26 February 2015
Earlier this year, I described how I used Dropbox to share confidential documents among our family’s Macs. Unfortunately, that approach proved too problematic and I’ve since had to switch to a new approach—based on the Tresorit service—which, while not a perfect solution, does represent an improvement.
The old approach involved keeping my confidential data in a set of encrypted sparse disk images that were stored in Dropbox. Dropbox provided both a cloud backup of this data, as well as the mechanism through which the data was shared with my wife.
The benefit of the old approach was that my confidential documents were secured both locally and in the cloud. The problem, though, was that even though cloud-syncing sparse disk images is much more efficient than syncing a non-sparse image—since only modified image bands have to sync—the amount of data that does get synced relative to the underlying change in internal files proved too much. For example, a simple change to a text file would result in several megabytes of data to upload to Dropbox—and over our pathetic Spanish ADSL lines, that was just too much.
As a result, I found myself bit by bit moving my most frequently accessed confidential data out of the secure disk images, and back into native Dropbox.
The ideal solution for me would be a product/service similar to Dropbox, but which encrypts the data stored in the cloud, and provides for some type of local security on the computer as well.
For example, imagine Dropbox but implemented in a way that requires you to locally “unlock” your Dropbox before you can access the files. Then, once I’m done with the files, I’d re-lock the local file system, and the service could still sync the encrypted internal data to the cloud.
As far as I know, such a service/product doesn’t exist, and so I had to settle for the next best thing.
Tresorit is quite easy to describe—just imagine Dropbox, but with all your cloud-stored data encrypted, and in a way such that nobody but you can access it, i.e. not even Tresorit staff can access your data. The company’s based in Switzerland, and operates under Swiss privacy laws.
So I now run Tresorit alongside Dropbox, and keep all my confidential data in its folder. When I modify a 2kB text document, Tresorit compresses and encrypts the modified document and uploads the resulting data to the cloud—a process which completes in orders of magnitude less time than the modified sparse images of my previous approach!
While I’m happier with this approach, it does have some drawbacks:
By the way, Tresorit has a number of competitors, including the well-known SpiderOak service. Before installing Tresorit, I first installed SpiderOak, but was immediately turned off by its user interface. In addition to being more pleasant to use, I like what Tresorit’s Mac-like experience reflects about the organization’s appreciation for user experience.
I contacted the European-based Tresorit customer support about those above-mentioned issues, and was caught off-guard by their candid and quite unapologetic response. They acknowledged the shortcomings and said that for some (e.g. helping to find files with illegal filenames) they are working on a solution, while for others (e.g. implementing content-addressable storage) they are not (since in their view that would decrease security).
Thinking about it, I found that candidness quite refreshing, especially compared to the typical American-style customer support—usually beginning with, “I couldn’t be more sad to hear that you’re having trouble with our product.”—which I’ve always found to leave an insincere taste in my mouth.