There has been a lot of stories bouncing around the net recently about Dropbox, and none of them have been good.
Despite this I am still a user of the this service, which begs the question, why?
The most recent story has been about changes to the terms of service. A lot of people have been getting worried by these changes, thinking that it appears that they mean the dropbox own the files held on there service. This is not the case. The best coverage of this story I’ve found is here, as this article points out, these sorts of terms of service are the norm and many online services have them.
Basically these sorts services need some sort of rights to the data stored on them to be able to share them with the people that you chose to share them with.
What is also interesting here is some of the comments to article which are equally valid and interesting. These point out the security problems that they have recently (for 4 hours it was possible to login to anyones dropbox with any password). Also the fact that they did state that they had not access to the encrypted data on the service, this turned out to be wrong, since they only keep one copy of documents identical documents uploaded by different users, something they couldn’t do if they didn’t have access to unencrypted data.
In both cases this second case it is likely that the marketing and technical sides of the company where ‘out of sync’ with each other and it was simply a case of one hand not know what the other was doing.
In the first case, the probably shows a worrying lack of testing and change control with in the company.
As the comments to article say, dropbox have just a lot of trust for some users and hence lost those users.
I’m not really that worried about this.
Why? Simply because I know if put something on the internet and it’s not encrypted by a system controlled by me it is going to be accessible by others and I have no control over that. Because of that I don’t use dropbox for anything remotely private or confidential. I don’t use it for backups, for that I use Arq. Ah I hear you say, but this is an online backup, it even uses the same Amazon S3 service that dropbox uses for it’s backend.
Very true, but the encryption on this is done on my machine and it uses a long and complex password. Even then the truly sensitive information (bank and credit card details etc.) is in a file which is it’s self encrypted, so the back up of these is in fact double encrypted.
All I use dropbox for is a way of getting documents from my laptop to my iPad/iPhone and back again. Everything on there is either a document I’ve downloaded from the internet anyway or a document (normally a story) which I’m working on and as soon as a story is finished I publish it on the web anyway. So there is nothing in my dropbox which I wouldn’t post directly on the internet anyway. I would never use dropbox for sensitive information, in fact if I need to move that sort of information, I wouldn’t use the internet at all. A USB key and encrypted file is the only way to be sure!

Share →

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>