Dropbox Will Hand Over Your Files to the Feds If Asked

[nsane.forums]

Popular cloud-storage service Dropbox has updated its terms of service to include a clause that states it will turn your files over to the government--if the government asks, of course.

This is nothing groundbreaking, Business Insider points out --it's a fairly common clause that appears in other cloud services' TOS, including Gmail, Hotmail, and Amazon cloud.

Dropbox is one of the leading cloud-storage services, and it works by installing a special "cloud" folder to your computer's hard disk. Any files you place in this special folder are then synced with your Dropboxes around the world (you can install Dropbox on any number of computers, phones, and tablets), and can be accessed from any Dropbox-enabled device.

The updated passage reads:

As set forth in our privacy policy, and in compliance with United States law, Dropbox cooperates with United States law enforcement when it receives valid legal process, which may require Dropbox to provide the contents of your private Dropbox. In these cases, Dropbox will remove Dropbox's encryption from the files before providing them to law enforcement.

Ok, so no worries--so long as you're not doing anything wrong, you should be fine. So why is this news?

Well, as programmer Miguel de Icaza points out on his personal blog, Dropbox makes some "bold claims" about security on its Website. Specifically, it says that Dropbox uses "modern encryption methods" to transfer and store your data, and that nobody, not even Dropbox employees, are able to access user files. In fact, here's the exact wording:

"Dropbox employees aren't able to access user files, and when troubleshooting an account they only have access to file metadata (filenames, file sizes, etc., not the file contents)."

De Icaza points out that Dropbox's claim that it's able to decrypt user files if the government asks contradicts its previous public statements.

"They claim that Dropbox employees aren't able to access user files," de Icaza writes, "This announcement means that Dropbox never had any mechanism to prevent employees from accessing your files, and it means that Dropbox never had the crypto smarts to ensure the privacy of your files and never had the smarts to only decrypt the files for you."

Troubling. Perhaps it's time to rethink your cloud storage service. Also, stop saving your child porn and drug money receipts in your Dropbox folder.

View: Original Article

[AceXMachine]

I do not consider this a big deal nor do I believe DropBox was "lying" necessarily when it said its employees don't have access to the data. I work for a wireless carrier. As a tech, I cannot "see" your actual text messages themselves, but with a court order or subpoena, our legal department can get that information for law enforcement. Similiarly, I cannot track your phone via its GPS even if it is on, but legal can get that information with the proper request from law enforcement (like in the case of a missing person). It would be naive and even ridiculous to assume that no one at DropBox could get your data, if needed. It is reasonable, however, that the power to do so is limited to the department that deals with legal issues and law enforcement in compliance with the law.

[Bizarre™]

If one is paranoid in uploading files, then archive it, compress it, encrypt it, and rename it.

Although if one is truly paranoid, do not attempt any access to the internet. That works best.

[myidisbb]

only a kcufing fool would use this bs new age naming that they call cloud these days. any freaken remote software will allow the same thing and give you actually protection.