These days there seem to be a never-ending number of cloud-based services for stashing your data. Depending on what you need from a service, whether it’s purely backup, file syncing, or even collaborative working, chances are there’s a service to suit you.

 

Working as I do from more than one location, using more than one computer, it’s important for me to be able to easily access my files where ever I am that particular day, whether I’m in the office or on the road.

 

Over the last couple of years I’ve tried a whole range of different options. Usually they’ve been based around using SFTP or Amazon S3 space mounted as a local drive, for which I’ve tried ExpanDrive, MacFusion, JungleDisk, and ZumoDrive.

 

Overall they all worked pretty well, but generally suffered the same problem, and that is one of speed. This is the one big problem with cloud storage – that accessing it (in a useful way) requires a pretty fast network connection. Upload speeds are meagre in comparison to download speeds, so copying stuff onto the “drive” often meant a long standing Finder window. Clever caching helps, but you just can’t get away from the problem.

 

Then there’s the problem of when your connection goes down, or you just plain don’t have one. Put simply – no network, no files.

 

That’s where Dropbox plays its trump card. Because whilst on the face of it Dropbox is just another cloud storage service, actually it’s not. It’s a file synchronisation service that uses the cloud to keep your files in sync, provides a remote backup of them, as well as offering web and iPhone access to them at the same time.

 

Sure, the backup and web access are commonplace, but it’s the syncing that is the magic. What happens to your files if you’re not online? Well, nothing. They’re still on your computer and you can still work with them. When you get back online they sync up without bothering you with the details.

 

But there is the rub. The files are actually always on your computer. With a hosted virtual disk, once you shut down those files aren’t there as the disk is unmounted (aside maybe from being in the cache), and from a security perspective that’s a good thing, but with Dropbox that’s not an option, as all you’re doing is using the cloud to keep your files up to date.

 

So is there anything we can do about that? As it happens, yes there is. Enter Espionage.

 

Espionage is a simple app that plugs a big hole in the security of Mac OS X, in so far as it allows you to selectively encrypt individual folders of your choosing. Forget the cold slab approach of FileVault taking control of your whole home folder, this is sexy, selective, and very powerful.

 

Espionage utilises Apple’s own encrypted disk image formats, and offers a choice of sparseimage or sparsebundle formats (the later being much better for larger folders), but removes the clunkiness of having to mount them yourself and deal with them as a separate drive, as you would with it’s closest rival TrueCrypt (although being fair they’re not technically rivals seeing as TrueCrypt is open source and free and Espionage isn’t).

 

Rather than having to mount disk images manually and access them as drives, Espionage cleverly intercepts your attempts to use the folder that you’ve locked down and will unlock it on the fly for you, mounting the disk image and remapping the folder back to it as a symbolic link. This process essentially makes the encryption of the folder and the use of disk images seamless.

 

But getting back to the original point, how can this help you with securing the contents of your Dropbox locally on your computer – because Dropbox doesn’t support the use of external media for it’s location. Or at least it doesn’t think it does. But, with a bit of clever configuration it can be done.

 

So what are we actually trying to achieve here? Well, the goal is to secure the files held on my computer, that are kept synchronised by Dropbox. That way if my computer is stolen then the hard disk is not going to (easily) give up my files.

 

Obviously you still need to consider that most basic of security principles – using decent strong passwords to ensure you are as safe as you can be. It should also be stated that this approach does nothing to enhance the security of your files on the Dropbox server.

 

Dropbox themselves store their data on Amazon S3 encrypted using AES-256. Dropbox employees don’t have access to your data, and all traffic between your computer and their servers is encrypted using SSL. You can read about their security policies here.

 

So all that cleared up, how do we do it? Well first off sign up for a Dropbox account and download the installer. Obviously you’ll need a copy of Espionage as well.

 

For the purposes of this example, a free Dropbox account offering 2GB of storage is fine. If however you already have a Dropbox account with one of the paid options offering higher capacity then no problem. I myself use a 50GB account with no problems.

 

It is worth noting also the default size of the disk image created for an empty folder encrypted by Espionage is about 2GB, obviously larger folders would be assigned disk images with sizes to suit. You can always resize the disk image yourself manually using hdiutil resize if need be, which if you’re working with an existing Dropbox installation you might need to (depending on the size of your folder).

 

It is also worth mentioning here that because sparseimage and sparsebundle disk images don’t take up the same physical amount of disk space as their capacity, you can create or resize disk images to be any size – even larger than the physical disk it is on if you really want to (not a good idea).

 

Because of this you might want to resize the disk image to bigger than your Dropbox capacity, so you can also have other folders within your Vault folder to be protected that aren’t kept in sync with Dropbox.

 

Before running the Dropbox installer decide where you want your encrypted folder to be, and create a folder there. For this let’s call it Vault, and stick it in my home directory. Giving us the path /Users/ira/Vault.

 

Now run the Dropbox installer and at the end, when prompted if you want to decide where to locate the Dropbox folder, opt to select where it goes yourself, and stick it inside your Vault folder. Once Dropbox has installed, select Preferences from the menubar icon, and deselect the option to Start Dropbox on system startup. Then select the Quit menu option to close Dropbox down.

 

If you already have Dropbox up and running, you can go to Preferences from the menubar icon, and click the Move button to relocate the Dropbox folder into your new Vault folder. Then as above, deselect the option to start Dropbox on startup, and quit out of Dropbox.

 

Next load up Espionage and drag the Vault folder onto the Espionage window to add it as an encrypted folder.

 

From the options available, select sparsebundle, and set the folder to Autounlock at login, then click Save Changes. If you’re working with an existing folder with data in it will obviously take a little longer to encrypt than an empty folder.

 

Once that has finished and you have your encrypted folder setup, select the Vault folder in the Espionage list of encrypted folders, and click on the Edit Application Associations button, click on the plus (+) symbol to add an application association and select Dropbox from the Application folder.

 

Once Dropbox has been added to the list, then ensure it’s selected and check the option to Launch at login. This will ensure that Dropbox starts automatically once the disk image has been mounted.

 

And that’s all there is to it. The contents of your Dropbox is now encrypted locally on your computer.

 

Now if you uncheck the Locked option in Espionage for the Vault folder and click save changes then the Vault folder will be unlocked and Dropbox will be started.

 

Given that we have set the Vault to autounlock at login, essentially the fact that the folder is encrypted actually becomes pretty much invisible.

 

If you didn’t want to set your folder to autounlock at login, then that’s no problem. Whenever you try to load up Dropbox, Espionage will catch that and prompt you for the password and unlock the Vault folder for you. Simple.