Securely using odrive on a work computer?


#1

Hello,

I’ve been enjoying my use of odrive and find it very convenient, particularly at work where it suits my needs well.

However, my work computers are always semi-public. I don’t expect anyone to use them, but they always could, and I’m just paranoid enough for this to bother me.

Is there a secure option to prevent tampering by users with local access? Perhaps run odrive in a portable form so I can run it off an encrypted drive; or to lock the directory structure when I log out; or some other solution that I maybe haven’t thought of yet. From what I can tell, I can’t even log out on the computer without deauthorizing it entirely.

Anyone done something like this? I’d be open to fiddling around with the CLI.


#2

Hi @jdm489,
By default the odrive folder is created within the user’s profile folder, which should be inaccessible to any non-admin users that use that system.

Is your system user shared by others, or have you moved the odrive folder to a location outside of your user profile?


#3

Hi Tony,

Thanks for the reply.

I work in video post production, where the standards for IT are generally abysmally low. So in most of the environments in which I’ve worked, the admin user is the only user, and everyone has access to it. What I would hope for is a layer of security that would prevent even someone with administrator rights to the computer from accessing my account.

I’m less worried about someone being able to see the files I’ve synced to the computer, and more worried about the fact that, with odrive on the computer, someone could go poke around my entire cloud with impunity. So, while it might make sense for me to move the files onto an external drive and then either encrypt that or just take it with me, it seems like odrive would remain authorized on the computer and a bad intentioned actor could just move the folder and then start syncing or even deleting stuff.


#4

Hi @jdm489,
This is a gap in what odrive can address, at this time. As you said above, a “sign-out” method is what you are looking for, vs a deactivate. We have also discussed a few other options that could work for this type of scenario, but sign-out would probably be the most straightforward for users.

For local data that is already on the machine, the next generation of odrive may have the ability to keep files encrypted on the local disk, until they are unencrypted for use. There is a fear that this feature would add too much complexity, but I have raised your scenario to the product team to give them another data point.


#5

Thanks Tony.

I can understand why complexity would be a concern. Even with odrive being as simple and user-friendly as it is, by its very nature it is probably a bit more complicated than, say, Google Drive or Dropbox (a strong point, to me, because it’s a more flexible product).

I do hope a feature like this is added in the future, because as of right now I don’t know any provider that can do this. Many great options for securing data on the cloud, not so much for keeping things secure on synced machines. Even something like the remote wipe you can do on mobile devices when they get lost or stolen would be very nice to have.

Thanks again for taking the time to address my questions!


#6

Thanks for the feedback @jdm489.

After speaking with the product team, there may be something that can help with this in the future, although it would be a ways out, as of now.