Ride the Lightning
Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.
Dropbox "Peeks" at Your Files
September 18, 2013
PC World carried a story a couple of days ago that generated a lot of comment. As the headline noted ironically, "But It's Totally Nothing, Dropbox Says." Well, maybe.
Once again, it's the things you don't know and suddenly find out that give you pause.
HoneyDocs is a new Web-based service that creates a log showing when and where a document was opened. The service tested Dropbox and found that several .doc files were opened after uploading them to Dropbox. HoneyDocs lets users set up a “sting,” or a notification that is sent by SMS or email when a file has been viewed. The first buzz (notification) came back within 10 minutes after a file was uploaded with the IP address of an Amazon EC2 instance in Seattle. Dropbox uses Amazon’s cloud infrastructure.
Of the submitted files, only “.doc” files had been opened.
Dropbox explained that it allows users to see previews of some kinds of documents, including “.doc” ones, but it must build a preview of those documents. To do that, the document must be opened.
According to Dropbox’s website, users can open Word, PowerPoint, PDF and text files from directly within their browser, which saves them from needing certain software programs installed on their computer.
Very reassuring? Not. As the article notes, security experts generally recommend encrypting any sensitive documents before uploading them to Web-based storage providers.
And this is precisely the reason why.
Listen to the Podcast
