Hi guys,
I just wanted to draw on Scrivener users thoughts about Dropbox (and working from the cloud in general) amidst concerns about the safety of sensitive data - in this case our cherished novels, plays, screenplays, etc.
I don’t want to revisit the synching debates as Dropbox and Scrivener work seamlessly for me following the instructions given by Keith and the team. I just wanted to know if i should be concerned about storing my work up there in light of the recent change to their terms and conditions.
David Hewson has deleted his account and, obviously, his concerns are given more prudence due to his profile and commission to write the novel of the Killing. I’ve been on a number of forums and read mixed responses by people, mostly along the lines of: if it’s personal or sensitive it shouldn’t be in the cloud. Now I’m left trying to balance these concerns against having an excellent method of working from one file, and also having it safe should a fire or similar destroy all my local copies.
I would be grateful for any discussion on this matter from other writers.
The debate about this peaked several months ago and if I remember correctly, Dropbox subsequently clarified their legal position by explaining that it was never their intention to take possession of intellectual property curated on their site. (That may be misrepresenting their position – it was a while ago.) At the time it sounded to me like a lawyer had been allowed to go public with a document that was legally watertight but was blind to customer relations. Corporate lawyers if unrestrained do that sometimes.
That might not of course prevent a future management re-interpreting their role in a stricter way – nor (perhaps a bigger threat) someone else in the cloud making off with your intellectual property and claiming it as their own. I suppose in the final analysis one can only strike a balance between the value of one’s work, and the fuss and extra effort involved in finding services that don’t look as if they might take it or allow it to be taken at some point, or wrapping it up in password protection. I think striking this balance has to be a personal decision. I seem to remember David Hewson had difficulties finding an acceptable technical solution.
For me, life’s too short to worry too much about it at the moment. If I was writing on commission for a third party with my livelihood and reputation effectively floating around in the ether, I might think differently.
I’d say encrypting locally will obviate most “it’s on the Internet” concerns for most people. It’s fairly easy to make a vault of some sort, an encrypted container that can hold files and folders, and that is all one needs to protect a Scrivener project. The main drawback to this is that in most cases this can reduce sync efficiency as often the entire container must be uploaded and downloaded for each change.
If you want a synchronisation model that is more focussed on user security, you might check out SpiderOak. It uses client side encryption, which means both the transmission and the data store is unreadable without your client. No SpiderOak employee or hacker can get at your data. Dropbox’s transmission encryption protects you from most non-sophisticated middle attacks, the largest weakness of these being open air transmission in coffee shops and such. But the stuff is stored in the clear on their servers, meaning it is vulnerable.
Of course, encryption is not infallible, but for most people it is well enough. Modern techniques and computer horsepower are enough to make it really, really tough for something other than say, the NSA, to break into it.
There is nothing technically preventing anyone from working with a few friends to build remotes storage in multiple homes. I’m not talking about sending a cd or thumb drive, but simply having someone put up a NAS device that provides you the ability to access it remotely. < $250US for 2TB of dedicated storage in a commercial solution.
Granted you need to have a friend. so that may be a problem for some of us.
I have a SpiderOak account but I haven’t used it for some time. Apart from the un-Mac-like interface — which wasn’t really a problem, though I found it best to hide the window in an unused space — the problems with it were that: (i) it didn’t seem good at purging old versions, so with my Scrivener project backing up to it, I kept finding I had no more space, and had to go and manually delete lots of earlier versions; (ii) I found that when I updated to a newer version, that seemed to be one of the possible causes of a typing-lag in Scrivener, even when I wasn’t having SpiderOak backing up the folder with my Scrivener backups … I can’t say for sure that the problem was SpiderOak, but when I stopped using it, the typing-lag disappeared.
Apart from that I was happy with it … I found it when the authorities here behind the Great Firewall suddenly seemed to decide that DropBox was a threat to security and blocked it. About a year later, they removed the block, so I’m back with DropBox mostly … but then I don’t have any sensitive stuff to worry about in the cloud.
No, I don’t feel safe and I’m pretty sure those feelings are well founded. But then again, I’m one of those people who also doesn’t mind if I have to think about what I’m doing and if I have to do things manually. When it’s my work and I decide to store it in the cloud where anyone with enough time and expertise can steal it from me, I want to worry about the details. I want to know for certain that the data I intend to be there is actually there. That means I consider it a feature when I do it manually. No “automatic seamless syncing” for me.
I have deleted all my files, heretofore unencrypted, from Dropbox. I am moving all my work to SMEStorage, a cloud storage aggregator. That means I can use more than one (free) cloud service, but view them all as a single hard drive on my various computers. Right now I have 5GB from Amazon and the original 2GB from Dropbox. And most importantly, SMEStorage allows me to encrypt the data locally. That means that even a “man in the middle” (perhaps some guy with a wireless device who is looking at my network traffic as we both sit in some little coffee house where I’m innocently and blindly working away on my latest WIP) won’t see my data “in the clear”, that is, so that it can be easily read. He’ll only see the encrypted data and, as AmberV says, that would take a significant amount of effort to decrypt. And the encrypted data is what gets stored in the cloud, so even an employee of SMEStorage cannot read it. And even a random hacker of SMEStorage who breaks their security cannot read it. And when some publishing house’s lawyer asks me “Did you publish this work on the Internet?”, I can say “I used a cloud service for convenience and backup. The work was always encrypted and never stored there in a form that could be read.” That’s important to me.
I’ve only installed the software and haven’t had the time to start actually using SMEStorage, so I don’t yet know how well this will work. I have my main desktop Windows Vista machine, my Toshiba Windows 7 laptop, and my Android-rooted Nook Color. The idea is to use the free version of Allway Sync (which I’ve used in the past for local backup) to backup my Scrivener projects to SMEStorage. Then I’ll mount the SMEStorage on the laptop or the NC and work on it and sync back to the cloud. If there are any glitches in this workflow, I’ll try to note it in the forum.
@mcbend: I think BoxCryptor might work just as well, albeit for a more limited amount of data. My first idea was to use BoxCryptor, but the night I was going to download it I stumbled upon SMEStorage.
Thanks for all the responses. It’s a shame that we have to spend so much time and brainpower trying to find the best workarounds that it actually limits the time we spend on actually writing.
I don’t think there is a simple solution to this. The balancing act between usability and security probably requires too much effort and potential synching problems.
I feel I may just go back to storing a folder on my desktop and allowing file sharing so that I can access it on my laptop. However, this presents restrictions on remote working and synching if I want to take my laptop elsewhere to work on a project
I just posted some details about how in some situations storing your files in Dropbox can be safer than having them simply stored on your hard disk. That’s mostly in cases of theft. It’s here:
It’s a Dropbox trick that let you hide or even remove Dropbox files remotely. It does depend on the thief logging in with an Internet connection active. In that sense, the protection isn’t as powerful as the remote wipe of an iPhone, but it could still be useful.
Dropbox’s blog just reported that they have been certified to comply with the US-EU Safe Harbor Framework and the US-Swiss Safe Harbor Framework. You can find the details here:
I’m not quite sure what all that means. As a writer, what I do is public anyway and I’m certainly not going to live my life fretting about what some crazy might do if they disagree.
Dropbox’s blog posting also notes some changes in their privacy policy:
Mostly those changes make clear to the clueless that some things they do will inevitably reveal information about them.
Does anyone seriously think that people are trawling the millions (billions?) of files stored on Dropbox on the off-chance that some best-seller will be ‘revealed’ to them?
What are the odds of anyone being able to do this; or of bothering to try it if they could do; or not being found out if, by some mind-boggling miracle, they actually did it?
On the other hand, what are the odds of your house burning down, or someone breaking into your home and stealing your IT, or an electrical fault frying your equipment, or your hard-drive flatlining?
I would contend that a domestic disaster is a far greater risk, by many orders of magnitude, than that posed by an hypothetical cyber thief.
I’m paranoid about backing up to external drives and usb drives, but I still stick anything I really care about on Dropbox.
The hypothetical cyber thief would be more likely to be someone who was targeting you, personally, for whatever reason.
If I were, say, a political activist in Syria, I would be very very wary about storing anything in the cloud without strong encryption.
Most of us don’t have those concerns, but lots of people have ex-significant others or former co-workers with grudges, and the technical ability to act on such grudges is becoming more and more common.
There are also lots of bad things that can be done to a file other than stealing and publishing it. It could be deleted or corrupted. It could be “augmented” by an extensive collection of child pornography – followed by an anonymous tip to the appropriate authorities.
Are these scenarios likely? No. But it’s good to consider the possibilities before blithely uploading your life to a server you don’t control.
There’s also CrashPlan, which supports offsite backups to a friend’s computer, not just the cloud. Intended for backup, not working storage, but still useful.
I’ve pointed out before that something like SpiderOak is certainly more secure than Dropbox. No seamless connection with iPad apps though so you need to weigh convenience against security.
I agree with stevenfield. Having lost a hard drive, I feel safer with Dropbox than without it. Nothing is perfect, and nothing is entirely secure on this earth, IMHO. But Dropbox has worked well for me.
Obviously, it’s not all I use. I have two portable hard drives, a flash drive, and save on my computer; I also have paper printouts! If anyone did steal my work, which is highly unlikely, I and several friends/family members would easily be able to prove that it was mine.