Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dropbox Can't See Your Dat– Er, Never Mind

Posted by timothy on from the get-marketing-legal-and-the-engineers-in-here dept.

bizwriter writes "Dropbox, the online backup and file sharing service claims to have hit 25 million users in a single year. But a change in terms, noting that Dropbox will give up data to law enforcement under a legal request, showed that the company's security claims couldn't be possible. It turns out that Dropbox claims in one place that encrypted data makes it impossible for employees to see into user files, but in another says that they're only 'prohibited' from doing so."

54 of 333 comments (clear)

  1. the love of cloud by alphatel · · Score: 5, Insightful

    Everyday I get a corporate client asking me why they can't just do all their work on the cloud. Here's the perfect reason why.

    --
    When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
    1. Re:the love of cloud by danbuter · · Score: 2, Insightful

      I agree. The only people really pushing the cloud are the companies who want to supply the servers.

    2. Re:the love of cloud by gkuz · · Score: 4, Insightful

      So that law enforcement can't access his data? What is his "business" area to be exact?

      I love the irony of this comment being posted by an AC. Tell you what, post using your real name, address and phone number, and I'll tell you a dozen reasons why privacy, even from law enforcement, can be a legitimate business need.

    3. Re:the love of cloud by DrXym · · Score: 3, Interesting

      Everyday I get a corporate client asking me why they can't just do all their work on the cloud. Here's the perfect reason why.

      Well it's not a perfect reason. Many companies traditionally send their backup tapes or their shred bins or boxes of old files to an operator like Iron Mountain to store / destroy them. I expect Iron Mountain would comply with a court order just as readily as a cloud operator. I suppose with cloud operators the jurisdictions are more likely to differ which could be considered an advantage or not depending on why the court order is being served.

      It's certainly an important consideration though. I think in either case if you're paranoid about your data you encrypt it first.

    4. Re:the love of cloud by Jawnn · · Score: 2

      I agree. The only people really pushing the cloud are the companies who want to supply the servers.

      On the contrary, I push it all the time because it's a great tool... when it's the right tool for the job. If that job involves manipulating and/or storing sensitive data, it's somewhat less so in many cases.

    5. Re:the love of cloud by pmontra · · Score: 2

      They do. They even have undelete.

      They'll probably use a symmetric key cryptography because I don't remember having setup an asymmetric key pair when I subscribed their service.

      I'm not using Dropbox to sync my computers, I'm using it for backups and I encrypt all the data before I move it into the Dropbox folder. I don't even live into their country. So long for their access to my stuff.

    6. Re:the love of cloud by w_dragon · · Score: 2

      And the reason you can't do the same with cloud storage is....

    7. Re:the love of cloud by MoeDumb · · Score: 4, Insightful

      That's the ticket. YOU do your own encryption before sending it up to the cloud. Then it doesn't matter what DB does.

      --
      Mod Me Up. You'll make a grown man cry.
    8. Re:the love of cloud by RobDude · · Score: 2

      I So much this. I don't understand why people don't just do this by default.

      It's really easy. You can get software that makes the entire process (essentially) transparent to you as an end user. Drag files into your folder and, bam, auto-encrypted. Long before I heard of any problems with DropBox, I would have bet money that at some time in the future....

      1.) A DropBox employee would access someone's files
      2.) A hacker would find a vulnerability that gives him access to someone's files
      3.) Some malware is written that reads or access files off of Dropbox

      Your data isn't safe. Ever. History has proven this. It's fairly routine for me to get an e-mail from some company (bank, credit card, legit-type companies, big companies) saying that they or someone they farm data out to, has been hacked and that some of my information has been leaked. It's almost a guarantee these days.

      Dropbox is awesome, I use it all the time. But I encrypt everything I put on it. It's not a 100% perfect solution but it's significantly better than not doing it.

    9. Re:the love of cloud by Rob+the+Bold · · Score: 4, Insightful

      Well it's not a perfect reason. Many companies traditionally send their backup tapes or their shred bins or boxes of old files to an operator like Iron Mountain to store / destroy them. I expect Iron Mountain would comply with a court order just as readily as a cloud operator. I suppose with cloud operators the jurisdictions are more likely to differ which could be considered an advantage or not depending on why the court order is being served.

      I noticed that although you write "court order" here -- and probably a lot of us are making the same assumption -- that phrase is not used in the Dropbox terms quoted in TFA. Instead, it reads "...Dropbox cooperates with United States law enforcement when it receives valid legal process..." It certainly makes you consider that Dropbox -- like other service providers with access to you data -- would give up your files just for a request from the cops, the FBI, etc. without even the limited due process of an actual court order.

      --
      I am not a crackpot.
    10. Re:the love of cloud by Schadrach · · Score: 2

      Why would you need all of that? According to the whole Blizzard RealID scandal, his first and last name should be more than enough in and of itself to destroy his life.

    11. Re:the love of cloud by mlts · · Score: 2

      This answers the question right here, combined with the fact that password recovery is doable by E-mail.

      I'm guessing that it might be encrypted server side... but hell, all my data on my personal domain is encrypted server side (my Linux boxes use LUKS, my Mac uses PGP Whole Disk Encryption, my Windows boxes use TrueCrypt or BitLocker, and external disks use Truecrypt.) So, having data stored encrypted may provide a defense against someone yanking out disks out of a drive array, but against remote attacks, it provides no protection.

    12. Re:the love of cloud by Weezul · · Score: 3, Informative

      If you use dropbox on truecrypt encrypted containers, then you'll mostly lose dropbox's archival features.

      Wuala has an incredibly simply but very clever algorithm for handling data deduplication on the server, along with rudimentary file versioning, while simultaneously handling on encryption on the client.

      How you ask? Easy, you encrypt every file using it's own SHA as the AES key, but then you use the new encrypted file's SHA as the DHT index for retrieval. You need both SHA values to access a file of course, but who cares.

      There are only three major flaws in Wuala :

      - Any final object yields a unique second SHA for the DHT, enabling data deduplication and instantaneous uploads, but also enabling draconian copyright enforcement under the DMCA. Imagine torrentting a movie only for the MPAA to delete it from your private cloud drive!

      - It's closed source! wtf?!? Is anyone really stupid enough to trust closed source encryption software these days? How does anyone know they don't secretly copy the original SHA / AES key?

      - It's written in Java. Ack, a slow filesystem driver! (Alright, this third comment is pure trolling. I'll admit server side Java isn't that slow anymore, assuming you avoid all that double copy display idiocy.)

      I've been considering writing a custom backend for libgit2 that implements this "original SHA as AES key" approach for storing git repositories in some basic DHT. It ain't a direct translation of course. You'd either need to completely forego git compatibility on the local repository by making all object ids into 2*256=512 or 2*512=1024 bit ids. Or, better yet, create some object packing layer places multiple git objects into a single encrypted object, but must provide some git object index for lookups into encrypted packed objects.

      --
      The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
    13. Re:the love of cloud by DrXym · · Score: 2

      How did you determine this? Oh it was made up. Okay cool.

      I "determined" it by stating an obvious fact. Many companies do use Iron Mountain & similar services. I didn't say the majority, or 85%, or just those with sub $10 million. I said many. Go look up Iron Mountain's website. I'm sure they have stats that give you a ball park estimate if you are bothered to get a more specific figure.

      Spoken like a true cloud operator. How does a crappy piece of misinformation like this get up-modded? Oh wait, you have 8 accounts.

      Yes of course. I have 8 accounts, all rolled today. Moron.

      Actually, if you are paranoid you don't back it up. or you have a really well-thought out plan long before you start encrypting. And it doesn't involve saving to the cloud, clod.

      Ah genius. So you don't backup and if you do you have a "well thought out plan". Genius. And you are complaining about my comments.

    14. Re:the love of cloud by aztracker1 · · Score: 2

      Dropbox + truecrypt FTW!

      --
      Michael J. Ryan - tracker1.info
    15. Re:the love of cloud by The+End+Of+Days · · Score: 2

      No, that's not true at all... it's not even close to true. Just how tinfoil hat are you?

    16. Re:the love of cloud by 1u3hr · · Score: 3, Informative

      News Flash Dropbox will comply not break the law to protect your data.

      The news flash was actually: Despite implying that its staff CAN'T decrypt your data, actually they are just TOLD not to.

    17. Re:the love of cloud by vertinox · · Score: 2

      If you're going to put the resources in place to do encryption at your end, why not just put the backup there too?

      Simply keeping everything in house at one location does not protect from acts of god or bad luck.

      Fires, floods, and theft happen.

      A really good backup system includes off site backup somewhere in the loop.

      This doesn't mean you have to use the cloud to do it.

      You could have a simple system with someone taking backup tapes to a different office or something, or even taking encrypted hard drives to a safety deposit box.

      --
      "I am the king of the Romans, and am superior to rules of grammar!"
      -Sigismund, Holy Roman Emperor (1368-1437)
    18. Re:the love of cloud by Blakey+Rat · · Score: 2

      You could just rent a Amazon EC2 instance, attach a cloud drive, and do your own encryption. Amazon couldn't decrypt it if they wanted to.

      Of course they could potentially delete it, so there's still that risk.

      --
      Comment of the year
  2. Who "owns" the data? by sohmc · · Score: 2

    This is a common question, which I'm sure has come up in legal battles. When you upload data to someone else's server, does the data belong to you or does it belong to the person/company that actually owns the hardware? I'm sure for law enforcement folks, they want it both ways.

    Consider if the data service in question is raided because an employee had child pornography. They raid the company because he employee used hardware to hid his stash. Now everyone's data is available for search.

    IANAL but it seems like if you insist on using these services, you have to give up certain rights. Or you can just encrypt all of your data before uploading. But then, if the hardware is ceased, you no longer have a backup.

    --
    We don't live in Shouldland.
    1. Re:Who "owns" the data? by Spad · · Score: 3, Interesting

      When you put you belongings in a safety deposit box, do they belong to you or to the person/company that actually owns the safety deposit box?

    2. Re:Who "owns" the data? by gcnaddict · · Score: 2

      When you send a physical note through a fax machine and tell the person on the other end of the line to hold onto it, does it belong to you or to the person/company that actually owns the safety deposit box?

      It could be argued that while the concept you submitted to the person/company is yours, it's using that entity's toner, paper, etc. and that if he's asked for that specific sheet of paper, it's up to him what he does with it.

      --
      Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
    3. Re:Who "owns" the data? by afex · · Score: 2

      the idea stems from the 'you wouldn't steal a car' argument against piracy.

      essentially - most of us wouldn't steal a nice beamer that's out on the street. However, if you had a machine that could make an exact copy of said beamer, while leaving the original PERFECTLY intact, would you do that? of course!.

      as for who owns the copy, i have no idea - but that dude that made the beamer duplication machine better get some sort of kickback, that guy kicks ass!

  3. Re:It is not impossible by gkuz · · Score: 3, Insightful

    Of course it can be impossible. Encrypt the data yourself, using a well-known, open-source, trusted and verified program, and keep the keys yourself. Dropbox can't decrypt anything then. Why anyone would trust them in the first place, especially a smart guy like Miguel, is beyond me.

  4. Easy fix...Truecrypt. by geekmux · · Score: 2

    ....AFAIK, Dropbox has full support for Truecrypt volumes. Simple solution to this delimma? Take the encryption "problem" away from Dropbox and use your own.

    1. Re:Easy fix...Truecrypt. by s7uar7 · · Score: 2

      Unless Dropbox does block-level tracking you would end up re-uploading the entire encrypted volume every time you modified a file inside it.

  5. Depends on who is asking them by Shivetya · · Score: 2

    http://www.washingtonpost.com/wp-dyn/content/article/2007/03/22/AR2007032201882.html

    Does that story give you the creeps or not?

    So the government can make you rat on your clients and you can't even tell your own people your doing the work of the government

    --
    * Winners compare their achievements to their goals, losers compare theirs to that of others.
  6. They Lied by jarich · · Score: 3, Insightful
    The old policy said our files were encrypted with mil-spec encryption, etc etc. Now they're telling us they'll turn our files over if asked.

    Dropbox lied. No two ways about it. But this why you never store anything sensitive in "the cloud" anyway.

    --
    Agile Artisans
    1. Re:They Lied by Anonymous Coward · · Score: 2

      To be fair, from the very start, to anyone who cared to ask, they said that:
      1. The files were encrypted and stored on Amazon servers
      and
      2. They had the keys

      Of course they said they wouldn't use the keys to decrypt your data without your permission, and of course if the government asks them to they will because they don't like federal-pound-me-in-the-ass jail.

    2. Re:They Lied by leonbloy · · Score: 2

      The old policy said our files were encrypted with mil-spec encryption, etc etc. Now they're telling us they'll turn our files over if asked. Dropbox lied.

      I don't follow the reasoning, I really don't get the lie. Files are encrypted, but Dropbox system knows the encryption keys. That "employees" cannot decrypt them, it's an issue of internal privileges and internal security - I always assumed that we are speaking of support/maitainance people here. Mr root-Dropbox can read my files (if I've not encrypted them myself), I always have taken that for granted, as a Dropbox user.

      To point to another privacy issue: it's well know, for example, that Dropbox has a clever management of file contents, based on hashes, to allow efficient renames and content sharing. Say I upload a porn clip and I call it "leaning_java.avi". If another user has upload the same clip with a truthful name, then dropbox is aware of that (and ot doesn't duplicate the storage bytes, just links both files to the same storage), and my upload is practically instantaneous. So, Dropbox knows that my "learning_java.avi" is the same file as pornaddict's file "anal_fest.avi". Go figure.

  7. Who is to blame by antifoidulus · · Score: 2

    Is this really dropbox or Amazon that is behind this policy? While people rant and rave about dropbox, in the end it's really just a fancy front end onto Amazon's S3 service. Your data is actually stored on Amazon's servers and my guess is that it's ultimately Amazon that dictates policies such as this.

    --
    Monstar L
  8. The cloud is never secure ... by Blade · · Score: 5, Insightful

    Maybe it comes from working in IT, but I always assume that if someone else is holding my data, they can access it. It doesn't interest me what they say - that's my basic starting assumption. So I always assumed that Dropbox could get to my data, and if I cared about the privacy of that data I just encrypted the files myself first.

    It's my data, I'm in control of it. Giving it up to someone else and hoping they keep it safe is silly.

    I'm surprised so many people are surprised (and I wonder if the people are are surprised haven't been in IT long?)

  9. Seriously, you didn't see this coming? by Thumper_SVX · · Score: 3, Insightful

    Seriously, is anyone really surprised by this? I use DropBox, and not once have I considered that my data in DropBox is completely private. Sure, I use it for transferring some documents that are potentially sensitive (a lot of documentation on a lawsuit I'm involved in for example) but where there's sensitive data I always encrypt the documents myself with TrueCrypt.

    This is precisely why I think the "cloud" is a bad idea for corporations. Until there are guarantees and safeguards against data theft or loss there is no way that I would entrust my company's critical data to a third party provider. Yes, the costs of managing that data myself are higher but the risk of that data getting out of our control and management is greatly mitigated.

    And what about a data breach? Loss of data due to crackers? Seriously... all it's going to take is for one of these cloud providers to become big enough that the majority of corporations using their services are completely without options when a breach occurs. The big provider can simply turn around and say "Well, crap happens but who else are you going to turn to?" and there's nothing the average corporation can do about it. There may be financial guarantees in place, but simply put the cat is already out of the bag at that point.

    1. Re:Seriously, you didn't see this coming? by Anonymous Coward · · Score: 2, Insightful

      There may be financial guarantees in place, but simply put the cat is already out of the bag at that point.

      Which is why only data they can afford to lose will be stored in the cloud, e.g. customers' personal info and such, certainly not financial or business data.

  10. Re:It is not impossible by gpuk · · Score: 2, Informative

    I think the problem is that if you use a Truecrypt container and back that up to Dropbox, the Dropbox client is not always able to tell if any data has changed as changing the contents of the container does not always change the containers binary size on the disk. This means you can't do an incremental backup and instead have to force a full backup every time you alter what is inside the container, which isn't funny if your container is larger than a few hundred MBs.

  11. Re:It is not impossible by TheRaven64 · · Score: 4, Informative

    This is the point of tarsnap. Open source client, you can verify it and the encryption that it uses. It encrypts everything before uploading and can't be decrypted on the server without access to a key that's only stored in the client.

    --
    I am TheRaven on Soylent News
  12. Re:It is not impossible by LoudNoiseElitist · · Score: 3, Informative

    That's the point. It looks for changes in the file. With encryption, the file usually *completely* changes, thus giving Dropbox no choice but to upload/download the whole thing.

  13. Re:What's the purpose of Dropbox by dingen · · Score: 2

    The big deal is Dropbox' super simple interface, which integrates into your file system so even computer-illiterate people will have no problem using it, combined with the appeal of a pyramid scheme to get more free storage for every person you lure into using it. This makes every Dropbox user an advocate of Dropbox.

    --
    Pretty good is actually pretty bad.
  14. Re:It is not impossible by Anonymous Coward · · Score: 5, Informative

    With encryption, the file usually *completely* changes, thus giving Dropbox no choice but to upload/download the whole thing.

    I've never used truecrypt, but from what I know, I suspect the chances of the entire encrypted volume changing when you make any change is close to zero. It would kill performance to have to rewrite the entire volume every time. It has to only update portions. So then the possible solution to this would be to treat it like bittorrent does, where it breaks it into chunks and checksums each chunk. When only a small portion of the file changes, it then know which chunks to reupload. Whether or not dropbox can or does operate this way, I have no idea, but in general, it is feasible to implement into a service.

  15. Next time... by SgtPepper · · Score: 2

    Read the EULA.

  16. Re:It is not impossible by gfilion · · Score: 2

    Well, files put in DropBox are available on their website; it's pretty obvious that they can decrypt them. The encryption part is about the SSL connection between my client and the dropbox server, me thinks.

  17. What the fuss?!? by A+nonymous+Coward · · Score: 2

    I have a dropbox account and don't remember seeing that section where they claimed they couldn't read my files. I'm certain I read it, but I never would have believed it to mean they were truly unable to read my files -- if they encrypted them before storing them, they'd have to be able to decrypt them to send them back to me, or to track changes. Did someone actually think they had an irreversible encryption process which could somehow be reversed by the magic between them and me? A one time pad which somehow evaporated while sending files back to me? It might be reasonable to think they have some sort of access controls so ordinary people there can't browser customer data, but I never would have put any ironclad faith in such policies. That's wy it was common knowledge, near as I could tell, all round the web that you needed to encrypt backups and such yourself before sending them to dropbox.

    I don't understand why anyone would expect otherwise. This is a tempest in a teapot.

    --
    Infuriate left and right
  18. Re:It is not impossible by Anonymous Coward · · Score: 2, Informative

    Not for Truecrypt. In CBC mode it bases the initialization vector off of the hash of the file block address so only a single 4k block needs to get uploaded.

  19. Re:What's the purpose of Dropbox by RalphTheWonderLlama · · Score: 2

    Does your family know that you think their photos are worthless? :)

    --
    simple, fast homepage with your links: http://www.ngumbi.com/
  20. This is why zero-knowledge services are better by katz · · Score: 2

    Take a look at SpiderOak (http://www.spideroak.com). Their fundamental security policy is "zero knowledge", meaning that their services works in such a way that everything is encrypted from the client. This is powerful stuff.

    1. Re:This is why zero-knowledge services are better by operator_error · · Score: 3, Informative

      https://spideroak.com/engineering_matters#true_privacy

      True Privacy

      Your SpiderOak data is readable to you alone. Most online storage systems only encrypt your data during transmission, meaning anyone with physical access to the servers your data is stored on (such as the company's staff) could have access to it. Or, even if your data is encrypted during storage, your password (or set of encryption keys) is often stored along with your data, thus making its easily decoded by anyone with local access to those servers.

      With SpiderOak, you create your password on your own computer -- not on a web form received by SpiderOak servers. Once created, a strong key derivation function is used to generate encryption keys using that password, and no trace of your original password is ever uploaded to SpiderOak with your stored data.

      SpiderOak's encryption is comprehensive -- even with physical access to the storage servers, SpiderOak staff cannot know even the names of your files and folders. On the server side, all that SpiderOak staff can see, are sequentially numbered containers of encrypted data.

      This means that you alone have responsibility for remembering your password or 'Password Hint' (which you can create to help you remember) allowing SpiderOak to create a true 'zero-knowledge environment' – keeping your data as safe and secure as it can possibly be.

  21. Re:problem with encryption by rollingcalf · · Score: 2

    That's why if you use Dropbox or any other online storage with a closed-source client process, it should be used inside a virtual machine, with the virtual machine receiving encrypted files from the host OS. That way it can't sniff your password or any other data you don't want it to see.

    --
    ---------
    There is inferior bacteria on the interior of your posterior.
  22. Re:Truecrypt by fishbowl · · Score: 2

    If you have the dropbox agent installed, how do you know anything on your computer is private?

    --
    -fb Everything not expressly forbidden is now mandatory.
  23. Re:It is not impossible by blueg3 · · Score: 3, Insightful

    They're not lying, they're just being careful with their words and people can't read.

    It should be obvious to any technically-minded person that they hold any encryption keys, since when you install Dropbox on a second computer, you don't need to provide a key in order for it to be successful.

    So their claims are that they encrypt data in transit, encrypt data at rest, and that employees can't access the content of files. There's no claim that it's impossible for any employee to access the content of files because they're encrypted with a key Dropbox doesn't hold, which is what people seem to be imagining. It's simply saying that employees won't snoop on your files because in the normal course of business, they are not provided access with the contents of those files.

    As far as providing the files to law enforcement upon a legally-valid request, they don't really have a choice in the matter, as they're a US company. For any company that exists primarily in country X, it is almost certain that there is a relatively easy procedure for law enforcement agents of country X to obtain any data about you that the company holds. If the country happens to be, say, Lithuania, and you don't travel to or do business in Lithuania, you probably don't care, but it's still true. The only way to prevent this is to make it so that the company is not holding any useful data of yours that they are able to access. In the case of Dropbox, you need to encrypt your files before they get to Dropbox.

    Incidentally, if you have data that you don't want law enforcement to be able to obtain, you should be encrypting it even when it's stored locally. A search warrant for your computer is not really all that much harder to obtain.

  24. encryption methodolgy for backups by hAckz0r · · Score: 2
    Truecrypt definitely rocks, but its the wrong way to encrypt things if you need to be incrementally backed up in the encrypted state. Besides that, having a volume oriented encryption methodology may not keep secrets from hackers while that volume is mounted on the system, so a session oriented encryption methodology may be better to keep things sealed when not in use.
    .

    For all the above reasons I use encfs because it is only mounted when I choose, for just my eyes, and is easily backed up on a file by file basis so incremental backups work just fine. Just point your DropBox uploader to the encrypted file tree and back it up as soon as you unmount your crypto session volume. I have a script that mounts the crypto volume, opens a file manager to pause the script, and when the file manager is closed the session is immediately unmounted. All you need do is add a command to the end of the script to kick off a DropBox incremental upload.

  25. Re:It is not impossible by rochberg · · Score: 2

    Exactly! When I read the blog post, my first thought was, "Just another troll blogwhoring for attention on Slashdot." So I was a little surprised when I saw the author's name at the bottom. I use Dropbox for presentations that I give, so I don't have to mess with hooking up my laptop. I just use the public terminal, log in to Dropbox and download the file. I've never had to transfer a key or anything. Thus, it's pretty obvious that anybody with access to my account can access my files in plaintext.

    Crypto is great and wonderful and all that, but it never exists in isolation. Access control policies, auditing, etc., are also required to have a secure, usable system that is flexible enough to provide the type of mobile access that Dropbox does. I see nothing contradictory about Dropbox's claims that employees cannot access user files directly. It seems to me that the author just never took the time to think about the implications of Dropbox's flexibility.

    Much ado about nothing...

  26. Re:It is not impossible by Sun · · Score: 2

    Depends on the encryption method you use

    <shameless_plug>rsyncrypto</shameless_plug>

    Shachar

  27. Re:Parent Nailed It by praxis · · Score: 2

    It does let you choose though: privacy or convenience.

    Come to think of it, that's a pretty common-place choice in life.

  28. Re:It is not impossible by praxis · · Score: 2

    You may learn more if you do your own research but:

    http://www.truecrypt.org/faq
    [quote]The ciphertext block size used by TrueCrypt is 16 bytes (i.e., 128 bits)[/quote]

    https://www.dropbox.com/help/8
    [quote]Before transferring a file, we compare the new file to the previous version and only send the piece of the file that changed. This is called a "binary diff" and works on any file type. Dropbox compresses files before transferring them as well. This way, you also never have to worry about Dropbox re-uploading a file or wasting bandwidth.[/quote]