
Dropbox Lied to Users about Data Security, Complaint to FTC Alleges - schwanksta
http://www.wired.com/threatlevel/2011/05/dropbox-ftc/
======
tlrobinson
I'm surprised Jon Callas hadn't realized Dropbox is able to decrypt your
files. It always seemed obvious to me given several of Dropbox's advertised
features necessitate it (in particular accessing your files over the web
interface, and probably their sharing features). Most users wouldn't
understand this, but the _founder and CTO of PGP Corp_ should.

That said, this article is incorrect on at least one point: de-duplication
does _not_ require Dropbox be able to decrypt your files. tzs came up with
this clever scheme in a previous comment:
<http://news.ycombinator.com/item?id=2461713>

Of course even if Dropbox didn't have the keys to decrypt your files you're
still trusting them (or SpiderOak or Wuala or most of Dropbox's competitors)
by running their proprietary software. But I suppose people are more concerned
about subpoenas and compromised servers than malicious actions by Dropbox
themselves.

~~~
bborud
The scheme tzs came up with provides questionable security, which was also
pointed out by other commenters. It offers no protection against hiding the
fact that you are in posession of a known file.

For instance, say you are a whistleblower and you have a stash of documents
nobody should know you have. Your opponent, having a copy of those documents,
can produce an identical encrypted file. What's more, Dropbox obviously
already has a mechanism to look up digests so checking wheter the document is
stored with Dropbox or not is probably a matter of milliseconds.

Also, as someone pointed out, deriving the key from the cleartext is probably
a very Bad Idea.

The only workable approach I can think of is to encrypt and decrypt data on
the client. Any scenario where encryption takes place on the server is
suspect.

~~~
bborud
My personal workaround for this is to use Dropbox to store encrypted
filesystem images that I can mount on my machine. This severely limits the
usefulness and performance of the service, but has turned out to work
reasonably well.

~~~
tincholio
Precisely this. Encfs is particularly good for this if you're on a unix-y
environment. Otherwise, TrueCrypt might fit the bill (though concurrent access
from several machines can be an issue)

------
pg
I feel like I should point out that this article isn't about the FTC doing
something, but about a private individual filing a complaint with the FTC,
which anyone can do.

I like Ryan Singel. He was the first reporter to write about YC. So I can't
really begrudge him the pageviews he knew he'd get from HN over this. But
'taint really news.

~~~
mestudent
Can anyone explain to me how the article or even title of the article would
make someone think the FTC was doing something and then require such a
statement from pg?

It is referenced in both as a complaint and is news for wired readers, not
necessarily here (though the FTC complaint being filed here is new).

~~~
schwanksta
That was my fault. I originally wrote the hed as "FTC Complaint: Dropbox Lied
to Users about Data Security", which I thought would get around people reading
just the "Dropbox Lied To Users" part. PG changed it to the hed from the
article, I suppose to make sure nobody thought the complaint originated from
the FTC.

------
armored
_Callas tweeted on April 19: “I deleted my Dropbox account. It turns out that
they lied and don’t actually encrypt your files and will hand them over to
anyone who asks.”_

That's actually a lie too. Dropbox does encrypt your files, it's just that,
naturally, they hold the key. If I ask Dropbox for another users files, guess
what? They don't hand them over.

If your info is really that sensitive then for heavens sake don't outsource
encryption and key management to a third party you have no supervision over.
Encrypt your super sensitive files with Truecrypt and then share/sync them
with Dropbox.

~~~
cperciva
_Dropbox does encrypt your files, it's just that, naturally, they hold the
key._

Even if dropbox's claim was _technically_ correct, it was absolutely
misleading. When you say "this data is encrypted" people assume that you mean
"... in a way which adds security"; if the same people who have access to the
encrypted data also have access to the decryption keys, you might as well be
using ROT-13.

 _If I ask Dropbox for another users files, guess what? They don't hand them
over._

Modulo the recently-fixed vulnerability which allowed you to download data if
you knew some hashes, that is.

~~~
Dylan16807
I wouldn't call it a vulnerability. The only way it could be abused would be
tricking someone with the file into calculating very specific hashes and
giving them to you.

~~~
cperciva
I've issued security advisories for FreeBSD for far more obscure contexts than
that. :-)

------
dhouston
just so everyone knows, this complaint raises old issues that we addressed in
our public blog post a few weeks ago: <http://blog.dropbox.com/?p=735>

~~~
jerrya
Drew,

I use dropbox and I appreciate it, but I find communications from you and
Arash to be strangely borderline ... off.

A discussion from three weeks ago is not "an old issue." That these issues
made it to the FTC in three weeks is probably a remarkable benchmark.

As Arash did several weeks ago, wrt to the password and key issue, you seem to
miss the point and almost intentionally dismiss the issue by detailing it as
"old issues."

These issues are anything but old, even in internet time.

I would value Dropbox much more than I do if I found that you and Arash could
speak with the integrity I find from so many other entrepreneurs.

~~~
lotusleaf1987
Seconded, I dislike the evasiveness I detect and the corporate speak. It
ignores the actual problem, which to me opens up even bigger problems when you
just stick your head in the sand.

~~~
rkalla
I think the evasiveness is intentional. With 25 million users
([http://www.webpronews.com/dropbox-user-base-up-
to-25-million...](http://www.webpronews.com/dropbox-user-base-up-
to-25-million-2011-04)) I think Dropbox likely finds itself friends with govt
entities that didn't previously care it existed and would encourage them to
keep things the way they are as opposed to going the tarsnap route.

I know this comment could be dismissed as tin-foiley, but spending a week here
reading stories on FBI wire taps or bills passing through congress and I don't
think this is much of a stretch by any means.

I imagine this is a (necessity?) of modern day, massive-scale online services
like this... or at least it becomes one once they hit critical mass.

For example, I would expect Facebook has a back-channel for law enforcement to
view profiles unfettered by privacy settings. I'm not saying I have proof they
do, but would _anyone_ really be surprised if a service with 700 million users
globally was in-bed with security agencies?

I suppose I just expect that now.

~~~
EwanG
You don't have to be tin hat to worry that if "some" Dropbox admins have
access to your files, then your files are at risk of being hacked just like
what happened with Sony and their PSN. If a company has your stuff, and
someone there has the key to your stuff, you'd better be sure it's as
important to them as it is to you. Since that is rarely the case, I prefer not
to give anyone else the key.

------
staunch
"President Obama Personally Executed Bin Laden, HN Comment to CIA Alleges."

Seriously, who cares where the "complaint" was sent? Either it's a valid
argument or it's not. Where it was sent should have no bearing.

The argument that Dropbox did this to save money is transparently bogus too.
That's in there to make it seem like the FTC has grounds for getting involved.
Dropbox clearly chose to store keys themselves so they could offer core
features like web/pubic sharing.

~~~
mestudent
Don't forget password resets, that is one feature that is truly needed to
appeal to the masses.

~~~
kevinpet
This is key. Dropbox needs to work as a backup solution, not just as a file
sharing convenience solution, because that's how users will actually use it.
This potential conversation doesn't sound good:

Grandma: My computer crashed, I got a new one, but I've forgotten my dropbox
password. Dropbox: Okay, can you go get the printout when you registered
saying "print this out and never lose it"? Grandma: I didn't print that out /
I lost it / the house burned down. Dropbox: Sorry, then you're screwed because
we designed our service to be usable only by those who have a deep
understanding of computer security.

~~~
Florin_Andrei
The whole story is blown out of proportion.

You're putting your files online, and there's a Web interface to access them,
and you expect them to be absolutely secure - really? Encrypt them with
something really solid and don't put them online, if that's your concern.

You upload your files to the cloud, and then you complain when the company
hands them over to the FBI - really? Bury the files in concrete at midnight,
and kill all witnesses, if that's your concern.

The guy who is agitating the whole thing - I'm changing my mind about him. He
did a good job with the whole Facebook / Google debacle, but now he's coming
off as an attention seeker / karma whore.

------
RK
Dropbox should just make a "Lockbox" folder feature that is fully encrypted.
Many people happy (nice new feature), maybe fewer complaints.

------
jabrams
A lot of this does not make sense to me. Dropbox allows you to view your files
via a web browser interface. Obviously that means they can access the
unencrypted files. Perhaps people would prefer not to have the web access
features.

But even then, if Dropbox never stored the decryption keys on their servers
anywhere, and the decryption key was stored only on a client PC, and I lost my
computer, I would not be able to access the backed-up data from Dropbox on a
new computer. That would kind of defeat the purpose of Dropbox for me. As many
others have pointed out (including Lifehacker) you can always use Truecrypt to
put some stuff in your Dropbox that no one but you can decrypt.

As far as the "feds" getting my data, if they are after me, they can get a
search warrant from a judge and come into my house and confiscate all of my
computers, which would allow them to access any data on my harddrives not
encrypted with Truecrypt...

------
songshine
The guy who filed this complaint is quite the troublemaker:

[http://www.forbes.com/forbes/2010/1206/technology-chris-
sogh...](http://www.forbes.com/forbes/2010/1206/technology-chris-soghoian-
federal-trade-commission-agent-provocateur.html)

~~~
ramanujan
It is always easier to destroy than create. Soghoian is into notoriety. He
could have gone to them and said "hey, I think you can fix this by doing X, Y,
and Z". If ignored, ok, then go public.

He slags off PR guys, but his goal is PR for himself.

~~~
jw_
I think this is different from the usual situation where somebody finds a
vulnerability and goes to the vendor to see if they'll patch it instead of
immediately going public. He found that they were apparently deliberately
misleading consumers about how they were handling their data, in a way that
easily may have lead to users trusting them with data that they might not have
if they'd been upfront about their key management. I think an FTC complaint is
entirely justified.

You're definitely correct about him being a PR seeker. I'm not too familiar
with this fellow, so if he is slagging off PR people it would certainly be
hypocritical, but so what? I think this guy is providing a valuable service by
exposing misconduct by tech companies.

~~~
ramanujan
Well, "misconduct" and "deliberately misleading" are pretty strong charges for
a technical matter. There's always a tradeoff between security and
convenience. Soghoian's framing of the issue is completely sensationalistic,
befitting of MSNBC or Fox News.

I mean, reporting it to the FTC? The same FTC which fined Rock Star over the
Hot Coffee mod? Which went after Viacom for Janet Jackson's wardrobe
malfunction?

Unfortunately, government officials are not philosopher kings capable of
making fine discernments among encryption protocols.

~~~
codeup
Read the article again. Then read your comments. You're just being polemic and
you're belittling the issue at stake.

------
awakeasleep
Gah. I just told our corporate counsel that it was ok to use Dropbox because
everything was secured "even the app" and all the files were encrypted on
Dropbox's site.

~~~
armored
Encrypt with Truecrypt, share with Dropbox. Problem solved.

~~~
rdl
Except then you can't use those files on mobile devices or from the web UI,
both of which are useful (my primary interest in dropbox, and the one thing I
can't trivially accomplish on my own, is the iOS device support. The
alternative is just to use Apple's iDisk, which has exactly the same risks as
Dropbox, minus the cross-platform capabilities.)

~~~
armored
I'm not sure if it's helpful to you, but I use Keypass & Dropbox to sync some
encrypted data to my Android phone. It's limited but useful for storing
sensitive text. There is an iPhone app: <http://ikeepass.de/>

~~~
rdl
I use 1password and wifi syncing. I asked them to add WebDAV support to store
the bundle, which is how omnifocus does this, which is probably the most
cloudiness I will accept for my password file.

------
huhtenberg
Can anyone speculate as to what the ultimate goal of bringing this to FTC's
attention is?

~~~
suking
To waste $. Why aren't they going after the mortgage fraudsters and bankers?
Dropbox is way more important than that right?

~~~
jerrya
Fallacy of the excluded middle.

------
hristov
What really worries me about de-duping is what if it fucks up your files. What
if one file just happens to have the same hash as another completely different
file uploaded by a different person? Then all of a sudden, this really
important contract that you think you have stored online and in the dropbox
folders of your four different computers gets automatically deleted and
replaced with a completely different file everywhere. And if you have set up
automatic backups like a good boy, it may even be automatically replaced in
all your backups before you figure out the problem.

I know you will say that the hashes are long enough so this should not happen
until dropbox has trillions of files, etc. But those calculations are all
based on assumption of random data in the files. We all know that various
computer files may have structured and patterned data. It is possible for the
data in certain types of files to be structured in such a way as to produce a
much narrower range of possible hashes than generally assumed.

And with 25 million users and hundreds of millions of files, God knows what
may happen.

~~~
thurn
As long as they're using a reasonable hash, that probably won't be much of a
concern any time soon. To give some context, a 256 bit key space is about
enough to uniquely identify every atom in the known universe.

~~~
hristov
That is an impressive fact, but not really relevant IMO. There are many more
possible files than particles in the universe. A hash does not uniquely
identify a file from all other possible files. This follows from the
definition of a hash function.

------
motters
I've never been a Dropbox user, and this sort of behavior doesn't surprise me.
It puzzles me why folks are prepared to spend substantial amounts of money
renting tiny amounts of insecure web storage when they could spend a modest
amount on a plug computer and have a large amount of fairly secure storage,
and without the indefinite rental fees.

~~~
jerrya
A year ago, I purchased a Seagate Dockstar (plug computer) and did just what
you are saying.

That Dockstar currently turns on and blinks amber. Seagate tells me it is
dead.

That and the puny bandwidth of my cable connection and the costs of backing up
my diskdrives, leads to a desire to outsource that pain.

So whether it is Dropbox, Google, Wuala, or many other solutions, I would like
to find reasonably secure cloud storage, and I would be willing to pay for
that (and I do.)

~~~
motters
Puny bandwidth is going to be a problem whether the server is your own or
exists at some unspecified location in the cloud.

Cloud storage isn't necessarily bad, but it's expensive considering the cost
of storage these days and it might be a good idea to encrypt anything that you
don't want to become public information before uploading it onto a cloud
server.

~~~
jerrya
There is also the sense I have though, that what I am paying for is also:

a) their raid on my files b) their electrons c) their sysops and their
training and certification and their corporate deals with seagate, and netapp,
and cisco, ...

As I said, my dockstar died, I will replace it with a USB hub, but, it is a
bit of a pain when what I would prefer to be doing is anything more
interesting, fun, or profitable.

Regarding puny bandwidth, I am not sure I understand your point. I get about
12M down and about 600K up, and my understanding is that is fairly typical for
a home cable connection (in the US). But that 600K up limits my downloads
anywhere else on the planet if my files are stored at my house and served by
local server there.

If I store the files in the cloud, I get Google's or Wuala's or Dropbox's
bandwidth to my device.

------
mike-cardwell
Dropbox must have actual figures on how much storage space they save by having
de-duplication. Would be nice if they published them.

Personally, every file in my Dropbox is unique... I wonder how many people use
it for storing deduplicatable content like mp3s and videos etc.

------
adamdecaf
Item 37 has an error, it reads "In their April 21, 2001" which should be "In
their April 21, 2011". Nothing big, just important for correctness.

------
helwr
Previous thread: <http://news.ycombinator.com/item?id=2439965>

------
phlux
OK, so I am a fan of dropbox and I use it across many machines, (better than
those on Richess) -- and, as I understand the overall issue to be, the concern
is that DropBox may at some point "hand over your files" to (I assume) The
Feds -- should they come knocking?

Now, I expect that for all intents and purposes the encryption/security
employed by Dropbox is 'good-enough' that I dont have to worry about random-
internet-user gaining access to my docs, yet I have absolutely ___NO_
__illusions that ANY company will refuse to hand over my data to the feds
should the feds be seeking it.

Further, I would suggest that anyone with anything they dont want the feds to
know about/get their mitts on not be stupid enough to store said sensitive
secrets IN THE FUCKING CLOUD

Additionally, I can understand that Drew may not be the most savvy in
navigating such issues given him being a young CEO and all - and I can
understand that he would want all the DropBoxians to feel comfortable with the
safety and security of their data in his hands - but I would like to see a
frank, real-world answer to any security claims which delineate in no-
uncertain-terms exactly what level of data safety, security and encryption one
may expect.

Drew may even do well as to explicitly say "We shall not refuse to hand over
any of your data (and its revision history) to the Feds should they come
seeking it with legal merit."

If, after such a statement people are concerned about their data going
anywhere -- they should get off dropbox / implement truecrypt as stated.

Finally, a question for Drew: given this craptastic event; would Drop Box be
open to much more robust file encryption tools being developed as an addon to
DropBox; e.g. a third party wrapper application that allows end-to-end
encryption while still allowing the web UI etc to work?

(If I misread the circumstances of the whole issue - forgive my little rant)

~~~
Lazlo_Nibble
_and, as I understand the overall issue to be, the concern is that DropBox may
at some point "hand over your files" to (I assume) The Feds -- should they
come knocking?_

No, the concern is that Dropbox led people to believe that by use of
encryption, Dropbox was preventing user files from being accessible to anyone
except that user, which isn't actually true, and that Dropbox gained unearned
competitive advantage because of that untruth.

Technically-savvy users who know (or more to the point, care) how Dropbox
works behind the scenes may be able to figure out that user files _had to_ be
accessible to Dropbox (the "but how could they de-dupe files?" argument).
Bully for them, but the fact that some people understand why an advertising
claim is misleading doesn't make it okay for that claim to be misleading in
the first place.

~~~
wahnfrieden
They can dedupe without needing to decrypt. Tarsnap does this. The issue is
with features like being able to reset your password, downloading and sharing
files via the web interface, etc.

~~~
merijnv
Yes, but Tarsnap (as far as I know) only dedupes _your_ data i.e., if I upload
the same file twice it will be stored once. This is easy, because two
identical files encrypted by the same key (i.e., mine) are still identical.

Dropbox dedupes across users, if Alice and Bob both upload foo.txt with
identical contents (but encrypted with their own keys) the encrypted result
will _not_ be identical even though the files are. Right now Dropbox _does_
dedupe in this situation, which obviously required unencrypted access to both
files.

