W3C home > Mailing lists > Public > public-privacy@w3.org > April to June 2011

How Dropbox sacrifices user privacy for cost savings

From: Karl Dubost <karld@opera.com>
Date: Tue, 12 Apr 2011 13:47:29 -0400
Message-Id: <8C9B769D-26F3-4967-9FD9-CE8BF437AF4C@opera.com>
To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
That's another part of privacy which is related to the economic value of the data, and their management. Knowing data saves cost, but sometimes by lowering our chances of privacy. 

How do we keep a right balance?
How do we make the users aware?
How a choice is not a choice? (example: you can say no cookies but the site becomes unusable).



On Tue, 12 Apr 2011 17:33:36 GMT
In slight paranoia: How Dropbox sacrifices user privacy for cost savings
At http://paranoia.dubfire.net/2011/04/how-dropbox-sacrifices-user-privacy-for.html

    Dropbox, the popular cloud based backup service
    deduplicates the files that its users have stored
    online. This means that if two different users store
    the same file in their respective accounts, Dropbox
    will only actually store a single copy of the file
    on its servers.

    The service tells users that it "uses the same
    secure methods as banks and the military to send and
    store your data" and that "[a]ll files stored on
    Dropbox servers are encrypted (AES-256) and are
    inaccessible without your account password."
    However, the company does in fact have access to the
    unencrypted data (if it didn't, it wouldn't be able
    to detect duplicate data across different accounts).

    This bandwidth and disk storage design tweak
    creates an easily observable side channel through
    which a single bit of data (whether any particular
    file is already stored by one or more users) can be
    observed.

    If you value your privacy or are worried about what
    might happen if Dropbox were compelled by a court
    order to disclose which of its users have stored a
    particular file, you should encrypt your data
    yourself with a tool like truecrypt or switch to one
    of several cloud based backup services that encrypt
    data with a key only known to the user.


-- 
Karl Dubost - http://dev.opera.com/
Developer Relations & Tools, Opera Software
Received on Tuesday, 12 April 2011 17:47:59 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:23:52 UTC