Dropbox is a file hosting service operated by Dropbox, Inc. That offers cloud storage, file synchronization, and client software. Dropbox allows users to create a special folder on each of their computers, which Dropbox then synchronises so that it appears to be the same folder (with the same contents) regardless of the computer it is viewed on.
Some statistics:
- Currently 25 million people use Dropbox.
- Dropbox members are spread over 175 countries.
- On any given day, over 200 million files are saved in Dropbox.
Not bad for a service four years old. Drew Houston, co-founder and CEO points out:
'Dropbox transforms the way people create and share their life's work. Whether that's designing buildings, writing music, or raising a family, we're focused on making it effortless to have your files wherever you need them, on any computer or phone.'
So, what is Dropbox?
From Dropbox:
'Dropbox is a service that lets you bring all your photos, docs, and videos anywhere, and share them easily. Any file you save to your Dropbox will automatically save to all your computers, your phone or iPad, and the Dropbox website.'
Dropbox offers:
- 2 GB of Dropbox space for free, with subscriptions up to 100 GB available.
- Work offline. Your files are available, whether you have a connection or not.
- Files are also available from the Dropbox website.
- Dropbox works with Windows, Mac, Linux, iPhone, iPad, Android, and Blackberry.
- To save time and bandwidth, Dropbox only transfers the parts of a file that change.
Dropbox also has the ability to share files with others. And, if your computer melts down, you can restore all your files from the Dropbox website.
Is there a problem?
Any one that knows me understands something. I ask questions, lots of questions. It's my grandfather's fault. I still can hear him: 'How in hell can you make a good decision if you don't know the facts.' Thanks to Grandpa, I pay attention if something is 'up close and personal'.
Warning: This is one of those times.
Two highly-skilled researchers Derek Newton and Christopher Soghoian have issues with Dropbox. Newton stumbled onto a viable attack vector and Soghoian found serious inconsistencies in the Dropbox privacy policy.
I use Dropbox. And, when security researchers I'm familiar with publically post warnings, a bomb goes off in my head. Besides, I know many people who use Dropbox.
So, like all good journalists—particularly those with grandfathers like mine—I feel obligated to gather the facts as presented by all parties. To that end, I contacted Dropbox. The following questions were answered by ChenLi Wang, Business Operations at Dropbox.
Kassner: The 'How secure is Dropbox?' web page states: 'Your files are actually safer while stored in your Dropbox than on your computer in some cases. We use the same secure methods as banks and the military.'
What does that mean?
Dropbox: We all have stories from our family and friends about the file that was accidentally deleted or replaced, the inadvertent coffee spill, the dropped laptop, the USB stick gone missing.
We believe that storing data in Dropbox is far safer than how many of them store data currently, and we've designed Dropbox to help users avoid the most common threats to their data.
Kassner: Derek Newton posted the following on his blog:
'If you gain access to a person's Dropbox config.db file (or just the host_id), you gain complete access to the person's Dropbox. Taking the config.db file, copying it onto another system then starting the Dropbox client immediately joins that system into the synchronization group.'
I understand this requires contact (physical or remote access) with the computer. Still, if successful, a third party would have access to all the files in the Dropbox account. Do you consider this to be a problem?
Dropbox: Unfortunately, when a computer is compromised physically or by a trojan/virus, all applications and data on the computer are at risk. That said, there were things we could do to make Dropbox more resistant to attacks from someone with access to your computer, and we immediately began working on a solution. First, we released an update to the Dropbox client software that set more restrictive permissions on the folder that stores the authentication file.
Next, about a month ago, we released to our user forums a build of the client that encrypts the entire config.db file, making user credentials much harder to steal. We will be auto-upgrading all users to this build soon; the encrypted config.db file breaks several third-party apps, so we want to give them a chance to design workarounds first.
Also, it is possible to see what computers have access to the Dropbox files by logging into the web interface and going to this link.
If a computer is not recognized, unlink it.
Kassner: Christopher Soghoian filed a complaint with the FTC. He alleged Dropbox mis-informed the public about the protection of user data. Prior to April 2011, Dropbox stated on this webpage:
'All files stored on Dropbox servers are encrypted (AES256) and are inaccessible without your account password.'
After April, it changed to:
'All files stored on Dropbox servers are encrypted (AES 256).'
Would you explain why you changed this?
Dropbox: We were explaining that there are multiple safeguards on your data: that the files are stored encrypted and in addition, protected by your access credentials. However, a security professional could incorrectly infer that the encryption key comes from the user's password, so we've separated the two points for clarity.
Kassner: Soghoian also pointed out that the following quote from the same Dropbox webpage:
'Dropbox employees aren't able to access user files, and when troubleshooting an account, they only have access to file metadata (filenames, file sizes, etc. not the file contents).'
Became:
'Dropbox employees are prohibited from viewing the content of files you store in your Dropbox account, and are only permitted to view file metadata (e.g., file names and locations).'
Why did the statement change?
Dropbox: 'Dropbox employees aren't able to access user files.' That means that we prevent such access via access controls on our backend as well as strict policy prohibitions. That statement didn't say anything about who holds encryption keys or what mechanisms prevent access to the data. We updated our help article and security overview to be explicit about this: 'Dropbox employees are prohibited from viewing the content of files you store in your Dropbox account, and are only permitted to view file metadata (e.g., file names and locations). Like most online services, we have a small number of employees who must be able to access user data for the reasons stated in our privacy policy (e.g., when legally required to do so). But that's the rare exception, not the rule.
We have strict policy and technical access controls that prohibit employee access except in these rare circumstances. In addition, we employ a number of physical and electronic security measures to protect user information from unauthorized access.'
Kassner: Thank you for providing your position with regards to the allegations. I have a few security questions as well. In the iPhone Dropbox app, a four-digit passcode is required to open the application. Do you have any plans for an option that would allow more-complex pass codes?
Dropbox: Users have not requested this feature to date. The iPhone passcode is intended to protect the user's files in case the phone is lost or stolen. Users can enable a setting that will delete the Dropbox data on the phone should the wrong passcode be entered over ten times. It is not a replacement for the password on the account, which is required to link the Dropbox to the iPhone for the first time.
Kassner: There is a third party application called SecretSync that encrypts files before they are transferred to Dropbox. Would you recommend it for people that would like additional security? Would TrueCrypt be another option?
Dropbox: Yes, we have always recommended third-party encryption solutions for advanced users who are comfortable managing their own encryption keys. TrueCrypt has been the most popular option to date, but other solutions include EncFS, SecretSync, and BoxCryptor.
It's important to understand that user-managed encryption has tradeoffs. First, many people publicly share photos and documents through Dropbox, and this will not possible if those files are encrypted before being placed in Dropbox. Second, if they lose the password or encryption key to the files they encrypted themselves, those files are lost forever.
Final thoughts
Convenience versus security, the problem with all SaaS applications, has landed at Dropbox. How much do you trust the service provider?
Hopefully, I have provided enough information to make an informed decision about how to use Dropbox. Thanks, Grandpa.
![What What](https://dl1.cbsistatic.com/i/2017/02/18/b29b18f1-aef3-409f-a8fd-3646985dcaae/340083c2e6e52a0601eb9de0f0d91899/imgingest-771961431099387551.png)
Offers in-app purchases
Dropbox is the home for all your work. You can store and share files, collaborate on projects, and bring your best ideas to life. All whether you’re working alone or as part of a team.
Features:
• Store and access files from any device
• Share files with anyone, even if they don’t have a Dropbox account
• Get real-time updates on shared files. You'll know anytime someone makes a change, leaves a comment, or moves your work.
• Turn receipts, whiteboards, and notes into PDFs with doc scanner
Sign up now for a Dropbox Plus free trial. You’ll get 2 TB (2,000 GB) of storage—that’s enough room to save files from all your linked devices. And Dropbox Smart Sync technology can move out-of-date files off your hard drive and to the cloud. You’ll also be able to roll back unwanted changes to any folder, or your entire Dropbox (coming soon), up to 30 days.
Or, existing Plus customers can upgrade to Dropbox Professional. With 3 TB (3,000GB), you can store all your stuff—from work projects to personal photos—and have space to spare. You and your clients can comment on most file types without leaving Dropbox. And you can protect your work with a watermark (coming soon), add shared link controls, or rewind your account up to 180 days (coming soon).
Before completing payment, you’ll see the plan price. This amount will be charged to your Google Play account and will vary by plan and country. Dropbox subscriptions purchased in app renew monthly or yearly, depending on your plan. To avoid auto-renewal, turn it off in at least 24 hours before your subscription renews. You can turn off auto-renewal anytime time from your Google Play account settings.
We’d love to hear from you! Join the Dropbox community: https://www.dropboxforum.com
Terms of Service: https://www.dropbox.com/terms
Privacy Policy: https://www.dropbox.com/privacy
Features:
• Store and access files from any device
• Share files with anyone, even if they don’t have a Dropbox account
• Get real-time updates on shared files. You'll know anytime someone makes a change, leaves a comment, or moves your work.
• Turn receipts, whiteboards, and notes into PDFs with doc scanner
Sign up now for a Dropbox Plus free trial. You’ll get 2 TB (2,000 GB) of storage—that’s enough room to save files from all your linked devices. And Dropbox Smart Sync technology can move out-of-date files off your hard drive and to the cloud. You’ll also be able to roll back unwanted changes to any folder, or your entire Dropbox (coming soon), up to 30 days.
Or, existing Plus customers can upgrade to Dropbox Professional. With 3 TB (3,000GB), you can store all your stuff—from work projects to personal photos—and have space to spare. You and your clients can comment on most file types without leaving Dropbox. And you can protect your work with a watermark (coming soon), add shared link controls, or rewind your account up to 180 days (coming soon).
Before completing payment, you’ll see the plan price. This amount will be charged to your Google Play account and will vary by plan and country. Dropbox subscriptions purchased in app renew monthly or yearly, depending on your plan. To avoid auto-renewal, turn it off in at least 24 hours before your subscription renews. You can turn off auto-renewal anytime time from your Google Play account settings.
We’d love to hear from you! Join the Dropbox community: https://www.dropboxforum.com
Terms of Service: https://www.dropbox.com/terms
Privacy Policy: https://www.dropbox.com/privacy
Collapse
1,934,585 total
4
2
June 3, 2019
46M
500,000,000+
144.2.12
4.4 and up
![App App](/uploads/1/2/5/6/125676316/917235821.png)
Users Interact, Digital Purchases
€7.39 - €11.99 per item
Google Commerce Ltd
Dropbox, Inc.333 Brannan StSan Francisco, CA 94107