Hacker News new | ask | show | jobs
by arashf 5533 days ago
we take as firm as stance as possible on user privacy (google faces and fights these very issues)

the government needs to comply with the provisions of the electronic communications privacy act by obtaining a warrant supported by probable cause (or in some cases a court order from a judge). these safeguards protect user privacy, even when the government is involved.
2 comments
otterley 5533 days ago
Yes, but under the Stored Communications Act (18 U.S.C. 2703), no warrant is needed to obtain communications stored longer than 180 days.

This is why encryption of data in the cloud, where the keys are not held by the provider, is essential.

link
bradgessler 5533 days ago
Assuming you store files as a combination of a hash digest function as a key and file data as a value; what controls do you have in place to handle situations where law enforcement discovers some sort of 'illegal' file data on one users account subsequently requests details on users with hash digests that match the data in that file?
link
arashf 5533 days ago
de-duplication doesn't make users any more vulnerable to intrusive government actions. today, a government agency could ask any online service to provide the names of all users who have a particular file, whether or not the service employs de-duplication. and in that case, the government would also need to support its request with a warrant or court order. the rules that provide a check against unwarranted government snooping apply to online services equally, regardless of their backend architecture.
link
bradgessler 5533 days ago
To parse that, are you saying that under such a circumstance, a government agency would have to provide the names of each person they suspect have that particular file? Or could they demand the names of all users that have a particular digest of that file?
link
arashf 5533 days ago
basically, the government could try to make that type of request independent of backend implementation. what protects users against such an obtrusive action (effectively violating every user's privacy in search of the bad guys) are the provisions of the electronic communications privacy act.
link
bradgessler 5533 days ago
Link http://en.wikipedia.org/wiki/Electronic_Communications_Priva...
link
cpeterso 5533 days ago
Due to Dropbox's implementation of de-duplication of identical files, any user can (in theory) determine whether (but not who) some other user is storing the same file. If you upload a file that any other user has aleady uploaded, your file transfer will be nearly instantaneous.

See: "How Dropbox sacrifices user privacy for cost savings"

http://paranoia.dubfire.net/2011/04/how-dropbox-sacrifices-u...

link