Dropbox doesn't actually encrypt your files.

Miguel de Icaza wrote:

Dropbox recently announced an update to its security terms of service in which they announced that they would provide the government with your decrypted files if requested to do so.

This is not my problem with Dropbox.

My problem is that for as long as I have tried to figure out, Dropbox made some bold claims about how your files were encrypted and how nobody had access to them, with statements like:

  • All transmission of file data occurs over an encrypted channel (SSL).
  • All files stored on Dropbox servers are encrypted (AES-256)
  • Dropbox employees aren't able to access user files, and when troubleshooting an account they only have access to file metadata (filenames, file sizes, etc., not the file contents)

This announcement means that Dropbox never had any mechanism to prevent employees from accessing your files, and it means that Dropbox never had the crypto smarts to ensure the privacy of your files and never had the smarts to only decrypt the files for you. It turns out, they keep their keys on their servers, and anyone with clearance at Dropbox or anyone that manages to hack into their servers would be able to get access to your files.

Dropbox CTO Arash Ferdowsi admits that they were always able to access the contents of user files if they felt like it.

Tags: , ,

33 Responses:

  1. Joel Bernstein says:

    I'm not sure how you could design a Dropbox-style system that *didn't* store the encryption key in a centrally-accessible location.

    • Mark Beeson says:

      Easy, the same way PCI-compliant credit card processors do; save and rotate the encryption key at a separate location, and generate individual-use tokens to encrypt individual records (or in this case, files). Every few months, rotate the key, re-encrypt the files.

      • Joel Bernstein says:

        That would make it harder for a hacker to access the data, sure, but someone with sufficient privileges (say, a CTO with a court order) could still get it, which is what started this argument.

    • jwz says:

      Dropbox requires me to type a password to access it. If that password was a component of key generation, then random Dropbox employees would not be able to access my data without first knowing that password.

      They had to go out of their way to design around this.

      • Joel Bernstein says:

        Thanks, that's actually a really elegant solution.

        I'd been thinking along the lines of Noah Friedman's thumbdrive idea, but if you're going to carry a thumbdrive everywhere, why the hell would you need Dropbox?

        I still don't think it's company policy to hand out the AES key to normal employees.

      • But doing that means you lose the ability to reset lost passwords.

        That may be a cost some users are willing to take, in exchange for "it's somewhat more work for DropBox employees to get at their data" (there's nothing stopping them from just adding a backdoor in their auto-updating client code later, if they're really that untrustworthy), but it is a real cost. You can't act like there isn't a tradeoff where both choices have costs and benefits.

    • Noah Friedman says:

      Storing a symmetric cipher key in a centrally-accessible location isn't a problem if you encrypt *that* with an asymmetric key, which is how S/MIME, GPG, and the like actually work. You want to use a symmetric key to encrypt the data itself because symmetric ciphers are much, much faster.

      Where would you store a private key for DropBox? Who cares, as long as it's not with them. Put it on a thumbrive and wear it around your neck. (And don't forget your tinfoil hat!)

      But this, all of this is academic. DropBox did a halfassed job because it was easier and more convenient for their users, most of whom don't really care about security. It would have been nice if they hadn't lied about it, is all.

    • Vilhelm S says:

      Firefox Sync uses two passwords, one for storing your browser data on their server and another one (which they don't see) for encrypting it. If you don't like the UI confusion of having two different passwords, you can get the same effect by making the user enter just one passphrase, but deriving two different keys from it.

    • Lyle says:

      SpiderOak claims to be unable to access user data for the following reasons:

      - SpiderOak never stores or knows a user's password or the plaintext encryption keys which means not even SpiderOak employees can access the data

      I'm not sure if that's entirely accurate, but I thought I'd put it out there.

    • It's actually not that complicated. With client side encryption key creation you can easily run a zero-knowledge environment if you wish.

      We @ spideroak.com have employed this approach from the start and while you really have to remember your email/passkey (since we can't decrypt your data for you) it does keep your data secure in a much more honest way.

  2. of course, one -could- always just encrypt one's files prior to uploading them.

  3. David M.A. says:

    Vaguely related: I was cruising around their user support forums (fancy words for 'let's just have the users do all our work for free) and got a good laugh at someone complaining there was a security hole where someone could add another computer to the dropbox cloud if they had access to a computer where it was already installed.

    Isn't that the height of "first, presume you're on the other side of this airtight hatch"? If the bad guys have physical access to your computer, the game is up, my friend.

    • jwz says:

      It's a little more complicated than that. E.g., your laptop is stolen, changing your Dropbox password doesn't de-authorize that laptop, or any other machine using keys extracted from it.

      • Mike Swanson says:

        Still not a particularly great example. If you're using a laptop, you really ought to be encrypting your files already, Windows, Linux, and Mac OS all provide functionality to do this.

        (I can't speak for the other two, but I'm running Debian GNU/Linux with an encrypted home volume as I type, without much difficulty at all)

  4. If you are looking for a solution with more of an emphasis on security you might want to take a peek at SpiderOak online backup and sync - https://spideroak.com

    Cross-Platform, 100% zero-knowledge, 100% secure.

    • jwz says:

      I only use Dropbox to sync 1Password between my desktop and phone (so my files are encrypted before being uploaded to Dropbox anyway), but I don't think 1Password can be used with Spideroak -- at least, the iPhone 1Password app contains explicit support for Dropbox.

      • mediapathic says:

        Yeah, I can't imagine using Dropbox for anything where security is mission-critical without explicitly encrypting on both sides. I use it for synching todo lists and the like, but don't trust any sensitive data to it.

        That said, I wonder how hard it would be to write essentially a dropbox wrapper that transparently encrypts files as they pass in and out of the directory. Something like TrueCrypt but sacrificing the security of an arbitrary sized virtual file system for the convenience of being able to pass things through dropbox (or, presumably, other similar services).

  5. Jenni Bot says:

    well, if someone really wants to steal my art history research backup on Dropbox....

  6. Havard says:

    This is the issue we ran into with various implementations of software to provide backup-as-a-service (Secure Green Cloud Virtual Backup Infrastructure or something like that in marketardspeek). Sure, it's nice to encrypt everything. Not so cool when the key is stored in a web-accessible database that's only a sql injection away. Especially concerning when they do silly stuff like install apache on desktop machines for some damn reason.

  7. SCdF says:

    So I've been wondering about this for a year or so, and have emailed their support a few times and got nothing but pointless stock replies.

    Good to see someone managed to get an answer out of them though…

  8. Nick Lamb says:

    http://www.tarsnap.com/ Not a drop-in replacement by any means. But you get all the code, so you can re-assure yourself that the software does what it says and not something else.

  9. Tom Sparks says:

    How can this suprise anyone? All "cloud" systems are immediately flawed in that they rely on 3rd and 4th parties to function, dropbox is no exception.

    It might be convenient, but by no means secure...

    • jwz says:

      Why is it that any time I post a "this is fucked up" story, someone asks, "why is anyone surprised?"

      Do I type in a surprised tone of voice?

      Is the internet presumed to be composed entirely of surprising things?

  10. piku says:

    Is there something like Dropbox where the data lives on my own server rather than floating around in "the cloud"?

    I like the idea of storing data online, but i dislike the idea of trusting it to random companies that might decide to go bust, give it away or claim ownership of it.

  11. Hi, it's my opinion that client-side encryption is the best option. If you send your data to someone else, even if they do everything right once they get it, you still have to trust them.

    I have a startup focused on this problem. We've just released a beta app that incorporates client-side encryption with Dropbox. Essentially, we create a folder outside Dropbox, and anything you put in it is first encrypted, then added to a hidden folder in Dropbox. Then Dropbox syncs it. It stays encrypted until it gets to your other computer(s), where it's decrypted, client-side. It's called SecretSync.

    http://getsecretsync.com

    I've never been comfortable with cloud security, although I like the convenience it offers. We try to walk that line with SecretSync, and security and convenience are always a trade-off. For instance when you sign-up for an account, we assign a strong, randomly generated 256-bit encryption key. We know your key, but that's it. Dropbox has your data. If you sign-up for each service under different credentials, you've achieved a better level of security.

    We do this for convenience, so you don't have to manage keys from computer to computer. But you're obviously better off managing your keys yourself. (It's an option we're probably going to add for the more advanced, paranoid users.)

    My personal feeling is that Dropbox is in fact a reasonably secure service. But using it for any and all my files requires more trust than I can give.