Monthly Archives: July 2014

How Secure is Dropbox?

2 Replies

I was invited to Dropbox many, many months ago. I scanned info about it and decided the security risk might not be worth the free membership. I didn’t need it at the time so I shoved it into the recesses of my cluttered little mind.

Recently, I wished to download a free ebook. It comes Dropboxto me via Dropbox.

Now I had a decision to make. Did I pay $10 for the ebook or did I take the plunge and download Dropbox?

I downloaded Dropbox.

My first concern with Dropbox was at sign up. Their Terms Of Service shot me in the face at pointblank range.

“When you use our Services, you provide us with things like your files, content, email messages, contacts and so on (“Your Stuff”).”

Whoa. Hold on, buddy. I’m providing you with my files? How many of my files? I’m providing you with content? What kind of content and how much of it? The list of questions went on and on.

I was not letting Dropbox, or anyone else, get the drop on me. It was notcowboy hat rifling through my confidential files. I bank online, I dabble in the stock market online, and more.

It was time to saddle up and investigate.

Is Dropbox Secure?

My first order of business was to figure out what exactly Dropbox did.

Dropbox is a server that houses whatever you save to it — or anyone else saves to it — for later use by you or anyone you want to share “Your Stuff” with.

Okie dokie. That’s fine. But the elephant — or Clydesdale since I’m on an American West theme today — in the room is how deeply into my computer can an install of Dropbox dig? And could the Dropbox desktop program installed on my computer access my files without my permission?

My first clues are in Dropbox’s Privacy Policy.

1)  “If you give us access to your contacts, we’ll store those contacts on our servers for you to use.”

“If you give us access” calmed me. It told me unless I was an idiot and uploaded something, they couldn’t access it.

FYI: This quote refers to the option they give you to upload your contact list. You can; I didn’t.

2) Dropbox will legally protect my data the same if “… it’s stored on our services or on [my] home computer’s hard drive.”

This just told me Dropbox can’t access my hard drive. Only the files I choose to upload to their site. But I am gambling on the fact they have no security holes allowing unauthorized people to rustle information off my computer’s hard drive.

3) “Dropbox uses certain trusted third parties …. These third parties will access your information only to perform tasks on our behalf … “

clock with wingsI don’t have time to check out Dropbox’s trusted third parties. I am taking a leap of faith here, and praying they’d pass muster with me.

4) Dropbox also says I can — not they will — give third parties access to my info and Dropbox account. They mean third-party apps I choose to use with Dropbox.

5) Dropbox says they keep my information safe with “two-factor authentication, encryption of files at rest, and alerts when new devices and apps are linked to [my] account.”

I am very happy with the latter two statements. The first? Not so much. I pay per text received or sent.

I know what you’re thinking, We’re taking piggy banktechnology advice from a woman who has no keypad on her phone?

My personal economic philosophy is pretty much use what you have as long as it’s cost-effective, getting the job done and repairable. When it’s not, it’s time to upgrade.

6)  Dropbox’s Terms of Service include: “We need your permission to do things like hosting Your Stuff, backing it up, and sharing it.”

This tells me since my permission is needed to do things their site is designed to do, they won’t be doing anything their site isn’t designed to do …unless I give them permission.

Would I recommend Dropbox?

For some things, I would.

Dropbox seems a God-send for business people who work away from the office, and for business teams or students working on projects without the ability or need to meet frequently.

Dropbox allows a person invited to view a file to edit it also. FYI: Dropbox is working on a Read Only business option.

Any downside?

Besides security issues — I know, I know. Dropbox says they’re as secure as your bank. I’m not buying it  — the only downside I foresee is account/file maintenance.

  • Any file edited on Dropbox must be downloaded and resaved by each participant who wants/needs a final copy.
  • Once a project is finished, and all the participants have resaved the product data, any Dropbox file should be deleted and cleared.

I would never use Dropbox to back up my hard drive/files and folders. There are safer and better choices for that.

Other Cautions and Concerns:

  • Early on Dropbox was not the safest cloud to float data on. But neither were a lot of others. Recently, mostly in 2014, Dropbox has dealt with issues and strengthened their security after easy infiltration by independent security researchers and the bad press that generated. I would still never use Dropbox to convey sensitive information.
  • If you think urgent security updates, changes, or notifications will be sent to you via email by Dropbox, you thought wrong. From what I’ve read, most of Dropbox’s important security explanations and/or information is only posted on their blog. You can access it at the bottom of Dropbox’s website.
  • Dropbox still seems nosey to me. Its memory banks retain things like my phone number and physical address.
  • Dropbox does have a policy titled Government Request Principals. Users rights seem to be first and foremost in Dropbox’s mind when data is requested by government entities, and I appreciate that.
  • Their encryption is server-side, not client-side. Meaning the key codes are stored along with your data on their servers. So if the data is lost to hackers, dishonest employees, etc. so is the information to decode it. 😦

IMPORTANT REMINDERS AND WARNINGS:

  •  It’s the user’s responsiblity not to post/share files that could at any time potentially fall into the wrong hands. These would include things like your personal income tax returns, your bank statements, licenses, etc.
  • It’s always a good idea to log out of social media sites and other online sites (Dropbox included) that hold your personal information. Yes, I know it’s much easier to just leave them logged on, but logging off lessens your security risks.

Frog thoughtREADER INVITE:  There are thousands upon thousands of individual apps usable with Dropbox. I’m specifically interested in the password protection apps. The ones that keep your file password protected after it’s uploaded to Dropbox. Let me know which one is your favorite and why.

Thanks for reading, have a great day and safe computing! 😀

 

DISCLAIMER: Any and all ideas presented in this blog are solely my own unless otherwise noted. I experience troubles with technology just like any other person, and if I stumble upon a fix or suggestion I feel could benefit others I pass it along. At no time, have I suggested or implied that I hold any degrees or certificates related to computer repair.

I have during my career assembled parts into working computers; done troubleshooting on hardware and software; utilized a great many computer programs and software; designed and updated websites and blogs; as well as created brochures, banners, and flyers.