[artdigital]

I love Dropbox but stuff like this is a good reminder to re-evaluate using any service that store large amount of personal data without e2ee. I understand that partly because of block-level diffing and syncing, it's hard to provide true e2ee for Dropbox, but it's still a big reason why I'm having most of my stuff in iCloud Drive (with Advanced Data Protection), despite liking Dropbox much more.

Hope they'll come around and add it at some point, and not just for businesses as hinted at when they acquired boxcryptor.

(Cryptomator and encrypted sparsebundles work great on Dropbox. Just annoying to manage)

[Flimm]

Dropbox offers end-to-end encryption now (for business teams):

https://blog.dropbox.com/topics/company/new-solutions-to-sec...

[artdigital]

I'm not a business, I'm a paying customer on the most expensive personal tier. It's silly that they don't offer this feature for me. I also can't upgrade to a business plan because those require at least 3 users.

It just feels like feature gatekeeping to me, but no way for me to pay more to get this feature. But I also understand that personal users are not Dropbox's main focus.

[aborsy]

A Synology/QNAP/TrueNAS NAS is a far better solution, with no restriction.

[oger]

We all are probably guilty of falling for the convenience trap here or there. But setting up the sync between Dropbox and the NAS (Synology user here) with a one-way, don't delete, don't overwrite policy is a good lifeline to have - you know, just in case...

[redserk]

I'm a big advocate for running a NAS, but using a service like Dropbox means there's one fewer personal device that needs babysitting.

[ladzoppelin]

QNAP does not seem secure at all, IMO its not worth it. I have not used the others you mentioned.

[msh]

You would still need somewhere to do off site backups to.

(Edit: changed offline to offsite)

[lostlogin]

Isn’t that what a Synology offers? An offline backup?

[msh]

Sorry, I wrote it wrong. I meant offsite.

[ghusbands]

If you want encryption enough, you can probably pay for a three-person business plan and just not set up the extra users. Looks like it would double your monthly subscription over the most expensive personal plan.

[msh]

Its says: The latest security features will be available to all Dropbox Advanced, Business Plus, and Enterprise customers starting today.

Is dropbox advanced a business plan?

[artdigital]

Advanced is their business offering - https://help.dropbox.com/plans/advanced-plan

[jbverschoor]

Apple does offer this

[jimmaswell]

I used to love Dropbox, then they limited devices and storage so much it was barely worth it, and spamming me with nag popups all day to upgrade because my storage was near full sealed the deal and I just started using OneDrive (not much better but it's integeated and convenient, probably going to just go foss with a home server eventually). Another sad downfall of a once good company.

[jrgoff]

They only limited devices for free accounts.

[jimmaswell]

Paywalling existing free functionality is the most creatively bankrupt and fast way to get me to never buy your product.

[reddalo]

I use Proton Drive [1], they offer e2ee but I agree with you: the Dropbox app experience is probably still the best.

[1] https://proton.me/drive

[amelius]

OK, so there is no fundamental obstacle for providing true e2ee.

[nicce]

Of course there isn't, but it limits efficiency and features. For example, you will miss all the fancy features Google Images does in cloud and user experience might be slower, since everything must be processed and downloaded on client side. Some level of metadata is always unencrypted.

[amelius]

That's trading one feature for a bunch of others. Users should have the choice of what features they think are important.

[macintux]

They typically do, by picking the product they wish to use.

[whatevaa]

It is very complicated to get this right from development standpoint. In true E2E, client must be "fat", kitchen sink and everything. Pretty sure Dropbox isn't like that right now. E2E is not a "feature", it is like a different paradigm of problem solving.

[repelsteeltje]

What I'd really like is for the encryption to be plugable and orthogonal to file syncing.

Ie: authentication with dropbox/proton/bittorrent concerns only that you pay your storage/ingest/egress bill, but is otherwise unprotected and in the clear. Encryption of the file payload and metadata as a "bring-your-own" — on device — stream cypher (and key derivation, key management). Key exchange and sharing among devices or users might then use yet another service or mechanism.

Pretty sure presenting all that in a slick easy to understand way has significant challenges, but it would be great to alleviate some of the dropbox as a single point of failure.

[cyberpunk]

So kinda like how rclone does encrypted backends?

[basil-rash]

Of course not. It’s just storing bits at the end of the day. But storing seemingly random bits will always be more expensive than storing predictable bits, and this case is no exception: Proton is roughly 4x more expensive per bit than Dropbox.

[cqqxo4zV46cp]

Was the question whether or not it is hypothetically possible to provide an E2EE storage service? Surely you can apply your engineering chops here. Of course it isn’t. But there are trade-offs, as with literally any engineering choice.