This article discusses the encryption settings that dropbox uses and suggests that your data can in fact be viewed by some employees of the site. The company has made these deceptive claims in order to gain the competitive edge over other similar online services. Dropbox uses hashs to analyse files when they are first uploaded. This technique allows the company to see if another user has uploaded the same file already. If the same file has already been uploaded; dropbox will not upload it again and instead they will simply add the existing file to the new users dropbox folder. The encrypt and decrypt keys are stored on the dropbox server side rather than the clients machine. Hash use allows dropbox to save storage space at the price of security risk.
“Those architecture choices mean that Dropbox employees can see the contents of a user’s storage, and can turn over the nonencrypted files to the government or outside organizations when presented with a subpoena.”
Below is an except from the article that shows dropboxes clever use of wording and how it has changed in response to these accusations…”
Up until April 13, the site promised this:
Dropbox employees aren’t able to access user files, and when troubleshooting an account, they only have access to file metadata (filenames, file sizes, etc. not the file contents).
Now the site says:
Dropbox employees are prohibited from viewing the content of files you store in your Dropboxaccount, and are only permitted to view file metadata (e.g., file names and locations).
The use of the word prohibited suggests that employees aren’t actually restricted from doing so and they are only restricted by policy not technology.
I feel the scenario we discussed in class about a disgruntled employee planning on going rogue is applicable to potentially exploiting user of the site or even the company itself. I have an account registered with the site but I have only used their services once later year with a group programming project.
Any dropbox users out there? What are your thoughts on this?