But this announcement that they are able to decrypt the files on behalf of the government contradicts their prior public statements. They claim that Dropbox employees aren't able to access user files.
This announcement means that Dropbox never had any mechanism to prevent employees from accessing your files, and it means that Dropbox never had the crypto smarts to ensure the privacy of your files and never had the smarts to only decrypt the files for you. It turns out, they keep their keys on their servers, and anyone with clearance at Dropbox or anyone that manages to hack into their servers would be able to get access to your files.
Worrying article by Miguel de Icaza today where he points to the changes in Dropbox’s security clauses in their terms of service and admittance that they can provide the US government with your files at their request. This is contradictory to their previous claims that their staff are unable to access to your files and the first negative news I have seen in a long time about the cloud computing and synchronisation darling of the tech world.
Dropbox is still a great service and I would continue to recommend it to others, especially when compared to the terrible iDisk on the Mac. However I would also recommend that people take the same approach that I do and encrypt any sensitive data in sparse bundles within Dropbox, to ensure prying eyes are unable to access your data. If sparse bundles confuse you then take a look at Knox from the excellent Agile Web Solutions, which will take the pain away for you at an extremely reasonable price.
Comments (0)
Leave a comment...