Dropbox, the online storage system with over 25 million users, deceived users about the security and encryption of its services, putting it at a competitive advantage, according to an FTC complaint filed Thursday by a prominent security researcher, reports “Wired” (http://macte.ch/horD2).
The FTC complaint charges Dropbox with telling users that their files were totally encrypted and even Dropbox employees could not see the contents of the file. Ph.D. student Christopher Soghoian published data last month showing that Dropbox could indeed see the contents of files, putting users at risk of government searches, rogue Dropbox employees, and even companies trying to bring mass copyright-infringement suits.
“Wired” says Dropbox dismissed the Soghoian’s allegations, but has cahnged its data security claims from “All files stored on Dropbox servers are encrypted (AES256) and are inaccessible without your account password” to “All files stored on Dropbox servers are encrypted (AES 256).”