Awesome, a Dropbox employee commenting on this thread. Let me ask you some questions that I hope you might answer, but also understand if you aren't willing/able:
1. Will there ever be a zero-knowledge option at Dropbox? I just stopped using Dropbox in favor of SpiderOak because I wanted to start storing medical records in the cloud, and there's no way I'd do that where you (or your coworkers or hackers) could read them.
2. How do Dropbox employees feel about the Drop Dropbox campaign? Is Condoleezza Rice's involvement part of an overall culture or just a small anomaly (or somewhere in between)?
The background behind it is we evaluate this option (and debate it internally) all the time, and it's neither in line with the type of services we are expected offer (collab, etc), and there is insufficient customer demand for it. It is also dangerous, since nontechnical users lose their private keys with startling frequency, and it's difficult to explain to them that we're completely unable to help them when this happens.
We do, however, totally know there is a small slice of technical users that want to treat Dropbox as an opaque "backup service", and they're willing to take on the risk of key management. So we refer them to one of our partners that specializes in providing this layer on top of Dropbox.
Never say never, so we may decide to offer this type of account in the future--possibly to businesses. We would have to alter or disable large swaths of collaboration features that require server-side representations/alterations of data. But, as I said, it's a product feature under constant consideration.
2.
Once again, I have to emphasize, this is a personal take, not Dropbox's take.
I sympathize with the tinfoil hat crowd, but I think most Dropbox employees find it a disappointing take on the company that has always strived to make the very best cloud storage product possible, on all platforms.
We are in a segment (cloud sync/collab, not backup) with some very, very large players. Storage is not a loss leader to us. It is not subsidized by a massive advertising network capitalizing on customer behavioral data. Our customers are not what's for sale--our storage services are.
If you or your business does not like our services--does not consider them fast, secure, etc--enough to pay for them--we don't get revenue.
I very much doubt any of our competitors cares as much about your data staying private, available, usable, etc, as we do. There is no other way for us to capture value from the market then make you all ridiculously pleased with Dropbox and Dropbox's treatment of your data.
So I would ask you to imagine what the culture of a company looks like that is incentivized thusly. We obsess over doing the right thing with your data. So threads like this are hard to read, to be honest.
This is inflammatory insulting language and your use makes me trust Dropbox even less. The thing is that post Snowden companies like the one you work for are assumed to be in the wrong on privacy and the "tinfoil hat crowd" as you put it are demonstrably correct. Companies (and individuals) don't use Dropbox because they trust it (anymore) they use it because they think that they documents they store there don't have any important intellectual property that the US government can pass to their competitors/ will contribute much to the sum total of what the NSA data store knows about them.
> 1. Will there ever be a zero-knowledge option at Dropbox?
JungleDisk provides this. It offers a Dropbox-like native interface powered directly by S3 with support for client-side encryption. That is, your computer encrypts the data locally and then stores it directly into S3. You provide your AWS credentials to the client at setup time.
Not needing to depend on any company beyond AWS to store my data appealed to me. Beyond the trust that one must place in the JungleDisk client itself, at least.
It used to be available to buy as a single software program, but now it's a monthly subscription service.
I'm just a user of Dropbox and I don't even have acquaintances there. And I'm not an US citizen, I've blamed the US repeatedly for their external policies, so I can definitely sympathize with anti-war efforts and public shaming of the people that contributed.
But this smells like negative PR triggered on purpose by competition. It also happened with Mozilla's Brendan Eich as well.
One has to wonder, why doesn't this happen with bigger companies, like Microsoft, Google or Apple? I can tell you why. It's because they've got big PR and legal departments. But pumping money to avoid PR disasters is not the same thing as having a moral consciousness.
Plus the idea that Dropbox is more susceptible to wiretapping than the equivalents provided by Google, Apple, Microsoft or Amazon is absolutely laughable given that Dropbox is the only one on this list for which cloud storage is the product being sold and not something complementary. But yeah, fight the man.
He didn't leave Dropbox for Google, Apple, or Amazon. He switched to SpiderOak. Their selling point is that everything is encrypted client-side and they have no access to unencrypted files.
I have not yet abandoned DropBox. I am still paying ~$10/mo for their services. But I sympathize with the GP. Those questions are exactly the things I want answers to as well.
1. Will there ever be a zero-knowledge option at Dropbox? I just stopped using Dropbox in favor of SpiderOak because I wanted to start storing medical records in the cloud, and there's no way I'd do that where you (or your coworkers or hackers) could read them.
2. How do Dropbox employees feel about the Drop Dropbox campaign? Is Condoleezza Rice's involvement part of an overall culture or just a small anomaly (or somewhere in between)?