|« Monday Morning Technologist||Oh Dropbox, We Loved You Once... »|
Dropbox Kisses and Makes Up?
Over the last couple of days there has been a bit of a buzz about Dropbox's updated terms of service. Thousands of you have read the post I did yesterday on the subject for example. In response Dropbox has come back with a blog post to clarify what they're terms of service actually mean (see the link above).
So...is it all better now? Can we go back to cuddling up with Dropbox and put our worries behind us? Well...no.
While they may have clarified their language and they may have tried to express their intent the bottom line remains the same...when you upload data to Dropbox the Dropbox guys can look at it. They may read it and they may "publicly display that stuff to the extent reasonably necessary for the Service." Does that mean your files are going to end up on a billboard in Times Square? No, of course not (at least I seriously doubt it) but the point is that you're still handing your data over to anonymous staffers at Dropbox ("and those [they] work with to provide the Services") where it CAN be decrypted and read.
One of their explanations for these terms is "Services like Google Docs and others do the same thing when they get these permissions (see, for example, section 11.1 of Google’s TOS)." But the thing is that Google Docs (the free version; the paid version doesn't have the same issues in their TOS) is unsuitable for confidential data for exactly the same reason! So pointing to Google and saying "They do it too" doesn't really help that much in this case.
Yes, Dropbox, you're no worse than Google Docs. And I do not recommend (free) Google Docs for confidential data either. You're in good company.
Now I don't think the Dropbox guys are evil or that they're trying to steal your content. I'm sure they're perfectly nice guys just trying to provide a useful service. And it *IS* a useful service. I wouldn't hesitate to use Dropbox for any non-confidential data/documents that I needed to sync to multiple devices. Just as I wouldn't hesitate to use the free Google Docs to coordinate a family reunion or maintain the stats for a little league baseball team.
But when it comes to confidential data, ESPECIALLY confidential data that belongs to clients or customers - data that, if leaked publicly, could do some real harm to my clients or customers...there is no way I'm going to willingly upload it to a service that acknowledges that their staffers (none of whom I've ever met) and the unspecified people and companies they work with can access (or even "monitor") that data. Not going to happen.
If we've learned anything in the wake of Wikileaks it should be that we should be more carefully reviewing who can access our confidential documents and when. Dropbox does not pass the Wikileaks Test.
P.S. One thing they did, which I applaud, is remind folks that you CAN encrypt your data before uploading it to Dropbox using tools like TrueCrypt. If you do that, then the Dropbox guys CAN'T read (or "publicly display") your data and I'm perfectly o.k. with that as a solution. If you really are passionate about continuing to use Dropbox for confidential data, then use something like TrueCrypt to encrypt your data FIRST and upload the encrypted "blob" to Dropbox. You lose a few of the Dropbox features, but I think it's a worthwhile trade-off.
More Information: "Dropbox and Google and Mobile Me, Oh My"
You can follow Ben M. Schorr on Twitter @bschorr.