Dropbox Can Access Your Files
It looks like Dropbox has deceived users about the security and encryption of its services in order to give them a boost. The FTC complaint filed against Dropbox for telling users that their files were completely encrypted and that Dropbox employees could not see the contents of the file. Contrary to what Dropbox was saying, Christopher Sohoian, a PhD student published data last month showing that Dropbox could see the contents of the files, putting users at risk of government searches, nosy Dropbox employees, and companies looking to slam individuals with copyright infringement issues.
Unfortunately for Dropbox, Sohoian has already spent a year working at the FTC and claims that Dropbox has and continues to make deceptive statements to consumers regarding encrypted data, leading to a deceptive trade practice that can be investigated by the FTC. Dropbox responded in saying that they believe it is a false claim and maintain that they encrypt all their user’s data.
Just last month, Dropbox revised it’s statement from “All files stored on Dropbox servers are encrypted (AES256) and are inaccessible without your account password.” to “All files stored on Dropbox servers are encrypted (AES 256).” Supan from Dropbox said that employees cannot access the files although they do in-fact have the encryption keys. The company also added that in rare exceptions, they may access your personal data stored on the cloud for legal matters. How would you like your personal cloud data used against you? So what is Sohoian looking for exactly? He is asking the FTC to force Dropbox to further clarify its website, contact all Dropbox users and tell them they can access their data, and offer refunds to ‘Pro’ users.