DropBox Putting Its Clients' Privacy At Risk With Deduplication

(ed : Dropbox's spokesperson Julie Supan told us “We believe this complaint is without merit, and raises issues that were addressed in our blog post on April 21, 2011. Millions of people depend on our service every day and we work hard to keep their data safe, secure, and private.")

Popular document sharing platform DropBox has been accused of misleading its customers about the security of their data by a security researcher.

Christopher Soghoian, a security expert completing his Phd at the School of Informatics and Computing at Indiana University, has filed a complaint with the FTC, which accuses DropBox off sacrificing user security and privacy to save costs.

The practice Soghoian accuses them of is called deduplication. If two different users both upload the same file, DropBox will only store a single copy and give both users access to that file. This saves space, but allows law enforcement officials and copyright trolls to look for specific files on the system, Soghoian wrote in his post.

“From the comfort of their desks, law enforcement agencies or copyright trolls can upload contraband files to Dropbox, watch the amount of bandwidth consumed, and then obtain a court order if the amount of data transferred is smaller than the size of the file,” said Soghoian.

DropBox is a file sharing service used by more than 25 million people that allows users to store and share files online. Users get 2GB of free storage initially and they can purchase more storage space based on their needs.