Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dropbox Can't See Your Dat– Er, Never Mind

Posted by timothy on from the get-marketing-legal-and-the-engineers-in-here dept.

bizwriter writes "Dropbox, the online backup and file sharing service claims to have hit 25 million users in a single year. But a change in terms, noting that Dropbox will give up data to law enforcement under a legal request, showed that the company's security claims couldn't be possible. It turns out that Dropbox claims in one place that encrypted data makes it impossible for employees to see into user files, but in another says that they're only 'prohibited' from doing so."

17 of 333 comments (clear)

  1. the love of cloud by alphatel · · Score: 5, Insightful

    Everyday I get a corporate client asking me why they can't just do all their work on the cloud. Here's the perfect reason why.

    --
    When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
    1. Re:the love of cloud by gkuz · · Score: 4, Insightful

      So that law enforcement can't access his data? What is his "business" area to be exact?

      I love the irony of this comment being posted by an AC. Tell you what, post using your real name, address and phone number, and I'll tell you a dozen reasons why privacy, even from law enforcement, can be a legitimate business need.

    2. Re:the love of cloud by DrXym · · Score: 3, Interesting

      Everyday I get a corporate client asking me why they can't just do all their work on the cloud. Here's the perfect reason why.

      Well it's not a perfect reason. Many companies traditionally send their backup tapes or their shred bins or boxes of old files to an operator like Iron Mountain to store / destroy them. I expect Iron Mountain would comply with a court order just as readily as a cloud operator. I suppose with cloud operators the jurisdictions are more likely to differ which could be considered an advantage or not depending on why the court order is being served.

      It's certainly an important consideration though. I think in either case if you're paranoid about your data you encrypt it first.

    3. Re:the love of cloud by MoeDumb · · Score: 4, Insightful

      That's the ticket. YOU do your own encryption before sending it up to the cloud. Then it doesn't matter what DB does.

      --
      Mod Me Up. You'll make a grown man cry.
    4. Re:the love of cloud by Rob+the+Bold · · Score: 4, Insightful

      Well it's not a perfect reason. Many companies traditionally send their backup tapes or their shred bins or boxes of old files to an operator like Iron Mountain to store / destroy them. I expect Iron Mountain would comply with a court order just as readily as a cloud operator. I suppose with cloud operators the jurisdictions are more likely to differ which could be considered an advantage or not depending on why the court order is being served.

      I noticed that although you write "court order" here -- and probably a lot of us are making the same assumption -- that phrase is not used in the Dropbox terms quoted in TFA. Instead, it reads "...Dropbox cooperates with United States law enforcement when it receives valid legal process..." It certainly makes you consider that Dropbox -- like other service providers with access to you data -- would give up your files just for a request from the cops, the FBI, etc. without even the limited due process of an actual court order.

      --
      I am not a crackpot.
    5. Re:the love of cloud by Weezul · · Score: 3, Informative

      If you use dropbox on truecrypt encrypted containers, then you'll mostly lose dropbox's archival features.

      Wuala has an incredibly simply but very clever algorithm for handling data deduplication on the server, along with rudimentary file versioning, while simultaneously handling on encryption on the client.

      How you ask? Easy, you encrypt every file using it's own SHA as the AES key, but then you use the new encrypted file's SHA as the DHT index for retrieval. You need both SHA values to access a file of course, but who cares.

      There are only three major flaws in Wuala :

      - Any final object yields a unique second SHA for the DHT, enabling data deduplication and instantaneous uploads, but also enabling draconian copyright enforcement under the DMCA. Imagine torrentting a movie only for the MPAA to delete it from your private cloud drive!

      - It's closed source! wtf?!? Is anyone really stupid enough to trust closed source encryption software these days? How does anyone know they don't secretly copy the original SHA / AES key?

      - It's written in Java. Ack, a slow filesystem driver! (Alright, this third comment is pure trolling. I'll admit server side Java isn't that slow anymore, assuming you avoid all that double copy display idiocy.)

      I've been considering writing a custom backend for libgit2 that implements this "original SHA as AES key" approach for storing git repositories in some basic DHT. It ain't a direct translation of course. You'd either need to completely forego git compatibility on the local repository by making all object ids into 2*256=512 or 2*512=1024 bit ids. Or, better yet, create some object packing layer places multiple git objects into a single encrypted object, but must provide some git object index for lookups into encrypted packed objects.

      --
      The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
    6. Re:the love of cloud by 1u3hr · · Score: 3, Informative

      News Flash Dropbox will comply not break the law to protect your data.

      The news flash was actually: Despite implying that its staff CAN'T decrypt your data, actually they are just TOLD not to.

  2. Re:Who "owns" the data? by Spad · · Score: 3, Interesting

    When you put you belongings in a safety deposit box, do they belong to you or to the person/company that actually owns the safety deposit box?

  3. Re:It is not impossible by gkuz · · Score: 3, Insightful

    Of course it can be impossible. Encrypt the data yourself, using a well-known, open-source, trusted and verified program, and keep the keys yourself. Dropbox can't decrypt anything then. Why anyone would trust them in the first place, especially a smart guy like Miguel, is beyond me.

  4. They Lied by jarich · · Score: 3, Insightful
    The old policy said our files were encrypted with mil-spec encryption, etc etc. Now they're telling us they'll turn our files over if asked.

    Dropbox lied. No two ways about it. But this why you never store anything sensitive in "the cloud" anyway.

    --
    Agile Artisans
  5. The cloud is never secure ... by Blade · · Score: 5, Insightful

    Maybe it comes from working in IT, but I always assume that if someone else is holding my data, they can access it. It doesn't interest me what they say - that's my basic starting assumption. So I always assumed that Dropbox could get to my data, and if I cared about the privacy of that data I just encrypted the files myself first.

    It's my data, I'm in control of it. Giving it up to someone else and hoping they keep it safe is silly.

    I'm surprised so many people are surprised (and I wonder if the people are are surprised haven't been in IT long?)

  6. Seriously, you didn't see this coming? by Thumper_SVX · · Score: 3, Insightful

    Seriously, is anyone really surprised by this? I use DropBox, and not once have I considered that my data in DropBox is completely private. Sure, I use it for transferring some documents that are potentially sensitive (a lot of documentation on a lawsuit I'm involved in for example) but where there's sensitive data I always encrypt the documents myself with TrueCrypt.

    This is precisely why I think the "cloud" is a bad idea for corporations. Until there are guarantees and safeguards against data theft or loss there is no way that I would entrust my company's critical data to a third party provider. Yes, the costs of managing that data myself are higher but the risk of that data getting out of our control and management is greatly mitigated.

    And what about a data breach? Loss of data due to crackers? Seriously... all it's going to take is for one of these cloud providers to become big enough that the majority of corporations using their services are completely without options when a breach occurs. The big provider can simply turn around and say "Well, crap happens but who else are you going to turn to?" and there's nothing the average corporation can do about it. There may be financial guarantees in place, but simply put the cat is already out of the bag at that point.

  7. Re:It is not impossible by TheRaven64 · · Score: 4, Informative

    This is the point of tarsnap. Open source client, you can verify it and the encryption that it uses. It encrypts everything before uploading and can't be decrypted on the server without access to a key that's only stored in the client.

    --
    I am TheRaven on Soylent News
  8. Re:It is not impossible by LoudNoiseElitist · · Score: 3, Informative

    That's the point. It looks for changes in the file. With encryption, the file usually *completely* changes, thus giving Dropbox no choice but to upload/download the whole thing.

  9. Re:It is not impossible by Anonymous Coward · · Score: 5, Informative

    With encryption, the file usually *completely* changes, thus giving Dropbox no choice but to upload/download the whole thing.

    I've never used truecrypt, but from what I know, I suspect the chances of the entire encrypted volume changing when you make any change is close to zero. It would kill performance to have to rewrite the entire volume every time. It has to only update portions. So then the possible solution to this would be to treat it like bittorrent does, where it breaks it into chunks and checksums each chunk. When only a small portion of the file changes, it then know which chunks to reupload. Whether or not dropbox can or does operate this way, I have no idea, but in general, it is feasible to implement into a service.

  10. Re:It is not impossible by blueg3 · · Score: 3, Insightful

    They're not lying, they're just being careful with their words and people can't read.

    It should be obvious to any technically-minded person that they hold any encryption keys, since when you install Dropbox on a second computer, you don't need to provide a key in order for it to be successful.

    So their claims are that they encrypt data in transit, encrypt data at rest, and that employees can't access the content of files. There's no claim that it's impossible for any employee to access the content of files because they're encrypted with a key Dropbox doesn't hold, which is what people seem to be imagining. It's simply saying that employees won't snoop on your files because in the normal course of business, they are not provided access with the contents of those files.

    As far as providing the files to law enforcement upon a legally-valid request, they don't really have a choice in the matter, as they're a US company. For any company that exists primarily in country X, it is almost certain that there is a relatively easy procedure for law enforcement agents of country X to obtain any data about you that the company holds. If the country happens to be, say, Lithuania, and you don't travel to or do business in Lithuania, you probably don't care, but it's still true. The only way to prevent this is to make it so that the company is not holding any useful data of yours that they are able to access. In the case of Dropbox, you need to encrypt your files before they get to Dropbox.

    Incidentally, if you have data that you don't want law enforcement to be able to obtain, you should be encrypting it even when it's stored locally. A search warrant for your computer is not really all that much harder to obtain.

  11. Re:This is why zero-knowledge services are better by operator_error · · Score: 3, Informative

    https://spideroak.com/engineering_matters#true_privacy

    True Privacy

    Your SpiderOak data is readable to you alone. Most online storage systems only encrypt your data during transmission, meaning anyone with physical access to the servers your data is stored on (such as the company's staff) could have access to it. Or, even if your data is encrypted during storage, your password (or set of encryption keys) is often stored along with your data, thus making its easily decoded by anyone with local access to those servers.

    With SpiderOak, you create your password on your own computer -- not on a web form received by SpiderOak servers. Once created, a strong key derivation function is used to generate encryption keys using that password, and no trace of your original password is ever uploaded to SpiderOak with your stored data.

    SpiderOak's encryption is comprehensive -- even with physical access to the storage servers, SpiderOak staff cannot know even the names of your files and folders. On the server side, all that SpiderOak staff can see, are sequentially numbered containers of encrypted data.

    This means that you alone have responsibility for remembering your password or 'Password Hint' (which you can create to help you remember) allowing SpiderOak to create a true 'zero-knowledge environment' – keeping your data as safe and secure as it can possibly be.