The Inquirer-Home

Dropbox advises users with privacy concerns to add their own encryption

But warns it will break some features if you do
Wed Jul 23 2014, 15:08

Dropbox logoDROPBOX HAS DEFENDED its record on privacy following allegations by NSA whistleblower Edward Snowden that it is "hostile to privacy".

At the launch of its UK operation today, we asked head of Product at Dropbox for Business Ilya Fushman how the firm would respond to Snowden's claims.

He told us that if users are concerned they can always add their own encryption. "We have data encrypted on our servers. We think of encryption beyond that as a users choice. If you look at our third-party developer ecosystem you'll find many client-side encryption apps."

However, he warned that advanced functionality, including many of the features announced at today's briefing, would not be possible if client-side encryption is enabled.

"We want to deliver a best in class experience and how to reconcile that with encryption is something that we continually evaluate," he said.

"It's hard to do things like rich document rendering if they're client-side encrypted. Search is also difficult, we can't index the content of files. Finally, we need users to understand that if they use client-side encryption and lose the password, we can't then help them recover those files."

Outlining the company's attitude to security, he went on, "You have to understand that we are all users of Dropbox. I store my own most personal information on Dropbox, down to a scan of my social security card. Dropbox, as a company, even works on Dropbox, so security and privacy are very much top of line for us."

Fushman pointed out that despite criticisms by Snowden and widespread condemnation of the firm's appointment of Condeleezza Rice to the board of Dropbox, that the Electronic Freedom Foundation (EFF) actually ranked Dropbox's record on privacy very highly.

"We just got a six star rating from the EFF for how we handle people's data and how we handle it in light of government inquiries," he said. "We were one of the first companies to publish a transparency report telling people what requests and enquiries we've actually had."

While this is indeed true, Dropbox admitted at the time that it was not as transparent as it would wish to be. As a result, Dropbox has also been working with third parties to improve tranparency over matters such as NSA requests. "At a high level we see that as being incredibly important, because cloud services give you an incredible amount of productivity.

"It's game-changing and I don't think anyone wants to go back to a world of USB drives, so its something that we as an industry have to address, and we're working with other Silicon Valley companies to push for legislative change."

Despite the company's strong defence of its security credentials, it has fallen victim to problems many times, most recently after it was discovered that shared links could be adapted to access other files. In 2012, a Dropbox employee was hacked at another service where he had used the same password and many Dropbox users were spammed as a result. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Microsoft's Windows 10 Preview has permission to watch your every move

Does Microsoft have the right to keylog users of its Windows 10 Technical Preview?