It has been reported that Dropbox, one of the most popular cloud storage options available, has been charged with an FTC complaint. Apparently the promises of keeping your files encrypted and secure on their servers are a lie, according to Christopher Soghoian, the security researcher who brought up the issue.
According to the complaint, Dropbox has the ability to access and view all the files uploaded to the service despite claiming that they weren’t able to see the files you uploaded without a password. This meant that users were at the risk of government searches, rogue Dropbox employees and even companies trying to bring mass copyright-infringement suits.
According to his data, Dropbox saves storage space by analyzing users’ files before they are uploaded using what’s known as a hash – a short signature of the file based on its contents. If another Dropbox user has already stored the file on the service, Dropbox doesn’t upload the file, but copies the file already on the server and puts it in the user’s account instead.
Dropbox also made some changes in its policies last month that a lot of users didn’t realize, with the most significant change being: Dropbox can access your data when they are legally required to do so – even if they don’t have your password. Unsurprisingly, this caused quite a stir amongst Dropbox users.
Soghoian’s complaint to the FTC requests that Dropbox has to clarify its website further about being able to view their uploaded files, and Pro users should be refunded their money.
Dropbox spokesperson, Julie Supan, has commented on the issue stating that “We believe this complaint is without merit, and raises old issues that were addressed in our blog post on April 21, 2011. Millions of people depend on our service every day and we work hard to keep their data safe, secure, and private.”
I guess it’s going to be up to the FTC to decide what necessary action should be taken. While all this is an issue of privacy, it shouldn’t be much of a problem as long as users don’t upload any sensitive or illegal files to the service, after all, if you don’t want a file to be opened by someone else, you shouldn’t put it online – or don’t even own such files in the first place. What do you think of Dropbox’s change in policy?