Problems using NetShare with Synchronization Utilities (e.g. Dropbox)
I am using PGP Corporate Desktop v10.1.1 on a Windows 7 system, and I wanted to see how PGP would interact with Dropbox (http://dropbox.com). My goal was to impose PGP encryption on Dropbox synced/shared data.
Dropbox auto-synchronizes a given local PC folder hierarchy across other participating PCs and a remote file store (operated by Dropbox and implemented on top of Amazon/S3). Access to data is either through the identified folders on one of the participating PCs or via a web interface to the remote file store. Dropbox is a recently popular instance of many available syncronization utilities, and provides a simple, automated and reasonably transparent way to share files, and to back them up and view them online.
It turns out that it's very easy to lose encryption of data in the synced online/remote location. Here's an example:
- Use NetShare to CREATE a managed sub-folder of the Dropbox synced folder, and then create a file in that folder
- EXIT PGP Services
- The Dropbox REMOTE copy (there, having been synced by Dropbox) is NOT encrypted = Verify by browsing Dropbox website and viewing directly or downloading and viewing.
- The LOCAL copy IS encrypted and not viewable.
This is a disturbing interaction if your naive assumption is that objects under NetShare management will RELIABLY REMAIN ENCRYPTED wherever and however they are copied about. I am told this problem does NOT exist when using Microsoft Sync Center to syncronize a local PGP NetShare folder and a remote file-share. Dropbox is NOT creating remote file-shares. What is it doing?
More generally, what is going on that could explain or allow for this kind of loss-of-encryption on copy? Has either PGP or Dropbox architecture/design allowed for a race-condition between copy and encrypt actions? Must it be the case that Dropbox syncronization is implemented "above" PGP in such a way (e.g. user-space operation) that it is seeing the unencrypted data streem? Dropbox does binary diffs (see https://www.dropbox.com/help/8) before syncing in order to minimize bandwidth utilization, which at least vaguely suggests a lower level implementation.
Does anyone have experience with this or have a more knowledgeable perspective to share?