Last week, a complaint was filed with the Federal Trade Commission that Dropbox misled its customers about its file security. What does this mean? Other people, besides you, can see the contents of your files.
In particular, the complaint, which was filed by security reseacher Christopher Soghoian, says that Dropbox employees and other people could indeed see the contents of your files, thus putting users' privacy at risk.
It all has to do with the methodology that Dropbox uses to encrypt its files. Rather than using an encryption key known only to the user, it uses a key known just to Dropbox. The file-syncing company needs the key to see if a user or other people have already uploaded a particular file in determining what to sync.
Many people believe their files are completely encrypted and inaccessible by other people (which was also previously stated in the Terms of Service) don't realize that this is simply not the case. Dropbox has revised the Terms of Service since, just noting that files are encrypted and nothing else.
A spokesperson for Dropbox commented that, "We believe this complaint is without merit, and raises issues that were addressed in our blog post on April 21." The blog post covers Dropbox security and its update to the Terms of Service.
We'll see if anything comes out of this security hole; but if you're paranoid about keeping your stuff safe, it might be time to get a little more vigilant about what you're storing.
Source: techland.time.com