While testing a new service called HoneyDocs, a service that allows the creation of documents that send a call back with a unique tracking code notifying you that the document was viewed/opened, Daniel McCauley discovered his documents were being opened by Dropbox-owned Amazon EC-2 instances.
(Yes, HoneyDocs will also know when someone is accessing your documents as well 🙂 )
The issue was addressed by Andrew Bortz (Security Expert at Dropbox) on HackersNews who explained that the Dropbox team disabled the loading of external resources. This renders the method of discovering whether Dropbox is opening your files utterly useless but doesn’t prevent them (or any other third-party) from reading them.
The Dropbox team has dismissed the importance of the issue reasoning there would be a requirement to generate thumbnails of the files for user browsing. The fact is nothing keeps the cloud-based provider from accessing the stored resources.
Although not a novelty item, I feel this news hasn’t been given proper media attention or online discussion as it affects a large number of internet users. Dropbox is one of, if not, the most popular cloud-based file storage service. These users might not even fully understand the extent of the privacy and security issues.
Here at 7 Elements we have discussed the cloud-based security issue before but still feel important to keep users informed about being and staying safe online.
What can I do to protect my files?
Using verified software that encrypts your files is the only sure way of ensuring no one else has access to them in this cloud-focused world. If you want an extra layer of security, be sure to encrypt the file’s names as well and not just their contents.