Hacker News new | past | comments | ask | show | jobs | submit login

Dropbox doesn't encrypt your data. Compare them [1] and SpiderOak [2] for example.

[1] https://www.dropbox.com/security

[2] https://spideroak.com/no-knowledge/




Yes Dropbox encrypts your data. It even says so on the Dropbox page you linked to :-)


But encrypted in a way where Dropbox employees still have unencrypted access to your files, at least according to Christopher Soghoian back in 2011:

https://www.theregister.co.uk/2011/05/16/dropbox_ftc_not_goo...


That’s a different claim and one with severe tradeoffs for the other option: you can regain access to your Dropbox after losing your password.

Since you’re running their software, you’re ultimately trusting their policies anyway. Even if they had encryption at rest it wouldn’t tell you that it’s correctly implemented and doesn’t e.g. leak keys.


They encrypt in transit, but not data at rest by the looks of things. At least I don't get that impression.


They do - but they hold all keys themselves.


Per your link, Dropbox states only metadata isn't encrypted. "The actual contents of users’ files are stored in encrypted blocks with this service. Each individual encrypted file block is retrieved based on its hash value, and an additional layer of encryption is provided for all file blocks at rest using a strong cipher."




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: