According to Wired, the complaint alleges that the lack of encryption means that your files could be involved in possible government searches, copyright infringement lawsuits, or the machinations of Dropbox employees.
Dropbox saves storage space by analysing users’ files before they are uploaded, using what’s known as a hash – which is basically a short signature of the file based on its contents. If another Dropbox user has already stored that file, Dropbox doesn’t actually upload the file, and simply “adds” the file to the user’s Dropbox.
The keys used to encrypt and decrypt files also are in the hands of Dropbox, not stored on each user’s machines.
Those architecture choices mean that Dropbox employees can see the contents of a user’s storage, and can turn over the nonencrypted files to the government or outside organizations when presented with a subpoena.
Additionally, Dropbox previously claimed that employees “aren’t able to access user files”. They’ve since changed that statement to say that they aren’t permitted to access those files.
In filing the complaint, Soghoian basically wants Dropbox to make their policy more explicit. Looks like someone’s got some ‘splainin to do. [Wired]
FiveStein
Saturday, May 14, 2011 at 8:24 PMIf people are worried about it, then why dont they encrypt the file on the computer BEFORE putting in their dropbox?
Sam
Monday, May 16, 2011 at 9:40 AMDoing that kinda removes some of the attraction of having a dropbox though. The idea was we wouldn’t NEED to do this manually, because it was done in the background for us.
Tony
Monday, May 16, 2011 at 1:07 AMAnd I just deleted my pretty much unused dropbox account.
Gabriel
Monday, May 16, 2011 at 9:41 AMBut i thought storing my whole life in the cloud was safe??!!! hahahaha
Andreas
Monday, May 16, 2011 at 10:38 AMMy rule with online data is that if I’m not comfortable with what it is I don’t put it on the internet.
If you are doing illegal things then the news about dropbox is sad for you, but for most people I would think it to be a problem.
We use it as a collaboration tool with our clients. If the government want to look at the scary movement of fruit then they are welcome to it.
brendan
Monday, May 16, 2011 at 11:00 AMSpideroak – even with the caveat of needing a little more setup / learning time, is looking more and more appealing every day.
warcroft
Monday, May 16, 2011 at 12:27 PMAnother reason I dont go near cloud based storage.
When will people learn?
brent3000
Monday, May 16, 2011 at 12:38 PMI dont like the idea of “If theres 2 hashes lets just copy the file”
be the same file or not :S