Forums Help & support Dropbox, Very big mistake

This topic contains 8 replies, has 2 voices, and was last updated by  Nathan 7 years, 2 months ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #5064 Reply

    Anonymous

    Hi there ,

     

    i just want to say to that guy who has encrypted his Dropbox file that he can access it on his Dropbox online , because it seems that the file will not be encrypted there!!!!!!!!!!!!!!!!!!!!!!!

    i have just encrypted  a file on my desktop , but went there online to Dropbox to find it decrypted! check by your self

    #5065 Reply

    Svante
    Spectator

    Hello Anonymous,

    Can you perhaps explain more about this?

    It’s important to understand that AxCrypt does not encrypt files in Dropbox. It encrypts files on your local PC, that will be synchronized to Dropbox. So, when you encrypt an existing file on Dropbox, it’s possible to recover the original from Dropbox. This is because Dropbox keeps backups and from the Dropbox point of view, when we encrypt a file in a synchronized folder, this is seen as “Delete the original” + “Create a new file”.

    You should be careful to encrypt files in your Dropbox before they are ever synchronized there unencrypted. Once they are synchronized, you are entirely in the control of Dropbox and it’s only at their discretion the original data is ever removed. We can’t do anything about that.

    #5066 Reply

    Edward

    Anonymous,

    AxCrypt encrypts the files exactly as advertised. The problem is that you haven’t set the syncing options correctly.

    I’ll hazard a guess that your Dropbox settings are set to sync everything on your desktop (assuming your explanation is accurate) and Dropbox has automatically uploaded it prior to it being encrypted. You’ve then gone to download it and one of the following has occurred:

    1. Dropbox has found the file encrypted and then attempted to open a previous version (which was unencrypted)
    2. Dropbox has downloaded the file, AxCrypt is still logged in and the file has been decrypted automatically
    3. Dropbox has simply linked to the pointer file on your desktop and AxCrypt has decrypted it automatically

    Dropbox is a service you should stay away from if you value your privacy. There are plenty of better alternatives out there but be prepared to pay for them.

    The following services provide true zero-knowledge encryption:

    If used correctly AxCrypt is a cheaper alternative to using the above cloud services but you are responsible for understanding how Dropbox works and making sure they aren’t copying unencrypted data to the cloud. You also have to trust Dropbox aren’t complying with any secret orders in relation to your account.

    If you read Dropbox’s terms and conditions you’ll find they’ll release data to any agency upon demand subject to them satisfying themselves it’s necessary. With a zero-knowledge cloud, or AxCrypt encryption properly used, only you’ll be able to read the encrypted data.

    #5142 Reply

    DragonTear

    Hi,

    Awesome product, i have used 1.x for many years. I cannot find where to make an encapsulated encrypted file (ie self dccryping). I might have missed the obvious but a hint would be appreciate.

    #5145 Reply

    Nathan

    The simple answer is, sadly, that the feature has been removed.

    You have three choices, choose whichever best suits your needs:

    • revert to using v1.7 (you’ll need to uninstall v2)
    • use v2 and ask the recipient to download and install AxCrypt portable
    • use 7-Zip or equivalent to create a self-decrypting file

    AxCrypt have no plans to reintroduce the feature :-(

    https://forum.axcrypt.net/blog/avoid-self-decrypting-files/

    #5150 Reply

    Svante
    Spectator

    Hi DragonTear,

    Nathan is essentially right in his response (thanks!), although I’d like to point out that using AxCrypt 2 portable does not require installing it, just like having the old-style “self-decrypting” file does not require you installing it.

    In fact, the only difference is really that you now need two files instead of one. AxCrypt-2.1.NNNN.exe + Whatever-ext.axx.

    Anyway, since this question does keep popping up and while we’re still not planning on implementing it for the reasons mentioned in the blog post referred to by Nathn – we’re still interested to achieve similar benefits for similar situations.

    So, if you just please explain just how you use the self-decrypting feature, and just what it is about it that is so attractive, perhaps we can come up with a way to satisify everyone?

    #5151 Reply

    Nathan

    I didn’t realise AxCrypt 2 portable didn’t require installation, my mistake. I knew the portable edition existed but I’m sticking with 1.7 because of the self-decrypting feature.

    “So, if you just please explain just how you use the self-decrypting feature, and just what it is about it that is so attractive, perhaps we can come up with a way to satisify everyone?”

    I’ll answer this from my perspective. Hopefully DragonTear will give his/her feedback on it as well.

    1. I use self-decrypting files because the recipient doesn’t need AxCrypt
    2. Some of my friends don’t have installation rights but they can run the self-decrypting EXE
    3. The recipient doesn’t have to run (or install) AxCrypt
    4. The recipient needs less technical skill. Double-click, enter password and it’s done
    5. Your argument* that an EXE can “contain any level of bad” seems circular to me. Basically even a normal .AXX file is encrypted and can only be scanned by AV software once the file has been successfully decrypted? The same applies for the EXE file surely?
    6. I normally upload the file to Droplr. It’s like Dropbox but is primarily for sharing screenshots and GIFs however you can also upload and share any file. You can then share a public or private link with your friend. He clicks the link, downloads the AxCrypt self-decrypting file and that’s it. I have no difficulties sharing EXE files.
    7. My other use for the self-decrypting file is for sticking private files on a USB for backup or for opening on another computer. It’s secure, doesn’t require me to have AxCrypt installed and I can use it on almost any computer.
    8. Rarely I’ll be asked to send something by post. I’ll encrypt the file, burn it to DVD and post it. Then if it’s lost I don’t need to worry about my data being viewed by a thief. I send the password via WhatsApp (which itself is encrypted).

    <p style=”text-align: left;”>*”Since it by definition contains strongly encrypted information, for example another executable software, it is impossible to screen by anti virus software. It can literally contain any level of bad.”</p>

    <p style=”text-align: left;”>If AxCrypt reintroduced the self-decrypting feature in version 2, or somehow allowed a user to bundle an AXX into the portable edition so that it’s a single file, then I’d make the switch to version 2. I’d even pay for AxCrypt Premium as it has features that I want, like AES-256.</p>
    <p style=”text-align: left;”>Someone on here recommended BCArchive and that does all the same stuff as AxCrypt 1.7 and AxCrypt 2. The only difference is it’s free. I prefer AxCrypt as it’s simpler to use than BCArchive but the lack of a self-decrypting feature in version 2 is a deal-breaker.</p>

    #5154 Reply

    Svante
    Spectator

    Hi Nathan,

    Thanks for the feedback!

    I’m thinking that it’s quite a bit about the perception – not the actual situation here. The recipient does need AxCrypt, in all situaitons, it’s just with the “self-decrypting” your perception is that you don’t need AxCrypt – because it’s “self-derypting”. In actual fact it’s still AxCrypt, it’s just a version of AxCrypt that has the data tacked on at the end of itself and reads it from there.

    In fact, if you have 10 “self-decrypting” files, you have 10 copies of AxCrypt on your computer. But, yes, I get how it is seen.

    We were hoping that users in most cases would see the benefit of the fully-featured portable version instead of the severly stripped down and limited “decrypt only” function of the “self-decrypting” files.

    Perhaps we should improve in our communication of how the portable version works, to better explain how it really is a substitute. We’ve also considered making ‘zip-packages’ of encrypted files with the portable AxCrypt included in the archive.

    Let’s hope to hear from more users, although this thread is a bit off topic now. I’ll discuss internally to add a another main forum for “Feature Requests”.

    #5157 Reply

    Nathan

    A ZIP package with AxCrypt portable (and no requirement to register or an enter email address) would be better than the present situation. But from what I’ve read on this forum you need to register in order to view a shared file.

    Anyway, upon encrypting the file and selecting something like ‘Self-Decryptor’, AxCrypt could bundle the portable version into a ZIP along with some instructions on what to do and the encrypted file.

    Still it’s nowhere near as simple as the old version but it’s an improvement.

Viewing 9 posts - 1 through 9 (of 9 total)
Reply To: Dropbox, Very big mistake
Your information: