Proton
Is Dropbox secure?

Is Dropbox secure?

Dropbox is one of the biggest names in cloud storage, which is why you might be surprised to learn it doesn’t use the most secure encryption algorithms and doesn’t protect your privacy.

While Dropbox is secure from outside attack, it has suffered data breaches in the past. It also does not use end-to-end encryption, and the company can access your files at any time. In this article, we’ll explain what this means and how you protect your files in the cloud for free without giving up your privacy.

Is Dropbox encrypted?

At first glance, Dropbox offers solid security, both in transit to and from your device as well as at rest on its servers. In-transit security is handled by TLS, a standard but powerful encryption protocol used by pretty much all online services. For example, we also use it to encrypt your internet connection while you read this article.

Once the files arrive on Dropbox’s servers, they’re decrypted on receipt and then encrypted again, this time using AES-256. This is a secure encryption algorithm used by governments, militaries, and corporations around the world. We at Proton use it in all our services ourselves.

This method, where files are encrypted in transit, then decrypted before being encrypted again at rest, is used by many cloud storage services to protect against cybercriminals. The problem is that Dropbox overlooks a key threat to your security and privacy: itself.

How secure is Dropbox really?

When you talk about security, usually you mean threats from outside. When you rent a storage unit, you put a lock on it to make sure nobody enters it and steals your possessions. You’re not worried about your old furniture running away on its own. 

However, when you’re talking about data, you do need to worry a little about what is done with your information by the people you’re storing it with. It doesn’t matter how well the service protects you from outside attack, it’s not really secure if the company’s employees can access your files. 

In the case of the storage unit, you can use your own locks so only you have the keys. With digital storage, you can use something called end-to-end encryption (also called client-side encryption), a security method in which files are encrypted automatically on your device before being uploaded to the server. Your storage provider does not have a key to your data, and the files are inaccessible to the people operating the service.

Dropbox does not offer end-to-end encryption in any way. As the company makes clear on its website(new window), if you want to use end-to-end encryption, you’ll need to use a third-party encryption tool and upload the encrypted files to Dropbox. This is inconvenient and renders many critical functions, like file syncing, impossible.

Dropbox doesn't use private keys

Dropbox certainly has internal safeguards to prevent its employees from accessing user data, but this requires a lot of trust on the part of consumers. Even if Dropbox successfully avoids insider threats, there’s also the possibility of human error. One of the biggest breaches in cloud storage history was the 2012 Dropbox hack(new window) where an employee kept reusing his password, got hacked, and left 68 million users’ passwords compromised.

You’d think an employee of a tech company would know never to reuse passwords, but it goes to show that human error can play an important part even in high-tech scenarios.

Dropbox privacy issues

Apart from security risks, the lack of client-side encryption means Dropbox is not private. As Dropbox explains in its privacy policy(new window), it shares your files, account information, contacts, and other personal data with other companies, such as Google, Amazon, and OpenAI. Even if you don’t mind Dropbox having your data, you might not want Dropbox to spread them around the internet.

On top of that, Dropbox is an American company that must comply with government requests for data. Because Dropbox can access your files, the company can also share those files with the authorities(new window)

What to use instead of Dropbox 

Dropbox may have been the first cloud storage service, but the way it handles customer data is outdated: There’s no need to forego client-side encryption. 

At Proton, we use end-to-end encryption for all our services, including our cloud storage service Proton Drive. With Drive, you can upload, sync, share, and even preview your files, secure in the knowledge that they can’t be read by anybody but you and whomever you choose to share them with — which is why we also call it zero-access encryption.

With Docs in Proton Drive, you can also enjoy the freedom to create and edit documents with others, knowing your content is protected by end-to-end encryption by default.

Our code is open source and audited by independent security experts. This gives our community confidence that our encryption works the way we claim, and there’s no need to take our word for it.

On top of that, we don’t share your data with anybody. Our business model is based on subscriptions for more storage and extra features, not on advertising. Even if we wanted to share your data, we couldn’t because we don’t have access to it. Our end-to-end encryption even applies to important metadata.

Unlike Dropbox, we’re based in Switzerland, where your data is protected by some of the world’s strongest privacy laws. We would only turn over the little data we do have if ordered to by a Swiss court.

The reason we do all this is because we believe that offering a good, easy-to-use storage service isn’t enough — we also need to be part of creating a better and more private internet. This has been our mission ever since we launched, thanks to community support, back in 2014, and it continues to be today. If that sounds like something you’d like to be a part of, join us and create a free Proton Drive account today.

Related articles

A cover image for a blog describing the next six months of Proton Pass development which shows a laptop screen with a Gantt chart
en
  • Product updates
  • Proton Pass
Take a look at the upcoming features and improvements coming to Proton Pass over the next several months.
The Danish mermaid and the Dutch parliament building behind a politician and an unlocked phone
en
We searched the dark web for Danish, Dutch, and Luxembourgish politicians’ official email addresses. In Denmark, over 40% had been exposed.
Infostealers: What they are, how they work, and how to protect yourself
en
Discover insights about what infostealers are, where your stolen information goes, and ways to protect yourself.
Mockup of the Proton Pass app and text that reads "Pass Lifetime: Pay once, access forever"
en
Learn more about our exclusive Pass + SimpleLogin Lifetime offer. Pay once and enjoy premium password manager features for life.
A cover image for a blog announcing that Pass Plus will now include premium SimpleLogin features
en
We're changing the price of new Pass Plus subscriptions, which now includes access to SimpleLogin premium features.
Infinity symbol in purple with the words "Call for submissions" and "Proton Lifetime Fundraiser 7th Edition"
en
It’s time to choose the organizations we should support for the 2024 edition of our annual charity fundraiser.