 |
|---|
|
Administration Support Security Installation Information About us Contact Services |
|
Partners agent°ex Attingo Datenrettung Crowes Agency OG FOO nets.at |
| - RSS English - |
| - RSS Deutsch - |
DropBox lied about security measures
Using the Cloud (whatever this word really means) for storage has become more and more convenient. Cloud storage is hailed as secure, fast, cheap, stable, efficient and more; it is truly the dream of every marketing department. "Hassle-free, batteries not included, your mileage may vary, …", but let's not forget: "There ain't no such thing as a free lunch"
The DropBox' cloud storage service is advertised with the slogan "Your stuff is safe". However the company reviewed its website claim about security. They changed the sentence "All files stored on Dropbox servers are encrypted (AES256) and are inaccessible without your account password." to "All files stored on Dropbox servers are encrypted (AES 256)." which carries a vastly different meaning. There's more. Another part of the claims were changed, stating clearly that the service provider has access to the user's data: …we have a small number of employees who must be able to access user data for the reasons stated in our privacy policy…
The article where the quotes came from has a detailed review of the security claims and the actual security provided. It's well worth reading before fully trusting this service - which is true for all services provided by third-parties.
Remember, your data is only secure if you have the encryption keys and if you control who has access to these keys. If you use the Cloud or any other service not under your control, you will most certainly not possess the keys, thus someone else will always have access to your data. Keep this in mind. Security needs to be designed and reviewed. Make sure that you plan ahead before distributing your data all around the world.