Online storage service Dropbox isn’t as secure as they promised

http://www.wired.com/threatlevel/2011/05/dropbox-ftc/
This article discusses the encryption settings that dropbox uses and suggests that your data can in fact be viewed by some employees of the site. The company has made these deceptive claims in order to gain the competitive edge over other similar online services. Dropbox uses hashs to analyse files when they are first uploaded. This technique allows the company to see if another user has uploaded the same file already. If the same file has already been uploaded; dropbox will not upload it again and instead they will simply add the existing file to the new users dropbox folder. The encrypt and decrypt keys are stored on the dropbox server side rather than the clients machine. Hash use allows dropbox to save storage space at the price of security risk.

“Those architecture choices mean that Dropbox employees can see the contents of a user’s storage, and can turn over the nonencrypted files to the government or outside organizations when presented with a subpoena.”

Below is an except from the article that shows dropboxes clever use of wording and how it has changed in response to these accusations…”

Up until April 13, the site promised this:

Dropbox employees aren’t able to access user files, and when troubleshooting an account, they only have access to file metadata (filenames, file sizes, etc. not the file contents).

Now the site says:

Dropbox employees are prohibited from viewing the content of files you store in your Dropboxaccount, and are only permitted to view file metadata (e.g., file names and locations).

The use of the word prohibited suggests that employees aren’t actually restricted from doing so and they are only restricted by policy not technology.

I feel the scenario we discussed in class about a disgruntled employee planning on going rogue is applicable to potentially exploiting user of the site or even the company itself. I have an account registered with the site but I have only used their services once later year with a group  programming project.

Any dropbox users out there? What are your thoughts on this?

 

Advertisements

2 thoughts on “Online storage service Dropbox isn’t as secure as they promised

  1. I’ve only used Dropbox for class projects, such as the group project in the JAVA 219 class. The large project needed a central coordinating site, and dropbox was a perfect fit. However, I would never use it for anything sensitive or personal. I’ve never trusted the cloud for data storage. I’ve seen too many sites disappear, with all the uploaded contents that you can no longer get too, like photo sharing sites.

  2. Coincidentally, the only time I’ve used dropbox was also for the java 219 final project. It worked wonderfully and the coordination aspect was unbelievably convenient. The only minor problem that could really occur would happen when two people were making edits to the same file and one of them did didn’t download the file to their drive. This could potentially cause your group to lose edits but as long as everyone is informed it should never really be an issue. Like you said, for large projects requiring mass coordination this site is perfect. But for personal files I don’t think I’d ever really consider using their service

Comments are closed.