Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ben Adida on Dropbox security: "grab the pitchforks… again" (benlog.com)
16 points by sweis on April 19, 2011 | hide | past | favorite | 6 comments


I guess most people, like me, aren't so worried that they can access my files but more worried about the fact they said in great big letters that they can't. Why should we trust anything they write there then? Are they stored encrypted or not? Are they reaaally transmitted over SSL or not? (ok, I know, I know...)

Just don't go putting bullshit in your product specs and no one will have any issues, m'kay!


> Why should we trust anything they write there then?

Because we are Dropbox users and fans. We were rabidly praising it yesterday, so today we can't really critisize it, even while it spews lies at us. The cognitive dissonance would be too unbearable to handle.


If you don't want someone else reading your files, don't send them your files. I'm not really understanding all the uproar over Dropbox. I guess it's a side effect of becoming the established leader. They host my photos, some code I don't particularly care about and some other random junk like my resume. I guess if they want to read up on my employment history they are welcome too, but I'm surprised at how many people here seem to be uploading sensitive data to a third party and then getting grumpy about the idea (not even the accusation) of that third party being able to access it.


The thing about Dropbox is that they were making the same claims (from the perspective of a non-technical person) that other you-manage-your-own-encryption-key cloud storage sites were making. You put someone non-technical in-front of the marketing materials of say, Jungledisk, and Dropbox and people might even come away thinking that Dropbox must be even more secure since they're the market leader. And that's part of the problem in this case -- leadership implies trust.

Dropbox used to have a FAQ somewhere that made of point of informing users that they cannot set their own encryption key (but Dropbox hoped to implement that functionality soon). Anyone with technical chops can read that and know that the encryption key(s) are centrally managed on the Dropbox internal network and anyone gaining access to that internal network can gain access to all of the documents. But your average non-techie accountant, CEO, or sale guy...?


>I wish, instead of picking on whichever startup suddenly succeeds, we picked on the industry as a whole.

The industry is made of individuals, and complaining about the practices of an industry has to be done in broader strokes than the complaints against dropbox were. Dropbox gave the complaining parties specific holes to point to when someone tried to dismiss the significance of the claims.

Even if there were specifics shared across all cloud providers, it is unfortunately the case that such a broad attack would not draw the attention of the offender or offended as well. Thats not the best route to take when you're trying to raise awareness of the issues.


Ben offers a level-headed overview of the recent concerns over Dropbox security and privacy.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: