Must read for anyone considering DropBox for cloud storage...what is the real cost of free? -Stuart
How Dropbox sacrifices user privacy for cost savings:
Summary
Dropbox, the popular cloud based backup service deduplicates the files that its users have stored online. This means that if two different users store the same file in their respective accounts, Dropbox will only actually store a single copy of the file on its servers.
The service tells users that it 'uses the same secure methods as banks and the military to send and store your data' and that '[a]ll files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password.' However, the company does in fact have access to the unencrypted data (if it didn't, it wouldn't be able to detect duplicate data across different accounts).
This bandwidth and disk storage design tweak creates an easily observable side channel through which a single bit of data (whether any particular file is already stored by one or more users) can be observed.
If you value your privacy or are worried about what might happen if Dropbox were compelled by a court order to disclose which of its users have stored a particular file, you should encrypt your data yourself with a tool like truecrypt or switch to one of several cloud based backup services that encrypt data with a key only known to the user.
Subscribe to:
Posts (Atom)