Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What Should I Do About Boxcryptor?

Boxcryptor’s unexpected sale raises many questions.

With its sale to Dropbox, the future of Boxcryptor is uncertain. There's no rush to take action, but I'll share recommendations.
Dropbox + Boxcryptor = ?
Dropbox + Boxcryptor = ? (Image: askleo.com)

I was shocked to learn this week that Boxcryptor had been sold to Dropbox. (Boxcryptor is a program and adds a layer of security to data you store in the cloud by encrypting files locally on your device.)

The messaging was poor and raised many questions.

Let me speculate a little and recommend a course of action: a course I’ve already embarked on.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

The future of Boxcryptor

  • Boxcryptor will continue to work for those who already use it, but it’s unclear for how long and with what file sharing services.
  • No new Boxcryptor accounts can be created.
  • It would be prudent to plan a transition from Boxcryptor to alternatives like Cryptomator.

Boxcryptor still works

I want to be clear that Boxcryptor’s technology is not being called into question.1 The company continues to work, and their press release includes the following:

If you’re an existing customer, you can keep using Boxcryptor as you do today.

New accounts are disabled, so if you’re not using Boxcryptor, you’re not only unaffected, you can’t start using it.

They promised an email to all existing users with more information and steps, but as I write this a week later, I have not seen such an email.

It’s very confusing.

But the good news is that if you’re an existing customer, there’s not any urgency. It’ll keep working. For now.

The muddy future

There are two things that concern me about the sale.

First, how long will existing Boxcryptor accounts keep working? Since it’s no longer a product that’s available to new users, at some point it seems inevitable that the plug will be pulled or some technological change (say a Windows or MacOS operating system change2) will break Boxcryptor. Will anyone be around to fix and/or update it? What if there’s a security issue or vulnerability discovered?

I don’t like “what if” speculation, but it’s an important consideration for the future of Boxcryptor.

Similarly, having been purchased by Dropbox, does this imply a reduced emphasis on competing services like OneDrive, Google Drive, or others? Dropbox is almost guaranteed to have a solution — be it continued use of or some evolution of Boxcryptor — but it seems unlikely they’d provide this same solution for their competitors.

With so many unknowns and what one would expect to be changes coming someday, perhaps it’s time to make alternate plans.

Switching to Cryptomator

Within hours of learning of Boxcryptor’s sale, I switched to Cryptomator.

I did it quickly, but not because I believe there’s some kind of imminent disaster. I do not. You don’t have to be in a rush.

I did it mostly because I know questions are coming. Smile

I used Cryptomator many years ago and have continued to recommend it alongside Boxcryptor ever since. I stopped using it because of some technical incompatibility I can no longer recall. Apparently that issue has been resolved, because it’s working well for me so far.

I’ll be revising my Cryptomator recommendation in the coming weeks, but the bottom line is that it’s free with the exception of the smartphone app. And while it differs somewhat in the implementation details, it’s a fine alternative to Boxcryptor.

Do this

If you use Boxcryptor, plan for change.

That could mean using it until you can’t use it anymore and changing then. It could mean moving to whatever the technology looks like when it’s integrated with Dropbox. It could mean moving to an alternative solution today. Or it could mean something in between.

My recommendation is “in between”. As I said above, there’s no rush, but it would make sense to switch in the coming weeks or months when there’s a convenient opportunity to do so.

Stay on top of an ever-changing tech landscape. Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio

Play

13 comments on “What Should I Do About Boxcryptor?”

  1. What Happens to Boxcryptor Users?
    Boxcryptor Free users have a cancellation period of one month to the end of the month according to our terms and conditions. These users will soon receive the cancellation of their free license via email. All free licenses will be cancelled by 01/31/2023.

    Reply
  2. I’ve been using Cryptomator for a few years now and can highly recommend it. Its a great (albeit better) alternative to Boxcryptor and the responsiveness of tech support and the community is fantastic. I’ve established a “vault” for every cloud service I use (about 4).

    Reply
  3. I tried Boxcryptor several months ago but I could not get it to work properly. I used it to encrypt a folder and files with the folder. I was a database administrator (Oracle) for about 20 years before retiring in April 2022, so maybe my techno knowledge got in the way of successfully using Boxcryptor.

    When I left Boxcryptor, I decided to partition my hard drive and use Bit Locker. I have a Windows 10 Pro. My sensitive documents are on the partitioned hard drive. Bit locker works great for me, although I had to do some digging on what to put into two small batch files to unlock (with a keyboard entered password) and re-lock the encrypted drive.

    Question for Leo – With Cryptomator (and possibly Bit Locker too), when files or a drive are de-encrypted and “in use”, can the files be read by malicious software or by other snoops?

    Reply
  4. Leo – That’s what I was afraid of. Even though I have anti-this and anti-that on my PC (and a firewall on my PC and a firewall between our router and all our wired PC’s in our house)… nothing in life is guaranteed. There COULD be malware sleeping “in the wings” just waiting for me to open an encrypted drive. Like a former work Supervisor of mine use to say 30 years ago, “It’s not IF something happens; it’s WHEN something happens”. That had more to do with our old 5.25 inch floppy disks and the gold platter on our DEC PDP-11/70, but I feel the same logic holds true today. Glad I have multiple backups.

    Reply
    • The only way malware would be on an encrypted drive is if you let it on your computer before encrypting the files. You would have a much greater chance of unencrypted malware on your machine. That makes encrypted malware nearly a non-issue.

      Reply
  5. Even if the malware can’t see or read your information, it can delete/alter/corrupt the underlying files if it can access them. A Cryptomator container is as secure as the underlying drive it rests on. One trick I use to protect my files, is I duplicate all my OneDrive files on GoogleDrive. (Which includes my underlying Cryptomator files.) I then turn off Google Drive sync except once a month I turn it on just long enough to get it caught up with my changes. Sometimes I do this again, if I am making many changes to files. (Big project, lots of letters, Christmas cards, etc.) But then I turn the sync off. So even if my files are compromised with my OneDrive, I can go to Google and get it all back. Doesn’t matter if the compromise is because of some hardware failure, malware, malicious actor with physical access to the computer, etc. (Or, just 5 year olds with poor supervision. It’s happened!)

    Reply
    • There’s an important distinction, though: corrupting the encrypted files is not the same as accessing their contents. Most files are encrypted because the contents are sensitive for some reason. (Example: I just downloaded bank statements into my Cryptomator-encrypted section of cloud storage.) Keeping the contents secure is why I encrypt.

      DATA LOSS can happen whether the files are encrypted or not. This is why we back up. I generally recommend backing up the UNencrypted contents of any encrypted storage and then storing those backups in some other secure way.

      Reply
  6. Team Leo- I didn’t mean malware on an encrypted drive. I meant malware on the un-encrypted drive. Malware does not have to steal or alter data the moment the malware is installed. It can wait to do its dirty work based on a future date or event… like opening an encrypted drive or folder. Keeping anti-malware up to date helps to prevent an infection or, if you have a good anti-malware product, remove an infection.

    Reply
  7. It would be wonderful if someone would publish a step-by-step migration guide from the now-discontinued Boxcryptor to Cryptomator!

    Reply
    • In a nutshell:

      • Mount your BoxCryptor drive
      • Copy ALL files out of BoxCryptor to some other, unencrypted location on your machine.
      • Use this as an opportunity to ALSO back up all those files.
      • Install CryptoMator
      • Configure CryptMator (basically follow Cryptomator’s instructions) to place its encrypted folder in more-or-less the same place as you had your encrypted BoxCryptor files
      • Copy all your files and folders from that unencrypted location into the mounted Cryptomator drive
      • Delete the files from the unencrypted location.
      • Uninstall BoxCryptor
      • Delete the BoxCryptor folders (the ones that look like Chinese characters)

      Don’t skip the step about backing up.

      Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.