Alternatives to Dropbox sync

ilsa
ilsa
Community Member
edited April 2014 in Lounge

Hi,

I'm wondering what AgileBits plans are for supporting other cloud sync services besides Dropbox. Besides being hit by Heartbleed and still not having corrected the vulnerability (if they had, I expect they would have trumpeted it loudly), they've now added Condi Rice to their board as 'privacy advisor'.

That's like making Ted Bundy the head of a rape crisis center.

I would like to move completely away from dropbox, but I can't because dropbox is the only service you universally support across all your different platforms. If you could support other services, that would be great. The top of my list would be the ability to use private owncloud instances.

Ilsa

«13

Comments

  • prouticus
    prouticus
    Community Member

    I share the desire to use an alternative to Dropbox after this announcement. Are there any workarounds?

  • neonomad
    neonomad
    Community Member

    Me too. The need to sync 1Password across my devices is the only thing keeping me on Dropbox. While Rice may be brilliant, I find her morally repugnant, and certainly don't believe that she would have the best interests of Dropbox users at heart. The best case would be for Dropbox to pay attention to all the negative reactions they're getting and do a Mozilla.

  • Hi guys,

    1Password does not rely on Dropbox (or any sync provider) to secure your 1Password data. From the moment we designed our data format we ensured that it was able to withstand an attack should your data fall into the wrong hands, either as a result of a Dropbox breach or if someone physically stole your computer. As such, we use AES encryption with PBKDF2 key strengthening to protect your sensitive 1Password data as well as many other mechanisms to stop an attacker from ever accessing your information and we detail this here:

    Security of storing 1Password data in the cloud

    So, as long as you use a secure master password that you don't use elsewhere, your 1Password data is incredibly safe even when stored on a service like Dropbox. If you're not sure about the strength of your master password, please do take a look at our recent blog post on this:

    Toward Better Master Passwords

    We can't think of many better ways to show just how strongly 1Password protects your data than by pitting it against the pre-eminent password cracking tool John the Ripper. We did exactly that:

    1Password is Ready for John the Ripper

    But the choice is yours to make. If you are cloud averse, you can use local wi-fi sync. :)

    With all that said, we are aware of the demand for people to be able to synchronize their 1Password data using other sync services. Thanks for the feedback!

    If you are syncing exclusively between Macs, then you can use Folder Sync with pretty much any sync service you want. This also appears to be holding up well in the 1Password 4 for Windows beta. But settling on one or two additional sync services and bringing them to 1Password for iOS and Android would take much more time.

    We've also written a blog post about the implications of the NSA, PRISM, and such:

    On the NSA, PRISM, and what it means for your 1Password data

    Please let us know if you have any other questions. :)

  • John Vann
    John Vann
    Community Member
    edited April 2014

    I share the sentiments of the other posters here. Unfortunately, I don't find the official response satisfactory. The excuse "well they can't read it anyway" doesn't cut it. I'm very disturbed by the fact they even appointed this woman and would prefer to exercise my right to protest it by canceling my service with them entirely. The alternatives for syncing 1Password are pretty slim though and not particularly convenient. For example, iCloud is Mac-only and "officially" limited to the version sold on the App Store. It also isn't even working for me at the moment, which forced me to switch back to using DropBox for the interim. And "settling" for local wi-fi sync is a lousy alternative if you don't need or want to go that extreme with your privacy.

    I would like to suggest adopting support for WebDAV. My "checkbook" app supports WebDAV and we use a cloud service of our choosing to sync that app to my wife's and my own iPhone. It works very well and quite reliably. The cloud service we are using (CloudSafe) is so security conscious that they can't even recover passwords for their users.

  • BenjaminMetzler
    BenjaminMetzler
    Community Member

    Wow, that was a serious non-answer from Jasper.

    Of course 1Password doesn't rely on Dropbox to secure our data. That's not the point. Right now Dropbox offers four options for syncing my 1Password data across multiple machines: iCloud, Dropbox, File Sharing, and Wi-Fi sync. I don't need to use Dropbox, but Agile Bits has made it one of the two viable options to use for syncing data between my different systems, (along with iCloud, which only works on OS X).

    With Dropbox's choice to appoint Dr. Rice to the board, I have to reconsider using their service given the number of things Dr. Rice has done in the past. That's between me and Dropbox.

    1Password is an essential tool for me and forcing me to choose between Dropbox and iCloud seems like an artificial limit given the sheer number of file syncing services such as Box or SpiderOak.

  • horseman
    horseman
    Community Member

    Not only is iCloud not cross platform but it also appears to only sync the Primary Vault, so is of little use if you have secondary vaults!

  • Stephen_C
    Stephen_C
    Community Member

    The next update of 1P4 for iOS will support multiple vaults: see here.

    Stephen

  • yetanotherdave
    yetanotherdave
    Community Member

    I echo this, I'm a mac and iphone customer, but I am also looking to buy the windows version, and the android version. A cloud alternative such as box.com or google drive would really help my 1password buying decision making process, quite simply, I now want to delete my dropbox account.

  • Ronald A. Marcus
    Ronald A. Marcus
    Community Member

    I too am digested by the appointment of Dr. Rice to the Dropbox board, and will delete my Dropbox account. However, that leave me only the choice of iCloud, which is fine for my Mac and iOS devices, but I also need it for Windows running on Parallels. I just had a thought that I could use iCloud for my Apple products and use the "iPassword Mini" app to get my passwords into my Windows app. Does anyone know if that would work?

  • Jasper
    edited April 2014

    Hi guys,

    Thanks for all the feedback and comments!

    We're not trying to make an "excuse" for anything, but it is important to point out that we simply don't rely on Dropbox (or any sync service) to provide the security for your 1Password data. But, I'm not saying that you're wrong for wanting to delete your Dropbox account in protest of their move.

    Like I said above:

    With all that said, we are aware of the demand for people to be able to synchronize their 1Password data using other sync services. Thanks for the feedback!

    Syncing is very complex and consumes a lot of resources to develop and support, but we do plan to expand further. We are investigating other services, such as Google Drive and Microsoft SkyDrive, and whether they can be fantastic sync solutions 1Password customers deserve.

    The short answer to “Have you considered X as an alternative sync solution” is “Yes” for every value of X that people have asked about. We have considered them, and have had to reject many for various technical reasons.

    Like I said above, if you are syncing exclusively between Macs, then you can already use Folder Sync with pretty much any sync service you want. But to integrate specific services with our mobile apps (such as 1Password for iOS and Android) is more complicated. First, the sync service must provide usable APIs for all the platforms we need to support. Next, each sync service we want to add requires a lot of development and support resources.

    Please know that we are checking out alternate cloud file storage and sync services to see if they can be an option for syncing your 1Password data. Although we don't have anything to announce at the moment, please don't think we aren't working on it.

    Also, I've moved this to the "Lounge" section, since it's not specifically related to 1Password 4 for Mac.

  • RichardPayne
    RichardPayne
    Community Member
    edited April 2014

    Please know that we are checking out alternate cloud file storage and sync services to see if they can be an option for syncing your 1Password data. Although we don't have anything to announce at the moment, please don't think we aren't working on it.

    You clearly do though:

    We have considered them, and have had to reject many for various technical reasons.

    Announcements don't have to take the positive form of "we not support X". They can also be negative; "we can not support Y, because Z". Personally I think that, given the obvious demand for additional sync services, you should create a sticky thread here listing all of the sync services you've investigated along with a current status.

    For example:

    DropBox - Supported

    GoogleDrive - Waiting development.

    OneDrive - Under Investigation

    Box - Rejected (API does not provide real time updates)
    MozySync - Rejected (Not available on iOS)

    That sort of thing.
    Unfortunately, once again, your institutional unwillingness to release information on future developments for fear of disappointing people is making you look indolent.

  • Sorry, we don't normally pre-announce new features as too many factors can affect them.

    For example, WebDAV sync was promised at one point, and were unable to deliver:

    We've long had our reluctance to promise features before they were delivered, but one exception was when we promised WebDAV/MobileMe synching for 1Password Pro for iOS. At the time we made that promise we were 95% complete with WebDAV support.

    The remaining 5% killed us. It turns out that the speed and reliability of WebDAV file systems weren't up to the demands that were needed for the structure of the Agile Keychain Format. Once we started testing it in practical use, it just failed miserably. We tried to develop our own local cacheing on top of the WebDAV filesystem; we tried other tricks to lighten the load. In the end, we were dedicating a huge portion of our time to getting just the "last touches" to work that we had to abandon it and break our promise.

    Once we do have something to share, we'll be sure to let everyone know. :)

  • donmontalvo
    donmontalvo
    Community Member
    edited April 2014

    OMG the drama is deafening. :) Does anyone really think NSA can't get to your 1Password file if they tried? If NSA wants your data they're going to get it. Period. Whether they can open the password file or not, well, I suppose that depends on how long AgileBits can withstand NSA's armtwisting/threats. ;)

    Set a nice complex password for your 1Password file...and if you had a weak one before, circle back and RESET all your critical account passwords after setting your complex password on your 1Password file. Sleep soundly, go out and have fun.

  • Thank you for clarifying the WebDAV situation. However, I can't stress this enough: Dropbox is becoming a non-option for an increasingly large number of users that have non-Apple devices. What if you guys offer your own sync-ing platform for a monthly fee? I know it's hard to make a generic "cloud drive", but something that would be used solely for 1Password data storage in a platform-neutral way could appeal to several people. Cheers.

  • Thanks for the feedback!

    Regarding an AgileBits sync service:

    We've tried a number of ways to deal with data synchronization. There was a (failed) attempt to run our own system many years ago. We just couldn't get it to work reliably enough. Of course any attempt to revive something like that, may still not be a satisfactory solution. The same concerns that people have for Dropbox should be asked about any service we run. So such a system would need to designed in a way that protects your data from us.

    At the moment we have no information at all about 1Password users (other than those who specifically chose to contact us). We can't be compelled or tricked into revealing data we don't have.

  • RichardPayne
    RichardPayne
    Community Member

    Sorry, we don't normally pre-announce new features as too many factors can affect them.

    For example, WebDAV sync was promised at one point, and were unable to deliver:

    I understand, but those of us with a mental age over 6 are quite capable of understanding a retraction on technical grounds, which is what the WebDav issue was I believe. The point I was trying to make is that if you explain what the problem was that caused a retraction (and giving nice detailed technical explanations is clearly something you guys do very well, having read read most of your blog) then I suspect that most of us will accept that far more than vague fob offs on a feature that is clearly in huge demand.

  • Megan
    Megan
    1Password Alumni

    Hi @RichardPayne‌

    You're right, we do have a pretty awesome and intelligent group of forum friends here, and I'm sure that most of them could accept an explanation on why a sync service ultimately became untenable. :)

    In fact, I think your suggestion of a sync announcement in the forums might actually be a helpful tool for users here. Sync has clearly become a hot topic due to recent events, and a short-hand list like this could answer a lot of questions. I'll pass this idea along to our developers.

    Thanks so much for your feedback - it's much appreciated!

  • Niklas
    Niklas
    Community Member

    OMG the drama is deafening. Does anyone really think NSA can't get to your 1Password file if they tried? If NSA wants your data they're going to get it. Period. Whether they can open the password file or not, well, I suppose that depends on how long AgileBits can withstand NSA's armtwisting/threats.

    Way to miss the mark there.

    This is not about NSA getting to our data. We (well at least I do) trust Agile Bits to implement a strong cryptographic function correctly. This is about using our democratic tools as consumers to "vote with" our wallets. We are very unsettled by the fact that Rice has been appointed to Dropbox's board and we do not want to do business with such an entity that condones and even rewards her unethical behaviour.

    We are not afraid that our 1P data is going to be compromised, but Dropbox contains a lot of other stuff. But we are afraid that Rice will influence the future of the company in a negative fashion. We are also saddened because of Rice's history of unethical behaviour will repeat itself. We are also saying to Dropbox by hiring this person you explicitly approve of her past behaviour, including her sponsoring torture as a method of interrogation, and – yes, her propping up funds to the NSA among other things.

    We would like to take 1Password with us to an alternative to Dropbox, which is why we ask what other services 1Password support and might support in the future.

  • ilsa
    ilsa
    Community Member

    What about OwnCloud? This would be my preferred choice, because they we could set up our own internal 'cloud' (I hate that term so much...) for syncing with.

  • Megan
    Megan
    1Password Alumni

    Hi @ilsa‌

    Thanks so much for adding your thoughts here! While I can't provide much more detail than what has already been mentioned above, ownCloud is a solution suggested by many users, and I'd be happy to add your vote to the request.

    Hi @misterSunny‌

    I'm not quite sure how much of this epic thread you have read, but, in addition to iCloud sync, 1Password 4 for Mac does currently offer Folder Sync, which will sync your 1Password.agilekeychain to a location of your choice so that you can use a cloud-sync of your choice to sync your data to another machine. Does this help?

  • John Young
    John Young
    Community Member

    I'm using Folder Sync now with Cubby and it seems to work just fine. I guess the drawback is that you don't get automatic iOS sync, but I just Wifi Sync for that (which I have to remember to do periodically.)

  • Jasper
    edited April 2014

    Folder sync between Macs should work well with most any service. It's just iOS (and the other mobile platforms) that are a bit more complicated. But, as long as you're happy with wi-fi sync, your setup sounds awesome! :)

  • EnerJi
    EnerJi
    Community Member

    @JasperP, does Folder Sync work between Mac and Android using Google Drive? If so, could you point me to directions for setting it up... Thanks!

  • Hi @EnerJi,

    Dropbox is the only sync option on Android currently. We're looking into Google Drive as a possible sync option for the future though.

  • EnerJi
    EnerJi
    Community Member

    @JasperP, Ahh, I misinterpreted your previous message. Too bad, but hoping it comes along one of these days. Thanks for the super speedy response!

  • You're welcome, @EnerJi. I've edited my post above to clarify. :)

  • OwenA
    OwenA
    Community Member

    Hey folks, I was redirected here from a clone post i made in the Mac subforum, btu to add my few cents.

    I am not worried about the NSA and 1Password, as many pointed out they can get my files anyway if they need. I am not saying I like that, but I am aware of it and am aware you do all you can to protect me. The point is more that DropBox is on the critical path for 1Password multiplatform use, and it was a part fo why i stay with 1Password, and proselytise about it to others (to manorly brag, I think i am responsible for a good 20 purchases among friend and family, apart from my own several licenses). Multiplatform password sharing is huge for me, and makes my working life infinitely easier.

    Right now as a company, you are relying on DropBox for a pretty major aspect of your value offering, which alone is just risky. I like that you offer foldersync and iCloud but they do not offer the same as DropBox. I would think that if nothing else, as a strategic decision you should support two solutions for the safety and security of your company and your clients. I am happy to hear that you are looking into other platforms, and I appreciate that you do not want to over-promise, but I think a statement of the sort "we are working toward having at least two solutions to multi platform sync, so neither we or you are reliant on DropBox" would be a smart move.

    The interesting thing is that I am clearly not alone in using DropBox only because of 1Password. Personally I use GoogleDrive as it is an excellent solution to small business file storage when combined with google apps, and makes running my company that much easier. Also, Google have the knack of knowing how to engender trust and confidence in their customer base. In the end they may be as evil as everyone else, but at least they seem to try. DropBox's comments on criticism of Dr Rice were laughable and disappointing, not even acknowledging user concerns. Agilebits have much better crisis communications than that on what I imagine is a nanoscopic budget in comparison. If you have an alternative for users then you are not tied to DropBox, which right now you kind of are.

    You did really well around HeartBleed and also around the crypto weaknesses you dealt with last year, i think you don't need to trash DropBox here, but a strong statement and decision to ensure you have multiple sync options soon ad in future would help out.

  • khad
    khad
    1Password Alumni

    Thank you for your kind words and support, @OwenA. They are sincerely appreciated.

    We certainly understand the reasoning behind the desire to switch away from Dropbox. As with our open data format and export options, we want happy users not trapped ones. This applies to sync options as well. We understand the pros and cons of the existing four sync options (Dropbox, iCloud, Wi-Fi, and Folder sync), and we are actively pursuing other other sync solutions. We will announce more as soon as we are in a position to do so.

This discussion has been closed.