FTC Complaint Questions Dropbox Security
Christopher Soghoian says Dropbox can access the contents of the files it stores, and doesn't encrypt all traffic to and from a mobile device.
According to an FTC complaint filed last week, Dropbox has been deceiving users about its security and encryption.
"The FTC complaint charges Dropbox [PDF file] with telling users that their files were totally encrypted and even Dropbox employees could not see the contents of the file," writes Wired's Ryan Singel. "PhD student Christopher Soghoian published data last month showing that Dropbox could indeed see the contents of files, putting users at risk of government searches, rogue Dropbox employees, and even companies trying to bring mass copyright-infringement suits."
"The complaint additionally alleges that Dropbox misleads users of its mobile app, by claiming that its product uses an encrypted HTTPS connection to communicate between a users device and Dropboxs servers," Singel writes. "In fact, the mobile device does not encrypt all the traffic."
Go to "Dropbox Lied to Users About Data Security, Complaint to FTC Alleges" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.