

Ben Adida on Dropbox security: "grab the pitchforks… again" - sweis
http://benlog.com/articles/2011/04/19/grab-the-pitchforks-again/

======
mrspeaker
I guess most people, like me, aren't so worried that they can access my files
but more worried about the fact they said in great big letters that they
can't. Why should we trust anything they write there then? Are they stored
encrypted or not? Are they reaaally transmitted over SSL or not? (ok, I know,
I know...)

Just don't go putting bullshit in your product specs and no one will have any
issues, m'kay!

~~~
rdtsc
> Why should we trust anything they write there then?

Because we are Dropbox users and fans. We were rabidly praising it yesterday,
so today we can't really critisize it, even while it spews lies at us. The
cognitive dissonance would be too unbearable to handle.

------
parfe
If you don't want someone else reading your files, don't send them your files.
I'm not really understanding all the uproar over Dropbox. I guess it's a side
effect of becoming the established leader. They host my photos, some code I
don't particularly care about and some other random junk like my resume. I
guess if they want to read up on my employment history they are welcome too,
but I'm surprised at how many people here seem to be uploading sensitive data
to a third party and then getting grumpy about the idea (not even the
accusation) of that third party being able to access it.

~~~
smoody
The thing about Dropbox is that they were making the same claims (from the
perspective of a non-technical person) that other you-manage-your-own-
encryption-key cloud storage sites were making. You put someone non-technical
in-front of the marketing materials of say, Jungledisk, and Dropbox and people
might even come away thinking that Dropbox must be even more secure since
they're the market leader. And that's part of the problem in this case --
leadership implies trust.

Dropbox used to have a FAQ somewhere that made of point of informing users
that they cannot set their own encryption key (but Dropbox hoped to implement
that functionality soon). Anyone with technical chops can read that and know
that the encryption key(s) are centrally managed on the Dropbox internal
network and anyone gaining access to that internal network can gain access to
all of the documents. But your average non-techie accountant, CEO, or sale
guy...?

------
bxr
>I wish, instead of picking on whichever startup suddenly succeeds, we picked
on the industry as a whole.

The industry is made of individuals, and complaining about the practices of an
industry has to be done in broader strokes than the complaints against dropbox
were. Dropbox gave the complaining parties specific holes to point to when
someone tried to dismiss the significance of the claims.

Even if there were specifics shared across all cloud providers, it is
unfortunately the case that such a broad attack would not draw the attention
of the offender or offended as well. Thats not the best route to take when
you're trying to raise awareness of the issues.

------
sweis
Ben offers a level-headed overview of the recent concerns over Dropbox
security and privacy.

