Replies

Excellent breakdown of DropBox.

As far as I am concerned they just lied in their FAQ. The only reason I used them was because their FAQ clearly stated that they didn’t have access to your files, and it strongly implied that you held the keys, not them. Their blogs may have said differently, but people aren’t going to go read all of their blogs for the last 3 years just to make sure it doesn’t contradict their FAQ.

Many people may not be storing confidential data in their DropBox account, but that doesn’t mean there’s nothing to worry about. School essays, papers, company documents and emails, and a host of other things that we may not think of as confidential can still reveal a lot of proprietary or confidential data. This data can be used for anything from spear phishing to outright industrial espionage.

I was using DropBox to sync my Google two-step verification codes and my KeePass database to my Android. Needless to say, I was beyond *issed when I found out what they were doing. Even if they’re ethical that data is still a target for hackers. And, now that it’s public, they’re even more of a target.

I’m currently checking out Wuala. Unfortunately the Web-based app and the mobile version isn’t as smooth as DropBox yet, but it shows a lot of promise. And, best of all, you really hold the keys, not them.

You say that if my brother and I have separate accounts, each with their own username and password, Dropbox will not allow us to upload copies of the same picture. There must be more to this than you have told us. Certainly Dropbox does not enforce this no duplicate policy across all their millions of accounts. These two “independent” accounts must be linked together in some way you have not identified in the column.

What they’re doing is called deduplication: http://en.wikipedia.org/wiki/Data_deduplication. It’s not a matter of enforcing a policy, it’s just the way that they’re doing data storage. Basically when you upload a picture of that funny cat you found online it looks at the metadeta and checks to see if anybody else has uploaded the same picture. If somebody has then it doesn’t re-upload the picture. Instead, it just notes in their systems that your account now has access to that file.

When you delete the file it doesn’t actually delete it if other people have “uploaded” the same file. Instead, it just removes the link between your account and that file.