How safe is Dropbox?

ropbox takes the security of your files and of our software very seriously. We use the best tools and engineering practices available to build our software, and we have smart people making sure that Dropbox remains secure. Your files are backed-up, stored securely, and password-protected.

Thanks for clarifying Jerry.

Given that there is copyright infringing material on all cloud storage servers I'm interested how Dropbox (or any other cloud storage business) would ensure that customers data wouldn't be lost should their servers be taken down and seized in a similar fashion to Megaupload for example.

Your files are actually safer while stored in your Dropbox than on your computer in some cases. We use the same secure methods as banks.

Dropbox takes the security of your files and of our software very seriously. We use the best tools and engineering practices available to build our software, and we have smart people making sure that Dropbox remains secure. Your files are backed-up, stored securely, and password-protected.

It's not a question of if you backup the files or not, or even if there's secure access (similar to online banking), etc. etc. What he's on about is "if" one of your clients (i.e. someone with a Drop-Box account) places some copy-righted file on your server (say he's ripped a CD and placed the mp3s there), this is illegal. If he's found out, these files would then cause some legal agency (whoever that may be where your servers are located) to go to your premises and confiscate the entire server. E voila! No more drop-box available until the legal aspects can be sorted out. So at best all your clients would loose access to their data for a "while", to be restored later after it's been deemed not to be illegal data. But usually such takes years, and even then it's not too much of a mind-leap to imagine some inept government department simply blanket-stating that all this data is illegal and destroys the lot.

Now you have a backup (hopefully off-site), which this government didn't notice and thus didn't confiscate. As soon as you restore this backup onto a new set of servers, that government chappie's back at your door before you can turn the damn thing on!

I don't think there's any way anyone is going to get around that particular nettle! You can move the physical location of your servers to some country with less strict copyright laws (say Russia / China), but then you'll find that 50% (or even more) of your clientele may have your IP address blocked (due to all the spam coming from those countries' sites). And even then you're not entirely without risk of getting your servers confiscated, laws may change, or even more probably some backhanders are paid.

The only way I can even begin to imagine something like this not becoming an issue, is if you actively peruse each upload onto your servers to check if such seems to be illegal. Then if such found to remove the file(s) and discontinue the relevant customer's access. But then that fails other aspects of "security & data safety" - i.e. it means you would have access to the data yourselves (no encrypted & password-protected files on your server, or at least you being able to circumvent the encryption). And in that case you're no better than Google, even if you say you are not going to use this data.

Thus, from my point of view: Say I have only my work files on your server, I never place any infringing material there (i.e. no hacked games, or ripped musinc, or copied movies, or whatever) - all those files are only my own company's files. Say also some of those files are relating to a very sensitive project which might fail if it was know publicly (say it's some government secret building we're designing - worst case scenario). You (or one of your employees) see this file while checking for legality, notices what it's about and realises they can make huge quantities of money by selling it to other governments. We loose not only that project, but are sued by the government for leaking top sensitive data ... whatever happens we will never again get a project from that client! And all because some kid somewhere has descided to save his copied games on your server.

Nope, to me online backup is nothing but a farce. Online is for sharing, that's it! Even then only share non-sensitive stuff online. No-one should even attempt to think any online server is secure and safe, it's a contradiction in terms.

I think given the political clout of the copyright lobbyists this is a very important consideration for anyone using or thinking about using any cloud storage/cyberlocker setup. I see an ongoing cat and mouse game between the MAFIAA et al versus cloud storage server providers. What makes this war more likely is the developer API that many storage facilities have (including Dropbox) that allows their services to be integrated into other applications.

Here's a prime example; Boxopus is a bittorrent protocol download client that integrates with dropbox accounts. Many people (less honest than myself) might use this program to download movies, software, audio or e-book files in breach or copyright law......straight into their dropbox. This makes Dropbox a high profil target for takedown action by the authorities.

What's the chances of this kinda thing catching on you might ask, why would people go to the trouble of setting up this kinda system to download illegal material? Well privacy and anonymity is the obvious one. Usually with bittorrent protocol downloads the system works by resolving ipaddresses with other bittorrent clients. This means it's difficult to download bittorrent files without your ipaddress being in the swarm which means it can be seen and you can be traced. Many pay money for a VPN or proxy service to avoid getting their ipaddy harvested. Apps like Boxopus mean you can download to a dropbox account which gives you a cheap (free) and easy level of privacy. This is what will make it a popular solution for piracy privacy and will also make both the application itself and Dropbox a target. The higher profile a target Dropbox becomes the more the likelyhood of collateral damage to other users when the service gets taken down.

I use Dropbox as an example here because it's one of the most popular cloud storage solutions but all the others are similarly vulnerable.

Okay I was a little premature with the example above. Unfortunately it looks like Dropbox has dropped Boxopus even though the app was in full compliance of DMCA and Dropbox Terms of Service.

This does kinda throw the spotlight on how skittish the cloud storage providers are in the wake of the Megaupload debacle.

Here just in : http://www.theregister.co.uk/2013/01...buzzword_tech/

So it seems at least the EU is a bit concerned that these cloud based servers are prime targets for crackers. And we've seen in the recent past just how many sites were in deed cracked - e.g. LinkedIn, and DropBox itself: http://gigaom.com/2012/08/01/dropbox...e-were-hacked/

So even the so-called "security" is not there. The issue mentioned by the EU seems logical: A cracker might not go to all the trouble to hack into your own server, because simply the data contained there is rather a lot less than a cloud (or cloudish) server. But for some central online backup / cloud / filestore - that enticement is reversed. Much more bang for their effort if they can crack into such - so the probability of a cracker trying would be a lot greater. This makes me highly concerned - as a programmer myself, I know there's no such thing as an ABSOLUTELY secure system. If you are able to log in and do something, then the best you can hope for is to make it as secure as possible, but never impossible to crack.

It's like a door, you can kick in a bathroom door pretty easily. But a safe door requires a specialist with special equipment, yet it's still not impossible to get in. And no matter how "safe" your door - if someone's stolen the key and / or keycode (similar to the DropBox débâcle - i.e. stolen passwords), then the most secure safe door is equivalent to an opening in the wall. And yet more similar: if you place all your valuables in the safe, but store only a handful of gems in a drawer - the probability is that a cat burglar is going to go for the safe - just because the payoff is greater if he succeeds.

Note: A Hacker is NOT a cracker: http://www.tcs.org/ioport/apr05/hackers.htm