Tuesday 17 May 2011

Dropbox drops the lies.

Dropbox has been found to publish misleading info regarding the security of the files you upload to the service. Dropbox has earlier always stated that the files the users synchronize are strongly encrypted and that not even employees can access the files.

But. The PhD and blogger Christopher Soghoian recently discovered that Dropbox uses a function which control that the files you upload doesn't already exist, and therefore saves lot's and lot's of space.

He then questioned how it could work if Dropbox couldn't access the users failes, he got the answer:

Employees at Dropbox doesn't have any access to the users files. They can only be unlocked with the users mail and password.

Only a few day after Christopher recieved the mail, Dropbox changed the information on their website to:

The ones hired at Dropbox are not allowed to view the information you upload to Dropbox. We have a small staff of employees who must have access to your information because of legal reasons and only happens in very rare cases.

Another week passed and Dropbox edited the information in their User Agreement. It now said:

Under certain circumstances the users information may be shared with a thirdhand part if we feel that are good reasons to do so. It can involve the following situations; a) to maintain laws; b) to protect a person from harm or death; c) to prevent frauds or misuse of Dropboxs services; d) to protect Dropbox property.

Simply said, Dropbox can decrypt your files and share them with a thirdhand party if they feel it fitting. Dropbox doesn't specifie if they only share with the police or if they share with other authorites or corporations.

Christopher has filed a 16 pages long complaint to the American Chamber of Commerce. He want Dropbox to admitt that the users file is not safe like they've said before, and that Dropbox send an email to the 25 million users with an excuse which cleary explains this.

17 comments:

  1. So... We lose more privacy then...

    ReplyDelete
  2. for some reason i don't trust Dropbox at all

    ReplyDelete
  3. Wow. Thanks for that, I'm gonna be more careful now

    ReplyDelete
  4. I don't trust sites like that.

    ReplyDelete
  5. I suppose I won't be trying Dropbox anytime soon. It's a shame because it was an interesting Idea.

    ReplyDelete
  6. I prefer sending all files in e-mails. Dropbox? I don't like it.

    ReplyDelete
  7. I was always sceptical about it anyway

    ReplyDelete
  8. Hmm... I'm glad none of my teachers made dropbox mandatory. Thanks for sharing this info.. I'm going to pass it on to my friends.

    ReplyDelete
  9. waw can't believe they'd lie like that

    ReplyDelete
  10. Guess I won't be using this anymore; thanks for the info.

    ReplyDelete
  11. Good thing I only use that for not anything important. Thanks for the info.

    ReplyDelete
  12. Oooh, I love dropbox and now I have to hate it?!

    ReplyDelete