The Dropbox, darling among backup services and data synchronization, should explain to their users. For a long time the company stated that the data sent to their servers are completely safe and there is no chance of another person other than the file owner access it. However, one researcher found that things are not right there.
Christopher Soghoian, a student of American doctorates, has initiated a formal complaint with the Federal Trade Commission to make this curious statement that the data is overprotected be ascertained. According to the student, the business practice (and publicity) of Dropbox deserves to go to public scrutiny.
Dropbox uses what we call a hash to analyze the content of files uploaded by users. If it is equal to another file that already exists on the servers of the company, Dropbox does the upload again, but still adds the file to the list of user documents. It is as if trying to send the alice-in-the-parents-maravilhas.pdf (fictitious name, ok?), The server detects that a file already exists with the same hash and avoid duplication of documents equal.
To the student dropbox officials might well view the contents of files. It is worth remembering that the company is the sole owner of the keys to encrypt and then reverse the process of encryption of documents.
In theory, there is no point that servers undergo AES 256 (considered the most powerful of the market with large-scale use) if the files can be viewed.
After the complaint be made, Dropbox has changed the way informs its users about the security aspects of the service. On page about it, the part that says the files "are inaccessible without the password for your account" has been completely removed from the text.
One of the fears is that Dropbox inadvertently released the files that was supposed to be under encryption, mainly due to court orders. The company itself says, still on his page about security, that a limited number of employees can access user data, since in the circumstances stated in the privacy policy, which includes legal decisions.
Some competitors say that the service will also offer complete security for stored data. The difference lies in the encryption process, since the keys of this process are stored in the user's machine. In Dropbox is different, which complicates the situation of the company in the FTC.
