|
DropBox lied about security measures
Using the Cloud (whatever this word really means) for storage has become more and more convenient. Cloud storage is hailed as secure, fast, cheap, stable, efficient and more; it is truly the dream of every marketing department. "Hassle-free, batteries not included, your mileage may vary, …", but let's not forget: "There ain't no such thing as a free lunch"
The DropBox' cloud storage service is advertised with the slogan "Your stuff is safe". However the company reviewed its website claim about security. They changed the sentence "All files stored on Dropbox servers are encrypted (AES256) and are inaccessible without your account password." to "All files stored on Dropbox servers are encrypted (AES 256)." which carries a vastly different meaning. There's more. Another part of the claims were changed, stating clearly that the service provider has access to the user's data: …we have a small number of employees who must be able to access user data for the reasons stated in our privacy policy… Remember, your data is only secure if you have the encryption keys and if you control who has access to these keys. If you use the Cloud or any other service not under your control, you will most certainly not possess the keys, thus someone else will always have access to your data. Keep this in mind. Security needs to be designed and reviewed. Make sure that you plan ahead before distributing your data all around the world.
|