Link: Internet security: Keys to the cloud castle
Dropbox has recently come under fire for some of its security practices, in particular for not describing them accurately in their security FAQ document (now changed). I think the criticism for the incorrect description is justified. Their security practices, however, were and are absolutely fine for the majority of users. They were also never a secret. Those who care about their security should have been aware of these issues in the first place. I certainly have been.
The Economist has produced an article which describes the issues and avoids hysteria.
Consider the purchase of a home in two adjacent gated communities. Both have houses with truly impregnable locks. In one community, whenever you need to enter your house, you visit the management office and show your driving licence. A guard walks you to your home, and lets you in using the master key that opens every door lock in the community. You can stay inside indefinitely. If an employee misuses the key to wander into homes or, heaven forfend, a thief gets his hands on it, all bets are off—the households’ sanctity has been compromised.
In another community, the management requires that you privately choose your own lock and corresponding key, which you hang on to and use to enter your abode at will. But if you lose the key, or any copies you have made, you can never re-enter. It will remain a sealed edifice until the universe’s heat death. Which would you choose? The latter offers extreme privacy but with an unthinkable penalty for carelessness. The former is convenient there is the risk of the key falling into the wrong hands.