[arashf]

hi there, arash from dropbox here. all data is (as we state in the referenced help article) encrypted before it's stored on the backend.

all data on dropbox can be made shareable and is web viewable. as a consequence, we do need the ability to decrypt in the cloud.

re. employee access to files - there are controls to prevent this. for example, even drew (founder/CEO), doesn't have physical access to our storage servers anymore.

for very sensitive data, there's always the option to use truecrypt (we even offer this as a recommendation in our security documentation: https://www.dropbox.com/terms#security)

[huhtenberg]

What's the ETA for detailed security architecture whitepaper?

"(A)ll data is encrypted before it's stored on the backend" statement is completely worthless unless (at the very least) you also describe how the keys are generated and managed.

[bradgessler]

Technically speaking, whats the point of encrypting data on the backend if you can decrypt it? This strikes me as a waste of computations for no real gain.

[jackowayed]

Someone in an Amazon datacenter that gets ahold of a random backup tape/hard drive can't read it. I'm not sure if Dropbox is hosted on EC2, but if not, it means that Amazon couldn't read the data at all. (If it's hosted on EC2, Amazon could probably get ahold of the key if they really wanted to)

[bradgessler]

Going off of that assumption, what if the decryption keys were also stored in an Amazon data center? It is then possible for Amazon read the contents of these files.

I'd like to hear from Dropbox how this works instead of speculation.

[msg]

If their storage API is compromised your data isn't... you need to compromise their decryption API and the storage API.

With luck the same sets of staff will not have access to both, et cetera.

[AndyNemmity]

What about allowing government access to files? Do you require a warrant?

Under what circumstances?

[arashf]

we take as firm as stance as possible on user privacy (google faces and fights these very issues)

the government needs to comply with the provisions of the electronic communications privacy act by obtaining a warrant supported by probable cause (or in some cases a court order from a judge). these safeguards protect user privacy, even when the government is involved.

[otterley]

Yes, but under the Stored Communications Act (18 U.S.C. 2703), no warrant is needed to obtain communications stored longer than 180 days.

This is why encryption of data in the cloud, where the keys are not held by the provider, is essential.

[bradgessler]

Assuming you store files as a combination of a hash digest function as a key and file data as a value; what controls do you have in place to handle situations where law enforcement discovers some sort of 'illegal' file data on one users account subsequently requests details on users with hash digests that match the data in that file?

[arashf]

de-duplication doesn't make users any more vulnerable to intrusive government actions. today, a government agency could ask any online service to provide the names of all users who have a particular file, whether or not the service employs de-duplication. and in that case, the government would also need to support its request with a warrant or court order. the rules that provide a check against unwarranted government snooping apply to online services equally, regardless of their backend architecture.

[bradgessler]

To parse that, are you saying that under such a circumstance, a government agency would have to provide the names of each person they suspect have that particular file? Or could they demand the names of all users that have a particular digest of that file?

[arashf]

basically, the government could try to make that type of request independent of backend implementation. what protects users against such an obtrusive action (effectively violating every user's privacy in search of the bad guys) are the provisions of the electronic communications privacy act.

[cpeterso]

Due to Dropbox's implementation of de-duplication of identical files, any user can (in theory) determine whether (but not who) some other user is storing the same file. If you upload a file that any other user has aleady uploaded, your file transfer will be nearly instantaneous.

See: "How Dropbox sacrifices user privacy for cost savings"

http://paranoia.dubfire.net/2011/04/how-dropbox-sacrifices-u...

[nikcub]

A point of feedback: I know it is illegal for you to inform users if you have received a warrant for their data, but you should devise a method where a flag such as 'third party access' is set in the user preference panel to let them know that somebody has accessed the data

architect this flag as part of any 'admin' access and describe it on your website - users would feel better about it

if the feds know your system is designed in a way that you can't help but to inform users that data has been accessed, it might dissuade them from approaching you with warrants in the first place

[JabavuAdams]

Interesting technical idea, but it ignores how power works.

The govt will just request that they change the code so that you're in compliance.

[nikcub]

I poured through the laws and talked to a lawyer about it, though this was years ago. It is illegal to inform a user directly in any way, they can't make you re-architect your system to provide them a backdoor unknown to the user.

also the wording can not mention 'warrant' or 'fbi' so it has to be something like 'third party access'

I have been meaning to do this as a 'project' with full legal advice etc. and suggest it to google, other cloud providers

Edit: found that rsync.net already do this, in a different way, as a warrant canary: http://www.rsync.net/resources/notices/canary.txt

[ethankaminski]

Wait, Truecrypt? Haven't I seen warnings in the Truecrypt docs against keeping several copies of the same file? And doesn't Dropbox backup every little change? You might want to add a note on your security page that storing encrypted files on a service with automated backups, like Dropbox, may pose security risks.

[JoachimSchipper]

Really? That'd be amazingly broken - consider any of the append-only log-structured filesystems currently in vogue on Linux, which are very likely to preserve multiple versions of any file being stored (right?). Not to mention normal backups.

[roel_v]

How does the second part follow from the first? What is the 'security risk'?

[itistoday]

Everything on your website that in any way addresses "Dropbox's security" should make absolutely clear the extent to which users can expect their data to be "secure".

In Dropbox's case, users can expect the following:

  - Data is probably secure from sniffers

That's it.

It matters little whether "Drew has physical access to our storage servers anymore". Your code obviously has easy access to the keys used to encrypt and decrypt the data. This means all of the following scenarios are possible:

  - User's data is obtained via the government (users 
    aren't necessarily even informed about this)
  - User's data is obtained by rouge employee (potentially
    leaking to _anyone_ or _anything_)
  - User's data is obtained by hacker (again, implies ZERO 
    assurance of data security).

So don't flash around "AES this or that" without making it absolutely clear to the average user that what you are doing is the equivalent of storing their data in a shed guarded by a lock that can be accessed by anyone who can find (or demand) the key that you've hidden under a rock somewhere.

[arashf]

you're right in that all these things are theoretically possible in a system where the encryption key is not stored client-side. I don't know of many services that advertise every way in which their systems could be compromised. I think you'd be hard pressed to find a company doing this. in the case of google - is there a document explaining all the places your email could end up?

we believe that what we advertise is in our userbase's best interest. in theory, we could generate a lengthy document attempting to explain every possible way dropbox could be compromised. but in practice, discussing these extremely unlikely theoretical vulnerabilities would generate undue fear. as an ironic sidenote: this thread was spawned by an attempt we made to clarify our handling of court orders (see: http://www.businessinsider.com/dropbox-updates-security-term... )

I say "undue fear" for a couple reasons. first and foremost because we are vigilant about making sure that user data is never compromised. our reputation would be permanently damaged if dropbox is compromised. we have a lot of smart, security conscious people making sure data in dropbox is safe.

we're also listening to feedback we've been hearing from the community on things we can do to improve security. a couple concrete examples: we're working on better protecting the authentication token (config.db) so that gaining access to a dropbox account on a compromised machine is much more difficult. similarly we're working on a performant way to transmit file metadata over SSL on the mobile apps.

secondly, we believe that storing data in dropbox is far more safe than the alternatives. we've designed dropbox to protect user data against threats of all kinds, but we've focused the most on helping users avoid the most common threats to their data: not having any backups at all, not having current backups, accidentally deleting files, losing hours of work, leaving files on the wrong computer, losing a USB drive with sensitive info, protecting from curious snoopers on the dorm network, etc.

for all the talk of security issues in the last few weeks, we're not aware of anybody having been affected by these theoretical vulnerabilities. on the flip side, we have (literally) saved thousands of college kids from losing their theses :-).

[rakkhi]

Arash good security is about mitigating theoretical risks before they become actual.

I am most disappointed in Dropbox because you had made statements like all our data is AES encrypted and our staff do not have access to your data. These are clearly incomplete for the former and are plainly not true for the latter. They are misleading and un-ethical in that they have assisted you in gaining you all these customers. As stated above you should clearly stop using security as selling point and only state you provide security in transit (https) or actually put in place technical measures to make those statements true.

Personally I will no longer be recommending Dropbox and will instead recommend your competitors including changing my answers on Quora: http://www.quora.com/Dropbox?q=dropbox

[JoachimSchipper]

Really, dropbox is probably more secure than most complainers' computers; but when you say things like

    - All transmission of file data occurs over an encrypted channel (SSL).
    - All files stored on Dropbox servers are encrypted (AES-256)

and this turns out to mean "file metadata may not be encrypted" and "all files stored on Dropbox servers are encrypted with the same key (AES-256)"... well, people are going to call "snake oil".

[chernevik]

This is a discussion of the consistency of advertised security claims with disclosures about availability of data to government subpoena.

In that context, statements like "we believe that what we advertise is in our userbase's best interest" make my ears prick up. I'm not a crypto expert, but this sort of thing does not seem like a straightforward response to the OP.

[caf]

The point is that these are the kinds of claims you should be making in the marketing. Users are smart enough to understand "We are vigilant about making sure that user data is never compromised". You shouldn't be trying to bamboozle them with official-sounding acronyms like AES - that when it comes down to it, mean little.

[halostatue]

There are classes of users who will consider it snake oil if well-known encryption algorithm names aren't used, because it implies home-grown encryption.

[techiferous]

"Our reputation would be permanently damaged if dropbox is compromised."

This is why I trust DropBox with my data: because I'm a paying customer. That means our goals are aligned.

[jwr]

But you are not Google, and I expect you to have higher standards. Don't take Google as the reference data point, it's a fairly low one as far as reference data points go.

On a related note, Dropbox is not the only company that advertises security even though what really is offered is kind-of-security. See Backblaze, for example — yes, the data is (supposedly) encrypted using my private key, which (supposedly) only stays on my machine, but I can't be sure because it isn't auditable, and to do a restore I have to supply my private key to the Backblaze website, instead of using a local decryption tool. Not good.

[bxr]

>we're not aware of anybody having been affected by these theoretical vulnerabilities. on the flip side, we have (literally) saved thousands of college kids from losing their theses

I like the idea of what your service does, but this statement just advertizes the success of one feature to back up the failings of another.

If you just want to offer file storage, just set up an http-only svn server and be done with it.

If you want to offer proper encryption, do so, or don't say that you do.