Dropbox is trusted by millions of users around the world who want a simple solution to store and sync their files across multiple devices, and to share data with other users. Dropbox has been around for a decade and it is still very popular thanks to its ease of use and the Basic account that provides up to 2GB of storage for free. Dropbox offers support for both individual and business users, and there is an impressive amount of data being handled on the service on a daily basis. While Dropbox is widely used and it is considered by many as a reliable online storage solution, the security and privacy of the service has been often questioned. Before we go through the ways in which you can enhance the security of Dropbox, let’s find out how Dropbox works and how safe it really is.
How does Dropbox work?
Dropbox is designed to allow users to access their data, no matter where they are and on any device. It is a practical solution that relies on the convenience and powerful functionality of cloud computing. It is possible to access Dropbox through the website so that you can see, upload or download files and share them with others. There is also a dedicated software that can be installed on practically any platform, allowing you to manage files on your Dropbox account, using your computer or mobile device. Once a new file is added to the Dropbox folder, it is transferred to the central server and synced across all the devices that are running Dropbox. The data is first uploaded to the server and then it becomes available on all the devices.
Is it really secure?
While Dropbox is a well-established cloud storage service and it promises to protect the data of its customers with the highest standards of security, many users have some concerns that should be considered. The truth is that whenever you send data over the internet and save it to a remove server, the security risks are increased. To tackle security issues, Dropbox applies encryption to all data using SSL/TLS (Secure Socket Layer/Transport Layer Security) to protect it during transit between the Dropbox software and the servers.
A secure tunnel reinforced with 128-bit AES encryption is created. The Dropbox desktop software, as well as the mobile apps, are designed to set up a secure connection with the provider’s servers to ensure that the data can’t be intercepted by third parties while it is in transit. The main security issue when it comes to Dropbox is that as previously mentioned, it could provide your data to a third party. If Dropbox receives a request from law enforcement, it will decrypt your files and hand over information without doubts.
This willingness to compromise the privacy of its users has drawn criticism from activists and even Edward Snowden stated that Dropbox was a solution hostile to privacy. Dropbox has stated that while it would like to offer zero knowledge encryption, this would affect other practical features of the service. In other words, in order to make Dropbox easy to use and convenient, they have sacrificed security and privacy. Although this should offer a decent level of security, there are still reasons to be concerned about the protection that Dropbox offers to your data.
The main security issue when it comes to Dropbox is that as previously mentioned, it could provide your data to a third party. If Dropbox receives a request from law enforcement, it will decrypt your files and hand over information without doubts. This willingness to compromise the privacy of its users has drawn criticism from activists and even Edward Snowden stated that Dropbox was a solution hostile to privacy. Dropbox has stated that while it would like to offer zero knowledge encryption, this would affect other practical features of the service. In other words, in order to make Dropbox easy to use and convenient, they have sacrificed security and privacy. Although this should offer a decent level of security, there are still reasons to be concerned about the protection that Dropbox offers to your data.
Privacy Issues
There are multiple privacy issues that Dropbox users need to be aware of. For instance, it is important to keep in mind that when you sign up for Dropbox, your username, email, address, financial information and other details are retained. This is not only true for Dropbox since this is a common practice among online businesses. Even if you delete your Dropbox account, your information may still be kept since the company reserves the right to retain it in order to comply with “legal obligations”. In addition, although Dropbox states that it won’t sell your personal data, that doesn’t mean that it won’t share it with other parties. For instance, you can sign up to Dropbox via Facebook so your data will be share with them, and since Dropbox relies on Amazon S3 for storage, your information is also shared with Amazon.
Dropbox also shares information if it believes that the company of its users are at risk, but unfortunately, it doesn’t explain clearly in what situations it would consider that it is necessary to share your information. It is also worth noting that your personal data would also be shared if Dropbox is acquired by another company. Another important point that needs to be considered is that Dropbox can easily find out your location. It only needs to use GPS data from the devices used to send information.
However, the company states that it doesn’t do this and that it doesn’t carry out any active monitoring of its users. Still, Dropbox uses the data embedded in the files that you upload and your IP address in order to get an estimated location. Overall, even though Dropbox promises to protect users’ data and to keep their privacy protected, it is advisable that you think twice before you use the service to store highly confidential information.
How can you improve the security of your data while using Dropbox
Even if you don’t store sensitive files, it is important to take steps to protect your data on Dropbox. Below there is a list of things that you can do to make Dropbox safer.
Use a password manager or select a strong password
Setting up a strong password is not only important when it comes to Dropbox. This is something that should be considered for every online service you use. Make sure that your password combines upper and lower case letters, symbols and numbers. While it can be difficult o keep track of complicated passwords, it is advisable to avoid using the same password for all the services you use. What you can do to simplify thing for you is to use a password manager. This solution will help you to keep track of all the passwords you use and you just need to remember one password to be able to access all your accounts.
Use two-step verification
In order to prevent unauthorized access to your account and your files, two-step or two-factor authentication should be enabled. This is a solution supported by most online services available nowadays, including Gmail, Facebook and Dropbox. With this feature, a code can be requested and it is sent to your device whenever someone tries to access your account from a new device. You can enable two-factor authentication in Dropbox by following these steps:
- Click on the drop down menu in the top right-side corner of the account home page, then select Settings.
- A window will be opened and there you can select the Security tab. The two-step verification status on your account will be displayed here. You can click on the “enable” link to activate it.
- You will be required to enter your password to set up the feature. Then, you will be asked if you want your codes to be sent to your phone as a text message.
- Next, you will need to add your phone number and a code will be sent to test the service. You will also be asked to provide a backup number and then you will see a list of 10 backup codes that you need to save, or print out. Make sure that you keep them in a safe location.
- The last step is to click on Enable Two-Step verification to complete the process.
Enable email notifications
Apart from enabling two-step verification, you can get Dropbox to email you whenever there is a change on your account, or when it is accessed from a new device, location or browser. You can manage email notifications from the Profile options of the Settings menu.
Remove linked devices
If you have multiple devices associated to Dropbox, you can see the information about them and delist them. Go to the Security tab from Settings and scroll down until you see the Devices list. There you will see the names of the devices associated to your Dropbox account. Apart from the names, you can see the last time you used them to access Dropbox and where. You will see an “x” in the far right of the list and there you can remove the links to these devices. This will ensure that the device is not automatically able to access your account, which is crucial if someone else uses the device.
Check Web sessions
You can keep an eye on the activity on your Dropbox account to make sure that it hasn’t been compromised. You can check your current web session on the Security page, right above the list of linked devices. The web sessions show you the browsers that are currently logged into your Dropbox account.
Manage linked apps
If you access your Dropbox account through a third party app, your personal information is shared with that app. In order to take control over the apps that may access your Dropbox account, go to the bottom of the Security settings to see a list of the apps that you have given permission to. You can remove permissions for any app listed here.
Use a VPN
Although Dropbox doesn’t have the capacity to track your exact location, it can still get a general idea of where you are, based on the IP address assigned by your Internet Service Provider. If you want to keep your actual location hidden from Dropbox and other parties, you can use a VPN service. This technology allows you to disguise your IP address so Dropbox won’t be able to find out where you are located. When you connect to a VPN (or virtual private network), your traffic is directed through an encrypted tunnel that protects the data from prying eyes. Using a VPN adds privacy to your connection and helps you to avoid becoming a target for hackers and anyone who tries to access your personal information.
