If you’re worried about security, you might be wondering if you should stop syncing files via Dropbox and other cloud services. But then, who really wants to give up the convenience of having your files synced between all of your devices and seamlessly shared with others?
That’s why many — and even Dropbox itself — suggest encrypting your files before saving them on Dropbox if you’re worried about snooping eyes seeing them. And while that might sound like too much trouble, SafeMonk claims to provide an answer by merging the convenience of Dropbox with pre-upload encryption so that no one other than you can read your files even if they can get a copy of them.
Turning Your Files into Coded Messages Only You Can Read
Encryption uses a private secured key to modify your files. Without this key, the files appear to be random gibberish. Recent versions of Mac OS have included a method of encryption for external and internal drives in FileVault and FileVault 2. In these native encryption methods a password is required to unlock and decrypt the contents of the drive.
SafeMonk brings a similar process to your Dropbox files. Before they are uploaded to Dropbox, SafeMonk encrypts each file so no one without the key can view or read your documents. All you’ll need to do is download the SafeMonk app to your Mac or PC, create an account, and fire it up.
The SafeMonk Folder is created within your Dropbox folder.
During software installation a recovery key is created and presented. This is a very important item, as if you forget your username and password, it provides the only way to regain access to your encrypted files. Once installed the program adds an item to your menu bar and asks you to log in. SafeMonk does not encrypt your entire Dropbox folder, but creates a folder within your Dropbox folder named SafeMonk. Everything you store within this folder will be encrypted and kept protected.
Here you can see the encrypted file that exists on Dropbox (on the left) and the same file within SafeMonk and readable on my computer on the right. Notice the computer cannot preview the encrypted file.
The files are encrypted on your computer before they are synced to Dropbox meaning unencrypted data never leaves your computer. In fact if you go to a computer without SafeMonk installed or the Dropbox web site and access the file you’ll see it cannot be read. When used locally the file encryption works transparently as long as SafeMonk is running and you are logged in.
Sharing Encrypted Files
Beyond synchronizing files between computers, another valuable feature of Dropbox is the ability to share files to another user. SafeMonk supports sharing your encrypted files with others users almost as transparently as unencrypted files. The other person does need to have a SafeMonk account and also have the program installed. When you share a folder you are required to approve the sharing through SafeMonk after which the appropriate keys will be shared with the recipient along with the folder.
You can only approve the share from a computer and not from the web site. If you are not at your computer when the notification arrives, you will need to have the server re-send the notification from the SafeMonk web site. The web site also provides a list folders that you’ve shared along with folders shared with you. You can also remove someone from a share through the web site. Currently SafeMonk can only share folders and not individual files.
How Secure Is It?
You must log into SafeMonk to access your encrypted files.
The question then is how secure is SafeMonk. In their FAQ SafeMonk states:
Even if we really, really, really wanted to – we couldn’t access it [your private key].
All key generation is done on your computer and not on their servers. A separate key is generated for each folder protected by SafeMonk. This key is protected with your unique private key protected by your password. Each file within a folder is protected by a separate key that is protected by the folder key. Each subfolder is also protected by the key of the folder its contained within. This means that without your SafeMonk password there should be no way to access any file. Since each folder is protected by a separate key, then sharing a folder provides no information about other folders protected by SafeMonk.
Conclusion
Ultimately SafeMonk appears to do a good job of balancing convenience and security. Since your login password provides the primary unique protection, the security will only be as good as your password. The company seems to understand encryption and security and uses standard and tested techniques and software. As a free service, though they do offer an enterprise version, there could be a concern on how SafeMonk plans to stay in business and if enterprise will be enough. Since you’re putting a lot of trust in the system to protect your data and do what the company says, ultimately it comes down to if your trust SafeMonk to do what they claim. From what I’ve looked at they appear to do so now and I’ll likely be using it going forward.
     |