- From: Karl Dubost <karld@opera.com>
- Date: Tue, 12 Apr 2011 13:47:29 -0400
- To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
That's another part of privacy which is related to the economic value of the data, and their management. Knowing data saves cost, but sometimes by lowering our chances of privacy.
How do we keep a right balance?
How do we make the users aware?
How a choice is not a choice? (example: you can say no cookies but the site becomes unusable).
On Tue, 12 Apr 2011 17:33:36 GMT
In slight paranoia: How Dropbox sacrifices user privacy for cost savings
At http://paranoia.dubfire.net/2011/04/how-dropbox-sacrifices-user-privacy-for.html
Dropbox, the popular cloud based backup service
deduplicates the files that its users have stored
online. This means that if two different users store
the same file in their respective accounts, Dropbox
will only actually store a single copy of the file
on its servers.
The service tells users that it "uses the same
secure methods as banks and the military to send and
store your data" and that "[a]ll files stored on
Dropbox servers are encrypted (AES-256) and are
inaccessible without your account password."
However, the company does in fact have access to the
unencrypted data (if it didn't, it wouldn't be able
to detect duplicate data across different accounts).
This bandwidth and disk storage design tweak
creates an easily observable side channel through
which a single bit of data (whether any particular
file is already stored by one or more users) can be
observed.
If you value your privacy or are worried about what
might happen if Dropbox were compelled by a court
order to disclose which of its users have stored a
particular file, you should encrypt your data
yourself with a tool like truecrypt or switch to one
of several cloud based backup services that encrypt
data with a key only known to the user.
--
Karl Dubost - http://dev.opera.com/
Developer Relations & Tools, Opera Software
Received on Tuesday, 12 April 2011 17:47:59 UTC