Ubuntu One and Dropbox allow you to synchronize your data across computers. They both claim to keep your data “secure”. However, I have customer data that I keep on my computers such as passwords, IP addresses, network topology, etc. All of these data can be used to compromise more data, some of which is protected by HIPAA. As such, if I synchronize, I must be confident that the data in motion is secure from prying eyes at any third party company that is facilitating the synchronization.
Alternatives
I’ve used Dropbox for a few years, and more recently, Ubuntu One. Both have their advantages, but both are insecure if you ask me. I have tried SparkleShare, too. However in my experience the GIT repository grows too large to use for the data I have. Furthermore, it seems to break and need babysitting more than I care to work on it. The third party applications do a very good job at synchronizing files between computers. It’s unfortunate that they are closed-source. Until there is a better solution for a private server, I have found my hybrid solution to be working very well for the past 2 months. As a result, I’ve decided to share.
Concepts
First, the concept. I will demonstrate how to use encfs to encrypt your data so that you can be at ease with delegating the synchronization to a third party service. I will not cover how to install Dropbox or Ubuntu One, as this is sufficiently covered elsewhere. However, I will point out tips that can be used when you install it.
Step One
First, you need a place to store your encrypted data. I created a directory of “.UbuntuOnecrypt” in my home directory and “.crypt” in my Dropbox directory. Ubuntu One lets you synchronize directories from anywhere, while Dropbox requires all files to be within the Dropbox directory – wherever that may be. To add this directory to Ubuntu One, browse to your home, turn on hidden files, right-click the directory, choose synchronization options. Since Ubuntu One only comes with Ubuntu, most users will probably use Dropbox.
Once the directory(ies) of your choosing are created, make sure that they are synchronizing between computers. This must be done before moving on to step two, or the entire point of this exercise is moot.
Step Two
With the back end complete, our next step is to create an encryption layer on top of the synchronized directory. Let’s assume that ~/Dropbox/.crypt is the encrypted location. I propose presenting the unencrypted files at ~/sync_encrypt/Dropbox for use.