Glenn Fleischman on Dropbox
GF:
Internet security: Keys to the cloud castle | The Economist: CONSIDER the purchase of a home in two adjacent gated communities. Both have houses with truly impregnable locks. In one community, whenever you need to enter your house, you visit the management office and show your driving licence. A guard walks you to your home, and lets you in using the master key that opens every door lock in the community. You can stay inside indefinitely. If an employee misuses the key to wander into homes or, heaven forfend, a thief gets his hands on it, all bets are off—the households' sanctity has been compromised.
In another community, the management requires that you privately choose your own lock and corresponding key, which you hang on to and use to enter your abode at will. But if you lose the key, or any copies you have made, you can never re-enter. It will remain a sealed edifice until the universe's heat death. Which would you choose? The latter offers extreme privacy but with an unthinkable penalty for carelessness. The former is convenient there is the risk of the key falling into the wrong hands.
Users of cloud-based internet storage and synchronization providers, such as Dropbox, SugarSync, SpiderOak, Box.net, and many others, face a similar dilemma.... This Babbage kvelled about Dropbox last August.... The complaints cover marketing, where overly broad statements about security have been contested; the ability for any user to determine if a given file is stored by any Dropbox user; and a design choice that would allow a malicious party to copy a single configuration file to sync a user's full Dropbox folder with another computer. Dropbox's mobile apps also encrypt only data in transit, not metadata like file names, despite Dropbox's explicit statement that all mobile data is scrambled.... [I]t would seem that Dropbox has a lot to answer for. When unpacked, however, this Babbage finds much—not all—relates to the kind of gated community Dropbox opted to build....
The marketing issues are clear. Dropbox oversimplified a few points related to security, favouring a brief explanation that was not entirely accurate. The most egregious of these statements claimed employees had no access to user data, only metadata.... Dropbox possesses the encryption key to every user's cloud locker, as in the first sort of gated community. This is necessary, in its view, to provide simple web-based access to files and give multiple users shared access to the same directories. The company revised its website to reflect reality, and apologised, but it faces a complaint filed with the Federal Trade Commission....
The technical issues are another matter. While valid, most relate to storing files in any cloud, not just Dropbox.... Dropbox has massively expanded casual access to cloud storage, but a large part of its users probably lack the sophistication to differentiate between what may be safely stored there or in any similar service. With the right knowledge, customers could determine whether or not they care if any files are disclosed. When information is not encrypted on the computer before being sent to a storage service, there is always the risk of a leak, either deliberate or resulting from a software glitch.
SpiderOak, by contrast, cannot disclose its customers' files, even if it wanted to. That is because it lacks tools to tap any of the data it stores on behalf of users. However, this "zero knowledge" means that if a user loses his key, he can never again access those data....
CrashPlan strikes an interesting balance.... CrashPlan lets users create their own lock and house key—its software generates this encryption data on a user's computer. They can then ask CrashPlan to store it in escrow on their behalf—either with a password CrashPlan can reset or with an unrecoverable private password—or choose to keep it to themselves.... [T]he user is not responsible for preserving the long and complicated encryption key, merely a simpler password that unlocks the door; and forgetting that password does not foreclose access to the data...
