So yea, its not so uncommon for cloud-based service providers to have some sort of agreement to hand over files to US authorities after decrypting them after providing some valid warrant of some sort.
So, if you’re not doing anything wrong, you’re off the hook, right?
In my case, My Dropbox has some work-related documents which are really sensitive (Uninstalling the software from my devices before it’s too late), I’m not that off the hook.
Here’s an interesting thing I’ve read over the internet (Actually, my boss passed it by) and caught my attention on how poopy things logically were.
According to the source, Dropbox have claimed that the files are encrypted and not even Dropbox employees are able to see the data’s contents. Which contradicts with Dropbox’ statement about handing the files to authorities decrypted. Y’know what? I’ll just do the usual copy-pasta thing:
Here’s Dropbox’ statement about not being able to take a peek at contents:
Dropbox employees aren’t able to access user files, and when troubleshooting an account they only have access to file metadata (filenames, file sizes, etc., not the file contents).
And here’s Dropbox’ words regarding decrypting Dropbox security stuff while handing them to authorities:
You can see some contradictions here. Though they urged those with privacy paranoia to decrypt their own files before storing them since Dropbox guys will only decrypt Dropbox encryption, not yours.
On a side note, here’s a funny article that shows how insecure file transfer from client to Dropbox cloud because the client’s key is hash-stored in plain text which if you’ve copy-pasta-ed that to your computer, you can basically access the victim’s files.
So yea, if you don’t have embarrassing duck face pictures in your Dropbox account, kiddie porn, secret documents or anything sensitive, you’re probably OK. Other than that, use a different provider (Or better yet, make your own if possible).
One thought on “And I just started using Dropbox: Dropbox to handover files to feds if asked.”
*sigh* time to uninstall drop-box