Dropbox Lied About Protection of User Files

The Dropbox, dearie between backup and data synchronization services, should explain to its users. For a long time the company claimed that the data sent to their servers are completely safe and there is no chance of another person other than the file owner access it. However, one researcher found that things are not right there.

Christopher Soghoian, American doctoral student, began a formal complaint with the Federal Trade Commission to this curious statement that the data is overprotected be checked. According to the student, a business practice (and advertising) of Dropbox deserves to go to public scrutiny.

Dropbox uses what we call hash to analyze the contents of files uploaded by users. If it is the same as another file that already exists in the company’s servers, Dropbox does the new upload, but still adds the file to the user’s document list. It is as if, when trying to send the alice-no-parents-of-maravilhas.pdf (not his real name, right?), The server detects that there is already a file with the same hash and avoid duplication of the same documents.

For the student, Dropbox employees could well view the contents of files. It is worth remembering that the company is the sole owner of the keys to encrypt and then reverse the process of encryption of documents.

In theory, there is no point that the servers go through AES 256 encryption (considered the most powerful of the market with large-scale use) if the files can be viewed.

After the complaint is made, the Dropbox changed the way informs its users about the aspects of security of the service. The page on the subject, the section that says the files “are inaccessible without your account password” has been completely removed from the text.

One of the fears is that Dropbox inadvertently delivered files that was supposed to be under encryption, mainly due to court orders. The company itself says, still on his page on safety, a limited number of employees can access user data, since in situations provided for in the policy privacy, which includes legal decisions.

Some service competitors also say they offer total security for stored data. The difference lies in the encryption process, since the keys of this process are stored in the user’s machine. In Dropbox is different, which complicates the situation of the company in the FTC.