First, apologies that we didn't meet your expectations in regards to security on our service. Just to be clear, any password-related data or personal information you've sent in Droplr has been over HTTPS. But, we didn't go as far as we should have. We misjudged where usage was falling on the public-private spectrum, and we're ensuring we meet privacy expectations now.
We can see that it's a priority for people, and it's a priority for us. We've already deployed the fix, so ALL drop content should now be served over HTTPS.
We'll work on getting the pages themselves on the d.pr domain served over HTTPS as well and also look into a solution or better documentation for customers using their own custom domain.
Thanks for your patience with us and I hope you can forgive us and give us another shot.
> Just to be clear, any password-related data or personal information you've sent in Droplr has been over HTTPS.
Unless there was personal information in a file I shared using Droplr.
I'm not the person who raised this issue on your support site. I'd never even heard of Droplr until somebody shared this link with me for a laugh. While the title of my submission might not reflect it, I find the lack of comprehension and dismissive attitude of your customer service representative more off-putting than the original security flaw. He closed the ticket multiple times claiming that "the whole Droplr platform runs on HTTPS," when that clearly wasn't the case. Glyph was remarkably patient in re-opening and re-explaining the issue until the rep finally seemed to realize why he was wrong, whereupon the answer changed from "this isn't an issue, we already support the feature you're requesting" to "we're already aware of this issue but it's not a big deal," without even an acknowledgment that he'd so fundamentally misunderstood the request, let alone an apology for blowing him off repeatedly.
Thx for the response! I've always been a droplr fan and, even thought ssl should've been there, I'm glad it's fixed and I'll happily continue to use it :)
First, apologies that we didn't meet your expectations in regards to security on our service. Just to be clear, any password-related data or personal information you've sent in Droplr has been over HTTPS. But, we didn't go as far as we should have. We misjudged where usage was falling on the public-private spectrum, and we're ensuring we meet privacy expectations now.
We can see that it's a priority for people, and it's a priority for us. We've already deployed the fix, so ALL drop content should now be served over HTTPS.
We'll work on getting the pages themselves on the d.pr domain served over HTTPS as well and also look into a solution or better documentation for customers using their own custom domain.
Thanks for your patience with us and I hope you can forgive us and give us another shot.
Cheers