[wewyor]

What was strike 1?

I can understand them not wanting the files to be public, but as tptacek said this is probably fluffed up quite a bit.

As far as I'm concerned the only issue with how they handled it is the DMCA takedown request, and if the CTO acted as said but that is less of a factor.

If the files were never removed from the persons dropbox and only public urls disabled I'm okay with that. However if the files were removed I would probably count that as all three strikes and jump ship.

[kragen]

Strike 1 was when they got caught lying about whether their employees could decrypt your files or not.

[wewyor]

I suppose so, I always took that statement to be that employees didn't have easy access to your files (such as without decrypting from the servers).

It should have been obvious to anyone else remotely familiar with security that dropbox had/has access to your files from the simple fact that you could reset your password, as well as the web interface.

[shad0wfax]

wewyar, like kragen & iamjustlooking pointed out I considered that whole episode as strike1. I agree I am being extremely critical and have to agree in spirit that this is their real goof up. Poor security is not a reason to abandon the ship if they show an intent to fix it ASAP. What I felt a bit let down by this whole take down thing was, their initial approach was to surpress the hackers rather than fix their problem. I see in another post they seem to addressed it the loophole (?), which is the way to go. Embrace ppl tinkering this way but make your platform robust.

[iamjustlooking]

I assume strike one is this:

http://dereknewton.com/2011/04/dropbox-authentication-static...