[bad_user]

> Email is moving that direction (Proton Mail, Tutanota)

No it doesn't.

I've never heard of Tutanota, but Proton Mail is hardly evidence of anything. In fact the attack vector for email is very different when compared with other channels, as for email I'm not afraid of my email provider as I'm afraid of hacking attempts. Yes, I value security over privacy for email. Therefore I would trust Gmail more than I would trust Proton Mail.

Proton Email is also non-standard and is obviously not E2E encrypted when it comes to communicating with non-Proton recipients. If I actually wanted encrypted email, I would use GPG. It sucks from a usability point of view, but it's standard and for email that matters.

> I use Dropbox and it's still the leader in terms of features, but I see the competition catching up, with better privacy (end-to-end encryption) built in.

Curious, which competition?

I tried everything that I could find, because Dropbox has a high price and their online search didn't work well even after I upgraded to Pro.

Btw, it might actually be better to do an encrypted drive with https://cryptomator.org on top of Dropbox or Google Drive. It's definitely more reliable ;-)

Or in other words, if the service provider does not get access to your files due to encryption, then there isn't much value they can add. You can't have a secure web interface for encrypted files, you can't have online search. So might as well do application-level encryption and all you need is cheap and reliable storage.

[jest3r1]

> Curious, which competition?

I clearly outlined many competitors similar to Dbox that offer end-to-end encryption: (SpiderOak, Tresorit, Sync.com, pCloud). NextCloud (open source self-hosted Dropbox alternative) also just launched end-to-end encryption.

>Therefore I would trust Gmail more than I would trust Proton Mail.

Google: don't expect privacy when sending to Gmail: https://www.theguardian.com/technology/2013/aug/14/google-gm...

Google terms of service: Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored. https://www.google.com/policies/terms/

[varenc]

As I said above, Dropbox's real competitors (Microsoft, Google, Amazon, Apple, Box) all follow a similar approach and don't use E2E. The ones you mentioned are very niche.

The technology just doesn't exist to give users an equivalent experience with equivalent features when using E2E. I wish this wasn't so but it is.

HTTPS is transport layer encryption that goes seamlessly over HTTP and doesn't change anything at all about what you can do online. With E2E giving users collaborative folders, shared links, online browsing, password reset, etc while still providing zero knowledge encryption is a huge technical challenge. If you're doing decryption locally in the browser you still have to trust the company not to just add some JS to siphon off you decryption key at any moment.

I really do want to live in a world where E2E is in more places, but with cloud file solutions there's just not a way to do it right now that gives people the features they want and the market share of these companies is showing that.

[bad_user]

SpiderOak has a high price, has been very slow in my tests and their client doesn't work well. There have been reports of throttling on large uploads. Plus they've been stagnating. All of this is a symptom of them not being popular enough I'm sure, but that's not a good sign.

pCloud doesn't do 2-factor authentication yet, which is freaking important for your non-encrypted files at least. I asked them about it because I could not believe it and they said it's "on their roadmap". But ALAS my trust in them dropped to zero. The chances of implementing reliable encryption while not getting basic security straight are next to none.

Plus you cannot trust encryption that is not peer reviewed ;-)

I haven't tried NextCloud, but ownCloud is shit. It's really slow, could not handle the several hundreds of GBs I have stored and there have been situations of users losing their data. Plus I'm not inclined to host my own stuff, because that would get very expensive.

Actually you haven't mentioned the only real alternatives ...

(1) Resilio Sync (https://resilio.com) which I use, in combination with a cheap VPS with 2 TB of storage on it (time4vps.eu in case you're wondering, not affiliated)

(2) Syncthing (https://syncthing.net), the open source alternative, which is OK, but hard to configure and Resilio does stuff out of the box, like encrypted folders

And I'm using Resilio Sync in addition to Dropbox. Well, I've actually migrated to Google Drive (on GSuite) this month, due to Dropbox Support pissing me off, but that's another story.

But the interesting part, which should be clear after a single day of usage, is that all Dropbox alternatives, except for Resilio and Syncthing, fail at the most basic task that users want, which is to reliably synchronize your files. Even the big guys, like GDrive or OneDrive, have an incredibly broken sync by comparison.

Just the other day I noticed for example how Google Drive can start deleting files from your local hard drive, only God knows why, in order to re-download them. And before that I dropped OneDrive because their client was freezing on my Mac, not to mention a couple of months back they weren't doing the one month file versioning thing, which is retarded in the age of ransomware.

[jest3r1]

So, between the two of us, we've now come up with a number of competitors working on similar products that include E2E encryption. We both agree that these competitors still have work to do, in terms of implementing features and fine tuning performance. But they're not standing still.

The fact that both of us are actively using at least one alternative, in addition to Dropbox, proves my point. That E2E encryption (alternatives that offer better privacy) could be a threat to Dropbox, if and when the alternatives become a viable total replacement.