English French German Italian Portuguese Russian Spanish

Encrypt Everything? Seeking Answers for Reasonable Data Protection

  • Published: 22 July 2014

It’s been a week now since we met many of you in person at the American Bar Association’s annual TECHSHOW in Chicago. The big message we came away with? Encrypt everything. It could come off as blunt or cumbersome, if the threats from snoops, thieves and idiots weren’t growing by the day. Applied with simplicity, encryption of data itself should be the default when it comes to protecting everyone and everything. We’re still pondering this idea and how it fits with the exciting stuff we’re planning in updates of Viivo. But the attorneys and tech people at the ABA event (and RSA before that) gave us a jolt on our own direction based on discussions with our largest pool of users, small firms and solo practitioners. Here are some of our lasting impressions:

Add a comment Read more: Encrypt Everything? Seeking Answers for Reasonable Data Protection

Thinking Outside of the Dropbox (with New Security for You)

  • Published: 22 July 2014

There have been a bunch of changes here recently – and we’re not just talking about our upcoming move across town with our parent company, PKWARE. As regular Viivo users hopefully have noticed, we’ve been speeding along with a slew of new features for easier sharing, expanded cloud and platform connections, better mobile protection, and bulk work with files. We’ve created deeper explanation pages for two of the principal changes, Viivo Edit (an easier path to automatically encrypt and decrypt files) and DropZone (for protected sharing of groups of files). In short, these features reflect the growing data connection needs of our users, especially in business department or group settings. We appreciate your contributions (and patience) as we built the new features around this latest version of Viivo. Even as cloud and email vendors talk about adding protections, you still need to bring your own encryption if you actually want full control over who can see and access your files. That’s part of what we said recently in an update of the new features with industry experts. In his recent report, 451 Research Analyst Garrett Bekker recently put our new features in a broader security context:

Add a comment Read more: Thinking Outside of the Dropbox (with New Security for You)

Lessons on Privacy and Encryption from Watergate – A Talk with Former Nixon Counsel John Dean

  • Published: 24 March 2014

Illegal surveillance, public outrage on privacy, Constitutional concerns … in many ways, the Watergate break-in and cover up sound like they could’ve happened last week.

Watergate, the incident that ultimately brought down the Nixon presidency, also opened a broader conversation on privacy in the 1970s. A key figure in the outcome from the Watergate exposure of Nixon’s recordings and surveillance was White House counsel John W. Dean.

Dean was dismissed by Nixon for defiance and later testified against the maligned president. Far from going away quietly, Dean has spent that past few decades hammering out books of historical reflection, working to shape legal frameworks on ethics, stirring the political pot on the Left and Right, and staying on top of the technology behind it all.

Add a comment Read more: Lessons on Privacy and Encryption from Watergate – A Talk with Former Nixon Counsel John Dean

The New Dropbox – When Business Gets Personal

  • Published: 19 March 2014

A quick note on a new report that Dropbox will be melding accounts for business and personal users.

Between tinkering with its ToS and “tools for administrators” to come, the biggest public cloud of them all hasn’t been afraid of changes of late. It’s also showing a bit of confusing direction when it comes to its (much smaller pool) of business customers. As the Engadget report states:

“[S]oon, you'll be able to switch between business and personal files without having to constantly sign in and out. The tool really only applies to those who use Dropbox for Business, as it will give them simultaneous access to corporate-controlled files and their own documents. Naturally, the ability to manage two accounts from one place will extend to your smartphone and tablet as well as the desktop.”

This might make Dropbox more tolerable for Business users that want some measure of control, visibility and shared storage but it’s still a far cry from what an enterprise customer would expect. Users being able to “opt out” from company visibility isn’t a requirement on any RFP I’ve ever seen.

The change will also likely confuse end users. They must now connect a personal Dropbox with their renamed “Work Dropbox” on the Web. They’re lured with an additional 15GB of extra space for their trouble but the fine print spells out an offer that only exists for as long as the two remain connected. Adding insult to injury, camera uploads going to the old folder will stop syncing and need to be relinked to the Personal folder. Any pictures that are work related will need to be moved. Oh yeah, and most importantly: instead of one Dropbox, teams users will now have two.

If that wasn’t enough, Sys Admins have to deal with auto-updating “userland” software that will be changing file system paths on end user workstations. As it appears, their old Dropbox folder will automatically rename to “Dropbox (Team Name)” and they’ll find they have a new “Dropbox (Personal)” folder at the same level.

While I agree with focusing on Business I think Drew and team are departing from one of the early bets that made Dropbox successful. Users just want one place to put all of their stuff. Dropbox was one folder everywhere. Now, it’s two folders that behave differently.

In our file protection talks with business owners and analysts at Gartner and 451 Research, we’ve shared concerns that Dropbox could be at the cusp of an awesome service that, a few missteps or lost usability later, goes by the wayside (think MySpace). It’d have a long way to go, but the convergence of folders could open up privacy or usability headaches.  All of this as Box, Google Drive and OneDrive are doing their best to lure everyone with their own variance of storage and sharing.

From a user perspective, we still advocate tools that keep security and control of stuff shared in the cloud in your hands. Then, it’s both easy and safe to bounce between clouds, folders, iPads or wherever.

Add a comment

How To: Mobile Encryption for iOS and Dropbox

  • Published: 14 March 2014

Mobile encryption and decryption are finally catching up to the way people already use iOS devices and Dropbox.

Understandably, you don’t want to add a cumbersome security step to the way you edit files on your iPad, or to the way you share that same file in Dropbox. Security should work seamlessly with files as well as with how you use iOS and Dropbox – period.

With the continued surge in mobile devices, nailing down that security has been paramount. And encryption is becoming the preferred source for that security. Just this week, Gartner Research analysts Tom Scholtz, Matthew W. Cain and Andrew Walls summarized some of the challenges and strategies in securing new user platforms and sources of engagement like mobile devices and tablets. Their first recommendation? “Adopt an information-centric security approach that requires minimal control of endpoints.”

Encryption covers the “information-centric security approach” that Gartner calls for, but until now it has been a missing piece of the back-and-forth between files accessed and used in iOS and sent to Dropbox. That’s why we’re proud to announce new features for mobile encryption and decryption on iOS with the professional version of our app, Viivo Pro. It’s built to give you security with the way you share and work files on any Apple device and with Dropbox.

In essence, Viivo for iOS can encrypt a file handed to it from another App (such as Email, Docs2Go, Box, Dropbox, etc.) and then encrypt it and automatically upload it (through the Dropbox API) directly back into Dropbox. As a deeper explainer, we’ve posted something along these lines on our support forums, but wanted to open our “how to” to a broader audience. (Prefer instructional videos? Check out our explainer on the Dropbox forums.)

So, here’s how Viivo Pro encryption for iOS and Dropbox works (in a few steps that take a few seconds in total):

  1. Open your favorite productivity app, messaging app, or multimedia app.
  2. When you are ready to encrypt your file, look for an "Open In" option (most apps have this option).
  3. From the "Open In" app listing, select Viivo. This will launch Viivo.
  4. If you are a Viivo Pro user (the professional version of the app), you will be able to select the destination folder to encrypt and upload your file to.
  5. If you select a private folder, Viivo will encrypt it for just you; alternatively, if you select a Dropbox shared folder, Viivo will encrypt it for the share.
  6. Tap “Done” and Viivo will handle the encryption and uploading. A few seconds later, you’ll see a newly encrypted file in your Dropbox folder.

If you’re new to Viivo and want to take advantage of this sweet, easy new feature, visit our products page and select Viivo Pro. Already use Viivo for protecting personal files? You can upgrade to Viivo Pro here (and for a limited time, we’ll give you 25% off. Use the coupon code 25OFFVIIVOPRO at checkout).

The additions of mobile encrypt/decrypt for iOS and Dropbox is the first part of a feature rollout that’ll also include Android and other cloud services in the near future. This is somewhat uncharted territory, so we’d love to hear your feedback on the mobile encryption features (or any others). Post a review on the Apple App Store or reach out on our forums.

Add a comment

Yes, Dropbox Changed their Terms. No, You Don’t Have to Worry.

  • Published: 06 March 2014

Like many of you, I took a quick glance at the Dropbox Terms of Service “revision” email that went out to all users – and promptly deleted it.

Why? Certainly not because I don’t use Dropbox. I love it. It’s a great service. They sync your files better than anyone! (Besides, I’d have a tough time creating software to protect the cloud if I didn’t work in the biggest public cloud of them all.)

The reason I don’t care about the Dropbox ToS update is because it simply doesn’t apply to me. Let me explain. I don’t care who Dropbox sends my files to. Really? I went back and dug up that email, following the link to their ToS changes, just to make sure. Here’s what their government data requests principles page states:

"There have been reports that governments have been tapping into data center traffic of other services. We don’t believe this is right. Governments should instead request user data by contacting online services directly and presenting legal process. This allows services to scrutinize the data requests and resist where appropriate."

Naw, that doesn’t work for me. I don’t need my “services provider” making decisions about my data without my involvement. Even if they do plan to “resist where appropriate,” whatever that means.

Don’t get me wrong, I’m all for transparency. There’s more interest than ever for your data, through legal requests or otherwise. But disclosures don’t amount to much when it comes to my own security.

It comes back to the central reason we created Viivo. Viivo wraps up security of files themselves. This squashes the value of whatever data Dropbox hands over in the case they don’t “resist.” More than that, you’ve got confidence in protection of files when shared and stored in an awesome service like Dropbox. Empower the use of the cloud so that you don’t have to go back to the fine print when you want to share spreadsheets with co-workers or playlists with friends. (And how about adding the Talking Heads tune “Don’t Worry About the Government” to that playlist in the spirit of this post?)

Dropbox has rightfully raked up a lot of cash ahead of a potential IPO. With that type of business move – with the other public cloud providers watching closely – there could be any number of changes to terms of service. None of that matters if you bring your own “date to the dance”: your own encryption and key management for the cloud.

Let me know your thoughts on the revision to Dropbox’s ToS, or any others you’ve seen lately from the big cloud vendors. With responses to any emails or comments, I’ll make it my personal ToS to “resist where appropriate."

-Matt Little, VP of Product Development, Viivo

Add a comment