Proton
Is Dropbox secure?

Dropbox is one of the biggest names in cloud storage, which is why you might be surprised to learn it doesn’t use the most secure encryption algorithms and doesn’t protect your privacy.

While Dropbox is secure from outside attack, it has suffered data breaches in the past. It also does not use end-to-end encryption, and the company can access your files at any time. In this article, we’ll explain what this means and how you protect your files in the cloud for free without giving up your privacy.

Is Dropbox encrypted?

At first glance, Dropbox offers solid security, both in transit to and from your device as well as at rest on its servers. In-transit security is handled by TLS, a standard but powerful encryption protocol used by pretty much all online services. For example, we also use it to encrypt your internet connection while you read this article.

Once the files arrive on Dropbox’s servers, they’re decrypted on receipt and then encrypted again, this time using AES-256. This is a secure encryption algorithm used by governments, militaries, and corporations around the world. We at Proton use it in all our services ourselves.

This method, where files are encrypted in transit, then decrypted before being encrypted again at rest, is used by many cloud storage services to protect against cybercriminals. The problem is that Dropbox overlooks a key threat to your security and privacy: itself.

How secure is Dropbox really?

When you talk about security, usually you mean threats from outside. When you rent a storage unit, you put a lock on it to make sure nobody enters it and steals your possessions. You’re not worried about your old furniture running away on its own. 

However, when you’re talking about data, you do need to worry a little about what is done with your information by the people you’re storing it with. It doesn’t matter how well the service protects you from outside attack, it’s not really secure if the company’s employees can access your files. 

In the case of the storage unit, you can use your own locks so only you have the keys. With digital storage, you can use something called end-to-end encryption (also called client-side encryption), a security method in which files are encrypted automatically on your device before being uploaded to the server. Your storage provider does not have a key to your data, and the files are inaccessible to the people operating the service.

Dropbox does not offer end-to-end encryption in any way. As the company makes clear on its website(nieuw venster), if you want to use end-to-end encryption, you’ll need to use a third-party encryption tool and upload the encrypted files to Dropbox. This is inconvenient and renders many critical functions, like file syncing, impossible.

Dropbox doesn't use private keys

Dropbox certainly has internal safeguards to prevent its employees from accessing user data, but this requires a lot of trust on the part of consumers. Even if Dropbox successfully avoids insider threats, there’s also the possibility of human error. One of the biggest breaches in cloud storage history was the 2012 Dropbox hack(nieuw venster) where an employee kept reusing his password, got hacked, and left 68 million users’ passwords compromised.

You’d think an employee of a tech company would know never to reuse passwords, but it goes to show that human error can play an important part even in high-tech scenarios.

Dropbox privacy issues

Apart from security risks, the lack of client-side encryption means Dropbox is not private. As Dropbox explains in its privacy policy(nieuw venster), it shares your files, account information, contacts, and other personal data with other companies, such as Google, Amazon, and OpenAI. Even if you don’t mind Dropbox having your data, you might not want Dropbox to spread them around the internet.

On top of that, Dropbox is an American company that must comply with government requests for data. Because Dropbox can access your files, the company can also share those files with the authorities(nieuw venster)

What to use instead of Dropbox 

Dropbox may have been the first cloud storage service, but the way it handles customer data is outdated: There’s no need to forego client-side encryption. 

At Proton, we use end-to-end encryption for all our services, including our cloud storage service Proton Drive. With Drive, you can upload, sync, share, and even preview your files, secure in the knowledge that they can’t be read by anybody but you and whomever you choose to share them with — which is why we also call it zero-access encryption.

With Docs in Proton Drive, you can also enjoy the freedom to create and edit documents with others, knowing your content is protected by end-to-end encryption by default.

Our code is open source and audited by independent security experts. This gives our community confidence that our encryption works the way we claim, and there’s no need to take our word for it.

On top of that, we don’t share your data with anybody. Our business model is based on subscriptions for more storage and extra features, not on advertising. Even if we wanted to share your data, we couldn’t because we don’t have access to it. Our end-to-end encryption even applies to important metadata.

Unlike Dropbox, we’re based in Switzerland, where your data is protected by some of the world’s strongest privacy laws. We would only turn over the little data we do have if ordered to by a Swiss court.

The reason we do all this is because we believe that offering a good, easy-to-use storage service isn’t enough — we also need to be part of creating a better and more private internet. This has been our mission ever since we launched, thanks to community support, back in 2014, and it continues to be today. If that sounds like something you’d like to be a part of, join us and create a free Proton Drive account today.

Gerelateerde artikelen

Investigative journalist Vegas Tenold explains the gear he uses to protect his privacy and stay safe.
en
  • Privacynieuws
Follow investigative journalist Vegas Tenold as he explains his gear and how it keeps him safe from surveillance as he works in the field.
Coinbase, the largest Bitcoin exchange in the US, suffered a data breach
en
  • Privacynieuws
  • Proton Wallet
Coinbase employees sold sensitive personal information to attackers, including government IDs and BTC transaction history. Proton Wallet is built to avoid these risks.
Whistleblower's whistle. Journalists must use secure channels to communicate with whistleblowers.
en
Whistleblowers risk everything to expose the truth. This guide helps journalists keep their sources safe using secure tools like Proton Mail, Signal, and SecureDrop.
An image showing a phone screen with a child icon and three icons with '17+' '8-12' and '3-5' to indicate age ratings
en
Parents can help their children develop healthy screen habits by learning about dark design patterns — Proton investigates how
en
Read what age experts say you should let your child use different platforms and how you can help set them up for success.
Roblox has been accused for years of exposing kids to inappropriate content and bad actors. We describe its safety features
en
  • Privacygidsen
Roblox has suffered scandals over inappropriate content. We share what you need to know and what you can do to use it more safely.