Tokyo Olympics opening ceremony EA Play Live Deepfake version of young Paul McCartney Dune trailer Mercedes-Benz plans all-electric lineup by 2030 Unemployment tax refunds

Dropbox deceived users about data security, alleges security researcher

A complaint to the US Federal Trade Commission alleges that cloud-based storage provider Dropbox told users its employees can't see your data, when they actually can.

A complaint to the US Federal Trade Commission alleges that cloud-based storage provider Dropbox has deceived users about the security of its service.

The complaint (PDF) suggests the free service has employed 'deceptive trade practices', with users being told that Dropbox's employees can't access your data, when they actually can. 

Christopher Soghoian, a PhD student and prominent security researcher at Indiana University, filed the complaint. It contains, as evidence, data that Soghoian published last month, showing that Dropbox employees can indeed see the contents of users' files.

Dropbox, which has more than 25 million users, hurriedly made changes to data-security policies the day after Soghoian's data was originally published. The most significant change was to state that Dropbox can access your data if legally required to do so, even it doesn't have access to your password. Users weren't exactly happy with this alteration, including digital-forensics expert Derek Newton, who has his own concerns about Dropbox's security.

Soghoian's complaint seeks to compel Dropbox to clarify its policies further, and to contact all of its users to tell them that it can see their data. The complaint also aims to forbid the company from making deceptive claims in future, and make Dropbox offer refunds to 'Pro' users, who pay a monthly subscription for increased storage space.

A Dropbox spokesperson dismissed Soghoian's allegations, telling our sister sire "We believe this complaint is without merit, and raises old issues that were addressed in our blog post on 21 April, 2011. Millions of people depend on our service every day and we work hard to keep their data safe, secure and private."

Dropbox has become hugely popular in the past few years, partly because it's so easy to use. It also allows users to share files with friends and family, and synchronise content across multiple devices, including the iPad, iPhone and iPod touch.

Are you a Dropbox user? Do you think Dropbox should change its motto from 'simplify your life' to 'leave yourself susceptible to data theft'? Is the FTC complaint just a storm in a teacup? Share your thoughts in the comments section below or on our Facebook wall.