Print
We’ve recommended Dropbox in so many features & how-to’s we’ve lost count. It’s an amazing service that just keeps getting better, but the company has found itself in hot water with the FTC over concerns of anti-competitive behavior related to its file encryption.
Wired has done an excellent deep dive on the full FTC complaint against Dropbox, however the main allegations stem from the way Dropbox says it handles your files, and what it actually does in reality. Many of these complaints have resulted in changes to its terms of service, but the FTC is investigating competitor’s allegations that the company has been intentionally vague. For Example:
On April 13th Dropbox revised its data security policy to read “All files stored on Dropbox servers are encrypted (AES 256)”. Compare this to the previous wording which states “All files stored on Dropbox servers are encrypted (AES256) and are inaccessible without your account password”. Both policies sounds like you are the only one capable of accessing your data, although this would not technically be correct. Dropbox employees can in-fact access your password and decrypt your data, they are just told not to.
Company Spokewomen Julie Supan further clarified by saying “Dropbox employees aren’t able to access user files.” That means that we prevent such access via access controls on our backend as well as strict policy prohibitions. That statement didn’t say anything about who holds encryption keys or what mechanisms prevent access to the data. We updated our help article and security overview to be explicit about this. Also, to clarify we’ve never stated we don’t have access to encryption keys. We’ve made quite a few posts in our public forums over the years about this very fact and we are quite open with our community.”
From a technical stand point Dropbox claims it needs raw access to your data to prevent users for needlessly uploading duplicate files that might already be stored in another user’s account. Competitors such as SpiderOak and Wuala who perform client side encryption are unable to use similar techniques to reduce their storage footprint since they are unable decrypt your data. Both companies argue Dropbox is claiming similar security functionality they don’t deliver by engaging in clever wordplay.
At the end of the day it’s important to understand Dropbox can indeed decrypt your data under certain circumstances, and does that matter to you.
Comments are closed on this article
fry
May 16, 2011 at 11:31am
Predicatable, which is why anyone with half a brain is encrypting important files before uploading them to Dropbox. Glad to see I'm not the only paranoid one around here.
Joji
May 16, 2011 at 3:41pm
I'm guessing I'm one of those without a brain then. You think I show encrypt all important files on other sites like Mediafire, 4shared, and MegaUpload?
skirge01
May 16, 2011 at 6:10am
It's not that big of a deal to zip your files with encryption before sending them up. I don't trust anyone with my files, including family members, whose computers I use for offsite storage. You never know who is going to gain access to the computer holding your files. ALWAYS encrypt them yourself.
maddingo
May 15, 2011 at 10:51pm
well I have always been dubious of the cloud
I use it some, I just use truecrypt and encrypt stuff before I load it to my cloud storage.
I would not load anything in the clear I didn't mind the world seeing
tornato7
May 15, 2011 at 7:50pm
I really wouldn't care if some random person on the other side of the country was able to view all of my files. (exculding cookies and autofill which will have passwords and personal info. I think that's all heavily encrypted anyway(or at least i hope it is).)
Joji
May 15, 2011 at 7:31pm
Whoa... I should tweat this to all my friends... thanks for the info! :O
knipfty
May 15, 2011 at 2:52pm
If you don't want someone to read it, make sure you encypt it yourself. Dropbox is a great product, I use it daily. Anything on it that I truly care about would be encrypted BEFORE it goes on the cloud...
Mighty BOB!
May 15, 2011 at 2:28pm
So pre-encrypt any important files before uploading them.
Of course that's not ideal for stuff like photos and music backups, but would be prudent for important personal data.
kixofmyg0t
May 15, 2011 at 1:52pm
If a Dropbox employee can decrypt your files and view them, Anonymous can too.
Just throwing it out there.
kixofmyg0t
May 16, 2011 at 5:41am
Yep. Removing OtherOs cripled the PS3. OherOs was the most important thing about the PS3. How can you even use a PS3 without OtherOs?!?
It's not like the thing was made to play games or anything, cuz you know THAT WOULD BE ABSURD. Why have a decent game machine when you can have a half ass linux machine with only 256mb of RAM?
Yep.
roninnder
May 16, 2011 at 12:41pm
That's like saying it's ok for the dealer to take the stereo out of your car after you bought it and drove it for a year. Well you can still drive the car; so why should you care if it no longer has a stereo?
kixofmyg0t
May 16, 2011 at 3:35pm
How many people use their stereo? Everybody.
How many people used OtherOs? A FRACTION of 1% of total PS3 users. Which btw I was one of the few who used OtherOs.
No its more like removing the cigarette lighter than the radio, idiot.
Yes, removing the ability to make a 10 gig partition for a linux with no GPU access and only 256MB(well, really more like 192MB but well give you the argument of ALL 256MB) of RAM is TOTALLY the worst thing EVER. *yawn*
If you want a gimped linux so bad buy a laptop from 2003, you'll get the same experience.
