmail: https://www.theguardian.com/technology/2013/aug/14/google-gm...

Google terms of service: Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored. https://www.google.com/policies/terms/

[varenc]

As I said above, Dropbox's real competitors (Microsoft, Google, Amazon, Apple, Box) all follow a similar approach and don't use E2E. The ones you mentioned are very niche.

The technology just doesn't exist to give users an equivalent experience with equivalent features when using E2E. I wish this wasn't so but it is.

HTTPS is transport layer encryption that goes seamlessly over HTTP and doesn't change anything at all about what you can do online. With E2E giving users collaborative folders, shared links, online browsing, password reset, etc while still providing zero knowledge encryption is a huge technical challenge. If you're doing decryption locally in the browser you still have to trust the company not to just add some JS to siphon off you decryption key at any moment.

I really do want to live in a world where E2E is in more places, but with cloud file solutions there's just not a way to do it right now that gives people the features they want and the market share of these companies is showing that.

[bad_user]

SpiderOak has a high price, has been very slow in my tests and their client doesn't work well. There have been reports of throttling on large uploads. Plus they've been stagnating. All of this is a symptom of them not being popular enough I'm sure, but that's not a good sign.

pCloud doesn't do 2-factor authentication yet, which is freaking important for your non-encrypted files at least. I asked them about it because I could not believe it and they said it's "on their roadmap". But ALAS my trust in them dropped to zero. The chances of implementing reliable encryption while not getting basic security straight are next to none.

Plus you cannot trust encryption that is not peer reviewed ;-)

I haven't tried NextCloud, but ownCloud is shit. It's really slow, could not handle the several hundreds of GBs I have stored and there have been situations of users losing their data. Plus I'm not inclined to host my own stuff, because that would get very expensive.

Actually you haven't mentioned the only real alternatives ...

(1) Resilio Sync (https://resilio.com) which I use, in combination with a cheap VPS with 2 TB of storage on it (time4vps.eu in case you're wondering, not affiliated)

(2) Syncthing (https://syncthing.net), the open source alternative, which is OK, but hard to configure and Resilio does stuff out of the box, like encrypted folders

And I'm using Resilio Sync in addition to Dropbox. Well, I've actually migrated to Google Drive (on GSuite) this month, due to Dropbox Support pissing me off, but that's another story.

But the interesting part, which should be clear after a single day of usage, is that all Dropbox alternatives, except for Resilio and Syncthing, fail at the most basic task that users want, which is to reliably synchronize your files. Even the big guys, like GDrive or OneDrive, have an incredibly broken sync by comparison.

Just the other day I noticed for example how Google Drive can start deleting files from your local hard drive, only God knows why, in order to re-download them. And before that I dropped OneDrive because their client was freezing on my Mac, not to mention a couple of months back they weren't doing the one month file versioning thing, which is retarded in the age of ransomware.

[jest3r1]

So, between the two of us, we've now come up with a number of competitors working on similar products that include E2E encryption. We both agree that these competitors still have work to do, in terms of implementing features and fine tuning performance. But they're not standing still.

The fact that both of us are actively using at least one alternative, in addition to Dropbox, proves my point. That E2E encryption (alternatives that offer better privacy) could be a threat to Dropbox, if and when the alternatives become a viable total replacement.

[varenc]

Dropbox mentions their real competition in S1 filing: Microsoft, Google, Amazon, Apple, and Box. None of them seem to offer E2E. The competitors you cited aren't worth mentioning due to their small market share relative to the big players.

E2E might be feature customers start demanding in the future, but it sure doesn't seem like that now.

(though I wonder how many folks are using the big players on top of other encryption solutions like truecrypt/veracrypt/safe, etc)

[jest3r1]

Dropbox mentions Microsoft, Google and Apple as competition, because for these companies, file synchronization is just another feature (not a product). Steve Jobs said it himself: https://techcrunch.com/2012/01/23/dld-2012-drew-houston-yes-...

And sure, the big three don't seem to care too much about privacy (although Apple has recently been making some strides with regards to encryption).

The fact that there are many "not worth mentioning" competitors building Dropbox alternatives (or add-ons) with E2E encryption may signal that there actually is a demand.

It's only a matter of time before one of these companies gets it "right".