Privacy issues relating to your data stored in the cloud are going to always be with us as long as we have data stored in the cloud. But then again, privacy issues when everyone had their data stored on local hard drives and networks were and are still an issue. There are many ways to look at this. You can always be shocked and amazed that what you thought was secure is not really. You can accept it as a fact of life that the cat and mouse game that is played by those who like to hack and crack systems for their own game and those who work to stop them will always go on. You can, legitimately, get upset when a company that promises secure storage doesn’t really offer what they claim to.
Dropbox, the almost ubiquitous cloud storage and sharing service, has suffered some hits of late when it comes to data security and how it markets its service. Those hits will probably damage or slow Dropbox’s momentum to a degree. A security researcher has filed a complaint with the FTC, claiming that Dropbox’s statements that user data is encrypted so well that Dropbox employees can’t read the data are deceptive. Christopher Soghoian published data proving his claims last month. Of course Dropbox says the claims are without merit. As you can see from this Wired article, there’s enough PR back and forth on this to raise doubt. And when it comes to shaking faith on security issues, in many instances, it doesn’t take much doubt to raise skepticism. The article goes in to some nice depth on how Dropbox stores data as well and is worth a read if you’re unfamiliar with that.
I use Dropbox quite a bit for a lot of my personal use as well as for business use. Am I worried? I guess my answer is no more or no less than I am with some of the other online services I use and with some of the land based (as opposed to cloud based) businesses I transact with as well. I’ve had a credit card and a debit card abused before and in both instances they happened because of regular retail transactions in stores. I once had someone try to hack into my desktop computer for nefarious reasons. Some think I’m a bit laissez-faire when it comes to these issues, but in my own mind I just think I’m pragmatic. I take what precautions I feel I must when it comes to securing what I want to secure, but I know that if someone who prefers to spend their creative energies, talents, and time doing evil, wants to “break-in” there’s not much I can do to stop that sort of behavior, other than withdrawing from the world. I don’t assume that anything is “private” or “secure,” and I think those that do suffer from self-delusion or are just naive.
But the good news about these kind of security issues is this. We actually have folks checking on the claims that companies make, doing the research and writing about it for all to see. While the fruits of their labors don’t often reach the same volume level as the marketing pitches they often debunk, they do provide a better and more balanced perspective for those who actually do the research on the services that they trust their data and privacy to. When news stories are written about this, they usually don’t capture the public’s eye unless a breach has already occurred, and more often than not, its turned into a sensation rather than practical reporting. I don’t think that’s the case with this Wired report and I applaud Ryan Singel for his good reporting on this.
The bottom line for me when it comes to Dropbox, Google, Facebook, banks, retail stores, or whatever is this. I know there is no 100% guarantee of privacy or security. So, don’t promise what you can’t deliver. I take precautions that I deem necessary when transacting with any of them, knowing that P.T. Barnum’s sage advice (there’s a sucker born every minute) is how many businesses think about their customers and it’s up to me not to be the sucker. We’d all be better off if the marketing claims were more accurate, but we all know that’s not going to happen in a competitive world run by marketing mavens, PR flacks, and bean counters.