Deduplication, encryption, security and... Dropbox

To be honest, I assumed that my files were somehow encrypted with my login credentials. Now that I think of it, that wouldn't make sense though. Every time I'd change my password the files would probably have to be re-encrypted.

More on Dropbox security.

Thanks Cloq. More stuff to consider...  :)

I'll just throw this out there:
Does it really bother you though ? :)

[edit] on rereading the article, and thinking about it a bit, you dont have to answer that question ;-) I guess I'm sort of relaxed about it myself, cause the important stuff I have on Dropbox is encrypted (locally) [/edit]
-tomos (April 13, 2011, 05:10 PM)
--- End quote ---

Encrypted how?  I just saw this comment on that Dropbox Security link...

A warning about using TrueCrypt with dropbox — because of way drop-box works, only syncing the bits of a TC container that have changed, a person may be able to guess your TC secret key by capturing this changed data several times.

--- End quote ---

I guess I'm not really too upset about it because I don't really have any sensitive stuff to sync. :)

I don't see how they can handle cross-user deduplication if they aren't able to decrypt (if encrypted at all!) files at a whim. If you upload a file that's applicable for deduplication, upload is instant.

As for the dedupe not being a problem because only "unique" files are sensitive? Well, what about something like the weaked likipedia cables? I'm also concerned about it at a general honesty level, though. Oh, and the fact that dropbox is generally holed like a sieve :)


