Is it safe to keep semi-sensitive information in Dropbox?

I wouldn't trust Dropbox with my bank details and such (because there are lots of people looking for that kind of information), but is it safe to keep things which might be valuable to a small number of people? E.g. commercially sensitive information, draft scientific papers, answer sheets for university assessments I tutor etc.

Is there anything relevant in the fine print about privacy or ownership of stored information which I may have missed?

As long as I have a reasonably strong password is it likely someone who knows my e-mail address would be able to hack it?


Solution 1:

Dropbox's Terms of Service state that they do not claim ownership rights, and they seem to have good security. In order to reset your password, Dropbox sends you an email message with a reset code. Someone would need access to either your email account, your password or a computer that you had set up Dropbox on to access your files.

If you want more security, you can use TrueCrypt to encrypt files before uploading them. As long as you don't put files in your public folder, you should be safe anyway.

P.S. I recommend checking with your company's lawyers before uploading secret information anywhere, just in case.

Solution 2:

It all depends upon what level of "secure" you are comfortable with. Here's a few points to consider:

  • All (or a portion of) the files in Dropbox are also stored locally. You can choose to sync portions of your dropbox on other machines but one of your machines somewhere has the full state. This means that if your machine is ever lost, you're toast, because that information is not encrypted or secure.
  • Dropbox is only as secure as humanly-possible, and maybe not even that much. (As an example: Dropbox employees can see your content and will turn it over to the government if asked. They used to say they couldn't do this, but they later changed their statement.)
  • Truecrypt is great to use in conjunction with Dropbox. Note, however, that Dropbox won't be able to do single-file updates when any file in your TrueCrypt volume changes -- the whole volume will have to be pushed up again.
  • Ultimately it all depends on your comfort level and how much you trust both the networks you live on and the service and its employees.

As in the other answer, check with your company's lawyers first. Even if it were 100% secure, they may not like having secrets being stored in another place that they have to worry about.

Solution 3:

You can use BoxCryptor to automatically encrypt all files which are uploaded to Dropbox.