Ashkan Soltani was able to verify the deduplication for himself a couple weeks ago. There are no security implications - your data is still kept logically separated and not affected by changes that other users make to their data. This works across all data on Dropbox, not just your own account. Similarly, if you make a change to a file that's already on Dropbox, you'll only have to upload the pieces of the file that changed. If we detect that a file you're trying to upload has already been uploaded to Dropbox, we don't make you upload it again. The company's CTO described the deduplication in a note posted in the "Bugs & Troubleshooting" section on the company's web forum last year: Woah! How did that 750MB file upload so quickly?ĭropbox tries to be very smart about minimizing the amount of bandwidth used. The file still appears in both users' accounts, but the company doesn't consume storage space nor upload bandwidth on a second copy of the file. What this means is that if two users backup the same file, Dropbox only stores a single copy of it. In what I suspect was a price-motivated design decision, Dropbox deduplicates the data uploaded by its users. The problem is, offering free storage space to users can be quite expensive, at least once you gain millions of users. It is really easy to use and the company even offers users 2GB of storage for free, with the option to pay for more space. If you value your privacy or are worried about what might happen if Dropbox were compelled by a court order to disclose which of its users have stored a particular file, you should encrypt your data yourself with a tool like truecrypt or switch to one of several cloud based backup services that encrypt data with a key only known to the user.įor those of you who haven't heard of it, Dropbox is a popular cloud-based backup service that automatically synchronizes user data. This bandwidth and disk storage design tweak creates an easily observable side channel through which a single bit of data (whether any particular file is already stored by one or more users) can be observed. The service tells users that it "uses the same secure methods as banks and the military to send and store your data" and that "ll files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password." However, the company does in fact have access to the unencrypted data (if it didn't, it wouldn't be able to detect duplicate data across different accounts). This means that if two different users store the same file in their respective accounts, Dropbox will only actually store a single copy of the file on its servers. Note: This flaw is different than the authentication flaw in Dropbox that Derek Newton recently published.ĭropbox, the popular cloud based backup service deduplicates the files that its users have stored online.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |