Dropbox security

For discussions about security.
Post Reply
Message
Author
jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

Dropbox security

#1 Post by jpeps »

Dropbox is adding an arbitration agreement to avoid lawsuits regarding security breaches imposed by the government. It's pathetic when you have to fight the government regarding fundamental rights.
Dropbox's Government Data Requests Principles

We understand that when you entrust us with your digital life, you expect us to keep your stuff safe. Like most online services, we sometimes receive requests from governments seeking information about our users. These principles describe how we deal with the requests we receive and how we’ll work to try to change the laws to make them more protective of your privacy.

Be transparent:  Online services should be allowed to report the exact number of government data requests received, the number of accounts affected by those requests, and the laws used to justify the requests. We’ll continue to advocate for the right to provide this important information. Learn more.

Our Transparency Report discloses the number of law enforcement requests we receive and the number of accounts affected. Currently, our report doesn’t include specific details about the number of national security requests we receive from the US government, if any. We’ve urged the courts and the government to allow services like Dropbox to disclose the precise number of national security requests they receive and the number of accounts affected. We’ll continue this fight. In the meantime, we’re providing as much information about national security requests received and accounts affected as allowed.

Fight blanket requests:  Government data requests should be limited to specific people and investigations. We’ll resist requests directed to large groups of people or that seek information unrelated to a specific investigation. Learn more.

The US government has been seeking phone records from telecommunications companies related to large groups of users without suspicion that those users have been involved in illegal activity. We don’t think this is legal and will resist requests that seek information related to large groups of users or that don’t relate to specific investigations.

Protect all users:  Laws authorizing governments to request user data from online services shouldn’t treat people differently based on their citizenship or where they live. We’ll work hard to reform these laws. Learn more.

Certain laws give people different protections based on where they live or their citizenship. These laws don’t reflect the global nature of online services. We’re committed to extending fundamental privacy protections to all users: government data requests shouldn’t be in bulk, they should relate to specific individuals and investigations, and a neutral third party should evaluate and sign off on requests for content before they issue.

Provide trusted services:  Governments should never install backdoors into online services or compromise infrastructure to obtain user data. We’ll continue to work to protect our systems and to change laws to make it clear that this type of activity is illegal. Learn more.

There have been reports that governments have been tapping into data center traffic of other services. We don’t believe this is right. Governments should instead request user data by contacting online services directly and presenting legal process. This allows services to scrutinize the data requests and resist where appropriate.
https://www.dropbox.com/transparency/principles

linuxbear
Posts: 620
Joined: Sat 18 Apr 2009, 20:39
Location: Las Vegas, Nevada, USA

#2 Post by linuxbear »

they might be able to access my dropbox space, but then they will have to decrypt everything that is in there

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#3 Post by jpeps »

linuxbear wrote:they might be able to access my dropbox space, but then they will have to decrypt everything that is in there
Interestingly, they're more attracted to encrypted data. Thus..only encrypt when it's sensitive (or alternatively, store it on a peripheral device).

slavvo67
Posts: 1610
Joined: Sat 13 Oct 2012, 02:07
Location: The other Mr. 305

#4 Post by slavvo67 »

I hear with Truecrypt, you can actually encrypt within another encryption. Not sure how that would work but assuming (strong assumption) that there are no back doors, one has to wonder how long it would take to break into your files. So you Truecrypt and then upload it to the Dbox?

I find it interesting that all these companies are coming out and saying how they don't cooperate with gov't spying, etc. now that the cat's out of the bag.

Where were they back in 2001, when most of this probably started?

Swinging and skipping hand in hand with the governments.

Post Reply