

Er...Dropbox only uses one encryption key...for everybody? - noduerme
http://www.informationweek.com/news/storage/security/229500683

======
guan
I realize that a lot of people feel deceived, and they should have been much
clearer, but isn’t this kind of expected? TomasSedovic and I have commented on
this before, but I still think there are so many features that suggest that
this is exactly how they protected files. Some examples:

1\. While the various clients (desktop, iPhone, etc) could probably do per-
user encryption, the web interface doesn’t spend a lot of time decrypting
files in JavaScript (or Java or Flash or some other way of doing it).

2\. Even large files can be instantly moved to “Public”.

3\. The fact that it’s possible to instantly share an entire folder with
someone else.

There’s probably some way to do each of these with proper encryption. For
point 3, maybe having a separate key for each folder, then giving others
access to that key when you share. And with some creativity there are probably
ways to implement every Dropbox feature in a fully secure way.

But to someone who is somewhat familiar with security issues, all of Dropbox
just “feels” like a service where they have access to everything (with proper
access controls of course). Thoughts?

I’ve certainly been a lot more careful about what I put in my Dropbox, unlike
Backblaze where I trust the encryption more (but not fully).

~~~
Vitaly
I'm using Backblaze but I want to move exactly because I don't trust them. And
the reason is the stupid way the restore is done. You have to __give them the
password __and they decrypt it for you. You can't get encrypted files and
decrypt yourself. Stupid. FAIL.

------
nopassrecover
In response to this summary of FTC complaint, I'm just not sure how Dropbox
have violated their agreement with the customer.

One of the strongly emphasised features of Dropbox is deduplication (i.e. so
you won't need to re-upload massive files if someone else already has), and if
you are particularly security conscious, presumably you would have made the
effort to read about how Dropbox stores their files and considered whether
this method was adequately secure for you prior to use.

I'm assuming the single key is related to deduplication, and although I don't
understand why you couldn't simply store a key per user, I'm not even sure
whether that would be more or less secure given that insiders with access to
the encrypted files can probably also get access to the database of encryption
keys.

As far as some select employees having access to your files, surely this is to
be expected - the alternative is they get sued/charged by the authorities and
are forced to implement an even more compromising solution than a couple of
Dropbox employees having access (e.g. a backdoor for the RIAA).

~~~
HedgeMage
I agree that it's hard to argue that people were deceived, especially
considering that I've chosen not to use Dropbox from the start _beacause_ they
only used one key for everyone, because employees could access my files, and
so on.

If I (with no degree, no formal training in information security, just my
wits) knew, why didn't everyone? I'm tempted to assume "because they didn't
care to read anything more than the Dropbox marketing blurbs that say
'secure'".

That said, select employees having access to your files may be expected (as
it's the most common practice in consumer backup and file hosting solutions),
but it's not necessary.

I use rsync.net for my backups because I can generate a key and use it to
encrypt my data _without sharing that key with anyone else_. Even rsync.net's
employees can't read my stuff. (Please note that this is a different type of
service than Dropbox: because all my data is encrypted I can't just click to
share it with others.)

 _(I don't have any affiliation with Dropbox or rsync.net. I'm just a consumer
who chose one over the other.)_

------
wmf
Don't try to get technical info from InformationWeek; link to the primary
source (FTC complaint) or nothing.

------
noduerme
They did say in certain terms, on their site, that their employees could not
access the files. Maybe I should have known better, but I took them at their
word. Based on that, my assumption was that the key to everything other than
my public folder was unique, and was itself encrypted with my password.

Obviously that was a dumb assumption. I'm not a security specialist, but I'm
not exactly a lay person either, and in coding sites that have had to be
secure I would never have considered writing something this way. Let alone
marketing it to general consumers and intentionally misleading them about how
secure it was.

The most important question to me now, actually, is _how do I know they're
telling the truth about having proper access controls, if they've already
shown a willingness to lie about this?_ WHO are these employees with access to
my data, and under what circumstances can they get at it? Can they just browse
through it whenever they want? What's the process? What records are kept? To
whom do you appeal? How do you know if your data's been copied?

And YES, I feel using them was a stupid decision. I uploaded my stuff without
knowing for a fact that it was safe. I only knew what they'd written and that
they had a solid reputation and that they came from here. But I absolutely do
feel violated by it. And I'd like to see some records showing that my data was
never accessed, never copied, and that it's now deleted.

------
noduerme
I choked on a sandwich when I read that part

