[tor-talk] Dropbox over Tor feedback

tor at lists.grepular.com tor at lists.grepular.com
Thu Apr 21 08:38:07 UTC 2011


On 21/04/2011 07:54, Jan Reister wrote:

>> I run Dropbox over Tor at very low bandwidth. I have detailed this setup
>> for others here:
>> http://openideals.org/2011/04/20/my-quick-guide-to-a-less-risky-dropbox/
> 
> Nathan, did you audit the network traffic for non-Tor leaks? For
> example, using Wireshark to see if there's some dropbox-related stream
> that does not travel over Tor.

I know this is only indirectly related, but I recently wrote about how
the Dropbox mobile clients send file meta data over an unencrypted
network connection, in direct contradiction of what their public
documentation stated:

https://grepular.com/Dropbox_Mobile_Less_Secure_Than_Dropbox_Desktop

Instead of fixing the problem, they removed the bit of documentation
that stated that the meta data was encrypted. They didn't modify it to
state that the mobile clients send meta data unencrypted, they just
removed the bit stating otherwise.

If you're going to use Dropbox over Tor, it's definitely worth auditing
the network comms properly as you blatantly can't rely on trusting them.
Certainly use something like TrueCrypt with it.

-- 
Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110421/7eecde4f/attachment.pgp>


More information about the tor-talk mailing list