[conanthe]

Dropbox is a no no for one simple reason - there is no end to end encryption. Unless I don't know something? I wouldn't want a disgruntled employee to fiddle with my files.

[whitepoplar]

Is there any Dropbox-like service that lets you control your own private keys, without resorting to the ugliness of uploading an encrypted image to Dropbox?

[gergely]

Tresorit. It has linux cli client: https://support.tresorit.com/hc/en-us/articles/360009330614-...

[omnimus]

Spider oak?

https://spideroak.com/

[grumdan]

It's important to note though that their client is not open-source, so if one goes through all that trouble to use end-to-end encryption, it seems a bit unsatisfactory to me to then trust this company to actually keep the private keys on my machines (and encrypt things correctly).

Personally I used syncthing which doesn't do encryption but also only uses my own devices, so I can keep the data on my machines at all times.

In the past I used seafile which does support encryption (and it's self-hostable): https://www.seafile.com/en/home/

[codyhazelwood]

Tresorit is nice, but seems kind of pricy. Boxcryptor works well on top of Dropbox. Personally, I've switched to Nextcloud which keeps everything in my control, and it also supports e2e (though the e2e UX is still rough around the edges).

[yjftsjthsd-h]

I think syncthing wins here. Not at rest, mind, but since you control the endpoints that should be okay.

[microtonal]

Even though it's proprietary, Resilio Sync does encrypted peer to peer sync, plus it allow encryption-only nodes. These contribute bandwidth, but cannot decrypt the data.

[zipperhead]

I use a cryfs mount stored in Dropbox. It's been quite painless.

[conanthe]

There is restic

[dewey]

Just sync an encrypted image if your threat model includes disgruntled employees motivated enough to mess with your account.

[zapzupnz]

Could be problematic if the image is huge.

[treypitt]

Anyone have experience with Boxcryptor? Haven't tried it since a few years ago (https://www.boxcryptor.com/en/)

[ubercow13]

You could use something like gocryptfs that encrypts at the file level

[zuck9]

Cryptomator is another cross-platform alternative for file-level encryption: https://cryptomator.org

Also includes first-class support for cloud syncing apps.

[cricalix]

If you trust https://www.dropbox.com/en_GB/security#files, then they have encryption on transport and at rest in the DC, and implement forward secrecy and certificate pinning.

[geofft]

End-to-end encryption means that they don't see your encrypted files at all, even if they want to. Importantly it means it is impossible by design to make mistakes like accidentally not checking passwords on login https://techcrunch.com/2011/06/20/dropbox-security-bug-made-... .

Transport security and at-rest security is very important (and is the best you can do if you want Dropbox's ability to access your files, e.g., so their servers can show your files in a web interface), but it's not the same sort of thing as end-to-end encryption.

[geofft]

Actually, hm, you could point Dropbox at the layer under eCryptFS and have it work (for some value of work) and get e2e that way, right?

[zuck9]

After e2e encryption, my second largest feature request is a .dropboxignore file

I don't understand why they don't have it even after all these years.

[rrdharan]

Do you want something different than the Dropbox exclusion list ("dropbox exclude add ...")?

That only supports excluding directories not individual files, and the actual list of exclusions is buried in some local binary config both of which are moderate annoyances - perhaps those are your qualms?

[conanthe]

If you run a project off a Dropbox directory you would want .env and similar files excluded. You don't want someone to get your AWS keys?