On 21/04/2011 07:54, Jan Reister wrote: >> I run Dropbox over Tor at very low bandwidth. I have detailed this setup >> for others here: >> http://openideals.org/2011/04/20/my-quick-guide-to-a-less-risky-dropbox/ > > Nathan, did you audit the network traffic for non-Tor leaks? For > example, using Wireshark to see if there's some dropbox-related stream > that does not travel over Tor. I know this is only indirectly related, but I recently wrote about how the Dropbox mobile clients send file meta data over an unencrypted network connection, in direct contradiction of what their public documentation stated: https://grepular.com/Dropbox_Mobile_Less_Secure_Than_Dropbox_Desktop Instead of fixing the problem, they removed the bit of documentation that stated that the meta data was encrypted. They didn't modify it to state that the mobile clients send meta data unencrypted, they just removed the bit stating otherwise. If you're going to use Dropbox over Tor, it's definitely worth auditing the network comms properly as you blatantly can't rely on trusting them. Certainly use something like TrueCrypt with it. -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk