Hacker News new | past | comments | ask | show | jobs | submit login

Dropbox and Gmail are already encrypted - the problem is who else can get at the keys. And which other credentials of yours can be compromised starting from there.



Encryption that is out of your control is not encryption in any meaningful sense. You must be the only one who has the key, else the whole process is compromised.


This is a pet peeve of mine, let me know if I'm being a pedant:

Encryption that is out of your control is encryption in a specific, meaningful sense. I believe to effectively use encryption, you have to understand the trade-offs involved and limitations of the technology.

So, Google's encryption is terrific in terms of protecting you from war-drivers. But it won't protect you from the focused attention of the FBI. That doesn't make it good or bad, it's a tool with specific uses and limitations.

I think that lesson needs to be absorbed with all forms of encryption. It's a particularly dangerous area to pop-sci oversimplify.


This is a very good point. You're still putting locks on your doors, but those locks aren't going to stop the SWAT team.


Isn't this tarsnap's selling point? I'm not a user of it, but it seems like a sound service for backup (not cloud sharing of data).


There are quite a few options available from the stand-alone, like SpiderOak, to things that sit on top of Dropbox, such as Boxcryptor.

What I haven't seen is a comprehensive security review of these alternatives. There could be bugs, flaws, or they could outright not be doing what they claim to do.


I thought tarsnap's main selling point was cperiva.


Just because it is not plain text does not mean it is secure.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: