Dropbox security woes are back, FTC complaint filed

dropbox-logo-largeLess than a month ago, we questioned whether Dropbox’s privacy changes warranted concern of PlayStation proportions. The phrase that piqued users’ interest had to do with sharing information with outside entities, namely the government and law authorities. “We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith to believe that disclosure is reasonably necessary,” the statement reads, and lists various legal, security, and safety situations in which it may have to do this.

Dropbox also clarified the state of security of your stored documents. Namely, its encryption process wasn’t quite what users believed it to be, and while Dropbox assured everyone its system is adequately safe, nerves were rattled to say the least. And now, it looks like users aren’t the only ones calling foul, as a complaint against the company has been filed with the Federal Trade Commission.

The site previously claimed that “all files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password” (AES-256 is the highest strength of Advanced Encryption Standard ciphers used to encrypt data). Instead, Dropbox has been using file dedpulication when it’s initially uploading a document in order to determine if that file has already been uploaded by someone else (and if it has, it then links to the formerly uploaded one). This process means Dropbox can save ample storage space and bandwidth, but by means of a less secure system.

Ph.D. candidate and graduate fellow at Indiana University Christopher Soghoian filed the complaint, and explained in his blog his reasons for questioning Dropbox’s policies. He argues that if Dropbox is using a deduplication system, it definitely is able to see unencrypted version of your files in order to determine if there are duplicates. And as Soghoian explains, these measures are “useless against many attacks if the encryption key isn’t kept private,” which he’s uncertain of. The complaint states that “Dropbox does not employ industry best practices regarding the use of encryption technology. Specifically, Dropbox’s employees have the ability to access its customers’ unencrypted files.” The statement goes on to say that the encryption keys are stored on company servers.

For anyone storing particularly sensitive information on the site, this news if cause for concern. But there are also users who believe cloud-based storage can only be so safe, and you’re taking a leap of faith by using them altogether. But what does Dropbox have to say about it? “We believe this complaint is without merit, and raises issues that were addressed in our blog post on April 21, 2011 .  Millions of people depend on our service every day and we work hard to keep their data safe, secure, and private,” says company spokesperson Julie Supan.

Adding a strange twist to the whole thing is the fact that Soghoian broke the Facebook PR scandal story. Busy guy.

Emerging Tech

Police body cams are scarily easy to hack into and manipulate, researcher finds

Nuix cybersecurity expert Josh Mitchell has demonstrated how it is possible to hack into and potentially manipulate footage from police body cams. The really scary part? It's shockingly easy.

8 easy ways for you to transfer photos from an Android phone to a PC

If you haven't already, you should back up your photos to a computer. Here's how to transfer photos from an Android phone to a PC using third-party services and a wealth of storage devices.

Brother’s new laser printers spit out prints with just a tap thanks to NFC

Seven new color laser printers carry the Brother name, as well as new features like NFC to easily print from mobile. The lineup sits between $200 and $400, and boasts faster print speeds and an updated design.

A brand-new Mac can be hacked remotely during its first Wi-Fi connection

Researchers discovered a security flaw affecting versions of MacOS prior to 10.13.6 that allows hackers to take control of a Mac during first-time setup and device provisioning. Malicious code can then be injected into the Mac.
Social Media

How to use Adobe Spark Post to spice up your social media images

Images are proven to get more likes than plain text -- but only if those images are good. Adobe Spark post is an AI-powered design program for non-designers. Here's how to use it to take your social media feeds to the next level.

Google One subscriptions offer more cloud storage for low prices, other perks

Can't get enough storage on Google Drive, Photos, or Gmail? Google One is the new way to boost your cloud storage. But it's not just about more space -- Google One comes with a loads of benefits.

A turn for the better: Loupedeck+ adds custom dials, more to Lightroom console

The Loupedeck+ improves on the original Lightroom console by adding welcome customization options and introducing support for Skylum Aurora HDR. What's even better is that it does this all at an even lower price.

Intel serves up ‘Bean Canyon’ NUCs revved with ‘Coffee Lake’ CPUs

Looking for a super-compact PC for streaming media that doesn’t break the bank? Intel updated its NUC family with its new “Bean Canyon” kits. Currently, there are five with a starting price of $300 packing eighth-generation Intel Core…

Save hundreds with the best MacBook deals for August 2018

If you’re in the market for a new Apple laptop, let us make your work a little easier: We hunted down the best up-to-date MacBook deals available online right now from various retailers.

Lost without 'Print Screen'? Here's how to take a screenshot on a Chromebook

Chrome OS has a number of built-in screenshot options, and can also be used with Chrome screenshot extensions for added flexibility. You have a lot of options, but learning how to take a screenshot on a Chromebook is easy.

Gaming on a laptop has never been better. These are your best options

Gaming desktops are powerful, but they tie you down to your desk. For those of us who prefer a more mobile experience, here are the best gaming laptops on the market, ranging from budget machines to maxed-out, wallet-emptying PCs.

A dead pixel doesn't mean a dead display. Here's how to repair it

Dead pixel got you down? We don't blame you. Check out our guide on how to fix a dead pixel and save yourself that costly screen replacement, or an unwanted trip to your local repair shop.

Asus claims ‘world’s thinnest’ title with its new Zephyrus S gaming laptop

The Republic of Gamers arm at Asus is claiming “world’s thinnest” with the introduction of its new Zephyrus S gaming laptop measuring just 0.58 inches at its thinnest point. The company also revealed the Strix SCAR II.

Intel teases new dedicated graphics card slated for 2020 release

Intel has confirmed plans to launch a dedicated graphics card in 2020. Although precious few details exist for the card at this time, it was silhouetted in a recent Intel video showcased at Siggraph 2018.