[pmiller2]

Yep, that makes sense. IIRC, they also have some sort of global deduplication system, don't they? That also implies they have access to your unencrypted files.

Edit: That's what I get for commenting before reading the paper. They literally mention deduplication in there.

[ghayes]

Not necessarily. You could use homomorphic encryption and, for example, encode the file with a hash of the file as the key material for encryption. All such files will encode identically for each user, but it will be opaque to the server what the contents are unless the server already has the plain-text of the original file. This was used by other cloud storage companies (that are now defunct).

[Dylan16807]

Convergent encryption, not homomorphic, is what you use to deduplicate encrypted files.

[rvnx]

https://techcrunch.com/2011/06/20/dropbox-security-bug-made-...

This makes me believe there is no problem for Dropbox to read content in clear.

[TeMPOraL]

> Not necessarily. You could use homomorphic encryption

I think that's still far from being possible in practice. IIRC, the best homomorphic encryption can do now is to run simple queries on very small datasets, on a supercomputer, with performance of a 386?