ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Deduplication, encryption, security and... Dropbox

<< < (2/16) > >>

[edit] on rereading the article, and thinking about it a bit, you dont have to answer that question ;-) I guess I'm sort of relaxed about it myself, cause the important stuff I have on Dropbox is encrypted (locally) [/edit]
-tomos (April 13, 2011, 05:10 PM)
--- End quote ---

Mine is not (locally encrypted). I totally relied on Dropbox's claims of total security (which as it seems might be naive). So yes, it does bother me.

I actually bothers me too, even though I don't have too much sensitive info... Because that's not really the point : what bothers me are the false claims. It's almost impossible that "they" didn't know about the actual storage security/encryption flaws. So they most probably... lied.

I'm going to try to find an alternative, if possible.

How is Dropbox detecting duplicate files - not by name, surely? By some hash? It must be unique - how does it know it's safe to duplicate otherwise.

Which, to me, means I don't quite get the security concerns. If you've got a file that you don't want duplicating because of sensitive content, isn't that going to be a file you've created yourself, therefore with a unique hash. So, it won't be duplicated.

The only things duplicated are common files. Ones that won't have been edited from their original source.

(I use Dropbox so I may just be kidding myself and not seeing the bigger picture.)

If it can hash the files, then it can also read them before it's encrypted or after, by using the encryption key (which they shouldn't have access to in the first place)... So it means that they have access to content. (If you encrypt files before sending, that doesn't apply of course).

This is what's making me nervous:

Dropbox is likely calculating hashes of users' files before they are transmitted to the company's servers. While it is not clear if the company is using a single encryption key for all of the files users' have stored with the service, or multiple encryption keys, it doesn't really matter (from a privacy and security standpoint), because Dropbox knows the keys. If the company didn't have access to the encryption keys, it wouldn't be able to detect duplicate files.
--- End quote ---

I see that it's only speculation. But if it is true, then that is a very serious problem.


[0] Message Index

[#] Next page

[*] Previous page

Go to full version