by Jeffrey Goldberg on
When in the course of network events rumors start flying about Dropbox a decent respect for the concerns of 1Password users compels me to blog about it.
1Password users certainly enjoy the convenience of syncing their data across Mac, Windows, iPhone, iPad, iPod Touch, Android and Windows 7 Phone. This is managed using Dropbox, and so it is fit and proper for 1Password users to be attuned to news regarding Dropbox security and privacy.
Yesterday (July 1) Dropbox provided an update of their terms of service. Since then the net has been a-twitter with very frightening accusations about what Dropbox may do with your data. Those accusations are incorrect, and the Dropbox terms of service do not give them any rights to your data that you wouldn’t expect. And as always the main thing to keep in mind is that your 1Password data are well encrypted before ever being sent to Dropbox (or even written to your own disk).
It appears some misleading (at best) and downright incorrect claims about the Dropbox Terms of Service are spreading via Twitter and blogs. So don’t trust what the bloggers say (I guess that includes me) and go read the Dropbox Terms for yourself.
Permission to share what you ask them to share
The portion that seems to be behind the panic is in this paragraph:
We sometimes need your permission to do what you ask us to do with your stuff (for example, hosting, making public, or sharing your files). By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent reasonably necessary for the Service. This license is solely to enable us to technically administer, display, and operate the Services. You must ensure you have the rights you need to grant us that permission. [Emphasis added]
Dropbox can be used for more than just syncing your own private data. It can be used to share information with selected others or with the world. When you put something in your Public folder on Dropbox to share, you are asking Dropbox to re-publish that data. Dropbox actually needs your permission to do so, and this paragraph is the bit of their Terms of Service which allows them to share the material you ask them to share.
I have complained in the past that Dropbox had been unclear about their security policy with respect to everyone’s data. I am very pleased that they have produced a new security document now and that they took the time to do it right. It contains no surprises. Also with this announcement, they have updated their applications and APIs for mobile devices to address an earlier concern about encrypted filenames and such.
Dropbox seems to have shifted from an Internet darling to a boogyman in less than six months. The silly accusations regarding re-publishing permissions in their newly stated Terms of Service illustrates that any allegation about them will gain traction even when completely unfounded. But even though this current hysteria can be dismissed it doesn’t mean that we can brush off all concerns about Dropbox or any cloud syncing solution.
I will try to briefly address some of the questions that come up in any discussion of Dropbox and 1Password. These are “Why Dropbox?” and “Have you considered X as an alternative sync solution?”
Dropbox does two things that no other system (yet) does. It provides the necessary programming tools (APIs) for all of the platforms that we support: OS X, Windows, iOS, Android, and Windows 7 Phone; and it provides syncing to truly native filesystems on the Mac and PC.
The short answer to “Have you considered X as an alternative sync solution” is “Yes” for every value of X that people have asked about. We have considered them, and have had to reject them for various technical reasons.
Each item in your 1Password data is stored in its own, separate, file. This is great for syncing in that it means that only the changes need to sync and this can be done by file and folder syncing. This not only makes syncing faster and cheaper, it also makes it much more reliable and robust against potential data corruption. But this also means that 1Password needs to read lots of different files quickly as it runs. Dropbox does fast syncing while storing the local files on the native local file systems, allowing it to function properly.
As an illustration, an alternative such as WebDAV (which we worked on extensively but had to abandon before we moved to Dropbox) provides a file system abstraction layer that is just too slow for 1Password. It can hang when we try to access some file that it hasn’t cached properly. Also WebDAV isn’t designed for updating many files is quick succession. It’s not that WebDAV is bad, but it isn’t suitable for how we would use it.
Everything else we’ve looked at (and we have looked at many things) suffers not only from the same problems we saw with WebDAV, but they also lack usable APIs for all the platforms we need to support. It may be possible, for example, to sync data to an Android or iOS device using SugarSync or Wuala, but it isn’t possible to sync that data in a way that would make it available to 1Password on those devices.
I’ve written about a number of things related to the security of your 1Password data in the cloud and on Dropbox in particular. Instead of repeating those, I will list some of those here.
Dropbox Security Questions and Dropbox security revisited: Plus ça change. Both discuss the Dropbox security issues that arose earlier this year. As an update, over the course of the past few months, Dropbox have successfully addressed each of those concerns.
Defending against crackers: Peanut Butter Keeps Dogs Friendly, Too. What we do to defend your master password against automated crackers if your data should fall into the wrong hands.
What we do to defend your master password against automated crackers if your data should fall into the wrong hands.
What you can do to defend your master password against automated crackers if your data should fall into the wrong hands.
Some hints about what we are working on to make your data even more secure in the cloud.
Thinking about security (and privacy) is hard. It is important to look at the facts behind the headlines and the tweets before jumping to conclusions.
On July 6, Dropbox posted about a rewrite of their Terms of Service. In my reading of it, it makes no changes of substances, but it goes above and beyond the standard language that we see elsewhere in allaying fears.
By using our Services you provide us with information, files, and folders that you submit to Dropbox (together, “your stuff”). You retain full ownership to your stuff. We don’t claim any ownership to any of it. These Terms do not grant us any rights to your stuff or intellectual property except for the limited rights that are needed to run the Services, as explained below. […]
Now that things have calmed down a bit, I would like to reflect on (and rant about) how we got here.
My overall point remains. A few people who were unfamiliar with reading ToSes delved into the earlier ToS and misinterpreted something and posted their misinterpretations. Those misinterpretations spread like wildfire because others were willing to believe the worst instead of investigating for themselves. I am not criticizing typical users for doing so, but my frustration is directed at portions of the technology press who did not do their job.
People are correct to be concerned about what is buried in Terms of Service and Privacy agreements. As a whole, we don’t pay enough attention to these, and it is good news that people are paying more attention. But it also takes some time to learn how to read them. If something seems fishy, ask for an explanation before jumping to the conclusion that something is evil. If you are part of the technology press your job is to do your homework instead of just regurgitating hot stories for clicks. The press’ job is to investigate, analyze and explain. [Updated July 8]