Features Podcasts Family Video Comics Music Tech Science Books Film & TV Games ✚

Jill

Dropbox CTO on their security policy

Cory Doctorow at 1:34 am Mon, Apr 25, 2011

— FEATURED —

Science

Last chance to enter the Armchair Taxonomist challenge!

Book Review

Black Code: how spies, cops and crims are making cyberspace unfit for human habitation

Book Review

We Can Fix it! - a graphic novel time travel memoir

Science

The technology that links taxonomy and Star Trek

— FOLLOW US —

Boing Boing is on Twitter and Facebook. Subscribe to our RSS feed or daily email.

 

— POLICIES —

Except where indicated, Boing Boing is licensed under a Creative Commons License permitting non-commercial sharing with attribution

 

— FONTS —

Tweet
Kindle
Arash Ferdowsi, CTO of Dropbox, wrote to me to clarify Dropbox's present and historical privacy policy:
first, I'd like to clarify what our intent was in how we represented privacy in our TOS. in our help article we stated "Dropbox employees aren't able to access user files" we didn't intend to mislead anybody with this statement - we prevent this via access controls on our backend as well as strict policy prohibitions. we don't feel this statement implies anything about who holds the encryption keys or what mechanisms prevent access to the data.

that said, it's become very clear to us that the statement wasn't explicit enough about what the barriers to access are. consequently, we've updated our help article and security overview to be explicit about this.

secondly, I'd like to clarify that we've never stated we don't have access to encryption keys. we've made quite a few posts in our public forums over the years about this very fact and we are quite open with our community: 1, 2, 3.

Dropbox's new security policy implies that they lied about privacy from the start

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

MORE:  cloud

More at Boing Boing

The technology that links taxonomy and Star Trek

Hackers prepare for first "national holiday" in their honor

  • Anonymous

    Compare and contrast:

    http://www.rsync.net/resources/notices/tos.html

    specifically:

    “No form of data or meta-data concerning the behavior of our customers or the contents of their filesystems, or
    even the customer data that we hold in our records for billing, will ever be divulged to any law enforcement
    officer or agency without order served directly by a US court having jurisdiction. Immediate notice will be
    given to any customer named in such a court order, and access to their files will not be interrupted unless
    specifically barred by the court order.”

    and:

    “No consumer or personal information about our customers of any kind will be divulged to any party for any reason.”

  • Anonymous

    I guess what they meant to say is that, “There exist Dropbox employees who are not able to access user files.”

    Perhaps the janitor. Perhaps all but one. Perhaps we’re having fun with the definition of employee!

  • Oskar

    Don’t implicitly trust anyone when it comes to cryptography, people. If you want to make sure your stuff is safe in your Dropbox, just store a TrueCrypt-volume and put your stuff in there.

  • rourin_bushi

    I love dropbox – it works well, and it’s super convenient. That said, I don’t keep anything in it that I’d consider secret. I’m not terribly concerned if someone manages to access my Diablo 2 save data or recipe list.

    • MrsBug

      True. My team uses it here at work, but mostly it’s graphic files and such that we all need to share. Nothing private.

      • Anonymous

        Are all of your team in the same office, with company workstations? If so, why not just use a server on the LAN rather than pushing stuff over to an off-site server and back?

        • rourin_bushi

          IIRC, there’s a feature in there that will cause a sync to look to other repositories on a machine’s local network before going out to hit the dropbox server. I’m not sure if it activates only for setting up an account on a new machine (sync from scratch), though – that’s the only time I noticed it. I’d installed Dropbox on my laptop, and the initial sync was lightning fast, as it was able to grab the data directly from my desktop.

          I did use it to share sources with my teammate once in college. I couldn’t convince him to just use my SVN server >.>

  • Hubert Figuiere

    I was always suspicious of the closed nature of Dropbox (yes, even on Linuxm there is a binary blob). I guess this just confirms it.

  • briefer

    thirdly, I have an aversion to capital letters.

    • floraldeoderant

      dude just likes to keep things loose. like dropbox’s security and understanding of honesty.

      that burn so harsh they gonna need skin grafts and a sterilized environment.