Comments
Dropbox File Brouhaha: Use Case Is The Issue
Oldest First  |  Newest First  |  Threaded View
Page 1 / 2   >   >>
IMjustinkern
50%
50%
IMjustinkern,
User Rank: Strategist
9/17/2013 | 3:02:10 PM
re: Dropbox File Brouhaha: Use Case Is The Issue
Solid stuff, Jonathan ... getting a handle on specific use cases and your own data behind the scenes remains the best path to security.
Laurianne
50%
50%
Laurianne,
User Rank: Author
9/17/2013 | 4:37:53 PM
re: Dropbox File Brouhaha: Use Case Is The Issue
Cloud=bad does not have any nuance to it, as Jonathan points out. Thankfully the security researcher who brought this issue into the public eye never tried to frame his discussion that way. Also thankfully, Dropbox responded quickly to user concerns.
vintsurf
50%
50%
vintsurf,
User Rank: Apprentice
9/18/2013 | 1:09:50 PM
re: Dropbox File Brouhaha: Use Case Is The Issue
Exactly. The explanation of the automated process made sense and it turns out that this applied to any service that offers this browser specific feature. It may be possible that many people (especially users of the desktop client) did not realize what the "effects of rendering low-quality previews" truly meant. Just another piece of info they can use to assess risk.
Other services were tested and no responses were received from the files, so that seemed interesting. A theoretical attack surface was mitigated due to the discussion as well. The follow-up post mentioned encryption options if privacy is a consideration for any service that may offer this feature.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
9/18/2013 | 3:29:47 PM
re: Dropbox File Brouhaha: Use Case Is The Issue
What if you encrypted the Word docs before uploading them to DropBox? Then they could not be previewed, right?
vintsurf
50%
50%
vintsurf,
User Rank: Apprentice
9/18/2013 | 3:34:58 PM
re: Dropbox File Brouhaha: Use Case Is The Issue
Correct, they could not be previewed. A key would be needed to decrypt the file and it would not be best practice to store the key in the same location as the encrypted files.
jfeldman
50%
50%
jfeldman,
User Rank: Strategist
9/18/2013 | 10:05:35 PM
re: Dropbox File Brouhaha: Use Case Is The Issue
Haha, except that Word encryption is notoriously flawed (or at least it was in the past). ;-)

For what it's worth, I agree with Laurie - definitely appreciated that you were balanced about the disclosure. Still, you should have seen the press releases that I got from vendors - "this proves, once and for allGă¬" Even when you ARE balanced, there's someone out there that isn't.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
9/19/2013 | 12:34:22 AM
re: Dropbox File Brouhaha: Use Case Is The Issue
I wonder whether those who sued Google for "reading" their Gmail will now target Dropbox for "reading" text documents?
vintsurf
50%
50%
vintsurf,
User Rank: Apprentice
9/19/2013 | 1:05:27 AM
re: Dropbox File Brouhaha: Use Case Is The Issue
I recommended Boxcryptor or Truecrypt for encryption options. These would be encrypting the file rather than password protecting. I agree with you that file specific passwords may not be the best approach.

Thank you for mentioning the balance regarding the disclosure. It certainly can be difficult to sort through the FUD at times like these.

Stop by a meeting sometime if you're available!
mask my content
50%
50%
mask my content,
User Rank: Apprentice
9/19/2013 | 9:04:30 AM
re: Dropbox File Brouhaha: Use Case Is The Issue
Dropbox checks docs because of the so called deduplication process. It means if you upload anything to their servers, they check it, whether it is up already. If it is, they provide a shortcut to the already uploaded file and delete yours. (eg. this works very well wit videos and music files). it is a common market practice among public cloud providers like Dropbox, Google Drive and so on, even many of those do it, who claimed to be secure (like Wuala). As far as I know dedup. is unavailable by client side encrypted tools, so you can skip all this trouble by using eg. Tresorit. Boxryptor is good to encrypt your dropbox, truecrypt is not really for could it's service focuses on local encryption.
agullandeh1
50%
50%
agullandeh1,
User Rank: Apprentice
9/19/2013 | 9:06:28 AM
re: Dropbox File Brouhaha: Use Case Is The Issue
When moving to the cloud I weighed up Dropbox to similar providers and found their security not meeting my requirements and in the end signed up with SpiderOak who have a zero knowledge privacy policy. Their web UI is a little clunky however
Page 1 / 2   >   >>


The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.