Dropbox Security

Discussion in 'iPad' started by Piggie, May 16, 2011.

  1. Piggie macrumors 604

    Piggie

    Joined:
    Feb 23, 2010
    #1
  2. deeddawg macrumors 604

    Joined:
    Jun 14, 2010
    Location:
    US
    #2
    Thats right in the TOS: https://www.dropbox.com/terms#security

    Third paragraph under Privacy.


    Not sure why this would be a surprise... I'd expect anything I put on a cloud service that wasn't encrypted by me would be readable by someone at the service company. :confused:
     
  3. tritonj macrumors 6502a

    Joined:
    Jun 12, 2008
    #3
    and it is for these reasons i never store anything important out on the web
     
  4. maclaptop macrumors 65816

    maclaptop

    Joined:
    Apr 8, 2011
    Location:
    Western Hemisphere
    #4
    It doesn't matter what you do, if your doing it, or communicating it, over the internet it's not secure or private.

    Anyone who thinks otherwise is in denial. It's as simple as that.

    Learn how the internet actually works and it will really open up your level of awareness.
     
  5. Don Kosak macrumors 6502a

    Don Kosak

    Joined:
    Mar 12, 2010
    Location:
    Hilo, Hawaii
    #5
    Well, the sad scary truth is that if your data is in your home PC, and your home PC is plugged into the Internet for even a few minutes a day -- it is probably less secure than in DropBox or iDisk.

    Consumer grade operating system, router, and firewall security is pretty much a joke. You may (or may not :eek:) have your WiFi locked down, but even so -- it's not all that difficult to come in right through your Cable Modem or DSL line.

    If you have a commercial grade Cisco router, firewall, intrusion detection hardware, a full time 24 x 7 security staff at your home PC, then you can claim that the Cloud is "less" secure.

    Otherwise, you're fooling yourself.
     
  6. tritonj macrumors 6502a

    Joined:
    Jun 12, 2008
    #6
    the difference is no cares about my computer, so no one is making the effort to hack into it to take anything, there is nothing of value for them. now the cloud is an entirely different story, it is actually worth their time to try to hack that to get data because there is actually useful info in there
     
  7. SPEEDwithJJ macrumors 65816

    SPEEDwithJJ

    Joined:
    Nov 2, 2008
    #7
    Yes, you have good points. However, what makes you think that there are less possibilities & incentives for a hacker to hack into DropBox than your own home PC? :confused: Furthermore, maybe I'm just totally ignorant, but you really think that the DropBox service is that much more secure than your own home PC? :confused:
     
  8. Piggie thread starter macrumors 604

    Piggie

    Joined:
    Feb 23, 2010
    #8
    So is anyone going to trust Apple's new, future iCloud service with anything important/personal?

    Or are you all going to Assume than Apple are gong to retain the right to nose around your files if they so wish?
     
  9. deeddawg macrumors 604

    Joined:
    Jun 14, 2010
    Location:
    US
    #9
    I won't "Assume" anything, I will read the TOS like anyone ought to do.

    The fact of the matter is any cloud provider must retain some level of permissions that allow certain individuals the ability of file-level access to whatever you put out there. That's just part of the operational realities of such a business.

    There are people at your bank, credit card company, brokerage, IRS, etc. with access to your personal information. People at your doctor or hospital with full access to your medical history. Whats so different here?

    A smart person is already encrypting any truly sensitive files anyway. No telling when/where your computer might get stolen.

    I'm kind of curious though -- what sort of stuff are you keeping on your computer that you're so concerned about an anonymous stranger seeing?
     
  10. MacDawg macrumors P6

    MacDawg

    Joined:
    Mar 20, 2004
    Location:
    "Between the Hedges"
    #10
    If I was 007, Jason Bourne or part of the Mission Impossible team, I might be concerned... but then again, I would likely not be using DropBox for my storage

    But honestly, there is absolutely nothing of value in any of my data
    If someone wants to read my divorce papers for a laugh or steal my login to the Papa John's pizza site... have at it

    I pretty much welcome someone to steal my identity so they can take on all of my debt ;)

    If you store it, someone can get it, period
     
  11. bufffilm, May 17, 2011
    Last edited: May 17, 2011

    bufffilm Suspended

    bufffilm

    Joined:
    May 3, 2011
    #11
    what you're claiming is bull and if you really knew what you were talking about, it would be evident. stop trying to scare people.

    a properly configured router (NAT translation, no port forwarding, etc) plus a properly configured client (disable most MS services on the internet facing NIC, + software firewall) and that would defeat all but the most knowledgeable hackers. it goes without saying that wireless is turned off too. sure they could probably kill my internet connectivity with a DOS attack but that's another matter entirely.

    it would take a user action (to initiate a payload whether browser or attachment based) for you to establish a connection into the system.

    my data on my PC is a lot more secure & private than anything in dropbox (unless dropbox offers encryption).
     
  12. fertilized-egg macrumors 68020

    Joined:
    Dec 18, 2009
    #12
    I'm also confused as to why he thinks DropBox is an exceptional case. If you do anything online that's not directly encrypted, it'll be accessible by someone at the service provider. But people still use Facebook, Google and Bing.

    Just last year, we've had these reports:

    http://gawker.com/5637234/?tag=valleywag
    http://therumpus.net/2010/01/conver...ernet-5-anonymous-facebook-employee/?full=yes
     
  13. peterjcat macrumors 6502

    Joined:
    Jun 14, 2010
    #13
    That's what the TOS say now. Back when a lot of us signed up they made a big deal about how nobody at Dropbox could possibly access our data ever. I didn't believe them, but it's not quite as simple as reading the TOS.
     
  14. steadysignal macrumors 6502a

    steadysignal

    Joined:
    Dec 21, 2010
    #14
    thanks for repeating the obvious to many how are already aware.

    privacy in the cloud is an illusion. you have zero privacy, get over it.
     
  15. deeddawg macrumors 604

    Joined:
    Jun 14, 2010
    Location:
    US
    #15
    I've only recently used dropbox, so I'll just take your word on what the TOS did or didn't say previously.

    Glad you didn't believe them, since it's even simpler than reading TOS:

    If you store unencrypted files on someone else's storage, then someone might access and read those files. They might be breaking TOS, company policy, laws, etc. but those only create repercussions and only if you find out; they don't prevent the access in the first place.
     
  16. peterjcat macrumors 6502

    Joined:
    Jun 14, 2010
    #16
    I agree, though I'd make this clarification to avoid doubt: "If you store files that you haven't encrypted yourself on someone else's storage..." since the whole deal with Dropbox was that they claimed to encrypt your stuff automatically so that their own staff couldn't (not just wouldn't) access it -- which is why the new state of affairs is controversial at all.
     
  17. Piggie thread starter macrumors 604

    Piggie

    Joined:
    Feb 23, 2010
    #17
    So.....................

    Let's say you encrypt your personal data.

    You upload it into Dropbox, or iCloud.

    The government then, I suppose has the legal right to force you to decode this information if they feel you are storing something you should not.

    I believe that's the case in the UK, unsure about US, and if you refuse to do so, I believe you would be deemed guilty of whatever you are suspected of.

    Can anyone confirm?
     
  18. Night Spring macrumors G5

    Night Spring

    Joined:
    Jul 17, 2008
    #18
    My understanding of US law is that the government will need a court order to compel you to provide the encryption key. And in order to get the court order, they need to convince a judge that they have reasonable cause. If you refuse to comply, you could get charged with contempt of court, or perhaps even obstruction of justice, but you can't be convicted of whatever they suspected you of in the first place, assuming that the encrypted material is the only definitive evidence against you.
     
  19. Phil A. Moderator

    Phil A.

    Staff Member

    Joined:
    Apr 2, 2006
    Location:
    Shropshire, UK
    #19
    In the UK, we have specific legislation (under the Regulation of Investigatory Powers Act) that makes it a legal requirement to divulge encryption keys when demanded by the Police as part of an investigation: The right to not self-incriminate has been deemed not applicable in the case of handing over encryption keys

    Failure to comply is a crime in and of itself and carries a penalty of 2 years in jail (5 years if terrorism is suspected)
     
  20. rekhyt macrumors 65816

    Joined:
    Jun 20, 2008
    Location:
    Part of the old MR guard.
    #20
    1. Really interested in how you encrypt stuff and manage your files. Do you just create a sparse bundle using Disk Utility and set a password on there or do you use TrueCrypt to create a disk image and like the sparse bundle, mount and use your files from there?

    I've been wanting to do this for a while but it seemed rather troublesome because I have lots of different folders on my desktop, and lots of sub-folders under that. You'd also miss the value of file versioning without Time Machine, wouldn't you?

    I thought about FileVault but it takes too much storage and I've heard that it will slow down your computer, so I decided against it.

    2. Just don't like other people seeing my stuff. Can't answer for others though. Most of my important stuff are essays and probably some design-experiments, writing, lots of stuff that I have collected on the Internet (Design inspiration, DeviantArt things, ...), tutorials/lists, ...
     
  21. deeddawg macrumors 604

    Joined:
    Jun 14, 2010
    Location:
    US
    #21
    *If* you're doing something that you'd be concerned about the government discovering, it'd be mindbogglingly stupid to put that on the cloud whether encrypted or not. Can we not bother with worrying about the situations requiring the primary actor to be a moron? I'm assuming most people here to be reasonably intelligent individuals.



    #1 -- work computer (PC) is encrypted with PGP whole disk encryption. Backups are to a TrueCrypt volume on an external drive. On my personal computer, any sensitive items like passwords and account #'s are stored in eWallet which provides its own encryption.

    #2 -- Each to their own I guess. I don't really care. If someone wants to read stored emails or grad school assignments, no big deal. I don't have anything in my computers that I'd be embarrassed about other people seeing. Perhaps I lead what others would call a boring life, but there's nothing I need to hide from anyone including wife and kids. (there's a whole different discussion of why people do stuff they'd be afraid of other people discovering, but not going there today)
     
  22. Night Spring macrumors G5

    Night Spring

    Joined:
    Jul 17, 2008
    #22
    People may not have anything to hide, but they may still not like the idea of random strangers being able to snoop through their stuff. Everyone has an underwear drawer, there's nothing shameful or illegal about having one, yet few people would feel comfortable if anyone else could take a peep at what's inside.
     
  23. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #23
    The current state of the law on this in the U.S. is a bit blurry. The prevailing thought and most case law says you cannot be compelled by the police or a court order to give up your password because doing so would violate your fifth amendment right not to incriminate yourself. There was a case where the district attorney said they would agree not to use the fact the person knew the password as evidence against them, so that negated the fifth amendment defense. I don't recall the outcome of that case, which to my mind was nothing but a way to skirt a valid fifth amendment right.
     
  24. deeddawg macrumors 604

    Joined:
    Jun 14, 2010
    Location:
    US
    #24
    Exactly why I said "each to their own".

    Anything you don't want the possibility of someone looking through shouldn't be out on the network in unencrypted format. Regardless of what the storage provider says is supposed to happen, the fact that someone else has physical control and access over the storage means there will always be the possibility of someone accessing those files. Might be a rogue admin, might be a screwup on the storage providers part, but once you give up physical control you open yourself to that possibility.

    To use your underwear drawer analogy -- do you ever let anyone in your house that you don't accompany everywhere at all times? Cleaners, contractors, friends, party invitees? Rhetorical question meant only to point out that there are aspects of physical security/privacy we don't really think about.
     
  25. Night Spring macrumors G5

    Night Spring

    Joined:
    Jul 17, 2008
    #25
    Yeah, I was unsure how the fifth amendment related to this. But let's say fifth amendment is not an issue -- say, police suspects that my encrypted file contains evidence against my friend Bob. They'd need a court order to compel me to decrypt the file, no?
     

Share This Page