Encrypting Dropbox
I have local backups for my photos, but with Dropbox they get synced to a place far away so I’ll still have access to my photos, even in the case of fire :) I tried other backup platforms, such as Amazon S3, but the ease of Dropbox is unsurpassed and I use it for lots of other projects as well.
Why encryption? #
Dropbox keeps adding features and I guess it won’t be so long until they’ll do some kind of image analysis on photos as well. Perhaps they already do.
I don’t like the idea of my photos being changed automatically or information being extracted out of them. This may seem far-fetched or paranoid, but this is what Google is doing if you use Google Drive. And when you use camera-upload from your phone, Dropbox changes the filename already.
On top of that, I’d like to keep my photos safe in the case someone else gets access to my Dropbox account. Even though I’m not a celebrity (yet), I’d like to keep my life a bit private.
Also, encryption is just good backup-practice (http://www.taobackup.com).
EncFS vs Apple Disk Utility vs Duplicity #
So here’s a quick rundown of three applications to use for encryption.
Duplicity and S3 #
I started out with Duplicity in combination with S3. This worked pretty sweetly, but it has the disadvantage that backups go into a ‘black box’. Especially because of the ‘incremental backups’ (only changes are backed up). There’s no way to browse the files after they’ve been backed up. Also, S3 became more and more expensive the more I backed up to it, and this made the switch to a paid Dropbox account quite easy.
Apple Sparse Bundle Disk Image on Dropbox #
On Dropbox I decided to try out Apple’s encrypted “sparse bundle disk image”. This means the image is cut in pieces of 8MB, making syncing a lot easier; in theory Dropbox would only need to send a little bit of data over when making a small change (like adding just one file). In practice however, the syncing took forever. For some reason, adding just one file meant a lot of pieces would be synced. This slow syncing was the main reason to stop using this solution.
The main advantage of Apple’s disk image is that it’s easy to mount and use in OSX and it will retain the right properties of files inside. The disadvantages are that it won’t open on other OS’s and that you rely on Apple supporting it over a long period (I want to be able to open my backup in 10 years time, if I have to).
Introducing EncFS #
After the eternal syncing of the Sparse Bundles, using EncFS is a real pleasure. EncFS encrypts each file individually, making it extremely easy for Dropbox to do incremental backups. It’s available on Linux as well and is mounted as a separate filesystem. This means I can browse it easily. The disadvantages are that the encryption is not the world’s best (especially if you use it in combination with Dropbox) and that meta-data is not encrypted (filenames are, but not the time&date).
So EncFS is a no-go if you want to keep your nuclear secrets safe, but for my use-case it’s perfect.
Sharing #
Obviously you don’t normally share backups, but with encrypted folders there’s an additional reason not to do it. Dropbox won’t make sense of multiple people changing files inside an encrypted partition and your stuff gets messed up really quickly.
Other, paid solutions #
There are many other solutions for encrypting your Dropbox. I decided not to rely on these proprietary programs, because you’re never sure if they still exist in a couple years time. The main contender, https://www.boxcryptor.com/en, already switched their encryption algorithm once.
Process #
Whereas Duplicity ran automatically, my new process is quite manual… The advantage is that I know exactly what’s going on, the disadvantage obviously is that it’s more labor and more error-prone.
I have a ‘backup’ folder in my Dropbox which is partially synced. In it I create folders with today’s date and the years which are backed up in it (e.g.: 20160516-2009-2015). I create an EncFS partition in it, and use rsync
to copy all files into it. Dropbox starts syncing as soon as the copy starts. I also create a file with a list of all the synced photos (find . > syncedfiles
).
After the copy is done, I use selective-sync to turn off this particular folder. I then never touch this folder again until I need it. Selective-sync saves disk space, and it also means that evil stuff like filelocker has no chance of reaching it.