This is the first time I've heard someone on HN actually ask for more security theatre. Sure, Dropbox could spend seven figures to get a ISOxxxx whatever consultancy to draw up a 125 page document describing their internal checks, do the obligatory all-hands yearly mandatory training where you have to get 10/10 questions right and question 1 is "A user has uploaded naked pictures of themselves to their account. True or false: it is permissible to download these and take them home with you.", etc etc.
And they'd be exactly where we are today:
1) Yes, we could look at your data any time we want to. This is an inevitable consequence of letting you look at your data any time you want to.
2) We promise not to abuse our power #1.
3) If you don't trust us on #2, you should not do business with us.
That's a severe oversimplification, IMO. Just recently there was news that duplicating the host_id from the Dropbox config onto another system will immediately gain access to all of the Dropbox files associated with that host_id, without further authentication.
It's not security theatre to acknowledge that the security in such a system could be improved, especially as an option for those that require it.
#3 could easily be paralyzing for many businesses. There are already services (like Tarsnap) which are engineered to not require you to trust them; why should we ignore such services and limit ourselves to doing business only with those companies that we can trust implicitly?
As a specific example, I've had a client for a few years which is government funded and quite paranoid about security. However, they also need to communicate with outside contractors. I don't advise them to "trust" their ISP, the outside contractors' network, and all the other businesses in-between. I tell them that nothing sensitive leaves the building unless it's been encrypted, and that once someone else opens that file, it can no longer be considered secure in any sense.
"Trust us" is not a compelling requirement for doing business, nor can businesses limit themselves only to relying on service providers that they trust. Fortunately, the technology exists now to eliminate that requirement.
Dropbox is currently off-limits to all employees at my client.
I think you're missing the point. On their website it says "Dropbox employees aren't able to access user files, and when troubleshooting an account they only have access to file metadata (filenames, file sizes, etc., not the file contents)" and in their terms of service they say that they will turn over files to a government agency if subpoenaed.
The problem isn't security theater, it's the fact that both of the above can't be true at the same time. In other words: Dropbox lied.
hi there, arash from dropbox here. all data is (as we state in the referenced help article) encrypted before it's stored on the backend.
all data on dropbox can be made shareable and is web viewable. as a consequence, we do need the ability to decrypt in the cloud.
re. employee access to files - there are controls to prevent this. for example, even drew (founder/CEO), doesn't have physical access to our storage servers anymore.
for very sensitive data, there's always the option to use truecrypt (we even offer this as a recommendation in our security documentation: https://www.dropbox.com/terms#security)
I don't care. I use Dropbox because of the unparalleled feature set and ease of integration. I have my taxes stored on Dropbox, along with a lot of other sensitive information. They're in an encrypted RAR file with a line-noise passphrase, just like they would be if I were storing them anywhere (including locally -- after all, what if Mallory steals your hard drive? Or, to parrot the most common movie plot threat, what if the NSA secretly breaks into your house when you're out at the movies and images all your disks then slips them back in without your knowledge?)
The features DB offers for sharing, web access, etc. are well worth the tradeoff, and I am ashamed to see the security pedants constantly pillorying Dropbox because it's not some imaginary "verified secure" system. They don't advertise to be that. A claim of "we encrypt your files with RSA" should be utterly meaningless to you without knowledge of how the key is controlled, and a few seconds' thought and examination of the feature set should inform you that yes, Dropbox has to have the key to decrypt the files. That doesn't make the claim of "your files are encrypted" any less true.
Do a lot of people think that Dropbox is some sort of super-private service?
I'm no security expert, but do I hope it's obvious to most people that Dropbox wouldn't be able to do stuff like reset your password if they didn't have access to the contents of your files at some level. A truly secure and private service would look a lot different, and be much more complicated to set up. That's the tradeoff.
>I hope it's obvious to most people that Dropbox wouldn't be able to do stuff like reset your password if they didn't have access to the contents of your files at some level
Those are pretty damn high hopes even for the average user from the generation that grew up with computers.
1. Sensationalism aside, Dropbox should review questionable security claims to reduce false sense of security if any. With millions of users, careless words formed out of marketing needs are no longer needed. What Dropbox users need now is more clear picture of what they are giving up to gain Dropbox's services.
2. The weakest security link is the user and their computer, not Dropbox which has enough financial incentives at stake to be diligent security wise. In the end, no computer open to external data or code is safe. What protect most users today is actually not security technologies but cost/benefit ratio to potential attackers, tempered by goal and scale. 99.9999% of Dropbox user data is useless to attackers and cost of mining questionable nuggets out continually expanding sea of data from 20 million users is not a trivial task.
3. While it's true that user must trust Dropbox in the end, some of its security measures could use strengthening even if it's just intended to raise the level of sophistication necessary to steal Dropbox data.
Regardless of how you want to parse a company's public statements and written policies, it's the height of naivete to think that a data host (ANY host) wouldn't share your data with law enforcement or has encrypted data in such a way that they guarantee that no one can access it.
If you have sensitive data, encrypt it yourself. Encrypt it on your local drive, back up encrypted data, encrypt it before uploading it to Dropbox. Doing otherwise is akin to not having a proper backup process: it's either because of laziness or ignorance.
Dropbox didn't lie. This is simply a misinterpretation (or misunderstanding) of what's meant by the phrase "Dropbox employees aren't able to access user files". It's not the same as saying "It's impossible." The fact is, if you send a company your unencrypted data, it's obviously possible for them to view it at some point. Otherwise they could never encrypt it in the first place. So when they say that employees aren't able to access it, they mean that they, as a company, choose not to access it.
A good analogy is the post office. Anyone who works there and handles your mail could, if they so desired, tear open your package and steal the cookies your mother sent you. We trust them anyway, because we know they take precautions to ensure it doesn't happen. Dropbox is the same, but even tougher (I doubt the average Dropbox employee has access to their decryption mechanisms, but plenty of people at the post office can unseal your envelopes).
That said, to not acknowledge it as even possible for the company you send your data to you be able to access that data seems, to me, a bit naive. That's not the promise they made, and so the claim that they lied is false.
The plain English meaning of the words "aren't able to access user files" is not the same as "choose not to access user files".
Dropbox could just keep keys in a store where only automated user accounts can get to them -- ones where only the founders have passwords, or they are in escrow. I think there are ways to restrict the access to founders and a fail-safe, without opening them up to anyone who works at Dropbox.
All this press about Dropbox is getting ridiculous. I'm almost suspecting it's a hit job, but I'm wondering why people like De Caza are getting involved.
Pay attention to the two following rules. They are, and always have been true. Write them down if need be:
1.) The government can demand files from any US (and many non-US) companies. The company is then legally-obligated to turn them over.
In the past, the government has even successfully demanded data without the proper warrants (read about the VZW/AT&T/Qwest/NSA fiascos).
2.) Your cloud data is always subject to security breaches and provider employee abuse. Encrypt accordingly (I prefer DMG and TrueCrypt).
It is possible to design a Dropbox-like system with the following properties:
1. Files are stored encrypted.
2. The service provider does not have the ability to arbitrarily decrypt the files. By "arbitrarily decrypt" I mean decrypt at any time they wish. They will be able to decrypt if the owner's client is actively connected.
3. When someone uploads a file that is identical to an existing file, it initially is stored separately, but in most cases can be eventually de-duplicated, without compromising #1 or #2.
Scratch that. I've got an even better design than what I was thinking of above. It makes it so the service provider never has access to the unencrypted data, and they can fully de-dup immediately, and it supports all Dropbox features.
Let F be an arbitrary file.
Let N(F) be the name your client knows the file by.
Let H(F) be a hash of the file that produces a 256 bit hash.
Let AES(X,K) be X encrypted using AES with key K.
When you upload to the cloud, you upload AES(F,H(F)). In a local database, you store (N(F), H(F)). When you later retrieve the file from the cloud, you receive the encrypted data, and you can lookup the key, H(F), in your local database.
Note that if two different upload files with the same content, they pick the same encryption key (since the key comes from a hash of the content), and so the same data gets uploaded. The service can thus do de-duplication, even though it has no access to unencrypted data.
So far, all this provides is secure storage. What makes Dropbox useful is that a file uploaded on one computer can be downloaded on another, and that only works if the downloader knows H(F).
This is solved by also uploading a copy of that local database I mentioned, the one that stores the (N(F), H(F)) pairs. This can be encrypted with the account password.
Syncing between different devices on the same account is then a two step process. First, the name/key database is synced, and then both devices have access to the keys and then the files can be synced.
I believe web access can be handled via this system. Dropbox's web interface requires Javascript, so it could have the browser retrieve the name/key database and decrypt it using the account password, which gives it the access to the key to decrypt a given file.
For shared folders, you can use a public key system, where the keys for the shared files are encrypted with the public keys of each person you are sharing the folder with, and the encrypted key files are stored in the cloud. Anyone accessing the shared folder grabs the key file for the folder and uses their private key (which is protected by the account password) to get K(F) for the file.
I believe this covers everything Dropbox does, with the properties that:
1. They can't decrypt your files.
2. They can de-duplicate completely.
3. Your account password is the key for everything for you.
4. It satisfies all of their advertising claims for security.
at the expense of conveniences like web access, document previewing, simple sharing, etc. - sure :-). if your answer to the web access concern is: derive the key from the password, who's to say we wouldn't store the key and later use it to decrypt your data?
web access non-withstanding, you'd be making a leap of faith to believe that the client is 100% trustworthy and that encryption is actually happening. at some point you have to make a decision as to whether or not you trust the entity (dropbox, google, or anybody else). if you don't, you should use something like truecrypt between you and the service.
all arguments made against dropbox apply to your gmail attachments, gmail mail, google docs, etc.
If the service provider can ever decrypt the file, then you have to trust them, and then it isn't secure. When it comes to security, you can't trust anybody.
The only way to secure your files in a Dropbox style situation is to use your own client-side encryption that the service provider has no access to... IE the Truecrypt solution that keeps being suggested.
hi there,
arash from dropbox here. all data is (as we state in the referenced help article) encrypted before it's stored on the backend. I'm not sure why you're concluding that de-duplication implies lack of encryption. the de-duplication occurs prior to encryption.
all data on dropbox can be made shareable and is web viewable. as a consequence, we do need the ability to decrypt in the cloud.
re. employee access to files - there are controls to prevent this. for example, even drew (founder/CEO), doesn't have physical access to our storage servers anymore.
for very sensitive data, there's always the option to use truecrypt (we even offer this as a recommendation in our security documentation: https://www.dropbox.com/terms#security)
Relying on others to safeguard/encrypt your personal data just doesn't make sense to me, in the same way that closed-source cryptography doesn't make sense.
If dropbox is claiming a false sense of security then that is an issue, but users that truly care about their data should resort to truecrypt or something where they are the only ones who control access. You can sync your files with dropbox and keep them safe with a truecrypt volume. Or if that is to much of a pain, only do so for sensitive files. Have your cake and eat it too!
Wouldn't they have to keep the keys on their servers? Otherwise when my computer dies, I wouldn't be able to access my files from a different computer.
This is the second completely unreasonable press attack on Dropbox. They are so unreasonable that I have trouble believing a reasonable person would think they are valid complaints unless they were trying to sell me a competing product.
Everyone with any security sense knows:
1. If someone gains access to your computer, and they can read your hard drive, and your computer can automatically log in to some service, then they can log in to that service.
2. If you can access the data without decrypting it locally, then your service provider can too. In a fantastically secure system, they will have decide to do and then wait for you to log in, but that's pretty unusual.
I predict next week we will get an article pointing out that I can get your files by breaking into your email account and then using the reset password feature.
Dropbox is a good service, and I am sure file access is limited to a few employees, but I wouldn't use it for sensitive data or for a business. Any service where you do not control the encryption keys, e.g. Box.net, and myriad others will have the same issue. It's all about tradeoffs. Ultimately they can access your data. The truecrypt option may solve it for some but that means the whole archive has to be shared.
AltDrive unlimited online backup versions your files and allows you to control your encryption key. It runs on *nix, OSX, Windows, and other OSs. http://altdrive.com
I don't know if that's how dropbox does it, but I could imagine that they have a master key to which normal employees don't have access, you need the founder and a trusted second person to retrieve it.
Thus their statement "Dropbox employees aren't able to access user files, and when troubleshooting an account" wouldn't be too far off the mark, and they can still make the data available to the government, on request and with higher effort.
forgive me if I'm naive, but can file hashes be spoofed in any way? I'm thinking upload a bunch of files that hash to random numbers, then download the de-duplicated original files.
could someone more knowledgable in this area tell me if this is a credible threat?
[+] [-] patio11|15 years ago|reply
And they'd be exactly where we are today:
1) Yes, we could look at your data any time we want to. This is an inevitable consequence of letting you look at your data any time you want to.
2) We promise not to abuse our power #1.
3) If you don't trust us on #2, you should not do business with us.
Except they'd be out seven figures.
[+] [-] thaumaturgy|15 years ago|reply
It's not security theatre to acknowledge that the security in such a system could be improved, especially as an option for those that require it.
#3 could easily be paralyzing for many businesses. There are already services (like Tarsnap) which are engineered to not require you to trust them; why should we ignore such services and limit ourselves to doing business only with those companies that we can trust implicitly?
As a specific example, I've had a client for a few years which is government funded and quite paranoid about security. However, they also need to communicate with outside contractors. I don't advise them to "trust" their ISP, the outside contractors' network, and all the other businesses in-between. I tell them that nothing sensitive leaves the building unless it's been encrypted, and that once someone else opens that file, it can no longer be considered secure in any sense.
"Trust us" is not a compelling requirement for doing business, nor can businesses limit themselves only to relying on service providers that they trust. Fortunately, the technology exists now to eliminate that requirement.
Dropbox is currently off-limits to all employees at my client.
[+] [-] mixmax|15 years ago|reply
The problem isn't security theater, it's the fact that both of the above can't be true at the same time. In other words: Dropbox lied.
[+] [-] arashf|15 years ago|reply
all data on dropbox can be made shareable and is web viewable. as a consequence, we do need the ability to decrypt in the cloud.
re. employee access to files - there are controls to prevent this. for example, even drew (founder/CEO), doesn't have physical access to our storage servers anymore.
for very sensitive data, there's always the option to use truecrypt (we even offer this as a recommendation in our security documentation: https://www.dropbox.com/terms#security)
[+] [-] tlrobinson|15 years ago|reply
[+] [-] bdhe|15 years ago|reply
You could have client side javascript that decrypts the files. http://crypto.stanford.edu/sjcl/
[+] [-] gergles|15 years ago|reply
The features DB offers for sharing, web access, etc. are well worth the tradeoff, and I am ashamed to see the security pedants constantly pillorying Dropbox because it's not some imaginary "verified secure" system. They don't advertise to be that. A claim of "we encrypt your files with RSA" should be utterly meaningless to you without knowledge of how the key is controlled, and a few seconds' thought and examination of the feature set should inform you that yes, Dropbox has to have the key to decrypt the files. That doesn't make the claim of "your files are encrypted" any less true.
[+] [-] thought_alarm|15 years ago|reply
I'm no security expert, but do I hope it's obvious to most people that Dropbox wouldn't be able to do stuff like reset your password if they didn't have access to the contents of your files at some level. A truly secure and private service would look a lot different, and be much more complicated to set up. That's the tradeoff.
[+] [-] bxr|15 years ago|reply
Those are pretty damn high hopes even for the average user from the generation that grew up with computers.
[+] [-] donpark|15 years ago|reply
1. Sensationalism aside, Dropbox should review questionable security claims to reduce false sense of security if any. With millions of users, careless words formed out of marketing needs are no longer needed. What Dropbox users need now is more clear picture of what they are giving up to gain Dropbox's services.
2. The weakest security link is the user and their computer, not Dropbox which has enough financial incentives at stake to be diligent security wise. In the end, no computer open to external data or code is safe. What protect most users today is actually not security technologies but cost/benefit ratio to potential attackers, tempered by goal and scale. 99.9999% of Dropbox user data is useless to attackers and cost of mining questionable nuggets out continually expanding sea of data from 20 million users is not a trivial task.
3. While it's true that user must trust Dropbox in the end, some of its security measures could use strengthening even if it's just intended to raise the level of sophistication necessary to steal Dropbox data.
[+] [-] latch|15 years ago|reply
Something I very recently heard: "World of Warcraft has had RSA-style two-factor token authentication for years, and my bank still doesn't"
[+] [-] icedpulleys|15 years ago|reply
If you have sensitive data, encrypt it yourself. Encrypt it on your local drive, back up encrypted data, encrypt it before uploading it to Dropbox. Doing otherwise is akin to not having a proper backup process: it's either because of laziness or ignorance.
[+] [-] csallen|15 years ago|reply
A good analogy is the post office. Anyone who works there and handles your mail could, if they so desired, tear open your package and steal the cookies your mother sent you. We trust them anyway, because we know they take precautions to ensure it doesn't happen. Dropbox is the same, but even tougher (I doubt the average Dropbox employee has access to their decryption mechanisms, but plenty of people at the post office can unseal your envelopes).
That said, to not acknowledge it as even possible for the company you send your data to you be able to access that data seems, to me, a bit naive. That's not the promise they made, and so the claim that they lied is false.
[+] [-] loumf|15 years ago|reply
Dropbox could just keep keys in a store where only automated user accounts can get to them -- ones where only the founders have passwords, or they are in escrow. I think there are ways to restrict the access to founders and a fail-safe, without opening them up to anyone who works at Dropbox.
[+] [-] bajsejohannes|15 years ago|reply
There is no need for this data to be sent unencrypted. Encryption could be handled completely on the client side.
[+] [-] bxr|15 years ago|reply
Much of that trust is based on the fact it is a felony, not what could just be an internal slap on the wrist.
[+] [-] runjake|15 years ago|reply
Pay attention to the two following rules. They are, and always have been true. Write them down if need be:
1.) The government can demand files from any US (and many non-US) companies. The company is then legally-obligated to turn them over.
In the past, the government has even successfully demanded data without the proper warrants (read about the VZW/AT&T/Qwest/NSA fiascos).
2.) Your cloud data is always subject to security breaches and provider employee abuse. Encrypt accordingly (I prefer DMG and TrueCrypt).
Why is this news? Did people not understand this?
[+] [-] tzs|15 years ago|reply
1. Files are stored encrypted.
2. The service provider does not have the ability to arbitrarily decrypt the files. By "arbitrarily decrypt" I mean decrypt at any time they wish. They will be able to decrypt if the owner's client is actively connected.
3. When someone uploads a file that is identical to an existing file, it initially is stored separately, but in most cases can be eventually de-duplicated, without compromising #1 or #2.
I'll leave the details as a fun exercise.
[+] [-] tzs|15 years ago|reply
Note that if two different upload files with the same content, they pick the same encryption key (since the key comes from a hash of the content), and so the same data gets uploaded. The service can thus do de-duplication, even though it has no access to unencrypted data.
So far, all this provides is secure storage. What makes Dropbox useful is that a file uploaded on one computer can be downloaded on another, and that only works if the downloader knows H(F).
This is solved by also uploading a copy of that local database I mentioned, the one that stores the (N(F), H(F)) pairs. This can be encrypted with the account password.
Syncing between different devices on the same account is then a two step process. First, the name/key database is synced, and then both devices have access to the keys and then the files can be synced.
I believe web access can be handled via this system. Dropbox's web interface requires Javascript, so it could have the browser retrieve the name/key database and decrypt it using the account password, which gives it the access to the key to decrypt a given file.
For shared folders, you can use a public key system, where the keys for the shared files are encrypted with the public keys of each person you are sharing the folder with, and the encrypted key files are stored in the cloud. Anyone accessing the shared folder grabs the key file for the folder and uses their private key (which is protected by the account password) to get K(F) for the file.
I believe this covers everything Dropbox does, with the properties that:
1. They can't decrypt your files.
2. They can de-duplicate completely.
3. Your account password is the key for everything for you.
4. It satisfies all of their advertising claims for security.
[+] [-] arashf|15 years ago|reply
web access non-withstanding, you'd be making a leap of faith to believe that the client is 100% trustworthy and that encryption is actually happening. at some point you have to make a decision as to whether or not you trust the entity (dropbox, google, or anybody else). if you don't, you should use something like truecrypt between you and the service.
all arguments made against dropbox apply to your gmail attachments, gmail mail, google docs, etc.
[+] [-] crux_|15 years ago|reply
[+] [-] gst|15 years ago|reply
* Wuala (using encryption but somewhat insecure deduplication)
* SpiderOak (using more secure deduplication: https://spideroak.com/blog/20100827150530-why-spideroak-does...)
[+] [-] birken|15 years ago|reply
The only way to secure your files in a Dropbox style situation is to use your own client-side encryption that the service provider has no access to... IE the Truecrypt solution that keeps being suggested.
[+] [-] patrickaljord|15 years ago|reply
[+] [-] gbog|15 years ago|reply
[+] [-] rw|15 years ago|reply
[+] [-] zdw|15 years ago|reply
And how their "encryption" on the server side is basically a lie, as they do dedupe on data: http://paranoia.dubfire.net/2011/04/how-dropbox-sacrifices-u...
I'm stunned that anyone would use them for anything for ephemeral data you wouldn't mind posting in public.
[+] [-] arashf|15 years ago|reply
all data on dropbox can be made shareable and is web viewable. as a consequence, we do need the ability to decrypt in the cloud.
re. employee access to files - there are controls to prevent this. for example, even drew (founder/CEO), doesn't have physical access to our storage servers anymore.
for very sensitive data, there's always the option to use truecrypt (we even offer this as a recommendation in our security documentation: https://www.dropbox.com/terms#security)
[+] [-] chrishenn|15 years ago|reply
If dropbox is claiming a false sense of security then that is an issue, but users that truly care about their data should resort to truecrypt or something where they are the only ones who control access. You can sync your files with dropbox and keep them safe with a truecrypt volume. Or if that is to much of a pain, only do so for sensitive files. Have your cake and eat it too!
[+] [-] MetallicCloud|15 years ago|reply
[+] [-] kevinpet|15 years ago|reply
Everyone with any security sense knows: 1. If someone gains access to your computer, and they can read your hard drive, and your computer can automatically log in to some service, then they can log in to that service. 2. If you can access the data without decrypting it locally, then your service provider can too. In a fantastically secure system, they will have decide to do and then wait for you to log in, but that's pretty unusual.
I predict next week we will get an article pointing out that I can get your files by breaking into your email account and then using the reset password feature.
[+] [-] jeffreyg|15 years ago|reply
http://www.reddit.com/r/netsec/comments/gowvu/doityourself_e...
[+] [-] joanou|15 years ago|reply
AltDrive unlimited online backup versions your files and allows you to control your encryption key. It runs on *nix, OSX, Windows, and other OSs. http://altdrive.com
[+] [-] unknown|15 years ago|reply
[deleted]
[+] [-] perlgeek|15 years ago|reply
Thus their statement "Dropbox employees aren't able to access user files, and when troubleshooting an account" wouldn't be too far off the mark, and they can still make the data available to the government, on request and with higher effort.
[+] [-] kennywinker|15 years ago|reply
could someone more knowledgable in this area tell me if this is a credible threat?
[+] [-] grandalf|15 years ago|reply
If you don't want anyone looking at your data, use your own strong encryption layer and hope that there's not a back door.