DropBox on fire

DropBox has been in the spotlight since they silently changed their terms of service (TOS). The updated TOS basically says, to be compliant with the US law, they would give customer’s file (after decrypting it) to the government when requested legally. This change seems to be very reasonable, because companies like Microsoft, Google, Yahoo, etc. would do the same thing, but the real problem lies in the boldest claim they have on their web site: “Dropbox employees aren’t able to access user files, and when troubleshooting an account they only have access to file metadata (filenames, file sizes, etc., not the file contents)”. It clearly contradicts to the updated TOS. So DropBox employees do have access to user files, but why they still made that claim on their web site? No matter a lie or a misunderstanding, they definitely shot themselves in the foot.


I started using DropBox about a year ago, and honestly, I was attracted by this claim and totally trusted DropBox by putting many files there. Now I don’t trust them any more and removed many sensitive files of mine from DropBox. I will still use DropBox service for storing some regular files, but for those sensitive files, I use Windows Live Mesh.  Of course, Windows Live Mesh would also give customer’s files to government when requested legally, but at least Windows Live Mesh didn’t lie and said no one else is able to access your file.

Another reason I moved my files to Windows Live Mesh is that it turned out that DropBox is not as secure as they claimed to be, check this post, and it has a detailed explanation on the insecure authentication method that DropBox uses.

If you are a DropBox user, make sure to encrypt your file yourself (use TrueCrypt), don’t rely on DropBox to protect your data, at least at this moment, until they change their authentication method.

Leave a Reply

Notify of