99.99% of digital documents exchanged today are susceptible to leaks and directly accessible by your Cloud Service Provider. Your documents are essentially available to anyone with the will, or want, to do so.
There’s a good way to stop this too – end-to-end encryption. Amish Gandhi, CEO of the secure file-sharing platform DropSecure, is on a mission to make data sharing privacy easily available to all. We spoke to him about how encryption works and why we shouldn’t be using Dropbox anymore.
What was the inspiration behind DropSecure?
I needed to send my own financial documents for a mortgage, but I couldn’t find a single service that could encrypt and send them safely. So, I manually encrypted the data myself and sent it to my loan service provider.
It’s a pretty painful process to encrypt documents manually, and not everyone has the knowhow on how to do it either. And so DropSecure was born, a service that helps individuals and businesses exchange documents and data privately and securely so only they and their intended recipients have access to their data.
Why is it important to encrypt the files you are sending?
There are two ways to exchange files: encrypted and unencrypted.
When you attach an unencrypted file, for example when sending via Gmail, your file contents are in clear text. This means if you send a mail to recipient on a different email service like Yahoo, now Yahoo will also have access to this document.
Unknowingly you have just increased the surface area for your data to be leaked. And since these documents stay on the cloud forever, whenever it is backed up by Google, this means they are forever vulnerable.
Encrypting a file means the actual contents are garbled with an external password. To decrypt the contents of the file, the password is required. If AES-256 encryption is used, it will take years for a super-computer to break that password.
It is the same technology used for cryptocurrency, and we’ve all seen the news stories about what happens when someone loses the key to their wallet – the currency is lost. Similar principle applies here, if the password is lost, no one can decrypt the data
DropSecure has ‘military-grade encryption’. What does this mean?
The US defense uses AES-256 based symmetric encryption to exchange all their data. But their systems are so complicated to setup that no one uses it.
At DropSecure we have bridged the gap between military-grade security and usability with our innovative key management system. This way everyone can benefit from the top-level security without needing the internal technical know-how on how it’s done.
DropSecure also uses ‘Zero Knowledge’ when transferring data. What does this mean?
Even though we store the data and documents sent by our users, because of our end-to-end encryption we’ll never be able to see the contents of their data. DropSecure will always have ‘Zero Knowledge’. We even encrypt the file names. Essentially no one owns the keys to your documents apart from you, not even us.
Three reasons someone should choose DropSecure, over Dropbox?
There are lots! But here are our top three for starters:
- Dropbox has many features, but the security is bolted-on, rather than in-built. So, Dropbox has complete access to all your documents and data, while DropSecure does not. If any breaches happened – like the recent Log4Shell attacks – your data will be safe. But if with Dropbox, it can be leaked.
- By default, all shared links are public in Dropbox, which means anyone who can get hold of your shared link can see and share your documents.
- Dropbox has no way for someone to send data securely without registering. But with DropSecure every user gets their own `My DropSecure Link` that they can use to receive documents with end-to-end encryption from anyone.
Should individuals, as well as businesses, be encrypting their files?
We believe that privacy is a fundamental right. Be it for government, company or an individual. From that perspective, everybody should take every effort to protect their privacy.