Dropbox Charged With Lying Over Level of Security
With Sony just now starting its recovery from the recent security breaches and news coming in of Square Enix also being hacked, it is no wonder that users are feeling quite twitchy about the safety of their online data. Cloud based sharing and storage providers Dropbox seemed to have guaranteed protection to their users by stating that even their employees are unable to view the contents of a users account. This anonymity was even stated in their security claims agreement.
However, after claims by Christopher Soghoian, who has worked with the FTC stating that the promises made by Dropbox are false, there has been a revision of the end user security agreement.
According to this article on Electronista:
On April 13, Dropbox revised its security claims from:
All files stored on Dropbox servers are encrypted (AES256) and are inaccessible without your account password.
All files stored on Dropbox servers are encrypted (AES 256).
Also, as pointed out in the article, on April 13, Dropbox revised its original statement regarding its employees accessing user files, from:
Dropbox employees aren’t able to access user files, and when troubleshooting an account, they only have access to file metadata (filenames, file sizes, etc. not the file contents).
Dropbox employees are prohibited from viewing the content of files you store in your Dropbox account, and are only permitted to view file metadata (e.g., file names and locations).
Seeing that Dropbox has 25 million users, of which some are likely to have been gained predicated on the premise that full and complete anonymity were provided, we can understand why the FTC decides to get involved.
More information on the story can be found here.