Dropbox Lied to Users About Data Security, Complaint to FTC Alleges | Threat Level | Wired.com.
Read the above article, it’s quite good and covers the problems that many geeks have with Dropbox. I have to admit that I’m quite fond of finding ways to “Have my cake and eat it too” and in the spirit of that saying it’s important to highlight a core issue that needs to be covered: If you don’t manage your own security, you don’t have any.
Every service is vulnerable to a search and seizure order as long as it’s hardware exists within the United States. Any company that claims that they protect your data even from this basic assumption is lying to you. You can help them by helping yourself. The people who run Dropbox certainly have aims to secure your data, otherwise nobody but a scant few would be willing to store their data in the cloud. This situation is only half-way to what is really required to make a service like Dropbox a real charmer. It comes down to security and I’ve written about it at length before. The end user has to meet Dropbox for the other half of the way. Dropbox encrypts their data using AES-256 and they have a master key that they use along with yours so that they can maintain a backdoor in case of a search and seizure order to fulfill. Protect yourself by using any number of applications, ranging from TrueCrypt, iCrypt, openssh, to encrypted DMG files. If you create one of these encrypted files to store your private information then send it to Dropbox, even if they have to divulge the file to the authorities all they can provide them is another AES-256 encrypted file that they don’t have a key to. When the authorities try to pry open the file, all they’ll see is noise, because they don’t have your key.
It’s really quite easy when you think of it, Dropbox is at most 50% secure. You can provide another 50% making your use of Dropbox 100% secure. It all comes down to going that little extra inch with any of the tools covered above. I can’t help but really love encrypted DMG files as they are the most convenient to use with Macs. You just double-click on the DMG file, enter in your password, and the volume is mounted as if it were a drive on your computer. All the files are plain and easy to use. Ejecting the drive after you are done using it closes it and the data lives 100% secure in the cloud.
Getting bent because Dropbox only gives you 50% security is rather dumb. Anyone at all has to assume that it maxes out at 50% irrespective of what Dropbox claims. If you are smart and secure your own effects, then you’ve nothing to worry about and can get over this silly thing without a single thought. Makes sense to me.