[Discuss] Dropbox

[Tom Metro]

Richard Pieri wrote:
> Tom Metro wrote:
>> If the encryption is done properly, and can be verified, it doesn't
>> matter where your bits are stored.
> 
> Well, yes, actually, it does. Dropbox for example does the encryption
> properly but they can and do hand over the keys to law enforcement upon
> request.

As Bill pointed out, from a crypto-perspective, that they have the
ability to hand over your keys means that they fit the very definition
of using a weak crypto model.

Dropbox prioritizes convenience over privacy. They is very clear
business and financial reasons why they have their system designed the
way it is. It makes for a low cost, easy to support, user friendly service.

I wouldn't recommend using it for anything, except documents you
wouldn't mind sharing publicly, or as storage for client-side encrypted
blobs. Google Docs is in the same league.

 -Tom

-- 
Tom Metro
The Perl Shop, Newton, MA, USA
"Predictable On-demand Perl Consulting."
http://www.theperlshop.com/