With more than 25 million users, to call cloud-based personal-storage software DropBox wildly popular would be an understatement. It’s an excellent little on-desktop app with a multitude of connectivity functions to being able to publish files directly from desktop to the web to sharing between friends and mobile devices. In short, it’s become one of the more versatile cloud-based storage technologies to be rolled out to the everyday consumer.
So, when privacy concerns crop up at odds with the expectations of those customers things can get a little dicey. Earlier this month, DropBox came under fire because of statements made on their website about how employees were unable to access stored information (due to it being encrypted on their servers) a statement later shown to be untrue as employees had access to the encryption keys meaning the data was in fact not safe from them.
Wired has developed a thorough timeline of the parry-riposte of allegations against and replies from DropBox about this privacy and consumer education debacle and why the FTC might get involved to sort it out,
The FTC complaint charges Dropbox (.pdf) with telling users that their files were totally encrypted and even Dropbox employees could not see the contents of the file. Ph.D. student Christopher Soghoian published data last month showing that Dropbox could indeed see the contents of files, putting users at risk of government searches, rogue Dropbox employees, and even companies trying to bring mass copyright-infringement suits.
Soghoian, who spent a year working at the FTC, charges that Dropbox “has and continues to make deceptive statements to consumers regarding the extent to which it protects and encrypts therir data,” which amounts to a deceptive trade practice that can be investigated by the FTC.
Dropbox dismissed Soghoian’s allegations.
“We believe this complaint is without merit, and raises old issues that were addressed in our blog post on April 21, 2011,” company spokeswoman Julie Supan said in a short e-mail to Wired.com. “Millions of people depend on our service every day and we work hard to keep their data safe, secure, and private.”
Personal disclaimer: I use DropBox in my personal life and I enjoy it thoroughly. I didn’t gravitate towards the application because they offered extraordinary security above and beyond other software; but because it does its job efficiently, with little fuss, and is highly versatile.
There’s so many ways that data can be leaked out of DropBox without even acknowledging the potential for employees to look at your data. Anytime we put something in the cloud, we open ourselves up to our information stored outside of our computers to be open to the world. As a result, it’s important for us to make our own privacy decisions about what goes into these sharing services.
Point in fact, if I want to share actually important and secret data between computers, it’s incumbent upon me to make certain that I secure it. DropBox may be excellent for transferring that data between computers and even if they’re perfectly secure on their servers, I don’t know that my data is secure in-between or secure where I’ve shared it. As a result, I roll my own encryption for secrets placed in cloud-based services.
The personal security ecosystem is full of extremely good programs for protecting your personal data. For example, I use open-source information security software, TrueCrypt for Windows to encrypt secret data that I put into DropBox. Let’s put this into a real-world analogy. It’s a lot like I rent at a local storage facility. I understand there’s a lock on the door to my storage unit; but I want to store tax documents within. I hire the storage company to keep my items within safe from theft; but I understand that their employees, ground security, and so on have keys to my storage container and I also understand that the bad guys have bolt cutters. So what do I do? I put my secret tax documents in a safe.
Using cloud-based services is still a risk assessment versus convenience. For my day-to-day stuff that I throw into DropBox it’s snippets of articles I’m working on, pictures of my cat, links to websites that I’m looking at. Things I don’t even care if the world sees. However, when it comes to developing stories, protected sources, and proprietary information shared with teammates at work I encrypt (i.e. put it into a safe.) It may take a little longer to synchronize and I have to enter a password every time I want to modify or view it. This is a very minor inconvenience to me for greatly increased security on my own devices, on the devices of my coworkers, and even from possible breaches of my DropBox.
The personal cloud apps that I use always come with a risk. I personally accept that risk as possible even when the app I’m using suggests that it’s more private than other cloud-based services. Anytime my information leaves the confines of my computer I evaluate and educate myself on what risk I’m willing to accept.
We should all be so aware of our own personal-cloud security.
[...] Possible FTC Scrutiny of DropBox Sheds Light on Personal Security in the CloudPublished May 19, 2011 | By admin Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.Powered by WP Greet Box WordPress PluginPossible FTC Scrutiny of DropBox Sheds Light on Personal Security in the Cloud With more than 25 million users, to call cloud-based personal-storage software DropBox wildly popular would be an understatement. It’s an excellent little on-desktop app with a multitude of connectivity functions to being able to publish files directly from desktop to … Continue reading → Possible FTC Scrutiny of DropBox Sheds Light on Personal Security in the Cloud is a post from: SiliconANGLE … Read more on SiliconANGLE [...]
[...] major and constant considerations in the cloud – were in the highlight. Dropbox has suffered some serious criticism due to reports claiming that its employees are be able to access data users stored using the [...]
[...] don’t need a group like LulzSec getting huge media exposure to understand that we need to take responsibility for our own security in the cloud. Learn to use encryption to protect your everyday personal information when it’s not entirely [...]
[...] and media-sharing. It’s affecting several industries, from camera manufacturers to the legal ramifications of cloud-accessible storage. The personal cloud is spilling over into the social enterprise realm, forcing corporations, [...]
[...] having access to the cryptographic keys (i.e. the locks that keep your data safe.) This revelation caused the baleful eye of the Federal Trade Comission to gaze in Dropbox’s direction and the company is probably trying to stay ahead of any possible [...]
[...] of extension of seeing that corporations are terrible at protecting themselves from hackers. The recent debacles striking Dropbox and their Terms of Service changes that explain user privacy exemplar that even those services that [...]
[...] we emit is private and we should stay on top of keeping it that way. In fact, the FTC may help us answer how much privacy cloud-storage outfits must help us with and how much is really entirely in our [...]
[...] was under investigation from the FTC when consumers brought to surface evidence that files stored in Dropbox can be [...]
[...] of the security placed on files saved in their personal-clouds via the service. For example, the FTC threatened an investigation into the service over expectations of privacy of user files—particularly because Dropbox employee’s have access to the encryption keys used to store the [...]
[...] the past, Dropbox has been dinged because of a policy that probably permitted employees access to users’ files on their service and attracted the attention of the FTC for their trouble. That some employees are capable of [...]
[...] are leery of it, but employees love it. In March of 2011, Dropbox almost got audited by the FTC for potentially having access to would-be encrypted files in its own cloud and then late last month an employee at the cloud locker got hacked and customer e-mails were [...]
[...] In this era of technology, whatever information is hidden will not stay in the dark for very long. Take Dropbox, for example. When it was criticized for not telling the entire truth about how private users’ files [...]