[ohyes]

I use any online service with the assumption that the things I put up there could likely become public, no longer anonymous, or what have you. I don't think this is overly paranoid, given how difficult computer security is.

To me; it would make sense if Dropbox stored everything encrypted (as in, encrypted pre-transfer), and you needed the private key to decrypt stuff, unless you specifically state that it is to be public. It just makes sense from a liability statement. That said, you can do this anyway as recomended in this article. (http://lifehacker.com/5813873/how-to-add-a-second-layer-of-e...)

[VMG]

The thing is that you can't do email then.

You can say that google might leak your emails, but the same is true if you use your private email server.

[masterzora]

That's not exactly true. You just need to be super-paranoid and make sure that everything of importance is sent (on both ends) encrypted.

That's still wholly untenable for the real world, but not all paranoid people live in the real world per se.

[tshaddox]

It's unfortunate that simple public key encryption, which has been easily available for many years, is still seen as untenable and "super-paranoid." Any email client, or better yet Gmail, could easily implement it and make it virtually transparent to the user (when both ends of the email are using such a client, obviously).

[masterzora]

I apologise if you have mistaken my meaning! I certainly hope we don't take wider scale encryption to be untenable, but it is very certainly untenable for a single person to use the web in a meaningful way with normal people while maintaining that every single email needs to be encrypted.

[baddox]

I agree. I didn't mean that your evaluation of the current state of things is wrong, but rather that the current state of things is unfortunate.

[gst]

The security of my private mailserver is nearly the same as the security of my laptop. For security reasons I don't use a VPS for email, but a small server that sits in my basement: There are some security measures that will lead to an automatic shutdown in case someone tries to physically access the server and the whole harddisk is encrypted. (Yes - you can call me paranoid.)

[wladimir]

You go through a lot of trouble to try to secure an inherently insecure protocol (email). Or do you mainly use on-the-wire encrypted mail as well?

[gst]

I don't care about things like (short-term) wiretapping. But I care about the fact that I have stored about 15 years of mail history.

[gst]

Depends on the online-service. E.g., I trust tarsnap (client-side encryption, not under an open-source license but you can compile it yourself) with very sensitive data. I also trust Wuala (also client-side encryption) with semi-sensitive data, although it somewhat worries me that Wuala's source is not publicly available for reviews. I don't trust Dropbox due to the lack of encryption - that's why I don't really use it, even though I currently have a free account with 20 GB available.

[icebraining]

I just mount encfs over the Dropbox folder, it's perfectly transparent. It does need Fuse, so no Windows support, but I don't really need it.