Post by kas on May 14, 2011 9:14:07 GMT -5
Dropbox 'deceived' users over security: Files are open to government searches
By Zack Whittaker | May 13, 2011, 3:00pm PDT
Post updated: 16:55 PST.
Dropbox, one of the favourite cloud synchronisation services available for free, ‘deceived’ its users about the security and encryption of its cloud storage services.
A complaint made to the Federal Trade Commission suggests Dropbox employed “deceptive trade practices” by putting it “at a competitive advantage”, with users being told that that Dropbox employees could not access your files or data when they could. It also meant that as files were able to be decrypted by employees.
David Gewirtz’s assertions were correct. You shouldn’t use Dropbox if you have something to hide.
Data held in Dropbox was and still us vulnerable to inspection by U.S. authorities.
The full complaint can be found here. (PDF file)
Only last month, PhD student Christopher Soghoian at Indiana University, blew the whistle on the popular cloud storage service, which now serves as evidence in the complaint submitted to the FTC.
Though Dropbox has now revised statements on its website relating to file security and how employees have access to the encryption keys to unlock your files, the damage is still done.
The service is popular amongst students who use it not only to hold their university work but music files also, with 2GB of free storage available in an instant.
A company spokesperson told me:
This post reflecting the change in terms and conditions were added after the allegations were made by Soghoian.
Dropbox may have a lot of work on its hands to restore faith in its service. It has been a rough week for major companies dealing with public relations spats, especially after the alleged Facebook smear campaign against Google.
By Zack Whittaker | May 13, 2011, 3:00pm PDT
Post updated: 16:55 PST.
Dropbox, one of the favourite cloud synchronisation services available for free, ‘deceived’ its users about the security and encryption of its cloud storage services.
A complaint made to the Federal Trade Commission suggests Dropbox employed “deceptive trade practices” by putting it “at a competitive advantage”, with users being told that that Dropbox employees could not access your files or data when they could. It also meant that as files were able to be decrypted by employees.
David Gewirtz’s assertions were correct. You shouldn’t use Dropbox if you have something to hide.
Data held in Dropbox was and still us vulnerable to inspection by U.S. authorities.
The full complaint can be found here. (PDF file)
Only last month, PhD student Christopher Soghoian at Indiana University, blew the whistle on the popular cloud storage service, which now serves as evidence in the complaint submitted to the FTC.
Though Dropbox has now revised statements on its website relating to file security and how employees have access to the encryption keys to unlock your files, the damage is still done.
The service is popular amongst students who use it not only to hold their university work but music files also, with 2GB of free storage available in an instant.
A company spokesperson told me:
“We believe this complaint is without merit, and raises old issues that were addressed in our blog post on April 21, 2011. Millions of people depend on our service every day and we work hard to keep their data safe, secure, and private.”
This post reflecting the change in terms and conditions were added after the allegations were made by Soghoian.
Dropbox may have a lot of work on its hands to restore faith in its service. It has been a rough week for major companies dealing with public relations spats, especially after the alleged Facebook smear campaign against Google.
www.zdnet.com/blog/igeneration/dropbox-deceived-users-over-security-files-are-open-to-government-searches/9959
With the new terms of service, Dropbox now says that it will “United States law enforcement when it receives valid legal process” and may, if necessary, decrypt the files in private Dropbox folders, allowing them to be read by government investigators.
www.zdnet.com/blog/government/if-you-have-something-to-hide-from-the-government-dont-use-dropbox/10283
Threat Level Privacy, Crime and Security Online
Dropbox Lied to Users About Data Security, Complaint to FTC Alleges
* By Ryan Singel Email Author
* May 13, 2011 |
Dropbox, which has more than 25 million users, revised its website claims about its data security April 13, from:
All files stored on Dropbox servers are encrypted (AES256) and are inaccessible without your account password.
to:
All files stored on Dropbox servers are encrypted (AES 256).
Dropbox Lied to Users About Data Security, Complaint to FTC Alleges
* By Ryan Singel Email Author
* May 13, 2011 |
Dropbox, which has more than 25 million users, revised its website claims about its data security April 13, from:
All files stored on Dropbox servers are encrypted (AES256) and are inaccessible without your account password.
to:
All files stored on Dropbox servers are encrypted (AES 256).
Dropbox saves storage space by analyzing users’ files before they are uploaded, using what’s known as a hash — which is basically a short signature of the file based on its contents. If another Dropbox user has already stored that file, Dropbox doesn’t actually upload the file, and simply “adds” the file to the user’s Dropbox.
The keys used to encrypt and decrypt files also are in the hands of Dropbox, not stored on each user’s machines.
The keys used to encrypt and decrypt files also are in the hands of Dropbox, not stored on each user’s machines.
www.wired.com/threatlevel/2011/05/dropbox-ftc/
paranoia.dubfire.net/2011/04/how-dropbox-sacrifices-user-privacy-for.html
blog.dropbox.com/?p=735