A lot of us use Dropbox. Heck, I use the service to back up and synchronize my files. Then I read that Dropbox may not be as safe as I thought it would be.
You see, Dropbox gave this assurance that all the files saved on their cloud was encrypted. This prevents anyone, including their own employees, from peeking into my files. Or so I thought. PhD student Christopher Soghoian claims that the popular cloud storage service can actually see what you just put in their servers. Soghoian is a Washington, DC based Graduate Fellow at the Center for Applied Cybersecurity Research, and a Ph.D. Candidate in the School of Informatics and Computing at Indiana University. He also worked with the FTC for about a year.
Here’s how Dropbox saves your files. To save on storage space, Dropbox will check your file before it uploads to their servers. They read a hash (basically a signature of the file based on its contents) and check to see if it matches anything that’s already on their servers. If there already is one your file doesn’t get uploaded. Dropbox simply “adds” that signature to your account. As for the keys used to encrypt and decrypt your files, Dropbox owns them. Kinda like you owning a condo but the building controls the locks. They’re not encrypted on your computer. So if someone issues a subpoena to look into those files, Dropbox can easily peek into a user’s storage and turn over the nonencrypted files coming from your computer.
So what can you do? Right now the only thing you can do is encrypt the files yourself before putting them on Dropbox. As for me, after reading that stint, I decided to bite the bullet and get myself an Amazon S3 account. I’ll let you know how that goes.
You must be logged in to post a comment.