

Privacy, Security and Your Dropbox - AndrewDucker
http://blog.dropbox.com/?p=735

======
kragen
These are weasel words. Miguel de Icaza's post explains the issue:

> My problem is that for as long as I have tried to figure out, Dropbox made
> some bold claims about how your files were encrypted and how nobody had
> access to them, with statements like:…

> \- Dropbox employees aren't able to access user files, and when
> troubleshooting an account they only have access to file metadata
> (filenames, file sizes, etc., not the file contents)…

> But this announcement that they are able to decrypt the files on behalf of
> the government contradicts their prior public statements.

Dropbox are avoiding answering this. If they derived the encryption key from
your password, as JWZ explained [http://www.jwz.org/blog/2011/04/dropbox-
doesnt-actually-encr...](http://www.jwz.org/blog/2011/04/dropbox-doesnt-
actually-encrypt-your-files/) and as occurred to any halfway decent hacker,
they wouldn't need to have the ability for their employees to decrypt your
files — an ability which they are still claiming to not have.

And this is just insulting:

> We understand that many of you have been confused by this situation — and
> some folks even felt like we misled them

The problem isn't that we were _confused_ or what we _felt_ or that we were
unintentionally "misled". The problem is that, apparently, _you lied to us in
order to defraud your customers_.

~~~
fluidcruft
Sorry. I just don't get it. Why are people so surprised by this? I think the
people that are shocked are people that just don't bother to think about the
devices they use. This is the danger of this whole "ooooh it's magic" shellac
marketing craze everyone seems caught up in.

All of this should have been obvious to anyone that bothered to think about
what was going on before they stored their precious secrets in Dropbox.
Obviously they are holding the encryption keys. Hell, that much was obvious to
me when I started using/testing Dropbox just over a year ago and saw my files
served over a web page. I can't help but muster a "meh".

The value I saw in their use of encryption is this: when they or amazon or
whoever dispose of their drives it will be harder to harvest data off of them.
That's all I've come to expect from them and that's all any of their
information has ever warranted.

I still derive great value from their service.

Now, I will admit the one that I personally didn't think through back then was
the key file thing, but really that's just the same as having an ssh private
key. I was aware that it wasn't constantly prompting me for a password so at
some level I knew it was going on. Maybe I would prefer some sort of
passphrase at login using a keyring for that file. Minor issue.

I do trust them that the run-of-the-mill support personnel are barred from
accessing the keystore. Its entirely feasible that there is no mechanism for
them to just go browse around your files.

However, it should be blatantly obvious to anyone that understands anything
about encryption that someone somewhere at dropbox can access your files. This
has always been the case and obvious.

I guess I'm mostly amused by people that are surprised by any of this. The
smarter they pretend to think they are, the more amusing they "fell" for
something this obvious. It's like the people that fall for mint.com's attempts
to obscure the fact that they store your bank account usernames and passwords
(oh, sorry, I forgot, they pay a third party to do that for them instead).
People just don't think through the mechanisms of their shiny trinkets. You
get to just point and laugh.

~~~
tomstuart
It is completely reasonable for a layman to believe that his files are
protected by a password, and therefore that nobody can access those files
without the password. You don't have to be an idiot to have that mental model,
especially when Dropbox reinforce it with explicit statements like "Dropbox
employees aren't able to access user files".

It's a consumer service, and consumers don't know or care how encryption
works. They just need to be told the consequences of whatever technical
decisions have been made on their behalf, so it's important for Dropbox to be
honest in explaining them.

~~~
fluidcruft
It's also completely reasonable for laymen to assume that the government can
gain access to their Dropbox files. I don't recall Dropbox ever claiming
anywhere that they would be technologically incapable of complying with a
subpoena.

~~~
kragen
When they said, "Dropbox employees aren't able to access user files", they
were saying they were incapable of complying with a subpoena.

~~~
fluidcruft
Perhaps. I don't think it's appropriate to edit out the context of that
statement. What was actually said was "Dropbox employees aren’t able to access
user files, and when troubleshooting an account they only have access to file
metadata (filenames, file sizes, etc., not the file contents)". I don't think
that statement as a whole necessarily responds to their capabilities to answer
a subpoena. I don't think the lay public would conflate the two contexts.

------
AndrewDucker
Personally, I can't see that they can do much more than this. If they're going
to supply access via the website, or allow you to share with others then they
need to be able to decrypt the file.

I never assumed that it was impossible for them to get access to my files. I
just assumed that only certain people had access to the keys, and they only
gave them out to third parties when forced to by law.

~~~
kragen
> If they're going to supply access via the website, or allow you to share
> with others then they need to be able to decrypt the file.

They need to be able to decrypt the file _right then_ to give you access via
the website. They don't need to be able to decrypt the file the rest of the
time. If the encryption key depends on your password, this is easy to
implement. In modern browsers, this could actually be done in the browser, so
that the keys for decrypting the file never reach their servers.

To allow you to share individual files with others, they could encrypt each
file with a randomly-generated session key, which is encrypted with your user
key. When you give access to the file to a recipient, you would be encrypting
a copy of that session key with the recipient's public key.

In actual fact, it appears that anyone who knows the secure hash of the file's
content is able to discover that Dropbox is storing it:
[http://paranoia.dubfire.net/2011/04/how-dropbox-
sacrifices-u...](http://paranoia.dubfire.net/2011/04/how-dropbox-sacrifices-
user-privacy-for.html) — and there's at least well-founded speculation, if not
proof, that this means that knowing the secure hash is sufficient to read the
file: <http://news.ycombinator.com/item?id=2440074>

For their previous statements to be true — that their employees have no access
to your files — they would _have_ to be doing something like this.

~~~
AndrewDucker
Making it password dependent means that they have to decrypt/encrypt when you
change password.

And also that you losing your password is apocalyptically bad.

~~~
kragen
There are some ways around that, but basically you're correct. (For example,
you could store the user key, or an additional randomly-generated password,
persistently on client machines, so that you can usually recover from password
loss; and you could use a tree of session keys to minimize the amount you have
to re-encrypt. But basically you're right.)

It's understandable that they chose a less-secure system design. It's not
understandable that they chose to lie to their customers about it.

~~~
AndrewDucker
Oh, I totally agree. Honesty up-front would have been a much, much better
policy.

------
muppetman
I love that they openly in this post discuss that the end-user can use
TrueCrypt if they desire:

"For users who feel more comfortable managing their own encryption keys, we
recommend using products like TrueCrypt to store encrypted volumes within
their Dropboxes. Those users will unfortunately lose access to some
functionality, but we leave this decision to the user."

It's the sign of a good company in my opinion that they don't treat their
users as unable to understand such things.

~~~
pieter
Except that when you use TrueCrypt most of the functionality of DropBox stops
working; you can't access your files through the web interface anymore (duh),
but most importantly, you can't use the volume on two machines at the same
time.

~~~
king_jester
I've used TrueCrypt volumes with Dropbox before, and when I encountered a
situation where I wanted to access the volume from two places, I took the
sensitive data from Dropbox and just exposed it on my private network where I
have more control over access. As far as I can tell, there isn't a great way
to keep high security and flexibility when using sensitive data with Dropbox,
but keeping sensitive data on the cloud is always a risky affair anyway.

------
sunchild
This isn't legal advice, but this seems to meet the same legal requirements
that big companies must adhere to when using outsourcing providers that will
have access to sensitive client data.

The magic words: "Like most major online services, we have a small number of
employees who must be able to access user data when legally required to do so.
But that’s the exception, not the rule. We have strict policy and technical
access controls that prohibit employee access except in these rare
circumstances. In addition, we employ a number of physical and electronic
security measures to protect user information from unauthorized access."

~~~
bxr
Its not about the fact that they comply with court orders, of course they're
going to, it is in their ability to give the courts unencrypted data that they
shed light on the real issue to do something they said was impossible.

If it were impossible for them to get at the unencrypted data, the encrypted
data would be all that that had to had over.

------
16s
This sounds as if they are doing users a favor:

 _We manage the encryption keys on our users’ behalf._

To be completely clear to users, they should instead write:

 _We hold the decryption keys and can decrypt your data if compelled to do so.
If you don't want us to be able to decrypt your data, encrypt it yourself with
GPG or OpenSSL before sending your data to our site._

Edit: Spelling & clarity.

~~~
brk
No, they shouldn't write that.

Dropbox is a consumer file storage company. Statements like that will confuse
the majority of their target market and stall adoption of the service.

What Dropbox is doing in relation to security/encryption is about the best
possible solution that balances features and function with data protection for
files that might be leaked or stolen.

If you have suggestions for Dropbox, lay out concise technical suggestions.
Writing new legalese for them is not solving any of the problems that people
are getting so worked up about.

~~~
extension
Either way, those users will not understand the security of the service they
are using. At least with the long version, they'll be aware of their lack of
understaning.

------
wewyor
If anyone wants to vote for a feature of client side encryption there is a
votebox here: <https://www.dropbox.com/votebox/21/client-side-encryption>

------
roblund
I actually really like that they did a point by point response to their
critics. To me this is an important step for today's companies. The internet
gives a voice to customers to raise concerns, companies are able to see these
concerns immediately, and companies have a great way to respond quickly. I
feel like it this type of dialog creates a win-win situation for everybody
involved.

------
ganis
I think it's impossible to have deduplication (a system to prevent
duplication) in encrypted data with different key for each user (the same file
from different user will be encrypted differently) without dropbox storing the
key (to decrypt back). Which means they have access to the files. We should
know this from the very beginning. If it wasn't, how to check the files for
deduplication? Enlighten me please.

------
canderson
If Dropbox has one key per user, then how do they do deduplication? We know
they do deduplication (<http://tinyurl.com/4276pxu>) so this suggests a very
small number of keys.

~~~
sorbus
Storing unencrypted file hashes is the easiest way I can see to do it; then,
for deduplication, the file is decrypted using one user's key, and a copy is
made and encrypted under the second user's key.

------
nathanb
Holy cow, one request per month is _low_? I know that's less than one account
in a million, but that's still way higher than I expected.

