Using Espionage with Dropbox

We received an excellent tip from Ira Rainey of side lane digital development on a simple method of using Espionage with Dropbox.

espionage + dropbox

The method does not involve storing Espionage’d folders inside of Dropbox (which can lead to issues), but rather using Espionage to easily and conveniently encrypt all of the files from your Dropbox on your Mac.

Step 1 – Create a folder called ‘Vault’ in your Home folder

Create a folder called 'Vault'

Step 2 – Adjust Dropbox’s Preferences

Adjust Dropbox's Preferences

  1. Move the Dropbox into the Vault folder
  2. Uncheck the “Start Dropbox on System Startup” checkbox

Step 3 – Quit Dropbox

Quit Dropbox

Step 4 – Add ‘Vault’ to Espionage & Associate with Dropbox

Encrypt the Vault folder + Associate with Dropbox

  1. Add the ‘Vault’ folder to Espionage
  2. Drag the Dropbox application onto the Application Associations list

Step 5 – Set Dropbox to ‘Launch At Login’ in Espionage

Set Dropbox to launch at login

  1. Select ‘Vault’ in Espionage
  2. Click the ‘Edit Application Associations’ button
  3. Check the box to ‘Launch at Login’
  4. If prompted to enable ‘Autounlock at login’, click ‘Yes’
  5. Click ‘Done’, then click ‘Save Changes’

That’s it!

Your Dropbox is now encrypted locally, you can now launch Dropbox (you’ll be prompted for the folder’s password). Dropbox will upload any changes to it securely over the internet, and the files are stored encrypted on their servers.

It’s important to note that if you sync your Dropbox with another Mac the files on that machine won’t be encrypted unless you repeat these steps there as well. We are still investigating whether it’s possible to get Dropbox to play nicely with a live Espionage’d folder that’s inside of it.

Many thanks to Ira Rainey for pointing this out! You can read more information about this tip on his blog.

We’re always interested in hearing about how our users use Espionage, so if you have any interesting tips you’d like to share with us don’t hesitate to let us know! :-)

Tags: , , ,

December 14th, 2009 at 7:02 pm by Greg Slepak and is filed under Espionage.

4 Responses to “Using Espionage with Dropbox”

  1. John

    December 15th, 2009 at 11:59 am

    While your files are stored encrypted on your disk and encrypted on their (Amazon’s actually it seems) servers, in the middle all the DropBox employees have access to your data. Dropbox is not a secure storage product as it does not offer end-to-end encryption.

  2. Greg Slepak

    December 15th, 2009 at 3:28 pm

    John, you bring up a valid point, Dropbox may not be as secure as some may need it to be, and that’s important to keep in mind. I would like to point out though what Dropbox has to say regarding “employees accessing your data”:

    Dropbox employees aren’t able to access user files, and when troubleshooting an account they only have access to file metadata (filenames, file sizes, etc., not the file contents)

    I’m guessing that this refers to a subset of Dropbox employees, as surely someone working at Dropbox knows the password to their encrypted S3 account, otherwise it would not be possible for them to transmit unencrypted data—unless it’s being decrypted on-the-fly by the Dropbox client upon receipt by your Mac (note: I’m not referring to any sort of SSL transmission, but to the actual data upon receipt).

    We’ll shoot them an email to see if they can clear this up for us. Once I get their official reply I’ll update this post. If any Dropbox employees reading this would like to comment you are more than welcome to.

  3. Justin Pennington

    December 16th, 2009 at 2:02 pm

    While this doesn’t apply to espionage, I use encrypted sparse images in my dropbox. Those should provide end to end encryption, I don’t see why the espionage solution wouldn’t provide this as well.

    You are decrypting locally and uploading encrypted pieces.

  4. Greg Slepak

    December 20th, 2009 at 6:14 pm

    @Justin: The reason is that Espionage moves the sparse image/bundle each time the folder is locked or unlocked. In addition, a symbolic link (alias) is placed in the Dropbox pointing to the decrypted contents (more info here).

    This will cause Dropbox to re-upload a bunch of stuff whenever the folder’s locked status is changed because it doesn’t understand that the files were simply moved, and when it sees the symlink, it interprets that as new files being added to the folder.

    While you can do this, there are several issues to keep in mind:

    1. When the folder is unlocked, decrypted files are uploaded to Dropbox because of the symlink, effectively giving you the same level of security as when you follow the steps in the post above (since Dropbox keeps a history of the folder).

    2. If you’re using Dropbox with Espionage across multiple machines, then you can cause Espionage to get confused if you unlock the folder on one of them, and the folder is suddenly “unlocked” on another, even though it wasn’t unlocked through Espionage.

    So in light of these concerns, we do not recommend using Dropbox to synchronize Espionage’d folders across machines, even though it is technically possible.

    Hope that addresses your question!

    To update regarding Dropbox & the issue of their security: we did send them an email, but we’ve yet to receive a reply from their privacy dept. Not sure how to interpret that, but any interpretation would likely be unfavorable.

    I’ll update the post if and when they do reply. In the meantime I’d recommend not using this method to store any super-sensitive material on Dropbox (and use encrypted disk images with Dropbox manually instead).

Leave a Reply