Data Privacy and Dropbox

April 21, 2011 by Gabe | [mmd] |

There has been a bit of excitement over the Dropbox security standards and controls. This is nothing new, but it might be a slow news week.  Dropbox has responded with a lengthy blog post. Most of their arguments make sense to me. For example, they must decrypt user objects if they are to be available through the web application:

"The reason is many of the most popular Dropbox features — like accessing your files from the website, creating file previews, and sharing files with other people — would either not be possible or would be much more cumbersome without this capability."

I'm not one to make the Schmidt-y argument about data privacy but I would remind folks that if you put something out on the web without manually encrypting it, then you are not securing your data. As I have pointed out several times, I encrypt all of my confidential data in DMG files BEFORE uploading to Dropbox or placing on an FTP server. It adds a few limitations and requires significantly more bandwidth, but it provides significant piece of mind and is just good practice.