Has the security of dropbox ever been analysed by someone who knows what they're doing? How safe are my files there, from a "not losing them" point of view, and from a "not being hacked" pov?
They use Amazon's S3, so as far as not losing your files is concerned, you are as likely to lose files on dropbox as you are on any other services that relies on S3 for storage.
Personally, I am interested to know more about privacy. Can dropbox employees access any files anytime they want and look at any information from account? Reading some comments (last year) on their forum in reply to file deletion I got the impression that they have unlimited access to user files. I don't have any citation nor can I verify that assumption at the moment.
> They use Amazon's S3, so as far as not losing your files is concerned, you are as likely to lose files on dropbox as you are on any other services that relies on S3 for storage
Dropbox will sync on any computer you use though. That means that you have a copy per computer, plus the server.
The real risk is that they accidentally "update" my files out of existence or revert them to some point way in the past in a way that can't be undone. The change might push to all my devices before I realized it. I periodically tar my dropbox and put it on a backup disk.
Dropbox mentions that files get encrypted with AES, but I guess this only protects them from Amazon employees or from someone hacking Amazon, not from Dropbox employees (unless the AES password is generated from the user password and dropbox somehow doesn't have access to that (only a Hash? not sure how that could work).
That’s – from my own anecdotal evidence – actually a big PR problem for Dropbox. Many people I’ve told about Dropbox absolutely didn’t want to install a program which accesses their filesystem. (When I told my friend that only stuff in his Dropbox folder would be synced he said “Yeah, sure, ’only’ my Dropbox folder …”)
That, to me, doesn’t seem to be a very defensible position – every program could just access your filesystem and upload random stuff. But a service which reminds people of that fact is bound to run into problems.
(The story with my friend has a happy ending, by the way. When he learned a bit more about the company and its history he started to trust them and didn’t just sign up for the free account but bought 50 GB of storage for a year.)
Has the security of dropbox ever been analysed by someone who knows what they're doing? How safe are my files there, from a "not losing them" point of view, and from a "not being hacked" pov?