Dropbox Accused of Lying About Security

lee1 writes "Dropbox faces a possible FTC investigation because of misleading statements it has made about the privacy and security of its 25 million users' files. The cloud storage company previously claimed that it was impossible for its employees to access file contents, but in fact, as the encryption keys are in their possession, this is false. The complaint (PDF) points out that their false security claims gave Dropbox a competitive advantage over other firms offering similar services who actually did provide secure encryption."

Re:Where's Al Gore and his "Lock Box"?

[Omnifarious]

First, you are wrong. The data in your account is interesting to a whole host of people, regardless of how insignificant you are. Maybe there's a credit card number in there. Maybe there's clues to your password. Maybe your social graph is interesting to a marketer. In this age, even an insignificant person's data is of interest to someone.

Secondly, DropBox lied. Plain and simple. They made a security claim that wasn't true and sold their service based on it. If you really want to live in a world where it's perfectly acceptable for people to lie about their services in order to get your business, I wish you well.

Did they really lie to most people?

[eleuthero]

I ask the above question because I didn't start using Dropbox because I thought it was secure--I have class notes for teaching and notes for my personal studies in my account and these are for the most part publicly available anyway. I signed up because I was tired of having to fish out my backup CDs when my hard drives died on me (I still do a local backup though) and this part of their service is visibly not a lie and has saved me on at least two occasions in addition to the ease of sharing said notes with students when the file size is too large for our school's hosting service.

Did they lie to me about securing my data? Technically, yes, they did. Was this a factor in signing up with a cloud-based data storage service? Absolutely not. It never even occurred to me that they would actually secure my data to my level of satisfaction even with the claim that it was secure. It was in the cloud and accessible by whichever script kiddy wanted it. Since this was my operating assumption going in, I can't say I'm surprised that Dropbox has been caught in a lie, nor am I concerned (lying seems to be endemic in our society, unfortunately, but I've grown enured to it). On the other hand, now that they've been caught, I am interested in how they will respond--this could impact my use of their service.

More reason to build your own

[fak3r]

I hope this makes more people consider running their own system to handle this, lipsync is trying to provide that, it's on github https://github.com/philcryer/lipsync [github.com]

Re:Where's Al Gore and his "Lock Box"?

[pushing-robot]

I can understand the concerns about credit cards and bank info, but I don't really get why people are so freaked out about marketers learning a bit of generic info about their lives:

Person 1 -- Oh no! An advertising firm got hold of my semi-private information!

Person 2 -- That's terrible. What did they do with it?

Person 1 -- Well, they started showing me ads for things I might actually buy.

Person 2 -- Gods! Have these men no shame?

Re:Spideroak is a good alternative

[SlightOverdose]

Give Wuala a go. It supports client side encryption, and is much more polished then Spideroak.