- Original Poster
- #1
Our favorite sync tool (Yes sync tool - NOT back up tool) Dropbox have been having somewhat of a disaster with security issues lately.
To begin with they admitted recently that their security isn't quite as secure as they lead us all to believe, they had been telling users that their files were totally encrypted and even Dropbox employees could not see the contents of the files.
"All files stored on Dropbox servers are encrypted (AES256) and are inaccessible without your account password."
Which they have now been forced to change to:
"All files stored on Dropbox servers are encrypted (AES 256)."
Also architecture choices mean that Dropbox employees can see the contents of a users storage, and can turn over the nonencrypted files to the government or outside organizations when presented with a subpoena.
"Dropbox employees are prohibited from viewing the content of files you store in your Dropbox account"
Bad wording or deliberate misguiding you decide?!
However their latest security failure is more clear cut and for me as a user a lot less excusable!
Apparently, Dropbox published a code update which inadvertently removed the need to authenticate. So you could log in to other people's accounts without knowing their passwords at all. They have a addresses the issue on their blog, although I doubt most of their users ever saw it!
Fortunately I have never trusted them to "backup" my data since their product isn't really a true back up service and is aimed at syncing files across machines, however, I have some files and folders up their that I have promptly moved.
I have seen many posts where people entrust their data to Dropbox as a back up solution!
To begin with they admitted recently that their security isn't quite as secure as they lead us all to believe, they had been telling users that their files were totally encrypted and even Dropbox employees could not see the contents of the files.
"All files stored on Dropbox servers are encrypted (AES256) and are inaccessible without your account password."
Which they have now been forced to change to:
"All files stored on Dropbox servers are encrypted (AES 256)."
Also architecture choices mean that Dropbox employees can see the contents of a users storage, and can turn over the nonencrypted files to the government or outside organizations when presented with a subpoena.
"Dropbox employees are prohibited from viewing the content of files you store in your Dropbox account"
Bad wording or deliberate misguiding you decide?!
However their latest security failure is more clear cut and for me as a user a lot less excusable!
Apparently, Dropbox published a code update which inadvertently removed the need to authenticate. So you could log in to other people's accounts without knowing their passwords at all. They have a addresses the issue on their blog, although I doubt most of their users ever saw it!
Fortunately I have never trusted them to "backup" my data since their product isn't really a true back up service and is aimed at syncing files across machines, however, I have some files and folders up their that I have promptly moved.
I have seen many posts where people entrust their data to Dropbox as a back up solution!
