[jimwise]

It's kind of obvious dropbox wasn't storing raw file blocks encrypted, or there wouldn't be much point in doing dedupe -- any reasonable crypto algorithm should be giving you output close enough to random that two users storing the same data with different keys would not dedupe with each other.

So unless they were only deduping two copies of the same file blocks if they were stored with the same key, at least the data blocks are being stored plain.

As for who can access the fact that a given block is yours -- well, they still make substantially better promises than most ISPs or hosting companies do.

So yeah. Have reasonable expectations about how private data there is, and decide what to store there accordingly -- and if, before this change, you were expecting them to fight a warrant for you (or even say no if threatened with one) rethink your plan.