YOU ARE HERE: Technoodling Dropbox not as secure as you think
Computing, News, Web
Dropbox not as secure as you think

A lot of us use Dropbox. Heck, I use the service to back up and synchronize my files.  Then I read that Dropbox may not be as safe as I thought it would be.

You see, Dropbox gave this assurance that all the files saved on their cloud was encrypted.  This prevents anyone, including their own employees, from peeking into my files.  Or so I thought.  PhD student Christopher Soghoian claims that the popular cloud storage service can actually see what you just put in their servers.  Soghoian is a Washington, DC based Graduate Fellow at the Center for Applied Cybersecurity Research, and a Ph.D. Candidate in the School of Informatics and Computing at Indiana University.  He also worked with the FTC for about a year.

Here’s how Dropbox saves your files. To save on storage space, Dropbox will check your file before it uploads to their servers.  They read a hash (basically a signature of the file based on its contents) and check to see if it matches anything that’s already on their servers.  If there already is one your file doesn’t get uploaded.  Dropbox simply “adds” that signature to your account.  As for the keys used to encrypt and decrypt your files, Dropbox owns them.  Kinda like you owning a condo but the building controls the locks.  They’re not encrypted on your computer.  So if someone issues a subpoena to look into those files, Dropbox can easily peek into a user’s storage and turn over the nonencrypted files coming from your computer.


So what can you do? Right now the only thing you can do is encrypt the files yourself before putting them on Dropbox.  As for me, after reading that stint, I decided to bite the bullet and get myself an Amazon S3 account.  I’ll let you know how that goes.

via Wired



Charo is a well-known consultant and trainer in Java and Android technologies. She is also a founder of Mobile Monday Manila, and the Philippine Android Community. Her favorite noodles: Pad thai.

More Posts - Website




    • Cake|

      I’ve been using Dropbox for a very very long time. I will admit though that I am more technically knowledgeable than your average user. Early on, people have already asked how Dropbox does what it does and it has been very satisfactorily explained.
      The keys are required to be in Dropbox’s possession for a lot of the features you enjoy like folder sharing and for the online interface. As for the issue about subpoenas, all legally operating businesses must comply with this bar none. If Google got a subpoena, they will hand over your Google for Domain accounts. If your webhost gets a subpoena, they will surrender whatever is on your server. Subpoenas, by design, encroach on personal privacy so it is not fair to single out Dropbox regarding this.
      As for further protecting your files, Dropbox has always been advocating using Truecrypt volumes within your Dropbox to further secure the files you wish to do so.
      Everyone please read more about security on Dropbox on their knowledge base: dropbox (dot) com/help/27

    • technoodler|

      I enjoy following this site and the news I get from here but it breaks my heart when a news/blog comes out that lacks investigation. Hope the owner of this site could straighten this out.


You must be logged in to post a comment.