Dropbox lied about encryption, it is not really safe

Christopher Soghoian recently uncovered the lie behind Dropbox. Dropbox was claiming that the files are encrypted (those that are not publicly available) and noone could have access to the files.

However certain employees of dropbox could have access to your files if needed (forced by law, or whatever) which means that your files were not really encrypted or that your key was available to them as well, so they could decrypt it. Moreover because of the deduplication process (only one instance of a certain file is uploaded at the server) which was for all files throughout the servers, people could try to upload a specific file and check if it is already uploaded if there was no real upload made.

An alternative to dropbox is spideroak https://spideroak.com/ which I just downloaded. It claims that no one can access the files except you, if you lose your password you lose your files. The deduplication process occurs only within your account and not server wide.

More info about dropbox: http://paranoia.dubfire.net/2011/04/how-dropbox-sacrifices-user-privacy-for.html

This entry was posted in News and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>