Sport & Auto
- About Future
- Digital Future
- Cookies Policy
- Terms & Conditions
- Investor Relations
- Contact Future
We’ve recommended Dropbox in so many features & how-to’s we’ve lost count. It’s an amazing service that just keeps getting better, but the company has found itself in hot water with the FTC over concerns of anti-competitive behavior related to its file encryption.
Wired has done an excellent deep dive on the full FTC complaint against Dropbox, however the main allegations stem from the way Dropbox says it handles your files, and what it actually does in reality. Many of these complaints have resulted in changes to its terms of service, but the FTC is investigating competitor’s allegations that the company has been intentionally vague. For Example:
On April 13th Dropbox revised its data security policy to read “All files stored on Dropbox servers are encrypted (AES 256)”. Compare this to the previous wording which states “All files stored on Dropbox servers are encrypted (AES256) and are inaccessible without your account password”. Both policies sounds like you are the only one capable of accessing your data, although this would not technically be correct. Dropbox employees can in-fact access your password and decrypt your data, they are just told not to.
Company Spokewomen Julie Supan further clarified by saying “Dropbox employees aren’t able to access user files.” That means that we prevent such access via access controls on our backend as well as strict policy prohibitions. That statement didn’t say anything about who holds encryption keys or what mechanisms prevent access to the data. We updated our help article and security overview to be explicit about this. Also, to clarify we’ve never stated we don’t have access to encryption keys. We’ve made quite a few posts in our public forums over the years about this very fact and we are quite open with our community.”
From a technical stand point Dropbox claims it needs raw access to your data to prevent users for needlessly uploading duplicate files that might already be stored in another user’s account. Competitors such as SpiderOak and Wuala who perform client side encryption are unable to use similar techniques to reduce their storage footprint since they are unable decrypt your data. Both companies argue Dropbox is claiming similar security functionality they don’t deliver by engaging in clever wordplay.
At the end of the day it’s important to understand Dropbox can indeed decrypt your data under certain circumstances, and does that matter to you.