TrueCrypt is our go-to data encryption tool and no doubt you know we have a thing for Dropbox, but although we've briefly mentioned using TrueCrypt as one of the clever ways to use Dropbox, we've never fully married the two. It's about time.
What's All the Fuss?
As Business Insider reports, a recent update to Dropbox's security terms of service reveals the company can decrypt your files and provide them to the government if required to do so—in other words, if you thought Dropbox couldn't decrypt your data, you were wrong. Perhaps this is just par for the course with cloud-based services, but at least a few people feel uneasy about Dropbox's lack of clear privacy and security procedures or say its authentication implementation is insecure by design.
Should You Drop Dropbox?
If you do store sensitive data on Dropbox but are loathe to give up its convenience, you have two options:
1) You can just encrypt your data with TrueCrypt and store that encrypted file on Dropbox for an added layer of protection or 2) You can move your encrypted Dropbox folder to a TrueCrypt container. In either case, it won't be as easy to share or work with individual documents encrypted with TrueCrypt as non-TrueCrypt-encrypted files, but even Dropbox itself recommends using TrueCrypt for your most sensitive documents.
So, here's how to do both options:
Option 1: Create a TrueCrypt Container On Dropbox
If you've never used TrueCrypt before, here are the steps, taken from our previous guide but adjusted specifically for Dropbox usage:
1. Download, install, and launch TrueCrypt
2. After hitting the "Create Volume" button, choose the default to "create an encrypted file container" and a "Standard TrueCrypt Volume".
3. Here's where the steps differ: When prompted to select a location for your TrueCrypt Volume, navigate to your Dropbox folder.
4. Then you'll run through the rest of the TrueCrypt encryption steps, including selecting the default AES encryption scheme and volume size (choose a capacity less, obviously, than your total Dropbox account storage space).
Once you've entered your volume password and formatted the TrueCrypt volume, it'll be saved and ready for action in your Dropbox folder.
To mount the volume as a virtual—but encrypted—drive that you can copy and paste to, from the TrueCrypt program, select a drive letter, then select your TrueCrypt file in the Dropbox folder, and click "Mount."
You'll be able to copy and paste sensitive documents to that encrypted container just like you would a regular drive.
Option 2: Move Your Dropbox Folder to an Encrypted TrueCrypt Volume
If you want everything you store on Dropbox to be encrypted with TrueCrypt, then you can move your Dropbox folder into a TrueCrypt container. Here are the instructions from Dropbox of the process:
- As above, download, install, and launch TrueCrypt
- Create a new standard TrueCrypt volume (Create volume > Create an encrypted file container > Standard TrueCrypt volume, using NFTS filesystem) anywhere on your hard drive, and set a volume size and password for accessing the volume later.
Once it's formatted, make sure the TrueCrypt volume will be mounted on logon:
- In TrueCrypt, click on the Select File button, select the container you just created, click on an unused drive letter and then click the Mount button.
- From the Favorites menu, select Add Mounted Volume to Favorites and make sure Mount select volume upon login is checked.
Next, we'll move Dropbox to the encrypted TrueCrypt drive:
- Right-click on the Dropbox icon in the system tray and go to Preferences.
- In the Advanced tab, click the Move button to change the location for Dropbox to the virtual drive letter you just created.
Finally, Dropbox recommends creating a login script to modify Dropbox so it will wait until the drive is ready before starting:
In your Dropbox preferences, click the General tab, then turn off the checkmark beside Start Dropbox on system startup.
1. Create a new text file called bootup.bat somewhere on your C: drive.
2. If file extensions are hidden by Explorer, you may need to turn them on to ensure the file gets the .bat extension rather than .bat.txt. (The option in Explorer is under Tools | Folder Options | View, then under Advanced Settings select Show hidden files, folders and drives).
3. Paste the following commands into the bat file:
rem Every second, check to see if volume is mounted
echo Waiting for volume...
ping -n 1 -w 1000 127.0.0.1 > nul
if not exist F: goto keepwaiting
start "Dropbox" "C:Documents and SettingsYourUserNameApplication DataDropboxbinDropbox.exe"
4. Tailor the script as follows, then save it:
Change F: to the drive letter of your mounted volume (which you picked in step 2.2)
Change the path on the last line to include the location of the Dropbox application files. e.g. On Windows 7 it would be:
5. Create a shortcut to bootup.bat in your Startup folder. Your startup folder is usually located at:
Windows XP: C:Documents and SettingsYourUserNameStart MenuProgramsStartup
Windows 7: C:UsersYourUserNameAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Reboot your computer and test.
FYI, before you dismount the encrypted volume, you'll need to close Dropbox.
Dropbox's tips and tricks wiki notes that there are also sensitive *.db (Dropbox configuration) files located in alternative locations, and offers suggestions for ways to relocate those files or the entire Dropbox application.