Criticism of Dropbox

experienced criticism and generated controversy
Criticism of Dropbox centers around various forms of security and privacy controversies surrounding Dropbox, an American company specializing in cloud storage and file synchronization.wikipedia
30 Related Articles

Dropbox (service)

DropboxDrop BoxDropbox, Inc
Criticism of Dropbox centers around various forms of security and privacy controversies surrounding Dropbox, an American company specializing in cloud storage and file synchronization.
However, Dropbox has also experienced criticism and generated controversy for issues including security breaches and privacy concerns.

Security

security systemssecurity breachsecurity culture
Criticism of Dropbox centers around various forms of security and privacy controversies surrounding Dropbox, an American company specializing in cloud storage and file synchronization.

Privacy

privatepersonal privacyprivacy rights
Criticism of Dropbox centers around various forms of security and privacy controversies surrounding Dropbox, an American company specializing in cloud storage and file synchronization.

Cloud storage

cloudcloud savescloud saving
Criticism of Dropbox centers around various forms of security and privacy controversies surrounding Dropbox, an American company specializing in cloud storage and file synchronization.

File synchronization

synchronizationsyncsynchronize
Criticism of Dropbox centers around various forms of security and privacy controversies surrounding Dropbox, an American company specializing in cloud storage and file synchronization.

National Security Agency

NSAArmed Forces Security AgencyNational Computer Security Center
Issues include a June 2011 authentication problem that let accounts be accessed for several hours without passwords, a July 2011 Privacy Policy update with language suggesting Dropbox had ownership of users' data, concerns about Dropbox employee access to users' information, July 2012 email spam with reoccurrence in February 2013, leaked government documents in June 2013 with information that Dropbox was being considered for inclusion in the National Security Agency's PRISM surveillance program, a July 2014 comment from NSA whistleblower Edward Snowden criticizing Dropbox's encryption, the leak of 68 million account passwords on the Internet in August 2016, and a January 2017 accidental data restoration incident where years-old supposedly deleted files reappeared in users' accounts. In June 2013, The Guardian and The Washington Post publicized confidential documents suggesting Dropbox was being considered for inclusion in the National Security Agency's classified PRISM program of Internet surveillance.

PRISM (surveillance program)

PRISMPRISM surveillance programPRISM program
Issues include a June 2011 authentication problem that let accounts be accessed for several hours without passwords, a July 2011 Privacy Policy update with language suggesting Dropbox had ownership of users' data, concerns about Dropbox employee access to users' information, July 2012 email spam with reoccurrence in February 2013, leaked government documents in June 2013 with information that Dropbox was being considered for inclusion in the National Security Agency's PRISM surveillance program, a July 2014 comment from NSA whistleblower Edward Snowden criticizing Dropbox's encryption, the leak of 68 million account passwords on the Internet in August 2016, and a January 2017 accidental data restoration incident where years-old supposedly deleted files reappeared in users' accounts. In June 2013, The Guardian and The Washington Post publicized confidential documents suggesting Dropbox was being considered for inclusion in the National Security Agency's classified PRISM program of Internet surveillance.

Whistleblower

whistleblowingwhistleblowerswhistle-blower
Issues include a June 2011 authentication problem that let accounts be accessed for several hours without passwords, a July 2011 Privacy Policy update with language suggesting Dropbox had ownership of users' data, concerns about Dropbox employee access to users' information, July 2012 email spam with reoccurrence in February 2013, leaked government documents in June 2013 with information that Dropbox was being considered for inclusion in the National Security Agency's PRISM surveillance program, a July 2014 comment from NSA whistleblower Edward Snowden criticizing Dropbox's encryption, the leak of 68 million account passwords on the Internet in August 2016, and a January 2017 accidental data restoration incident where years-old supposedly deleted files reappeared in users' accounts.

Edward Snowden

SnowdenEd SnowdenSnowden Files
Issues include a June 2011 authentication problem that let accounts be accessed for several hours without passwords, a July 2011 Privacy Policy update with language suggesting Dropbox had ownership of users' data, concerns about Dropbox employee access to users' information, July 2012 email spam with reoccurrence in February 2013, leaked government documents in June 2013 with information that Dropbox was being considered for inclusion in the National Security Agency's PRISM surveillance program, a July 2014 comment from NSA whistleblower Edward Snowden criticizing Dropbox's encryption, the leak of 68 million account passwords on the Internet in August 2016, and a January 2017 accidental data restoration incident where years-old supposedly deleted files reappeared in users' accounts.

Federal Trade Commission

FTCU.S. Federal Trade CommissionUnited States Federal Trade Commission
In May 2011, a complaint was filed with the U.S. Federal Trade Commission alleging Dropbox misled users about the privacy and security of their files.

Data deduplication

deduplicationde-duplicationdata de-duplication
At the heart of the complaint was the policy of data deduplication, where the system checks if a file has been uploaded before by any other user, and links to the existing copy if so; and the policy of using a single AES-256 key for every file on the system so Dropbox can (and does, for deduplication) look at encrypted files stored on the system, with the consequence that any intruder who gets the key (as well as potential Dropbox employees) could decrypt any file if they had access to Dropbox's backend storage infrastructure.

InformationWeek

Information WeekNetwork Computing'' magazine
In response to the FTC complaint, Dropbox spokeswoman Julie Supan told InformationWeek that "We believe this complaint is without merit, and raises issues that were addressed in our blog post on April 21."

TechCrunch

TechCrunch DisruptTech CrunchTechCrunch50
On June 20, 2011, TechCrunch reported that all Dropbox accounts could be accessed without password for four hours.

CNN Business

CNN MoneyCNNMoneyCNNMoney.com
Julianne Pepitone, writing for CNNMoney, wrote that "It's the security nightmare scenario: A website stuffed with sensitive documents leaves all of its customer data unprotected and exposed", and featured a comment from Dave Aitel, president and CEO of security firm Immunity Inc., saying "Any trust in the cloud is too much trust in the cloud -- it's as simple as that. [...] It's pretty much the standard among security professionals that you should put on the cloud only what you would be willing to give away."

Neowin

Neowin.net
The new Privacy Policy sparked criticism, as noted by Christopher White in a Neowin post, in which he wrote that "They attempted to reduce some of the tedious legalese in order to make it easier for normal people to understand. It appears that they have succeeded in that mission and in the process have taken ownership of every file that uses their service".

Multi-factor authentication

two-factor authenticationTwo factor authentication2FA
One of the additional controls implemented was the introduction of two-factor authentication.

The Guardian

GuardianManchester GuardianThe Manchester Guardian
In June 2013, The Guardian and The Washington Post publicized confidential documents suggesting Dropbox was being considered for inclusion in the National Security Agency's classified PRISM program of Internet surveillance.

The Washington Post

Washington Postwashingtonpost.comWashington Post Magazine
In June 2013, The Guardian and The Washington Post publicized confidential documents suggesting Dropbox was being considered for inclusion in the National Security Agency's classified PRISM program of Internet surveillance.

Twitter

tweetedtweettweets
A hacker group called The 1775 Sec posted on Twitter that it had compromised Dropbox's site "in honor of Internet activist and computer programmer Aaron Swartz, who committed suicide a year ago".

Aaron Swartz

Guerilla Open Access ManifestoAaron Hillel SwartzAaron Swartz Day
A hacker group called The 1775 Sec posted on Twitter that it had compromised Dropbox's site "in honor of Internet activist and computer programmer Aaron Swartz, who committed suicide a year ago".

Condoleezza Rice

RiceCondoleezzaCondi
In April 2014, Dropbox announced that Condoleezza Rice would be joining their board of directors, prompting criticism from some users who were concerned about her appointment due to her history as United States Secretary of State and revelations of "widespread wiretapping on US citizens during her time in office".

United States Secretary of State

Secretary of StateU.S. Secretary of StateUS Secretary of State
In April 2014, Dropbox announced that Condoleezza Rice would be joining their board of directors, prompting criticism from some users who were concerned about her appointment due to her history as United States Secretary of State and revelations of "widespread wiretapping on US citizens during her time in office".

Global surveillance disclosures (2013–present)

2013 mass surveillance disclosuresglobal surveillance disclosures2013 global surveillance disclosures
In April 2014, Dropbox announced that Condoleezza Rice would be joining their board of directors, prompting criticism from some users who were concerned about her appointment due to her history as United States Secretary of State and revelations of "widespread wiretapping on US citizens during her time in office".

Stephen Hadley

Stephen J. Hadley
RiceHadleyGates, a consultancy firm consisting of Rice, former US national security adviser Stephen Hadley, and former US Secretary of Defense Robert Gates, had previously advised Dropbox.

Robert Gates

Robert M. GatesBob GatesSecretary of Defense Robert Gates
RiceHadleyGates, a consultancy firm consisting of Rice, former US national security adviser Stephen Hadley, and former US Secretary of Defense Robert Gates, had previously advised Dropbox.